SCAM ALERT: We will never contact you requesting money. Learn more.

Complaints

Privacy

Commission – General
Thursday 22 July, 2021

Privacy Policy

The Australian Human Rights Commission is required to comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) and the Privacy (Australian Government Agencies – Governance) APP Code 2017 (Cth). The Commission’s Privacy Policy explains how we handle personal information, including how we collect, store, use, and disclose it.

Privacy Impact Assessment Register

Since 1 July 2018, section 15(1) of the Privacy (Australian Government Agencies – Governance) APP Code 2017 (Cth) requires the Australian Human Rights Commission to conduct a privacy impact assessment (PIA) for all ‘high privacy risk projects’. A project may be a high privacy risk project if the Commission reasonably considers that the project involves new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals.

The Commission is required to maintain a register of the PIAs it conducts and publish that register, or a version of that register, on its website.

In compliance with these requirements, the Commission’s Register is published below.

  Privacy Impact Assessment Date
1. No Privacy Impact Assessments to display at this time.  

Current as at: 1 December 2023

  1. Introduction

    1. The Privacy Act 1988 requires entities bound by the Australian Privacy Principles (APPs) to have a privacy policy. This privacy policy outlines the personal information handling practices of the Australian Human Rights Commission (Commission). Commission employees and prospective employees should also refer to our Human Resources Privacy Policy.

    2. The specific legal obligations of the Commission when collecting and handling your personal information are outlined in the Privacy Act 1988 and in particular in the APPs found in that Act. We will update this privacy policy when our information handling practices change. Updates will be publicised on our website.

    3. We collect, hold, use and disclose personal information in order to perform the functions or activities under the Australian Human Rights Commission Act 1986 (AHRC Act), Australian Human Rights Commission Regulations 1989, Age Discrimination Act 2004, Disability Discrimination Act 1992, Racial Discrimination Act 1975, Sex Discrimination Act 1984 and Freedom of Information Act 1982 (FOI Act). These functions and activities include:

      • inquiring into, and attempting to conciliate, complaints of unlawful discrimination and breaches of human rights

      • inquiring into any act or practice that may be inconsistent with or contrary to any human right

      • promoting an understanding and acceptance, and the public discussion, of human rights in Australia

      • undertaking research and educational programs and other programs, on behalf of the Commonwealth, for the purpose of promoting human rights, and to co-ordinate any such programs undertaken by any other persons or authorities on behalf of the Commonwealth

      • reporting to the Minister as to the laws that should be made by the Parliament, or action that should be taken by the Commonwealth, on matters relating to human rights

      • preparing guidelines on human rights and discrimination

      • intervening in court proceedings that involve discrimination and human rights issues

      • processing applications for temporary exemptions under the Federal discrimination laws

      • responding to enquiries and requests

      • communicating with the public, stakeholders and the media including through websites and social media

      • assessing suitable candidates for career opportunities within the Commission.

    4. For the avoidance of doubt, any information that we collect, hold, use and disclose will be governed by the most current version of this privacy policy. The only exception to this will be where we conduct a Competition, Survey or function or activity that has its own terms and conditions. In such instances, notice of those terms and conditions will be provided to you at the time your personal information is sought and will override this privacy policy to the extent of any inconsistency.

  2. Collection of Your Personal Information

    1. At all times we try to only collect the information we need for the particular function or activity we are carrying out.

    2. The main way we collect personal information about you is when you give it to us. For example, we collect personal information such as contact and other details when you:

      • contact us to ask for information (but only if we need it)

      • make a discrimination or human rights complaint to us

      • apply for a temporary exemption to Federal discrimination laws

      • respond to Commission inquiries, questionnaires and surveys (Survey/s)

      • engage us to provide you with products or services related to our functions or activities

      • make an FOI Act request or submit an FOI or privacy-related complaint to us

      • notify us about a data breach

      • apply for a job vacancy with us.

    3. We may also collect contact details and some other personal information if you:

      • participate in a meeting or consultation with us

      • attend an event or activity we organise, sponsor or are otherwise affiliated with

      • subscribe to one of our e-mail lists or publications (online or otherwise)

      • participate in Commission competitions, promotions, or activities (Competition/s)

      • post an entry that contains your personal information on any of our websites (including social media sites and platforms).

        1. Collecting sensitive information

    4. Sometimes we may need to collect sensitive information about you, for example, to handle a complaint or as part of a Survey (this will only be done where sensitive information is reasonably necessary for or directly related to one or more of our functions or activities). This might include information about your health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, and genetic or biometric information.

