Privacy

 Commission Privacy Policy.pdf

 Commission Privacy Policy.docx

Table of Contents

1......... Introduction
2......... Collection And Storage Of Your Personal Information
2.1...... Personal Information that we collect and store
2.2...... Why your Personal Information is collected
2.3...... How your Personal Information is collected
2.4...... Indirect collection
2.5...... Collecting through our websites
2.6...... Collecting sensitive information
2.7...... Third Party Providers
2.8...... Social Networking Services
2.9...... Email lists
2.10... Terms and conditions of competitions that we run

3......... Use And Disclosure Of Your Personal Information
3.1...... How we use your Personal Information
3.2...... Who we may disclose your Personal Information to
(a)           Disclosure to service providers
3.3...... Disclosure of Sensitive Information
3.4...... Disclosure of personal information overseas

4......... Quality And Security Of Data
4.1...... Quality of personal information
4.2...... Storage and security of personal information

5......... Access To Your Personal Information
5.1...... Accessing and correcting your personal information
6......... Your Anonymity
7......... How We Deal With Complaints about Privacy issues
8......... Our Contact Details

 

1. Introduction

  1. This Privacy Policy applies to the collection and use of personal information by or on behalf of the Australian Human Rights Commission (ACN 47 996 232 602).
  2. From time to time we collect, hold, use and disclose information acquired in the course of performing functions or activities under the Australian Human Rights Commission Act 1986 (AHRC Act), Australian Human Rights Commission Regulations 1989, Age Discrimination Act 2004, the Disability Discrimination Act 1992 , the Racial Discrimination Act 1975, the Sex Discrimination Act 1984 and the Freedom of Information Act 1982 (FOI Act)(activities). These functions and activities include:
    1. inquiring into, and attempting to conciliate, complaints of unlawful discrimination and breaches of human rights;
    2. inquiring into any act or practice that may be inconsistent with or contrary to any human right;
    3. promoting an understanding and acceptance, and the public discussion, of human rights in Australia;
    4. undertaking research and educational programs and other programs, on behalf of the Commonwealth, for the purpose of promoting human rights, and to co-ordinate any such programs undertaken by any other persons or authorities on behalf of the Commonwealth;
    5. reporting to the Minister as to the laws that should be made by the Parliament, or action that should be taken by the Commonwealth, on matters relating to human rights;
    6. preparing guidelines on human rights and discrimination;
    7. intervening in court proceedings that involve discrimination and human rights issues;
    8. processing applications for temporary exemptions under the Discrimination Acts above;
    9. conducting competitions, promotions, or activities (competition/s) that are open to the public; and
    10. conducting questionnaires and surveys (survey/s).
  3. Protecting your personal information is important to us and we are committed to meeting the standards set out in the Privacy Act 1988 (Cth) (the Act), and the Australian Privacy Principles (APPs). This Privacy Policy sets out our obligations to you with respect to personal information that we collect, store, and use.
  4. This Privacy Policy explains how we will use and manage personal information that we hold about you. The Commission will review and update this Privacy Policy from time to time to ensure that it remains appropriate and complies with all relevant laws and regulations. We reserve the right to notify you of such updates by posting an amended version of the Privacy Policy on our website. For the avoidance of doubt, any information that we collect and hold will be governed by the most current version of this Privacy Policy. The only exception to this will be where we conduct a competition or other activity that has its own privacy policy. In such instances, notice of that policy will be provided to you at the time your personal information is sought and that policy will override this Privacy Policy to the extent of any inconsistency.

2. Collection And Storage Of Your Personal Information

  1. At all times we try to only collect the information we need for the particular function or activity we are carrying out.

2.1 Personal Information that we collect and store

  1. We may collect and store personal information that you give to us. Examples of such personal information include (but are not limited to): your name; address; email; phone number; age; gender; interests; or other information relevant to the functions of the Commission under the AHRC Act and other activities that we conduct.
  2. The Commission will usually only collect your personal information when you give it to us. Your personal information is generally collected directly from you.

