About this policy
This policy applies to personal information collected by the Department of Home Affairs.
Our department is bound by the provisions of the Privacy Act 1988, including the Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for how we handle and maintain people's personal information. This includes how we collect, store, use, disclose, quality assure and secure personal information, as well as your rights to access or correct your personal information.
You will generally be able to remain anonymous or use a pseudonym when interacting with us. However, it may not always possible for this to occur—for example, when we assess your eligibility for a program or service, or when we are authorised or required to deal with you as an identified individual. We will inform you if you are unable to remain anonymous or use a pseudonym when dealing with us.
Our personal information handling practices
We may collect personal information directly from you, your representative or a third party. We primarily collect information directly from you or another individual, but in certain circumstances we may also obtain personal information collected by other Australian, state and territory government bodies or other organisations.
We collect and hold a broad range of personal information in records relating to:
- individuals participating in programs and initiatives that we fund
- the management of contracts and funding agreements
- correspondence from members of the public or organisations to us, the Minister for Home Affairs, the Minister for Law Enforcement and Cybersecurity, and other Australian Government ministers and parliamentary secretaries, including submissions to consultations that we run
- complaints (including complaints relating to privacy) and feedback provided to us
- requests made to us under the Freedom of Information Act 1982
- legal advice provided by internal and external lawyers
- the performance of our legislative and administrative functions
- employment and personnel matters for our staff and contractors.
We collect this personal information in a variety of ways, including paper-based forms, online (through our websites, as well as email), over the telephone and by fax.
We only collect personal information where that information is reasonably necessary for, or directly related to, one or more of our functions or activities. Generally, we will only collect sensitive information (such as health or criminal history information) if you consent and it is reasonably necessary for, or directly related to, one or more of our functions or activities. Sometimes we may collect sensitive personal information without your consent, such as when it is required or authorised by a law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Executive authority of an Australian government. We will not collect any personal information if we do not need it.
When we collect personal information, we are required under the Privacy Act to notify you of a number of matters if it is reasonable to do so. These matters include the purposes for which we collect the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information. To achieve this, we will mainly use privacy collection notices on our forms and online portals.
Kinds of personal information that we hold
The personal information we collect and hold will vary depending on what we require to perform our functions and responsibilities. It may include:
- information about your identity (eg date of birth, country of birth, passport details, visa details and drivers licence)
- name, address and contact details (eg phone, email and fax)
- information about your personal circumstances (eg age, gender, marital status and occupation)
- information about your financial affairs (eg payment details, bank account details, and information about business and financial interests)
- information about your employment (eg applications for employment, work history, referee comments and remuneration)
- government identifiers
- information about assistance provided to you under our assistance arrangements.
We may also collect or hold a range of sensitive information about you, including:
- your racial or ethnic origin
- your health (including information about your medical history and any disability or injury you may have)
- criminal activities you may have been involved in
- your biometrics (including photographs and voice or video recordings of you).
Use and disclosure of personal information
We will not give your personal information to other government agencies, private sector organisations, or anyone else unless you consent or one of the following exceptions applies:
- you would reasonably expect us to use the information for that other purpose
- it is legally required or authorised, such as by an Australian law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Executive authority of an Australian government
- it is reasonably necessary for an enforcement-related activity
- we reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary in order for us to take appropriate action in relation to the matter
- we reasonably believe that it is reasonably necessary to help locate a person who has been reported as missing
- it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim
- it is reasonably necessary for the purposes of a confidential alternative dispute resolution process
- we reasonably believe that it is necessary for our diplomatic or consular functions or activities.
We may also provide your biometric information (such as your fingerprints or photograph) or biometric templates (a digital representation of your distinct characteristics) to an enforcement body (such as an Australian police force, Australian Border Force, or the Australian Securities and Investment Commission), as long as we comply with any guidelines made by the Australian Information Commissioner.
Disclosure to overseas recipients
We may need to provide your personal information to an overseas recipient as part of our work. Wherever appropriate, we will ensure that we either have your consent or that your personal information is not identifiable.
In some cases this will not be possible or appropriate, such as when our administrative or legislative functions require that we become involved in a law enforcement matter such as a criminal investigation. We may also disclose your personal information to recipients overseas under international agreements that relate to sharing information between Australia and other countries.
If we are unable to seek your consent to provide your personal information to an overseas recipient, or it is impractical to do so, we will only provide your personal information to an overseas recipient if we are allowed to do so under the Privacy Act.
Quality of personal information
The Privacy Act requires us to take reasonable steps to ensure that the personal information we hold is safe and secure. We are also required to take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, and complete. This may include correcting your personal information where it is appropriate to do so.
We aim to protect your personal information from loss, unauthorised access, use, modification or disclosure, and against other misuse. Among other things, we safeguard our IT systems against unauthorised access, and ensure that paper-based files are secured. We also ensure that access to your personal information within our systems is only available to our staff who need to have access in order to do their work.
