Published 28 August 2017
.au Domain Administration Ltd (ABN 38 079 009 34) (auDA) is committed to protecting privacy, in accordance with the Privacy Act 1988 (Cth) and other applicable privacy legislation.
What is personal information?
“Personal information” means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is either identified or reasonably identifiable.
auDA is required to comply with the Australian Privacy Principles (APPs) in the Privacy Act. The APPs regulate how personal information is handled throughout its lifecycle, from collection to use and disclosure, storage, accessibility and disposal.
TYPE OF PERSONAL INFORMATION COLLECTED BY auDA
The type of personal information that auDA collects about you depends on the type of dealings you have with us. For example, if you:
a) tender to become a registry operator, we will collect the name and contact details of the applicant's contact person, the names of all directors, officers and senior management staff of the applicant and the name and contact details of a contact person at the applicant's bank or financial institution;
b) apply to become an auDA Accredited Registrar, we will collect the name and contact details of the applicant's contact person, the names of all directors, officers and senior management staff of the applicant and the name and contact details of a contact person at the applicant's bank or financial institution;
c) are notified to us as a reseller of an auDA Accredited Registrar, we will collect your name and contact details from the registrar that appointed you;
d) apply to become a member of auDA, we will collect your name, postal address, contact details, membership class and payment details;
e) make a complaint (or are the subject of a complaint) under auDA’s Complaints Policy, we will collect your name and contact details and information about the substance, progress and outcome of the complaint;
f) send us an enquiry or provide us with feedback, we may collect your name, contact details, details of your enquiry or feedback and information about our response;
g) send us a submission as part of a policy consultation process that we are conducting, we will collect your name, contact details and details of your submission;
h) participate in a survey in relation to the .au domain, we will collect your name, contact details and the responses you provide to our survey questions;
i) apply for an auDA Foundation grant, we will collect your name, contact details, details of your application and information about our response;
j) register to attend an event hosted by us, auDA will collect your name, contact details and payment details;
k) apply for a job with auDA, we will collect the information you include in your job application, including your cover letter, resume, contact details and referee reports; and
l) access the auDA website, we will collect your Internet Protocol (IP)address
“Sensitive information” is a subset of personal information that is generally afforded a higher level of privacy protection, such as health information and information about an individual’s criminal record. auDA only collects sensitive information where it is reasonably necessary for our functions or activities and either:
- the individual has consented; or
- we are required or authorised by or under law (including applicable privacy legislation) to do so.
For example, we may collect information about whether the directors, officers or relevant staff of an applicant for registry operator appointment or registrar accreditation have been convicted of a criminal offence.
HOW auDA COLLECTS PERSONAL INFORMATION
auDA collects personal information in a number of ways, including:
a) through our websites;
b) on hard copy forms;
c) over the telephone;
d) in person;
e) through written communications (including letter, fax and email); and
f) from third parties, including:
- the registry and registrars;
- third parties contacted by auDA to verify the information contained in applications; and
- third parties contacted by auDA where relevant to our complaints handling processes.
PURPOSES OF COLLECTION
auDA collects personal information about you for the purpose of administering and managing the .au domain space.
auDA may collect personal information to:
a) appoint and license registry operators;
b) accredit and license registrars;
c) maintain publicly available online databases, including:
- a public Reseller Search Tool containing the names of resellers that have been appointed by a registrar, and
- auDA’s Membership List, containing the name and membership class
d) conduct policy consultation processes;
e) administer the .au Dispute Resolution Policy and auDA’s Complaints Policy;
f) process applications for membership of auDA and administer membership;
g) process applications for auDA Foundation grants;
h) deal with consumer enquiries and complaints;
i) refer individuals and/or complaints to another regulatory authority;
j) canvass stakeholders for their views, opinions and suggestions in relation to the .au domain space; and
k) consider applications for employment with auDA.
auDA will only collect personal information which is reasonably necessary for one or more of our functions or activities.