2.2 Why your Personal Information is collected

  1. We generally collect and use your personal information so that we can perform the functions delegated to us under legislation. In addition, we may contact you in the event that you have subscribed to one of our publications or, are nominated by us, or an entity with which we jointly run a competition, (competition partner) as the winner in a competition that you have entered. We may also collect personal information so that we can provide you with information about an event, other competition, activity, or publication we organise, sponsor or are otherwise affiliated with that may be of interest to you.
  2. Occasionally we may collect your personal information when you participate in surveys run by us or run in conjunction with any entity that we may partner with (survey partner). Where you participate in surveys we will always inform you of your rights and our obligations in respect of any personal information that you provide in response to survey questions. Where we arrange for surveys to be conducted on our behalf by a survey partner, we will require our survey partner to comply with the privacy requirements in this Privacy Policy in respect of any personal information that you provide to them.

2.3 How your Personal Information is collected

  1. Your personal information is collected directly from you when you interact with us, for example when you:
    1. provide us with your details as part of a discrimination complaint that we conciliate;
    2. subscribe to one of our publications (online or otherwise);
    3. engage us to provide you with products or services relating to our activities;
    4. assist us to manage a product or service provided to you (eg attending to a request or enquiry that you may make in relation to a product or service that we provide you with or when you request that changes are made to that product or service);
    5. apply to us for a temporary exemption to anti-discrimination legislation which affects your organisation or business;
    6. submit an entry into a competition run by us or run in conjunction with a competition partner;
    7. participate in surveys run by us or run in conjunction with a survey partner;
    8. disclose your personal information an email to us or post an entry that contains your personal information on any of our websites (including social media sites and platforms);
    9. contact us; or
    10. attend an event or activity we organise, sponsor or are otherwise affiliated with.

2.4 Indirect collection

  1. The Commission will only collect your personal information from third parties in limited circumstances.  In the course of handling and resolving a complaint, review or an investigation, we may collect personal information (including sensitive information) about you indirectly from publicly available sources or from third parties such as:
    1. your authorised representative, if you have one; or
    2. applicants, complainants, respondents to a complaint or application or the third parties’ employees and witnesses.
  2. We also collect personal information from publicly available sources to enable us to contact stakeholders who may be interested in our work or in participating in our consultations.
  3. We may also collect your personal information from a third party where one of our partners or service providers notifies us that you have entered a competition or participated in a survey conducted by them. If we do collect personal information in this manner, we will ensure that you have been notified of: who we are; why your personal information has been collected; our obligations under any applicable Australian privacy laws; and how to access this Privacy Policy. When we deal with third parties, we will ask the third party to tell you that they have provided us with your personal information and direct you to this Privacy Policy.

2.5 Collecting through our websites

  1. The Commission has its own public website www.humanrights.gov.au  which has a number of sub sites. We also have a separate web blog where we allow comments. Where our websites allow you to make comments or give feedback we collect your email address and sometimes other contact details. We may use your email address to respond to your feedback. We store this personal information on servers located in Australia.
  2. We use a range of tools provided by third parties, including Google, Bing and our web hosting company, to collect or view website traffic information. These sites have their own privacy policies. We also use cookies and session tools to improve your experience when accessing our websites. The information collected by these tools may include the IP address of the device you are using and information about sites that IP address has come from, the pages accessed on our site and the next site visited. We use the information to maintain, secure and improve our websites and to enhance your experience when using them.
  3. We sometimes collect anonymous information using cookies on our website. Cookies are pieces of information that a website transfers to your computer's hard disk. Cookies in and of themselves do not identify users personally but they do allow the tracking of an individual's use of a website. The use of cookies to tack traffic patterns through websites is now commonplace. Most web-browsers are set to accept cookies however; you can configure your web browser to reject cookies. If you reject cookies, you may not be able to use all of our online services.

2.6 Collecting sensitive information

  1. Sometimes we may need to collect sensitive information about you, for example, to handle a complaint or as part of a survey (this will only be done where sensitive information is reasonably necessary for or directly related to one or more of our functions or activities). This might include information about your health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, genetic or biometric information.
  2. You will not be asked to provide sensitive information unless:
    1. the information is reasonably necessary for, or directly related to, one or more of our functions or activities; and
    2. you have consented to providing us with sensitive information (your consent will be deemed when you voluntarily submit sensitive information to us); or
    3. collection of sensitive information is authorised or required by law.
  3. We will comply with all requirements under Australian privacy laws in respect of the collection, storage, and use of sensitive information.

