About this Policy
The APPs regulate how the agency collects, holds, uses and discloses your personal information and how you access and correct the personal information that we hold about you. The APPs only apply to information about individuals, not information about corporate entities. Further information about the Privacy Act and the APPs is available on the Office of the Australian Information Commissioner’s website.
The agency is committed to protecting the privacy of ‘personal information’ collected by the agency and its contractors and agents (collectively, the agency), which at times includes "sensitive information". The agency only collects, holds, uses and discloses personal information for a lawful purpose that is reasonably necessary for, or directly related to, one or more of its functions under the Asbestos Safety and Eradication Act 2013 and the objects of that Act.
The object of the Act is to establish the Asbestos Safety and Eradication Agency to administer the National strategic plan, which aims to prevent exposure to asbestos fibres in order to eliminate asbestos-related disease in Australia.
The agency uses personal information for the purpose(s) for which it was given (unless otherwise required by or authorised by law). The agency may also use personal information as consented by the individual or for related purposes where the individual would reasonably expect the agency to use or disclose the information.
Information the agency collects and how it uses it
Collecting personal information
‘Personal information’ means information (or an opinion) in any form, whether true or not, about an identified individual, or an individual who is reasonably identifiable.
Names and contact details
The agency collects names, emails and other contact details as part of such core activities as:
- general enquiries and correspondence (including email)
- processing applications to import and export asbestos under the relevant regulations (at times this will involve contact details for individuals rather than just the corporate entity)
- public comment processes and events relating to the implementation of the National Strategic Plan (including asbestos awareness campaigns), and
- maintaining the National Asbestos Exposure Register (the Register).
The agency collects only the minimal amount of personal information necessary to perform these functions. Where practicable users can remain anonymous or use a pseudonym.
The agency collects names, contact details and more detailed personal information as part of its recruitment processes. More detailed information includes employment and career history, dates of birth and in some cases criminal history checks. Personal information collected as part of recruitment processes is used for the agency’s recruitment processes and kept for an appropriate period, depending on the outcomes of the processes for the individuals concerned.
Collecting sensitive information
‘Sensitive information’ means personal information about you that is of a sensitive nature, including information such as the following:
- racial or ethnic origin
- membership of a professional association
- criminal record
- religious beliefs or affiliations
- health information about an individual.
Generally ‘sensitive information’ has a higher level of privacy protection than other personal information. The agency collects some sensitive information in the performance of its functions, for example it collects health information, for the purpose of responding to an asbestos safety query or for the purpose of including an individual’s details on the National Asbestos Exposure Register.
If you or another person provides the agency with sensitive information, the agency will only retain the information if:
- you have consented to the collection of the information and it is reasonably necessary for , or directly related to one of our functions or activities
- collection of the information is required or authorised by or under Australia law or court/tribunal order
- where a ‘permitted general situation’ exists (for example, a situation where using the information is necessary to prevent serious threats to life, health or safety of an individual), or
- collection of the information is authorised for other purposes permitted under the Privacy Act.
Where more detailed information is needed to explain its privacy practices in relation to specific types of personal information including ‘sensitive information’, the agency develops and provides separate privacy notices to describe how it will handle the personal information that it collects in relevant circumstances. For example, a privacy notice is provided in relation to collecting information for the National Asbestos Exposure Register.
Collecting personal information from third parties
The agency usually collects personal information directly from the individual concerned or another person authorised by that individual. In some cases it will be collected from a third party if authorised or required by law.
Communication - emails and electronic forms
The agency’s servers may record your email address if you send the agency a message online. Your email address will not be added to a mailing list unless you have provided it to the agency in order to subscribe to its subscription database.
Where you choose to send the agency a completed electronic form that includes your personal details, the agency collects personally identifiable information such as name, address and email address.
The information collected by email or electronic forms will be used only for the purpose for which you provided it, and the agency will not disclose it unless one of the circumstances described below under the heading Information Sharing has been satisfied. For those who do not wish to use the internet, the agency provides alternative ways of providing information, for example forms may be printed and lodged by post.
