The Community Grants Hub, implemented by the Department of Social Services (DSS) delivers grant administration services to Australian Government client agencies and organisations who primarily deliver grant programs to individuals and the community sector.
You should read this policy if you are:
- an individual whose personal information may be given to or held by a Commonwealth Government agency
- a contractor, consultant, supplier or vendor of goods or services to a Commonwealth Government agencies
- a service provider funded to deliver services under a Grant Agreement
- a person seeking employment with a Commonwealth Government agency
- a person who is or was employed by a Commonwealth Government agency.
1.2 The Privacy Act 1988
The Privacy Act 1988 (the Privacy Act) regulates how Commonwealth and ACT public sector agencies and certain private sector organisations can collect, hold, use and disclose personal information, and how you can access and correct that information.
- ‘Personal information’ is information in any form that can identify a living person.
The Privacy Act applies only to information about individuals, not to information about corporate entities such as businesses, firms or trusts. Detailed information on the Privacy Act can be found on the Office of the Australian Information Commissioner (‘OAIC’) website.
1.3 Commonwealth Government agencies and privacy
In performing its functions and administering its legislation, Commonwealth Government agencies may collect, hold, use or disclose your personal information. Agencies take privacy seriously and will only collect, hold, use and disclose your personal information in accordance with the Privacy Act.
If an agency does not receive personal information about you the Privacy Act will not apply.
1.4 Remaining anonymous or using a pseudonym
The Commonwealth Government understands that anonymity is an important element of privacy and some members of the public may wish to be anonymous when interacting with an agency.
The Commonwealth Government also understands some members of the public may wish to use a pseudonym.
Generally, members of the public will have the right to remain anonymous or adopt a pseudonym when dealing with a Commonwealth Government agency. However, it is not always possible to remain anonymous or adopt a pseudonym and the agency will inform you when this is the case.
1.6 Information held by contractors
Under the Privacy Act, Commonwealth Government agencies are required to take contractual measures to ensure contracted service providers (including sub-contractors) comply with the same privacy requirements applicable to Commonwealth Government employees.
2. The Commonwealth Government’s personal information handling practices
2.1 Collection of personal information
Personal information about you may be collected by a Commonwealth Government agency from you, your representative or a third party. Agencies generally use forms, online portals and other electronic or paper correspondence to collect this information.
Information may be collected directly by an agency or by people or organisations acting on behalf of the agency (e.g. contracted service providers). An agency may also obtain personal information collected by other Commonwealth agencies, state or territory government bodies, or other organisations.
From time to time, personal information is provided to an agency by members of the public without being requested.
Commonwealth Government agencies collect and hold a broad range of personal information in records relating to:
- employment and personnel matters for staff and contractors (including security assessments)
- the performance of their legislative and administrative functions
- individuals participating in Commonwealth Government funded programs and initiatives
- the management of contracts and grant agreements
- the management of fraud and compliance investigations
- the management of audits (both internal and external)
- correspondence from members of the public to an agency and its Ministers and Parliamentary Secretaries
- complaints (including privacy complaints) made and feedback provided to an agency
- requests made to an agency under the Freedom of Information Act 1982 (Cth)
- the provision of legal advice by internal and external lawyers.
An agency will not ask you for any personal information that it does not need. The Privacy Act requires that an agency should collect information for a purpose that is reasonably necessary for, or directly related to, a function or activity of that agency.
When agencies collect personal information, they are required under the Privacy Act to notify you of a number of matters. These include the purposes for which the information is collected, whether the collection is required or authorised by law, and any person or body to whom the agency usually discloses the information. Agencies generally provide this notification by having Privacy Notices on their paper-based forms and online portals.
2.2 Some personal information may be protected by other legislation
Some personal information collected by an agency may be protected under secrecy provisions in its portfolio legislation (e.g. the Aged Care Act 1997, the social security law, the family assistance law). These secrecy provisions contain rules for the collection, use and disclosure of information (which may include personal information) governed by the relevant legislation. These rules operate alongside the rules in the Privacy Act. A full list of agencies’ portfolio legislation can be found in the current Administrative Arrangements Order available from the Department of Prime Minister and Cabinet website.
