Geoscience Australia privacy policy

Last updated:7 June 2023

Summary

  • We collect some personal information to provide you with better service.
  • This is shared with third parties in limited circumstances.
  • We will never sell or use your personal information for commercial purposes.

Introduction

As an Australian Government entity, Geoscience Australia (we, our, us) is bound by the Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs). These regulate how:

  • we collect, use, store and disclose personal information, including sensitive information
  • individuals may access and correct records containing their personal information.

We define “personal information” the same way as the Privacy Act. Generally, it is any information that can be used to identify you, whether or not the information is true.

We respect your right to privacy under the Privacy Act and comply with Privacy Act requirements about how we collect and manage your personal information.

This document is our privacy policy and it tells you generally:

  • what types of personal information we collect
  • how we collect, use, store and disclose personal information
  • the way in which you can access and correct your personal information
  • how you can make an inquiry or complaint.

When we collect information from you, you will generally be provided with a collection notice about the specific types of personal information we are collecting at that time, why we are collecting your personal information, how we will use, store and disclose your personal information, and how you can access and correct your personal information.

What personal information we collect and why we collect it

We collect personal information so we can use it in performing our functions and activities. We should tell you the specific reason why we need to collect your information at the time we collect it. Our most common reasons include:

  • managing our employees, contractors and visitors
  • conducting our scientific operations
  • providing products and services to members of the public
  • responding to queries, requests and complaints
  • complying with Australian laws, regulations and court orders.

Most of the scientific data we collect is not personal in nature, but we do perform a small social science function that collects personal information in line with the Privacy Act and strict academic ethics guidelines.

We do not administer any legislation that requires us to collect personal information, but we may collect your personal information to comply with other legislation.

We should tell you the types of information we will be collecting at the time we collect it. The following points give a general overview of the types of information we might collect from you.

If you are an employee, we will collect information about your:

  • identity
  • contact details
  • health
  • pay and entitlements
  • tax file number
  • next of kin
  • qualifications
  • employment history
  • performance
  • background, including criminal history.

If you are a contractor, associate or visitor to our office, we may collect information about your:

  • identity
  • contact details
  • qualifications
  • employment history
  • background, including criminal history.

If you sign up to a mailing list, we will collect your:

  • name
  • contact details.

If you are purchasing products from us, we will collect your:

  • name
  • contact and delivery details
  • order details
  • credit card information (if you order over the phone).

If you are visiting our website or a web service we may collect information about your interaction using cookies and clickstream data.

If you interact with us on social media, we may collect the information that is publicly visible on your account.

If you are a stakeholder we are working with, we may collect:

  • your name
  • your contact details
  • other information relevant to our work together.

We understand that from time to time you may not want to provide this information to us; you may withhold providing your personal information. However, doing so may mean that we are not able to provide you with the products and services you require, or a high level of service. If it will be impracticable for us to deal with you anonymously or using a pseudonym, we will normally ask you to identify yourself so we can carry out our functions and activities.

Sensitive personal information

We collect limited amounts of sensitive personal information.

If you are an employee, prospective employee, contractor or require unescorted access to our facility we will collect information about your criminal history through a police records check. Access to this information is strictly controlled and is only used in assessing your suitability for employment or access.

If you are performing field work for us we will collect health information and share this with the team leader to ensure that any illness or injury that occurs during field work can be appropriately managed.

Email mailing lists

We use Swift Digital, an online marketing platform service provider to send and manage emails. In using this service, Swift Digital collects personal information that may contain email addresses and other information to be used for the distribution of email campaigns and other information.

All information collected using the Swift Digital service remains our property and is never shared or used by third parties.

Swift Digital maintains your data in compliance with the Spam Act 2003 and the APPs.

All data held by Swift Digital is maintained within Australia and never leaves Australian jurisdiction. Where stipulated data is encrypted in transit using SSL connections. All data stored via Swift Digital is encrypted at rest.

Should you wish to contact Swift Digital, you can find contact details on their website.

How we collect your personal information

Most of the time we will collect your personal information directly from you, either in writing, over the phone or through an online form or system.

Sometimes, we may also collect your personal information from third parties including, but not limited to:

  • other government entities
  • our service providers
  • law enforcement agencies.

We will only collect your personal information from a third party or a private source if:

  • you consent; or
  • we are required or authorised to collect the information under an Australian law or a court/tribunal order; or
  • it is not reasonable or practicable for us to collect the information directly from you.

In rare circumstances, we may receive personal information we did not request. If this happens, we will handle the information in accordance with the Privacy Act.

Why we disclose your personal information

We will only disclose your personal information for the purposes it was collected and in accordance with the Privacy Act.

For specific details about to whom we may disclose your personal information and the reasons for doing so, please read the collection notice we provide when we request or collect your information.

We generally disclose personal information to third parties to:

  • facilitate a service on our behalf, such as
    • ICT and cloud computing services
    • delivering a good or service to you
    • processing information, such as financial information
    • managing our human resources
    • marketing and research
  • facilitate a service on your behalf, such as financial services
  • comply with an Australian law, regulation or court order.

Some of the third parties we disclose personal information to may be located overseas. As required by the Privacy Act, we take reasonable steps to ensure that overseas recipients of your personal information do not breach their or our privacy obligations.

We will not share or disclose your personal information without your consent other than as described in the collection notice or as required or allowed by law.

Privacy Impact Assessments

A privacy impact assessment is a systematic assessment of a project that identifies the impact the project might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact.