Log information (browsing)
When you use the agency’s online services, its servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your server address, your top level domain name (for example, .com, .gov, .au, .uk, etc), the date and time of visit to the site, the pages accessed and documents viewed, the previous sites visited, the browser type, the browser language, and one or more cookies that may uniquely identify your browser.
The agency may at times may use social networking services such as Twitter, Facebook, LinkedIn, Instagram and YouTube to communicate with the public about our work. When you communicate with the agency using these services, it may collect your personal information, but will only use it to help us to communicate with you and the public. The social networking services will also handle your personal information. The agency has no control or influence over third party privacy policies. Please refer to these specific social networking sites to review their privacy policies.
Access and alteration of records containing personal information
You have a right under the Privacy Act to access personal information we hold about you. You also have a right under the Privacy Act to request corrections of any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. To access or seek correction of personal information we hold about you, please contact us using the contact details set out below. If you request access to or correction of your personal information, we will respond to you within 30 calendar days.
While the Privacy Act requires that we give you access to your personal information upon request or an opportunity to request the correction of your personal information, it does set out circumstances in which we may refuse to give you access or decline to correct your personal information. If we refuse to give you access or make corrections to your personal information, we will provide you with a written notice which, among other things, gives our reasons for refusing your request. It is also possible to access and correct documents held by us under the Freedom of Information Act 1982.
If you are dissatisfied with our response, you may make a complaint, either directly to us (see below), or you may wish to contact:
- the Office of the Australian Information Commissioner at firstname.lastname@example.org or telephone 1300 363 992; or
- the Commonwealth Ombudsman at email@example.com or telephone 1300 362 072.
The agency only discloses personal information to third parties in the following circumstances:
- where you are reasonably likely to have been aware, or made aware by way of a privacy notice, that your personal information is usually passed to the relevant parties
- where you have consented to the disclosure of your personal information
- where we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to your life or health or that of another person
- where the disclosure is required or authorised by or under law
- where the disclosure is reasonably necessary for the enforcement of criminal law or a law imposing a pecuniary penalty, or for the protection of public revenue.
Information security and data integrity
The agency takes all reasonable steps to
- protect the personal information that we hold from misuse, interference, loss, unauthorised access, modification or disclosure by using a number of protective measures including password protection for accessing our IT systems, tracking access to our IT systems, locked filing cabinets for any paper documents and physical access restrictions to our offices;
- make sure personal information we collect and store is accurate, relevant, up-to-date, complete and not misleading; and
- ensure that, where it has given personal information to a contractor (that carries out a service for the agency), the contractor complies with the Information Privacy Principles in the Privacy Act.
When no longer required, personal information is destroyed or deleted in a secure manner or transferred to the National Archives of Australia (NAA) in accordance with our obligations under the Archives Act 1983.
Changes to this policy
Please note that this policy will be regularly reviewed and will be updated when our information handling practices change.
Privacy Impact Assessment Register
The agency is required to conduct privacy impact assessments (PIAs) for all high privacy risk projects.
No PIAs have been conducted to date. The PIA register will be updated with details of PIAs conducted by the agency in future.
If you think we have breached your privacy, you may contact us to make a complaint using the contact details set out below. In order to ensure that we fully understand the nature of your complaint and the outcome you are seeking, we prefer that you make your complaint in writing.
Please be aware that it may be difficult to properly investigate or respond to your complaint if you provide insufficient detail. You may submit an anonymous complaint. However, if you do it may not be possible for us to provide a response to you.
We are committed to quick and fair resolution of complaints and will ensure your complaint is taken seriously and investigated appropriately. Please be assured that you will not be victimised or suffer negative treatment if you make a complaint.
If you are not satisfied with the way we have handled your complaint in the first instance, you may contact the Office of the Australian Information Commissioner to refer your complaint for further investigation. Please note that the Information Commissioner may not investigate if you have not first brought your complaint to our attention.
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
If you have any questions about privacy or if you wish to access or amend your personal information under the Privacy Act you can write to:
The Privacy Officer
Asbestos Safety and Eradication Agency
GPO Box 9880
Sydney NSW 2001