Privacy statement

‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

‘Sensitive information’ is a subset of personal information and includes information or an opinion about an individual’s:

• racial or ethnic origin
• political opinions
• religious beliefs or affiliations
• philosophical beliefs
• sexual orientation
• criminal record
• health information
• genetic information.

You can learn more about the Privacy Act, APPs and the Privacy Code on the website of the Office of the Australian Information Commissioner (OAIC).

Why we collect personal information

ORIC may collect personal information about you when it is reasonably necessary for, or directly related to, one or more of our functions or activities.

ORIC collects personal information for purposes that include:

• invitations for public submissions, consultations and feedback on review or reform processes
• invitations to subscription services so individuals who subscribe can get information from ORIC
• undertaking recruitment, establishing and maintaining employment records and facilitating travel
• facilitating events, official visits and registrations and attendance at community consultations
• facilitating appointments
• coordinating responses and providing recovery assistance in relation to a time of emergency or disaster
• administering programmes and grants
• processing and assessing applications made to ORIC
• managing complaints and enquiries
• investigating fraud, including internal fraud.

ORIC may collect sensitive information about you where you consent, when the collection is authorised or required by law, or where the collection is otherwise allowed under the Privacy Act.

What we collect

In performing our functions, ORIC may collect and hold information about you, such as your:

• name
• phone number
• email
• address
• date of birth
• gender.

Information about your personal circumstances, such as your:

• cultural and linguistic background
• education status
• financial situation (e.g. payment details, bank account details)
• citizenship and visa status
• passport, drivers licence and travel movements
• disabilities
• family circumstances (including spouses, carers and dependents)
• information about employment (e.g. employment status and work history, education status, qualification, performance, referee comments, salary)
• government identifiers (e.g. tax file number).

Information about your interactions with us, such as through:

• the services, grants and funding we provide
• feedback, surveys and complaints
• consultations
• physical and virtual events that we hold
• the web pages you visit.

We may also collect information about how you use our online services and applications. For example, we use social networking services such as Twitter and LinkedIn to talk with the public and our staff. When you talk with us using these services we may collect your personal information to communicate with you and the public. These social networking services will also handle your personal information for their own purposes. These services have their own privacy policies. You can access the privacy policies for these services on their websites.

Sometimes ORIC may need to collect sensitive information about you. This could include information about your health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, genetic or biometric information. We will only collect your sensitive information where:

• you consent
• we are authorised or required by law to do so
• collection is otherwise allowed under the Privacy Act.

In some circumstances, we may collect your biometric information such as audio recording of your voice or visual recordings of your person, usually with your consent. You will be expressly advised before such collections occur.

How we collect personal information

ORIC may collect personal information from a person directly, or their authorised representative, or via a third party if permitted by law. We may collect personal information in a range of ways, including through surveys, email and phone communication, forms or notices, online portals, and via our website.

How we safeguard personal information

ORIC takes its obligations to protect the personal information it holds seriously. We take reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:

• classifying and storing records securely as per Australian government security guidelines
• ensuring internal access to information is on a ‘need to know’ basis, and only by authorised personnel
• monitoring system access which can only be accessed by authenticated credentials
• ensuring our buildings are secure
• regularly updating and auditing our storage and data security systems.

When personal information is collected from a third party, we take steps to inform you of the collection. This may occur through this Privacy Policy, notices or discussions with our staff.

If personal information we hold is lost, or subject to unauthorised access or disclosure, we will respond in accordance with ORIC’s Data Breach Response Plan and the OAIC’s Data breach preparation and response — a guide to managing data breaches in accordance with the Privacy Act. We aim to provide timely advice to affected individuals if a data breach is likely to result in serious harm.

How we use and disclose information

ORIC may use and disclose collected personal information for the purpose it was first collected. We will take reasonable steps to give you information about the reason for collection at the time of collection, or as soon as possible. ORIC will only use and disclose your personal information for a secondary purpose if APP 6 allows it. Regulation 9.2 of the Public Service Regulations 1999 provides authority for personal information about APS employees to be disclosed by ORIC in the exercise of certain powers.

ORIC may disclose personal information to overseas entities (such as a foreign government or agency) where this is a necessary part of our work. We will only do this with your consent or in other circumstances allowed by APP 8.

We may also use third party providers or websites such as Twitter, Mailchimp, LinkedIn, Vimeo and others to deliver or otherwise communicate content. Such third-party sites have their own privacy policies and may send their own cookies to your computer. We do not control the setting of third-party cookies and suggest you check the third-party websites for more information about their cookies and how to manage them.

Under our shared services arrangements with the National Indigenous Australians Agency (NIAA) and the Department of Prime Minister and Cabinet (PM&C), we may share relevant personal information with NIAA and PM&C for the purpose of NIAA and PM&C providing shared services.

Website analytics

To improve your experience on our site, we may use 'cookies'. Our website also uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

By using this website, you consent to the processing of data about you by Google in the manner described in Google's Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google. Our website may also contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other sites. When you go to other websites from here, we advise you to be aware and read the respective privacy policies.

Accessing and correcting personal information

You have a right to request access to personal information we hold about you, and to request its correction. We will respond to requests for access or correction within 30 days.

The Privacy Act allows us to refuse access in certain cases, including where an exemption under the Freedom of Information Act 1982 (FOI Act) would apply.

Where we have refused access, we will give you reasons for that refusal in writing. We will also provide you with information about how you can dispute the decision.

To request access to, or correction of, your personal information please contact our Privacy Officer at info@oric.gov.au. Discussing your request with our Privacy Officer will help us give you early guidance about your request. This may include guidance about whether your request is best dealt with under the Privacy Act, the FOI Act or another arrangement.

How to make a privacy complaint

If you are not satisfied with how we have collected, held, used or disclosed your personal information, you can make a formal complaint to our Privacy Officer.

Your complaint should include:

• a short description of your privacy concern
• any action or dealings you have had with ORIC staff to address your concern
• your preferred contact details so we can contact you about your complaint.

If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the OAIC.

The OAIC can receive privacy complaints through:

• the online Privacy Complaint form (refer to the OAIC’s website)
• by email (email that is not encrypted can be copied or tracked) at enquiries@oaic.gov.au
• by mail:

Office of the Australian Information Commissioner 
Sydney Offices 
GPO Box 5218 
Sydney NSW 2001

(if a person has concerns about postal security, they might want to consider sending their complaint by registered mail)

How to contact our Privacy Officer 

Contact ORIC’s Privacy Officer if you want to:

• ask questions about our Privacy Policy, or if you need a copy of this Policy in an alternative format
• obtain access to, or seek correction of your personal information that ORIC holds
• make a privacy complaint about ORIC.

Email: info@oric.gov.au

Phone: 1800 622 431

Post: 

The Privacy Officer 
ORIC 
PO Box 29
Woden ACT 2606 

We review this Policy regularly and may update it from time to time.

Privacy Impact Assessment Report Register

The ORIC Privacy Impact Assessment (PIA) Register records details of PIAs conducted in accordance with the Privacy (Australian Government Agencies-Governance) APP Code 2017.