- This policy sets out how the Australian Trade and Investment Commission (Austrade) complies with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Privacy Act).
- The APPs set out how we must handle your personal information.
'Personal information' is information or opinion about an identified individual, or an individual who is reasonably identifiable. The information or opinion may or may not be true and may or may not be recorded in a material form.
What personal information does Austrade collect and why?
- Austrade collects personal information that is reasonably necessary to perform its functions and activities. Those functions and activities include:
- promoting trade, investment and international education. This includes assisting Australian enterprises to develop international business, promoting Australia's international education and training sector and attracting and facilitating productive foreign direct investment into Australia, often working closely with state and territory governments;
- delivering Australian consular, passport and other government services in overseas locations; and
- working on a range of tourism policy, projects, programs and research to strengthen Australia's tourism industry.
- The nature of the personal information collected will depend upon the function being performed and may include names and contact details, dates of birth, place of birth, citizenship, passport details (including numbers and photographs with biometric information), health information, travel information relating to an individual and information about business interests and activities. Some personal information collected may meet the definition of sensitive information according to the Privacy Act.
- Austrade also collects personal information in relation to its role as an employer and when contracting services, including contact details, dates of birth, health information, information about education, qualifications, skills, performance, conduct and pay details. Where required under a security screening process or for assessing grant / program eligibility, Austrade may also collect financial and other required information.
Generally, you have the option of dealing with Austrade anonymously or using a pseudonym, such as when you are making a general inquiry regarding our functions or activities. However, it may be impracticable for us to deal with you in that way in other circumstances or we may be required or authorised by law to know your identity in order to perform our functions. For example, to provide you with information relevant to your business or to provide you with consular services, we may need to know your identity.
How does Austrade collect personal information?
- Austrade generally collects your personal information directly from you. However, in some circumstances we collect personal information about you from someone else, including:
- where you have authorised us to do so;
- where the information is obtainable from a publicly-available source (eg by way of a company search);
- where it is necessary for a consular function; or
- where it is unreasonable or impracticable to collect the information from you, such as a medical opinion.
We may collect your personal information in a variety of ways including by phone, in writing, via our website when you provide information on online forms or through signing-up to a subscription.
How does Austrade use and disclose personal information?
- Austrade uses and discloses personal information for the purposes of performing its functions and activities. Examples of how we use and disclose personal information include:
- disclosing your name and contact details to the organisers of a trade event that you have agreed to participate in;
- providing you with information you have requested, such as information about forthcoming trade events;
- providing you with consular assistance including disclosing your personal information to other Australian government departments such as the Department of Foreign Affairs and Trade;
- disclosing your name and travel details to a foreign emergency service so that they may locate or assist you in the event of an emergency in that country;
- assessing an application made by you, including disclosure to third parties to contribute to the assessment, or
- performing our role as an employer such as in assessing performance, conduct or fitness for duty.
- Austrade may use or disclose personal information for another purpose with your consent (typically through the use of a specific privacy collection statement) or where otherwise permitted by law.
- Austrade may disclose and store personal information on a cloud based service that affords adequate protections, such as certification and security, in respect of all data stored in the cloud, consistent with the Australian Government’s Secure Cloud Strategy 2017. Austrade retains effective control of the handling of all personal information that is held in such cloud services.
- Given the nature of Austrade's functions and activities, we may also disclose your personal information to recipients overseas such as when performing consular functions or arranging a trade event outside Australia. Those recipients could be in any of around 100 countries in which Austrade either has a presence or undertakes its functions and activities.
Before Austrade discloses your personal information to an overseas recipient, we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs or is subject to requirements similar to the APPs (such as under laws similar to the Privacy Act or by way of a binding contractual requirement). Alternatively, your personal information will only be disclosed to an overseas recipient where permitted by law which includes where reasonably necessary for consular functions.
The data we collect - browsing (clickstream data)
- When you look at an Austrade website (including austrade.gov.au, australiaunlimited.com, exportawards.gov.au, studyinaustralia.gov.au, tra.gov.au, and the Global Business Support Finder hosted on business.gov.au) our server makes a record of your visit and logs the following information:
- your server address;
- your top level domain name (for example .com, .gov, .au, .uk etc.);
- the date and time of visit to the site;
- the pages accessed and documents viewed;
- the previous site or page visited; and
- the type of browser used.
- Austrade also uses third party web traffic analytics tools (Google Analytics, Hotjar and Addthis) that may collect and process the following information when you visit one of our websites:
- the name of your internet service provider (ISP);
- your IP address
- the country you are visiting our website from;
- how much time you spend on which parts of the website;
- the parts of our website that you visit;
- which links you click on and in which order;
- your mouse movements and scrolling activity on our website pages;
- preferred language settings on your browser;
- your device’s screen size and screen resolution;
- what type of device you are using;
- the operating system that you are using; and
- voluntary feedback that you provide on your user experience;
- The data listed under items 14 and 15 above is collected for the following purposes:
- web site and system administration, including monitoring to prevent security breaches;
- enhancement of the web site to better meet users’ needs; and
- research and development.
No attempt will be made to identify users or their browsing activities, except in the unlikely event that a law enforcement (or other government) agency exercises a legal authority to inspect ISP logs (for example, by warrant, subpoena, or notice to produce).
Any comments or queries about your privacy or Austrade’s websites should be sent to: firstname.lastname@example.org
How does Austrade protect your personal information?
- Austrade takes information security seriously and uses a range of IT and physical measures to ensure that your personal information is held securely and protected from misuse, interference, loss and unauthorised access, modification and disclosure. Austrade also takes steps to ensure that any personal information it uses or discloses is accurate, up-to-date, complete and relevant.
- Under the Archives Act 1983, Austrade is not permitted to destroy Australian Government records (which may contain personal information) except in specified and controlled circumstances. If the personal information is not held in an Australian Government record and there is no other legal impediment to doing so, Austrade will take such steps as are reasonable in the circumstances to destroy or de-identify the information when it is no longer required for Austrade functions.
The Privacy (Australian Government Agencies—Governance) APP Code 2017 (Cth) requires that all agencies, including Austrade must conduct a Privacy Impact Assessment (PIA) for all high privacy risk projects. To learn more about Austrade’s PIAs please visit our PIA Register.
Access to personal information and correction
- You may request access to your personal information held by Austrade and request that it be corrected if you believe it to be inaccurate. Austrade will provide you with access to your personal information except in limited circumstances set out in the Privacy Act. If we refuse a request for access or correction to personal information, we will provide you with written reasons for that refusal. We will respond to a request for access or correction within 30 days after the request is made.
Requests for correction of personal information can be made to the contact below.
How to make a complaint
- If you make a complaint to Austrade about how we have handled your personal information, we will contact you regarding whether an investigation will be conducted, who to contact about the matter and an estimated timeframe for resolving the complaint.
- We will advise you of the outcome of our enquiries regarding the complaint in writing.
If you are not satisfied with the outcome, you may take the matter to the Privacy Commissioner in the Office of the Australian Information Commissioner:
Ph 1300 363 992
GPO Box 5218 Sydney NSW 2001
GPO Box 2999 Canberra ACT 2601
Queries, complaints, requests for access and/or correction should be in writing and sent to:
Privacy Contact Officer
GPO Box 5301
CANBERRA ACT 2001
By email: email@example.com