      1. Indirect collection

    5. In the course of performing our functions and activities, we may collect personal information (including sensitive information) about you indirectly from publicly available sources or from third parties such as:

      • your authorised representative, if you have one; or

      • complainants, respondents or other parties involved in a complaint, investigation or application (or their employees and witnesses).

    6. We may also collect your personal information from a third party when you participate in Surveys or Competitions run in conjunction with an entity that we may partner with.

    7. We also collect personal information from publicly available sources to enable us to contact stakeholders who may be interested in our work or in participating in our consultations.

      1. Anonymity

    8. Where possible, we will allow you to interact with us anonymously or using a pseudonym. For example, if you contact our General enquiries and publications line, or the National Information Service, with a general question we will not ask for your name unless we need it to adequately handle your question.

    9. However, for most of the Commission’s functions and activities we usually need your name and contact details and enough information about the particular matter to enable us to fairly and efficiently handle your inquiry, request, complaint or application.

      1. Collecting through our websites

    10. The Commission has its own public website, www.humanrights.gov.au, with a number of sub sites. There are a number of ways in which we collect information through our website. Unless otherwise indicated, we store this personal information on servers located in Australia.

      Analytics

    11. We use a range of tools provided by third parties, including Google, Bing and our web hosting company, to collect website traffic information. These sites have their own privacy policies. We also use cookies and session tools to improve your experience when accessing our websites. Cookies are pieces of information that a website transfers to your computer's hard disk. Cookies in and of themselves do not identify users personally but they do allow the tracking of an individual's use of a website. The use of cookies to track traffic patterns through websites is now commonplace. Most web-browsers are set to accept cookies, however you can configure your web browser to reject cookies. If you reject cookies, you may not be able to use all of our online services.

    12. The information collected by these browsing and other tools may include the IP address of the device you are using and information about sites that IP address has come from, the pages accessed on our site and the next site visited. We use the information to maintain, secure and improve our websites and to enhance your experience when using them.

      Email lists, registrations and feedback

    13. We will collect information that you provide to us when making comments or completing web-based forms, signing up to mailing lists and registering for our events, or submitting feedback on your experience with our website. We may use your email address to respond to your comments, requests and feedback.

      Third party providers

    14. We use third party providers for some web-based services, with information stored in the United States and Europe. These include MailChimp for email subscriptions (you can access their privacy policy here), SurveyMonkey for online surveys (you can access their privacy policy here) and Event Brite for registration at events (you can access their privacy policy here).

      Social networking services

    15. We use social networking services such as Twitter, Facebook and YouTube to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These sites have their own privacy policies. You can access the privacy policies for Twitter, Facebook and YouTube (a Google company) on their websites.

  3. Use and Disclosure of Your Personal Information

    1. How we use your personal information

      1. When you submit your personal information to us you consent to the Commission using your personal information to (among other things):

        • administer our relationship with you in accordance with the functions or activities that we perform

        • facilitate the running of our Competitions and Surveys

        • monitor activity on our website

        • inform you about an event, activity or publication we organise, sponsor or are otherwise affiliated with that may be of interest to you

        • assist us in implementing internal administrative purposes (such as carrying out, monitoring and analysing procedural assessments, risk management, staff training and internal reviews)

        • improve our website and our other publications

        • enforce our legal rights, including claim recovery activities and legal proceedings

        • where possible, protect the rights, property, or personal safety of another person

        • notify relevant authorities where there is a serious threat to an individual's life or to public health or safety

        • notify relevant authorities where there is reason to suspect unlawful activity has been engaged in

        • notify relevant authorities where required or authorised by law

        • notify relevant authorities where required by an enforcement body.

      2. We will generally only use or disclose your personal information when it relates to the primary purpose for which it was collected. If you do not wish to receive other communications from us, please contact us on the details below so that we can update your preferences.

      3. If you provide us with your personal information via your mobile telephone number, email address, text message, instant message address or other methods of communication, you authorise us to send you information using that same method of communication.

    2. Who we may disclose your personal information to

      1. We may disclose your personal information to persons within the Commission (in accordance with this privacy policy and the APPs).

      2. We may provide your personal information to third parties that you authorise us to give your personal information to.

      3. The Commission uses a number of service providers to whom we disclose personal information. These include providers that host our website servers, host our ICT infrastructure and (occasionally) implement, migrate or maintain our electronic document management and HR information systems.