2.7 Third Party Providers

  1. We use third party providers for some web-based services, with information stored in the United States and Europe. These include MailChimp for email subscriptions, SurveyMonkey for online surveys and Event Brite for registration at events. Please follow the hyperlinks for details on their privacy policies.

2.8 Social Networking Services

  1. We use social networking services such as Twitter, Facebook and YouTube to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These sites have their own privacy policies.

2.9 Email lists

  1. We collect your email and, if you provide it, other contact details when you subscribe to our email lists. We only use this information for the purpose of sending you regular updates on the activities of the Commission, and to administer the email lists.

2.10 Terms and conditions of competitions that we run

  1. From time to time, we also run competitions, promotions, or activities (competition/s) that are open to the public and conduct questionnaires or surveys (survey/s). If you contact us, subscribe to our publications, participate in our competitions and surveys, or elect to participate in any activities that we conduct you may choose to disclose personal information to us that we may collect and record.
  2. These activities may have their own privacy policy. In such instances, notice of that policy will be provided to you at the time your personal information is sought and that policy will override this Privacy Policy to the extent of any inconsistency. In all other instances, the terms of this Privacy Policy prevail and by interacting with us, you agree to be bound by these terms.
  3. You will be deemed to have given your consent by calling or emailing us, accessing our websites, registering on any of our websites, interacting with us and providing your personal information directly to us (eg by participating in a competition or survey run by us or in conjunction with any entity that we may partner with).

3. Use And Disclosure Of Your Personal Information

3.1 How we use your Personal Information 

  1. When you submit your personal information to us you consent to the Commission using your personal information to (among other things):
    1. administer our relationship with you in accordance with the activities that we participate in;
    2. facilitate the running of our competitions and surveys;
    3. monitor activity on our website;
    4. inform you about an event, other competition, activity, or publication we organise, sponsor or are otherwise affiliated with that may be of interest to you;
    5. assist us in implementing internal administrative purposes (eg carrying out, monitoring and analysing procedural assessments, risk management, staff training, and internal reviews);
    6. improve our website and our other publications;
    7. enforce our legal rights, including claim recovery activities and legal proceedings;
    8. where possible, protect the rights, property, or personal safety of another person;
    9. notify relevant authorities where there is a serious threat to an individual's life or to public health or safety;
    10. notify relevant authorities where there is reason to suspect unlawful activity has been engaged in;
    11. notify relevant authorities where required or authorised by law; or
    12. notify relevant authorities where required by an enforcement body.
  2. We will generally only use or disclose your personal information when it relates to the primary purpose for which it was collected. If you do not wish to receive other communications from us, please contact us on the details below so that we can update your preferences.
  3. If you provide us with your personal information via your mobile telephone number, email address, text message or instant message address or other methods of communication, you authorise us to send you information using that same method of communication.

3.2 Who we may disclose your Personal Information to

  1. We may disclose your personal information to persons within the Commission (in accordance with this Privacy Policy and the APPs). We may also provide your personal information to:
    1. any third parties we engage to provide certain functions on our behalf (such functions include: storing and managing databases; compiling raw data for analysis and research purposes; and providing professional services to us such as accounting or legal services); and
    2. any third parties that you authorise us to give your personal information to.
  2. We will never permit third parties to use, sell, or transfer your personal information for commercial purposes in any way.
  3. Occasionally, the Commission may disclose your personal information to unrelated third parties (for example, our legal or professional advisers and other government authorities or agencies). This will only occur where such disclosure is reasonably required to: obtain advice; prepare legal proceedings; investigate suspected improper conduct or wrongdoing; assist a lawful authority in the discharge of its duties; and by law.
  4. Where we hold competitions or surveys in conjunction with competition partners or survey partners, you may be contacted by those partners. We will not provide your personal information to such partners unless you have given your consent for your personal information to be provided to them.
  5. We impose strict requirements of security and confidentiality on all third parties that we deal with to ensure your personal information is handled appropriately. However, we cannot be held responsible for any misuse or unauthorised disclosure of your personal information by such third parties.