If a data breach occurs, such as if personal information that we hold is subject to unauthorised loss, use or disclosure, we will respond in line with the Office of the Australian Information Commissioner's Data breach notification—A guide to handling personal information security breaches. We will aim to provide timely advice to you to ensure you are able to manage any loss—financial or otherwise—that could result from the breach.
When the personal information we collect is no longer required, we delete or destroy it in a secure manner, unless we are required to maintain it because of a law, or court or tribunal order.
This situation might arise where the Archives Act 1983 requires that we maintain your personal information because it is, or forms part of, a Commonwealth record. We are also required to maintain records for certain other purposes, including where the National Archives of Australia issues a disposal freeze in response to prominent or controversial issues or events. More information on current disposal freezes is available from the National Archives of Australia website.
Accessing and correcting your personal information
You have a right to access personal information we hold about you. You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
When we can refuse a request for access or correction
We can decline access to, or correction of, personal information under circumstances set out in the Privacy Act. This includes situations where we are authorised or required to refuse access.
Generally, where we refuse to give you access, we will give you written notice of the reasons for refusal and the mechanisms available to you to dispute that decision.
Accessing your personal information under the FOI Act
It is also possible to access and correct documents held by us under the Freedom of Information Act 1982 (the FOI Act). In some circumstances we will suggest that you make your request for personal information under the FOI Act. This is because:
- an FOI access request can relate to any document in our possession and is not limited to your personal information
- the FOI Act contains a consultation process for dealing with requests for documents that contain personal or business information about another person
- you can complain to the Office of the Australian Information Commissioner about what we do under the FOI Act
- if you are refused access under the FOI Act you have a right to apply for internal review or Information Commissioner review of the access refusal decision.
Find out more information about how to make a request under the FOI Act on the Freedom of Information page. You can also make a request by emailing firstname.lastname@example.org.
How to contact us
- telephone our Global Feedback Unit on 133 177 during business hours
- complete an online feedback form
- write to:
Global Feedback Unit
GPO Box 241
MELBOURNE VIC 3001
We will respond to your request or complaint promptly if you provide your contact details. We take all complaints seriously and are committed to a quick and fair resolution. We will not take the fact that you have made a complaint into consideration when we perform any of our other functions or activities.
We will not charge you to access your personal information under the Privacy Act. However, there may be a charge involved for us to process a request under the FOI Act that goes beyond a request for your own personal information.
You may also make a complaint to the Office of the Australian Information Commissioner (OAIC). If you do so, the OAIC may recommend that you try to resolve your complaint directly with us in the first instance. The OAIC can be contacted on 1300 363 992 or via the Office of the Australian Information Commissioner website. The website also contains further information about making complaints relating to privacy.
What happens when you visit our website
Protecting your privacy online
The Department of Home Affairs is committed to protecting privacy online in accordance with the Guide to securing personal information issued by the OAIC.
While every effort is made to secure information transmitted to this site over the internet, there is a possibility that this information could be accessed by a third party while in transit.
When you visit this site, our server logs the following information:
- the type of browser and operating system you are using
- your top level domain name, such as .com, .gov, .au, .uk
- the address of the referring site, such as the previous site that you visited
- your server's IP address, a number which is unique to the machine through which you are connected to the internet—usually one of your service provider's machines
- the date and time of your visit
- the address of the pages accessed and the documents downloaded.
This information is used only for statistical analysis and systems administration purposes. No attempt is made to identify users or their browsing activities. The exception is where a law enforcement agency is undertaking an investigation and has legal authority to identify users and/or their browsing activities.
A cookie is an electronic token that is passed to your browser which passes it back to the server whenever a page is sent to you.
Our server generates one cookie. It is used to keep track of the pages you have accessed while using our server. The cookie allows you to navigate back and forwards through the web site and return to pages you have already visited. The cookie exists only for the time you are accessing our server.
In addition to web server logs, this website uses Google Analytics, a web analytics service provided by Google Inc. Reports obtained from Google Analytics are used to help improve the efficiency and usability of this web site.
Google Analytics uses 'cookies' to help analyse how users use this site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Google will use this information for the purpose of evaluating the use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
Search terms you enter when using our search engine are collected, but are not associated with any other information that we collect. We use these search terms to ascertain what people are looking for on our site and to improve the services we provide.
Interaction between this site and other sites
This site contains links to other sites. This website may also use social sharing tools to make it easy to share information—for example, incorporating Facebook tools, so that users can 'Like' content. These other sites may use web measurement tools, customisation technologies and persistent cookies to inform the service they provide to their users.
Our department is not responsible for the privacy practices or the content of other sites.
We do not use, maintain or share personally identifiable information made available through social media sites including Facebook and YouTube. You should consult the privacy policies of these sites for further information.