- Clearly communicate the personal information handling practices of AgriFutures Australia
- Enhance the transparency of AgriFutures Australia’s operations
- Give individuals a better and more complete understanding of the sort of personal information AgriFutures Australia holds, and the way we handle that information.
Our obligations under the Privacy Act
Personal information is defined in s 6(1) of the Privacy Act as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- Whether the information or opinion is true or not, and
- Whether the information or opinion is recorded in a material form or not, and
- What constitutes personal information will vary, depending on whether an individual can be identified or is reasonably identifiable in the particular circumstances.
For example, personal information could include:
- A name or address
- Bank account details
- Photos or videos
- Information about an individual’s traits, their opinions or where they work.
Note: information does not have to include an individual’s name to be personal information. For example, in some cases, a date of birth and postcode may be enough to identify a person.
Sensitive information is a subset of personal information with additional requirements as defined under the Privacy Act:
- Information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record that is also personal information
- Health information about an individual
- Genetic information about an individual
- Biometric information that is to be used for the purpose of automated biometric verification/identification and biometric templates.
Types of personal information collected and held
We may collect and hold a variety of personal information:
- information about identity (eg. date of birth, country of birth, passport details, visa details and drivers licence)
- name, address and contact details (eg. phone, email and fax)
- information about personal circumstances (eg. age, gender, marital status and occupation)
- information about financial affairs (eg. payment details, bank account details, ABN)
- information about employment (eg. applications for employment, work history, referee comments and remuneration)
- photos, videos or audio of individuals
- education details (level of education, study assistance and courses).
We may also collect and hold a variety of sensitive information:
- racial or ethnic origin
- membership of trade or professional associations or unions
- criminal record
- health information.
In some situations, we provide the option for individuals to not identify themselves or use a pseudonym when dealing with AgriFutures Australia (unless it is impracticable to do so, or the Department is legally required to deal with individuals who identify themselves).
For example, these situations could include when seeking general information about a program, grant or consultation process. Identification will generally only be necessary where it would be inappropriate not to identify yourself, such as if you are enquiring about the status or details of your own application for a particular program.
Collection of your personal information
Why AgriFutures Australia collects your personal information
Where AgriFutures Australia collects and holds your personal information, it is collected and held for our business purposes, which are generally to provide services to you.
We collect and hold a broad range of personal information in records relating to:
- Individuals participating in programs and initiatives that we fund
- The management of contracts and funding agreements
- Individuals on our committees or participating in a meeting or consultation with us
- Correspondence from members of the public or organisations to us
- Complaints (including complaints relating to privacy) and feedback provided to us
- Requests made to us under the Freedom of Information Act 1982
- Requests for access to information we hold about you or other information about AgriFutures Australia’s operations
- The performance of our legislative and administrative functions
- Employment and personnel matters for our staff and contractors.
We collect personal information for the following reasons:
- To co‑ordinate or fund R&D activities and other programs and initiatives in relation to the primary industries that AgriFutures Australia is responsible for;
- To monitor, evaluate and report to the Parliament, the Minister and its representative organisations on R&D activities that are co‑ordinated or funded, wholly or partly, by AgriFutures Australia;
- To disseminate and commercialise, and facilitate the dissemination, adoption and commercialisation of, the results of R&D activities;
- To carry out marketing activities for the benefit of the primary industries that AgriFutures Australia is responsible for;
- To provide customer service support to stakeholders associated with AgriFutures Australia programs, events and/or platforms; and
- For our internal business purposes (for example, to prepare metrics and analytics on AgriFutures Australia’s portfolio of research projects, or to collect website usage and engagement information).
How AgriFutures Australia collects your personal information
We generally collect personal information from you when you communicate with us. We collect personal information through a variety of means including the use of forms (either electronic or hard copy), online portals, other electronic or paper correspondence (including emails and written correspondence) and, at times, verbal conversations or interviews. This may include, but is not limited to, the following means:
- Directly from you in the course of delivering AgriFutures Australia activities or programs;
- When you enter into any agreements with AgriFutures Australia, including Research Agreements or Provider Agreements in relation to
- AgriFutures Australia’s research activities, or Sponsorship and Exhibition Agreements in relation to AgriFutures Australia’s events and programs;
- When you submit emails or electronic forms to us (either in hard or soft copy) for matters such as signing up to newsletters and updates, registering as a participant for the evokeAG. conference, or registering as a promoter or user in relation to the growAG. website;
- When you attend a committee or panel meeting, or an event run by us;
- When you submit a request or query to us face-to face, in writing or by telephone; and
- Through the use of automated technologies or interactions such as clickstream data, Google Analytics, cookies, server logs and other similar technologies.