2.3 Kinds of personal information collected and held
In performing its functions, Commonwealth Government agencies collect and hold the following kinds of personal information (which will vary depending on the context of the collection):
- name, address and contact details (e.g. phone, email and fax)
- photographs, video recordings and audio recordings of you
- information about your personal circumstances (e.g. marital status, age, gender, occupation, accommodation and relevant information about your partner or children)
- information about your financial affairs (e.g. payment details, bank account details and information about business and financial interests)
- information about your identity (e.g. date of birth, country of birth, passport details, visa details, drivers licence, birth certificates, ATM cards)
- information about your employment (e.g. work history, referee comments, remuneration)
- information about your background (e.g. educational qualifications, the languages you speak and your English proficiency)
- government identifiers (e.g. Centrelink Reference Number or Tax File Number)
- information about assistance provided to you under DSS funding arrangements
- information about entitlements under agencies’ portfolio legislation.
On occasions, a range of sensitive information may also be collected or held about you, including information about:
- your racial or ethnic origin
- your health (including information about your medical history and any disability or injury you may have)
- any criminal record you may have.
2.4 How Commonwealth Government agencies collect and hold personal information
Commonwealth Government agencies use several methods to collect personal information including:
- paper-based forms
- electronic forms (including online forms)
- face to face meetings
- telephone communications
- email communications
- communications by fax
- agency websites
- agency social media channels.
Agencies hold personal information in a range of paper-based and electronic records.
Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Australian Government records management regime, including the Archives Act 1983, Records Authorities and General Disposal Authorities to make sure your personal information is held securely.
2.5 Purposes for which personal information is collected, held, used and disclosed
Commonwealth Government agencies collect personal information for different purposes relating to their functions and activities, including:
- performing employment and personnel functions in relation to ageny staff and contractors
- performing legislative and administrative functions
- policy development, research and evaluation
- complaints handling
- program management
- contract management
- managing correspondence with the public.
Agencies use and disclose personal information for the primary purposes for which it is collected. You will be given information about the primary purpose of collection at the time the information is collected.
Agencies will only use your personal information for secondary purposes where it is able to do so in accordance with the Privacy Act.
2.6 How to seek access to and correction of personal information
You have a right under the Privacy Act to access personal information we hold about you.
You also have a right under the Privacy Act to request corrections to any personal information that a Commonwealth Government agency holds about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
However, the Privacy Act sets out circumstances in which an agency can decline access to or correction of personal information (e.g. where access is unlawful under a secrecy provision in portfolio legislation, such as the Aged Care Act 1997).
It is also possible to access and correct documents held by an agency under the Freedom of Information Act 1982 (the FOI Act). For information on this, please contact the agency’s FOI Coordinator (contact details are available on agency websites – search “Freedom of Information”).
2.7 Accidental or unauthorised disclosure of personal information
The Commonwealth Government will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information.
Agencies follow the OAIC’s Data breach notification — A guide to handling personal information security breaches when handling accidental or unauthorised disclosures of personal information.
Legislative or administrative sanctions may apply to unauthorised disclosures of personal information.
2.8 Data security
Access to personal information held by a Commonwealth Government agency is restricted to authorised employees or contractors.
Electronic and paper records containing personal information are protected in accordance with Australian Government security policies.
Agencies regularly conduct audits to ensure we adhere to our protective and computer security policies.
2.9 Our website
The Community Grants Hub website is managed internally by DSS.
Generally DSS only collects personal information from its website where a person chooses to provide that information.
If you visit the Community Grants Hub website to read or download information, DSS records a range of technical information which does not reveal your identity. This information includes your IP or server address, your general locality and the date and time of your visit to the website. This information is used for statistical and development purposes.
No attempt is made to identify you through your browsing other than in exceptional circumstances, such as an investigation into the improper use of the website.
Some functionality of the Community Grants Hub website is not run by DSS, and third parties may capture and store your personal information outside Australia. These third parties include (but are not limited to) Facebook, YouTube, MailChimp, SurveyMonkey, Twitter and Google, and may not be subject to the Privacy Act. DSS is not responsible for the privacy practices of these third parties and encourages you to examine each website's privacy policies and make your own decisions regarding their reliability.
The Community Grants Hub website contains links to other websites. DSS is not responsible for the content and privacy practices of other websites and encourages you to examine each website's privacy policies and make your own decisions regarding the reliability of material and information found.
Cookies are used to maintain contact with a user through a website session. A cookie is a small file supplied by DSS, and stored by your web browser software on your computer when you access the Community Grants Hub website. Cookies allow DSS to recognise an individual web user, as they browse the Community Grants Hub website.