USE AND DISCLOSURE OF PERSONAL INFORMATION
auDA uses and discloses personal information for the purposes outlined above. As most information is collected directly from the relevant individual, that individual will normally be aware of the purpose of the collection.
auDA may also use or disclose personal information for other purposes explained at the time of collection or where:
a) the use or disclosure is consented to by you (the individual);
b) the use or disclosure of the information is required or authorised by or under an Australian law or court or tribunal order; and
c) we believe that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
auDA may share personal information with third parties where appropriate for the purposes set out above, including:
a) financial institutions for payment processing;
b) referees whose details are provided to auDA by job applicants; and
c) our contracted service providers, including:
- information technology and data storage providers;
- function and event organisers
- marketing and communications agencies
- research and statistical analysis providers
- external business advisors (such as recruitment advisors, auditors and lawyers).
In each case, auDA may disclose personal information to the service provider and the service provider may in turn provide auDA with personal information collected in the course of providing the relevant products or services.
auDA may use your personal information to keep you informed and up to date about what is happening at auDA, including events, news and decisions. Where you have consented to receiving communications from auDA, that consent will remain current until you advise otherwise. You can opt out at any time.
People who subscribe to one of auDA's mailing lists (such as the auDA Announcements List) may decide at any time to unsubscribe from the list. Instructions for unsubscribing will appear in the footer of all list emails, or you can contact us.
CROSS BORDER DISCLOSURE OF PERSONAL INFORMATION
auDA may disclose personal information to an overseas entity for the purpose of administering and managing the .au domain. Before auDA discloses personal information about an individual to an overseas entity, we will take such steps as are reasonable to ensure that the overseas entity does not breach the Australian Privacy Principles in relation to that information.
However, auDA may disclose personal information to an overseas recipient where we reasonably believe that the overseas recipient is subject to a law or binding scheme, that has the effect of protecting the information in a way that is at least substantially similar to the ways in which the APPs protect the information and mechanisms can be accessed by the individual to enforce that protection of the law or binding scheme.
auDA may also disclose personal information to an overseas entity where that disclosure is required or authorised by or under an Australian law or a court or tribunal order or where the disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim or for the purposes of a confidential alternative dispute resolution process.
PROTECTION OF PERSONAL INFORMATION
auDA holds personal information in a number of ways, including in hard copy documents, electronic databases (including databases published online), email contact lists and in paper files held in drawers and cabinets.
auDA endeavours to maintain the security and integrity of all facilities in which personal information is stored. This extends to protecting personal information from misuse, interference and loss, as well as from unauthorised access, modification and disclosure.
The steps auDA takes to secure the personal information it holds include website protection measures (such as firewalls and anti-virus software), security restrictions on access to computer systems (such as login and password protection), controlled access to our corporate premises, policies on document storage and security, personnel security (including restricting access to personal information on our systems to staff who specifically require that access to carry out their work responsibilities), staff training and workplace policies.
Commercially sensitive information (for example, information provided by a prospective registrar for the purpose of accreditation) will held by auDA staff and will not be disclosed to any director of the auDA Board.
All personal information will only be retained for a reasonable period of time.
ACCESS AND CORRECTION OF PERSONAL INFORMATION
auDA is committed to processing personal information promptly and accurately. As part of this commitment, individuals may request access to the personal information auDA holds about them and request correction of that information.
Requests for access or correction should be directed to auDA's Privacy Officer. auDA reserves the right to refuse a request if it is vexatious or frivolous, or if we are legally entitled to do so.
If you have a complaint about how auDA has collected or handled your personal information, please contact us. We will endeavour in the first instance to deal with your complaint and take action to resolve the matter.
If your complaint cannot be resolved at the first instance, we will ask you to lodge a formal complaint in writing, explaining the circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how you believe your complaint should be resolved.
auDA will acknowledge receipt of your formal complaint and indicate the timeframe that you can expect a response. auDA will endeavour to resolve the complaint as quickly as possible, but if the matter is complex and our investigation may take longer, we will let you know when we expect to provide our response.
If you are unhappy with auDA's response, you may refer your complaint to the Office of the Australian Information Commissioner or, in some instances, other regulatory bodies, such as the Victorian Health Services Commissioner or the Australian Communications and Media Authority.
auDA’S CONTACT DETAILS
Please contact auDA if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details are set out below:
1300 732 929 (Within Australia)
+61 3 8341 4111 (International)
+61 3 8341 4112