In many cases, when we collect your personal information, we will issue you with a collection notice explaining the purpose of the collection, the intended use of the personal information and to whom we may disclose it.
When we collect personal information about you, in the majority of cases, this will be information provided directly from you for the particular function or activity we are carrying out.
Other entities that may collect your personal information on behalf of the corporation
As well as collecting personal information directly from you, we may also collect your personal information through other individuals or organisations acting our behalf, including those such as contracted service providers. If this occurs, such collection will be in accordance with the APPs.
We may collect personal information about you from a third party if you have been nominated as a representative or a contact person of that entity in its dealings between us and the relevant third party.
Unsolicited personal information
On occasion, unsolicited personal information is provided to AgriFutures Australia by individuals (or other entities) without it being requested. In such circumstances, we will determine whether or not we could have collected the personal information via our regular methods and if so we may use and handle the personal information as if we had collected it. If we determine that the personal information could not have been collected by us via our regular methods and the information is not contained in a Commonwealth record, we will destroy or de-identify the information provided it is lawful and reasonable to do so.
Consequences if personal information is not collected
If you do not or are unable to provide us with the requested personal information, we may not be able to provide you with the information, goods or services which you have requested or enable you to participate in AgriFutures Australia’s programs, research projects or events.
Storing and securing personal information
We will take all reasonable steps to protect your personal information from loss, unauthorised access, use, modification or disclosure, and against other misuse. Among other things, we take reasonable steps to safeguard our IT systems against unauthorised access, and ensure that paper-based files are secured. We also ensure that access to your personal information within our systems is only available to our staff that needs such access in order to do their work.
When the personal information that we collect is no longer required, we delete or destroy it in a secure manner, unless we are required to maintain it because of a law, or court or tribunal order.
This situation might arise where the Archives Act 1983 requires that we maintain your personal information because it is, or forms part of, a Commonwealth record. We are also required to maintain records for certain other purposes, including where the National Archives of Australia issues a disposal freeze in response to prominent or controversial issues or events. More information on current disposal freezes is available from the National Archives of Australia website.
Personal information held by third parties
Under the Privacy Act we are required to take measures to ensure that when your personal information is to be held by a third party, that the third party complies with the same privacy requirements applicable to the department.
We have privacy clauses in all of its legal documents, including funding contracts and deeds, services contracts and various other ad-hoc arrangements. This is to ensure third parties we deal with are required to handle personal information in accordance with the APPs.
Use and disclosure of your personal information
The purpose for collecting your personal information is important as it restricts how we can use and disclose your personal information, unless an exception in the Privacy Act applies.
Unless an exception applies, the corporation will:
- Only use or disclose your personal information for the primary purpose it was collected, and
- Notify you of this purpose at the time of collection, or as soon as practicable after collection.
We will only use or disclose your personal information for another purpose if you consent to that secondary purpose, or where you would reasonably expect us to use or disclose it for that secondary purpose (and the secondary purpose is related to the primary purpose).
AgriFutures Australia may disclose your personal information to a third party if the disclosure is necessary to prevent or lessen a serious and imminent threat to the life, health or safety of you or another person and it is unreasonable or impracticable to obtain your consent.
AgriFutures Australia may disclose your personal information to overseas recipients only in accordance with the Privacy Act. Overseas recipients are likely to be located in numerous countries.
AgriFutures Australia will not otherwise disclose your personal information without your consent unless required or authorised by law.
If AgriFutures Australia holds any sensitive personal information about you, that information will only be used and disclosed by AgriFutures Australia if you have consented to such use and disclosure (your provision of that information will be taken to be consent) and will only be used and disclosed for the purpose that it was provided by you.