2.11 Electronic communication
There are inherent risks associated with the transmission of information over the Internet, including via email. You should be aware of this when sending personal information to the Community Grants Hub via email or via a Hub website. If this concerns you, then you may use other methods of communication with the Hub, such as post, fax, or phone (although these also have risks associated with them).
The Community Grants Hub only records email addresses when a person sends a message or subscribes to a mailing list. Any personal information provided, including email addresses, will only be used or disclosed for the purpose for which it was provided.
2.12 MailChimp and privacy consent – subscription services
MailChimp is used to provide Community Grants Hub news, and provides online platforms that can be used to create, send, and manage emails. In providing this service, MailChimp may collect personal information, such as distribution lists which contain email addresses that members have sent, or intend to send, emails to, and all information relating to those email addresses. The types of information MailChimp collects include:
- information provided to MailChimp
- list and email information
- information from Use of the Service (including IP addresses and related data)
- web beacons
- information from other sources.
The Community Grants Hub will only use information subscribers have provided for the purpose of creating, sending and managing emails relating to the work of the Hub, in accordance with the preferences chosen by subscribers. The Community Grants Hub will also use this information to measure email campaign performance and to improve the features for specific segments of customers, evaluate use of the website, compile reports on website activity for website operators, and provide other services relating to website activity and internet usage.
As MailChimp is based in the United States of America (USA) and the information generated by cookies about your use of the website (including your IP address) will be transmitted to and stored by MailChimp on servers located outside Australia, the Community Grants Hub is required to inform you that, by subscribing to the Hub eNewsletter:
- you understand and acknowledge that you will not be able to seek redress under the Privacy Act 1988 (Cth) but will need to seek redress under the laws of the USA.
Principle 8.1 requires the Community Grants Hub to take steps as are reasonable in the circumstances to ensure that MailChimp does not breach the Australian Privacy Principles in relation to the information given by the subscriber. This would no longer apply if you sign up to a subscription service of the Hub in which MailChimp is used.
2.13 Disclosure of personal information overseas
The Community Grants Hub will, on occasion, disclose personal information to overseas recipients. The situations in which the Hub may transfer personal information overseas include:
- the provision of personal information to overseas researchers or consultants (where consent has been given for this or the Hub is otherwise legally able to provide this information)
- the provision of personal information to recipients using a web-based email account where data is stored on an overseas server and
- the provision of personal information to foreign governments and law enforcement agencies (in limited circumstances and where authorised by law).
It is not practicable to list every country to which the Hub may provide personal information as this will vary depending on the circumstances.
However, you may contact the Community Grants Hub to find out which countries, if any, your information has been given.
3.1 How to make a complaint
If you think the Community Grants Hub may have breached your privacy rights you may contact the Hub using the contact details set out at section 5.2 of this Policy.
3.2 The Community Grant Hub’s process for handling complaints
DSS will respond to your complaint or request promptly if you provide your contact details. The Community Grants Hub and DSS are committed to quick and fair resolution of any complaints and will take your complaint seriously. You will not be victimised or suffer negative treatment if you make a complaint.
3.3 How to complain to the OAIC
You also have the option of contacting the OAIC if you wish to make a privacy complaint about the Community Grants Hub or any Commonwealth agency.
The OAIC website contains information on how to make a privacy complaint.
If you make a complaint directly to the OAIC rather than to an agency, the OAIC may recommend you try to resolve the complaint directly with the agency in the first instance.
5. How to contact us
5.1 General enquiries and requests to access or correct personal information
If you wish to:
- query how your personal information is collected, held, used or disclosed
- obtain access to or seek correction of your personal information,
please contact the DSS Compliments and Enquiries area using the following contact details:
- email: firstname.lastname@example.org
- post: DSS Feedback, GPO Box 9820, Canberra, ACT, 2600.
5.2 Contact details for privacy complaints
If you wish to make a complaint about a breach of your privacy, please contact the DSS Feedback and Coordination team using the following contact details:
- telephone: 1800 634 035
- fax: (02) 6133 8442
- email: email@example.com
- post: DSS Feedback, GPO Box 9820, Canberra, ACT, 2601
5.3 Availability of this Policy
If you wish to access this Policy in an alternative format (e.g. hard copy) please contact the Community Grants Hub.
This Policy will be made available free of charge.