Privacy Impact Assessments Register

In accordance with s. 15(1) of the Privacy (Australian Government Agencies – Governance) APP Code 2017, we are required to maintain a register of all Privacy Impact Assessments completed.

This register was last updated on 16 November 2022.

Reference Number Project Name Project Description Date PIA Approved
D2019-80163 SSL Inspection implementation SSL inspections will be implemented to help mitigate the risk of cyber attacks 27/8/2019
D2019-85435 Airborne geographical acquisition Capture new baseline geoscientific datasets to provide further information on the geological context and setting for mineral and groundwater systems (see D2021-59183 ‘Airborne geophysics programs’ for an updated assessment) 28/8/2019
D2020-136446 Newcastle felt report transcription project Produce de-identified and transcribed felt report data from the 1989 Newcastle earthquake for use in earthquake impact research 20/11/2020
D2020-136447 Analysis of portal usage statistics – AusSeabed persona Analyse information about downloads from the Geoscience Australia Portal to produce statistics and reports on portal usage 23/11/2020
D2020-142576 Southern Positioning Augmentation Network (SouthPAN) SouthPAN will deliver enhanced positioning, navigation and timing satellite services 18/12/2020
D2021-6018 Industry Engagement on the Adoption of Precise Positioning Information A survey of the Australian positioning community to research user requirements and use cases 1/2/2021
D2021-15730 Cyber Security Awareness Training Platform Delivery of cyber security awareness training and phishing simulations using a training platform 16/3/2021
D2021-30861 Interim Service Management Tool Transition to a new service management tool for incident, request, change and problem management (see D2022-21518 for an updated assessment) 20/5/2021
D2021-43733 Scientific Capability and Capacity Deep Dive A survey of staff capabilities and capacities to help determine how the entity is placed to achieve its strategic targets 2/7/2021
D2021-59183 Airborne geophysics programs Temporary capture of video footage for airborne geophysics surveys to aid in resolving claims of disturbance to landholder operations 28/9/2021
D2021-61135 Employee Assistance Program portal Access to the LifeWorks platform, a new and improved Employee Assistance Program portal for all staff to access 8/10/2021
D2022-2264 Guide to COVID-19 Vaccinations Considers the possible impacts on individuals’ privacy through the handling of information about their COVID-19 vaccination status 14/12/2021
D2022-21518 Enterprise Service Management Tool Enhancements to the interim service management tool (see D2021-30861) to support a broader range of service requests and asset management functions 19/4/2022
D2022-46792 Colouring Competition Considers collection of personal information for a small scale colouring competition at a pop-up stall during National Science Week 12/8/2022
D2022-67909 Electronic Access Control System (EACS) and Closed-Circuit Television (CCTV) Upgrade – Symonston and Alice Springs sites Replacing and upgrading the EACS and CCTV systems at GA’s Symonston and Alice Springs sites. 20/5/2022

Security

We maintain your personal information in a secure environment. We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification and disclosure. We destroy or de-identify personal information when we no longer need it, in accordance with the requirements of the Archives Act 1983.

However, as our website is linked to the Internet, we cannot guarantee that the information you supply will not be intercepted while being transmitted over the Internet. Any personal information or other information that you send to us is transmitted at your own risk.

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices. We encourage you to examine each website’s privacy policy.

If you have a concern in this regard, we might be able to obtain and provide information another way, such as mail, telephone or facsimile.

How you can access and correct your personal information

You may request access to any personal information we hold about you at any time by either directly contacting the team responsible for the information (if you know who they are) or by contacting us, using the contact information below.

Where we hold information that you are entitled to access, we will provide it to you by a suitable means (e.g. by mailing or emailing it to you). We will not charge you for providing the information.

If you believe that personal information we hold about you is incorrect or incomplete, you may request to have it amended. We will consider whether the information requires amendment. If so, we will do so without charging you. In the unlikely event that we do not agree that there are grounds for amendment, we will give you written notice of the reasons for the refusal within 30 days of receipt of your request, together with information about how you may seek review if you do not agree with our decision. Before correcting personal information we may require verification of your identity.

There may be rare instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if required or authorised to refuse access under Commonwealth legislation. If that happens, we will give you written notice of the reasons for the refusal within 30 days of receipt of your request, together with information about how you can complain about our refusal if you wish to do so.

How to contact us about a complaint or possible breach of privacy

If you would like to make a complaint or believe there has been a breach regarding your personal information we hold, please contact us using the contact information below and provide details of the incident so that we can investigate it.

When we receive a complaint or notification of a possible breach, we will conduct internal inquiries. We will deal with your complaint as quickly as possible and will keep you informed of its progress. Once we have completed our internal inquiries, we will advise you of the outcome in writing.

If the breach is an ‘eligible data breach’ under the Notifiable Data Breaches scheme, we will also notify the Australian Information Commissioner.

If you are not happy with the response we provide, you can make a complaint to the Office of the Australian Information Commissioner (OAIC). Information on how to make a complaint can be found on the OAIC website.

Contacting us

If you have any other questions about this privacy policy, please use the Contact link on our website or contact our Privacy Officer via the details set out below.

Requests and complaints will be treated confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner. Please contact our Privacy Officer at:

Privacy Officer
Geoscience Australia
GPO Box 378
Canberra ACT 2601

General Inquiries: 1800 800 173
Facsimile: 02 6249 9999
Email: legalservices@ga.gov.au

Changes to our privacy policy

We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website.

This privacy policy was last updated on 7 June 2022.

For download