How to access and seek correction of personal information
Individuals have a right to request access to their personal information and to request its correction if it is inaccurate, out of date, incomplete, irrelevant or misleading. Requests for access to or correction of personal information should be directed to our Privacy Officer.
We will take reasonable and practicable steps to provide you access and/or make a correction to your personal information within 30 calendar days, unless we consider there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the changes.
If we do not provide you access to your personal information, or refuse to correct your personal information, where reasonable we will:
- Provide you with a written notice including the reasons for the refusal
- Provide you with information regarding available complaint mechanisms
- At your request, take reasonable steps to associate a statement with the personal information that you believe it to be inaccurate, out of date, incomplete, irrelevant or misleading.
- Otherwise, if we correct your personal information, at your request, we will also take reasonable steps to notify other agencies or organisations (bound by the Privacy Act) of the correction; if we have previously disclosed your personal information to those agencies or organisations.
How to make a complaint
You can make a complaint if you believe we have breached the APPs or mishandled your personal information. Complaints should be directed to our Privacy Officer whose details are provided below.
Privacy breaches can be caused by a variety of factors, affect different types of personal information and give rise to a range of actual or potential harm to individuals, agencies and organisations. Consequently, there is no single way of responding to a privacy breach. Each breach will need to be dealt with on a case-by-case basis. All complaints and alleged privacy breaches will be investigated by the privacy officer and the complainant will be advised of the outcome.
For further information about privacy issues, see the Office of the Australian Information Commissioner’s website.
Privacy Impact Assessments
PIA register last updated 12 January 2024
A privacy impact assessment is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals. It sets out recommendations for how we will manage, minimise or eliminate that impact.
Privacy Impact Assessment: Report 1
Privacy Impact Assessment and report – Gust – June 2019
Privacy Impact Assessment: Report 2
Privacy Impact Assessment and Report – evokeAG. Eventbrite – June 2019
Privacy Impact Assessment: Report 3
Privacy Impact Assessment and Report – GRC Solutions (Salt Compliance e-Learning) – June 2019
Privacy Impact Assessment: Report 4
Privacy Impact Assessment and Report – CRSPI Conference 2020 – December 2019
Privacy Impact Assessment and Report – ICT System 1 – July 2021
Privacy Impact Assessment: Report 6
Privacy Impact Assessment and Report – Brightidea Platform – September 2020
Privacy Impact Assessment: Report 7
Privacy Impact Assessment and Report – Delivery of Capacity Building Webinars – May 2021
Privacy Impact Assessment: Report 8
Privacy Impact Assessment and Report – Demio Webinar Platform – September 2020
Privacy Impact Assessment and Report 9 – ICT System 2 – September 2020
Privacy Impact Assessment and Report – ICT System 3 – June 2021
Privacy Impact Assessment: Report 11
Privacy Impact Assessment and Report – eventsAIR – July 2021
Privacy Impact Assessment: Report 12
Privacy Impact Assessment and Report – Producer Technology Uptake Program – September 2022
Privacy Impact Assessment and Report – ICT System 4 – December 2022
Privacy Impact Assessment and Report – ICT System 5 – November 2022
Privacy Impact Assessment: Report 15
Privacy Impact Assessment and Report – Eventbrite – June 2023
Privacy Impact Assessment: Report 16
Privacy Impact Assessment and Report – Community Trust Quantitative Research – August 2023
Privacy Impact Assessment: Report 17
Privacy Impact Assessment and Report – Producer Technology Uptake Program – 2023
Privacy Impact Assessment: Report 18
Privacy Impact Assessment and Report – Pappyon – October 2023
Privacy Impact Assessment: Report 19
Privacy Impact Assessment – growAG Portal – November 2023
Privacy Impact Assessment: Report 20
Privacy Impact Assessment – ELMO People and Culture Information System – January 2023
How to contact us
If you wish to make any comments or suggestions about the privacy statement, you can do so by contacting the Privacy Officer via:
Charles Sturt University
Locked Bag 588
Wagga Wagga NSW 2650
02 6923 6900
Any comments and/or suggestions will be reviewed and considered by our Privacy Officer.