      4. To protect the personal information we disclose we:

        • enter into a contract or MOU which requires the service provider to only use or disclose the information for the purposes of the contract or MOU

        • require providers to sign confidentiality and non-disclosure agreements and/or

        • include special privacy requirements in the contract or MOU, where necessary

      5. The Commission may also disclose your personal information to third parties such as our legal or professional advisers and other government authorities or agencies. This will only occur where such disclosure is reasonably required to, for example, obtain advice, prepare legal proceedings, investigate suspected improper conduct or wrongdoing, assist a lawful authority in the discharge of its duties and by law.

      6. We will never permit third parties to use, sell, or transfer your personal information for commercial purposes in any way.

      7. We impose strict requirements of security and confidentiality on all third parties that we deal with to ensure your personal information is handled appropriately. However, we cannot be held responsible for any misuse or unauthorised disclosure of your personal information by such third parties.

    3. Disclosure of sensitive information

      1. We only disclose your sensitive information:

        • for the purposes for which you gave it to us

        • for directly related purposes you would reasonably expect

        • if you agree to such disclosure.

    4. Disclosure of personal information overseas

      1. Generally we only disclose personal information overseas where it is necessary to properly handle complaints that we conciliate or investigate under the AHRC Act. For example, if:

        • the respondent to a complaint is based overseas

        • an Australian-based respondent is the related body corporate to an overseas company

        • you have complained to an overseas entity and the Commission about the same or a related matter.

      2. Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries. As noted above, the third party providers we use for some web-based services store their information in the United States and Europe.

      3. When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.

  4. Quality and Security of Data

    1. Quality of personal information

      1. To ensure that the personal information we collect is accurate, up-to-date and complete we:

        • record information in a consistent format

        • where necessary, confirm the accuracy of information we collect from a third party or a public source

        • promptly add updated or new personal information to existing records

        • regularly audit our contact lists to check their accuracy.

      2. We also review the quality of personal information before we use or disclose it.

    2. Storage and security of personal information

      1. The Commission is committed to keeping information and data that you provide to us secure and we will take all reasonable precautions to protect your personal information from loss, misuse, or alteration.

      2. The steps we take to protect the security and confidentiality of your personal information include password protection for accessing our electronic ICT system, audit trails of electronic systems and physical access restrictions. We are guided by our statutory responsibilities, and internal policies and

        guidelines, including those relating to record keeping and information technology security.

      3. We will take all reasonable steps to keep your personal information secure and confidential once it is no longer in use. We do this by:

        • regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of that information

        • conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.

      4. We will take reasonable steps to de-identify your personal information before it is passed on to third parties (for example, in situations where you have agreed to the use of your personal information to compile raw data for research purposes).

      5. We destroy personal information in a secure manner when we no longer need it. For example, we generally destroy complaint records after 3 years, in accordance with the Australian Government Administrative Functions Disposal Authority.

    3. Accessing and correcting your personal information

      1. Under the Privacy Act 1988 (APPs 12 and 13) you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.

      2. We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.

      3. If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.

      4. If we refuse to correct your personal information, you can ask us to associate with it (for example, attach or link) a statement that you believe the information is incorrect and why.

      5. You also have the right under the FOI Act to request access to documents that we hold and ask for information that we hold about you to be changed or annotated if it is incomplete, incorrect, out-of-date or misleading.

  5. How We Deal with Complaints about Privacy issues

    1. If you wish to complain to us about how we have handled your personal information you should complain in writing. If you need help lodging a complaint, you can contact us.

    2. If we receive a complaint from you about how we have handled your personal information we will determine what (if any) action we should take to resolve the complaint.

    3. If we decide that a complaint should be investigated further, the complaint will usually be handled by a more senior officer than the officer whose actions you are complaining about.

    4. We will assess and handle complaints about the conduct of a Commission officer using the APS Values and Code of Conduct and the guidelines issued by the Australian Public Service Commission.

    5. We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days.

    6. If you are not satisfied with our response you may ask for a review by a more senior officer within the Commission (if that has not already happened) or you can complain to the Office of the Australian Information Commissioner.

  6. Our Contact Details

  1. For all privacy-related complaints, requests and enquiries, contact the Privacy Officer at:

Email: privacy@humanrights.gov.au

Telephone: (02) 9284 9600

TTY: 1800 620 241

Post: GPO Box 5218 Sydney NSW 2001.