(a)Disclosure to service providers

  1. The Commission uses a number of service providers to whom we disclose personal information. These include providers that host our website servers, manage our IT and manage our human resources information. To protect the personal information we disclose we:
    1. enter into a contract or MOU which requires the service provider to only use or disclose the information for the purposes of the contract or MOU; and
    2. include special privacy requirements in the contract or MOU, where necessary.

3.3 Disclosure of Sensitive Information

  1. We only disclose your sensitive information for the purposes:
    1. for which you gave it to us;  
    2. for directly related purposes you would reasonably expect:
    3. or if you agree to such disclosure.

3.4 Disclosure of personal information overseas

  1. Generally we only disclose personal information overseas so that we can properly handle complaints that we conciliate or consider under the AHRC Act. For example, if:
    1.  the respondent to a complaint is based overseas;
    2. an Australian-based respondent is a related body corporate to an overseas company; or
    3. you have complained to an overseas entity and the Commission about the same or a related matter.
  2. Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries. For further information see Google Data Centres and Google Locations.
  3. When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.

4. Quality And Security Of Data

4.1 Quality of personal information

  1. To ensure that the personal information we collect is accurate, up-to-date and complete we:
    1. record information in a consistent format;
    2. where necessary, confirm the accuracy of information we collect from a third party or a public source;
    3. promptly add updated or new personal information to existing records; and
    4. regularly audit our contact lists to check their accuracy.
  2. We also review the quality of personal information before we use or disclose it.

4.2 Storage and security of personal information

  1. The Commission is committed to keeping secure data that you provide to us and we will take all reasonable precautions to protect your personal information from loss, misuse, or alteration. Personal information held by us is protected by a number of physical and electronic safeguards including restricted access to storage areas and computer databases. We will take all reasonable steps to keep your personal information secure and confidential once it is no longer in use. We do this by:
    1. regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure that information; and
    2. conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.
  2. For further information on the way we manage security risks in relation to personal information we hold see our supplementary material on information technology security practices, below.
  3. We will also take reasonable steps to de-identify your personal information before it is passed on to third parties (eg in situations where you have agreed the use of your personal information to compile raw data for research purposes).

5. Access To Your Personal Information

5.1 Accessing and correcting your personal information

  1. Under the Privacy Act (Australian Privacy Principles 12 and 13) you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
  2. We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.
  3. If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
  4. If we refuse to correct your personal information, you can ask us to associate with it (for example, attach or link) a statement that you believe the information is incorrect and why.
  5. You also have the right under the FOI Act to request access to documents that we hold and ask for information that we hold about you to be changed or annotated if it is incomplete, incorrect, out-of-date or misleading.

6. Your Anonymity

  1. Where possible, we will allow you to interact with us anonymously or using a pseudonym. For example, if you contact our Enquiries line with a general question we will not ask for your name unless we need it to adequately handle your question. However, for most of our functions and activities we usually need your name and contact information and enough information about the particular matter to enable us to fairly and efficiently handle your inquiry, request, complaint or application.

7. How We Deal With Complaints about Privacy issues

  1. If you wish to complain to us about how we have handled your personal information you should complain in writing. If you need help lodging a complaint, you can contact us.
  2. If we receive a complaint from you about how we have handled your personal information we will determine what (if any) action we should take to resolve the complaint.
  3. If we decide that a complaint should be investigated further, the complaint will usually be handled by a more senior officer than the officer whose actions you are complaining about.
  4. We will assess and handle complaints about the conduct of an Commission officer using the APS Values and Code of Conduct and the guidelines issued by the Australian Public Service Commission.
  5. We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days.
  6. If you are not satisfied with our response you may ask for a review by a more senior officer within the Commission (if that has not already happened) or you can complain to the Commonwealth Ombudsman.

8. Our Contact Details

  1. You can contact us by: Email: communications@humanrights.gov.au Telephone: (02) 9284 9600
    Complaints Infoline: 1300 656 419
    General enquiries and publications: 1300 369 711
    TTY: 1800 620 241
    Fax: (02) 9284 9611
    Post: GPO Box 5218 Sydney NSW 2001.