Privacy Policy

Our Privacy Obligations

The National Indigenous Australians Agency (NIAA) must keep the personal information we collect safe.

Our Privacy Policy explains:

• what personal and sensitive information we collect
• why we collect it
• how we use it
• how you can access or correct your personal information
• how to make a privacy complaint and what we will do with your complaint.

What we collect

We collect your personal information. This is any information or opinion about an individual we can identify. We may collect your:

• name
• address
• date of birth
• phone number
• email
• emergency contact information
• employment information (including referee comments)
• education status
• financial information
• gender
• signatures
• government IDs (like tax file number and Centrelink Customer Reference Number)
• citizenship and visa status
• information about how you interact with us
• information about your family and other related persons, including nominees
• opinions, feedback, and commentary
• passport, drivers licence, and travel movements
• conflict of interest declarations
• working with children / vulnerable people check information.

We may collect your sensitive information. This is a special type of personal information. It includes your:

• health information
• information about you being a part of a political group, a professional or trade group or a workers' union
• information about your ancestors
• recordings of you (like voice a recording)
• race or ethnicity information
• sexual orientation
• what you believe about religion, politics, life and the world
• criminal record.

We also collect sensitive information about how Aboriginal and Torres Strait Islander peoples were separated from their families and communities (for things like the Territories Stolen Generations Redress Scheme).

How we collect personal information

We collect personal information:

• from you
• from your representative
• from a third party (if allowed by law).

We will only collect sensitive information if:

• you agree
• we have to by law
• the Privacy Act allows us.

We collect your information through:

• surveys, grants, and funding we provide
• emails, phone calls and letters / mail
• forms (including surveys) or notices
• complaints
• consultations
• events
• online portals
• our website and social media.

Why we collect your information

The NIAA collects your personal information to help us:

• create and deliver services for Aboriginal and Torres Strait Islander peoples
• plan and manage remote employment services
• run our programs and grants
• decide if you qualify for a program
• develop policies
• research, monitor and evaluate our programs and policies
• help with your application
• check your identity
• give advice to the Prime Minister and the Minister for Indigenous Australians
• work on Closing the Gap
• recruit and communicate with staff and keep them safe
• make sure NIAA fulfils its obligations as an employer and an Agency
• promote reconciliation
• investigate fraud, including internal fraud, and corruption
• investigate non-compliance involving and relevant to NIAA program funding
• do audits
• deal with complaints and questions
• invite you to give feedback or join consultations
• send you updates if you subscribe to our services
• organise events, visits and community meetings
• help during emergencies or disasters
• make sure the NIAA follows the law and administrative rules
• respond to requests under the Freedom of Information Act 1982
• investigate low aromatic fuel issues
• respond to letters from people and other government agencies or Ministers.

How we protect your information

We take steps to keep your personal information safe, we:

• sort and keep records safely following Australian Government security rules, including the Protective Security Policy Framework
• only allow approved people to see information if they need to know it
• only let people with approved logins access it
• check who has accessed information
• keep our buildings safe
• update and check our security systems.

We might get your details from someone else. If we do, we will tell you through:

• this Privacy Policy
• notices
• our staff.

If your personal information is lost or accessed without permission, we will follow our Data Breach Response Plan. We will tell you if it is likely to cause serious harm.

How we use and share your information

We use and share your personal information for the reason we collected it. We tell you why we need it, when we collect it, or soon after.

We only use and share your information for other reasons if the law allows it.

We may share your information with:

• contracted service providers who give services to us, or for us
• other state, territory or Commonwealth government agencies
• to the Commonwealth Ombudsman to resolve a complaint
• professional advisers (for example, lawyers or consultants)
• law enforcement agencies
• courts and tribunals
• ministers, parliamentary staff and committees (who check how we do our work)
• overseas, (with your consent or if the law allows us), for example when we publish information online.

In our Customer Relationship Management (CRM) Tool, we keep a record of your interactions with us. This helps us:

• understand how you interact with us
• understand how you take part in our activities
• improve our help when you contact us
• provide you with information
• engage with you better.

We ask for your consent to record your information in the CRM.

We may share information from the CRM with other Australian agencies that work with us. We only share when necessary and restrict access to those who need it.

We keep records in our Electronic Investigations Management System (EIMS) that help us:

• detect fraud and corruption
• investigate and respond to suspected and actual fraud or corruption
• record and report incidents of suspected and actual fraud or corruption.

We may share information from the EIMS with other Commonwealth agencies and law enforcement, if allowed, or required by the law.  

We use websites like Facebook, Twitter, LinkedIn, and YouTube to talk with you. These sites have their own privacy policies and may use cookies. Check their websites for more information.

We may share your details with the Department of the Prime Minister and Cabinet (PM&C) for shared services.

Website analytics

We use 'cookies' to improve your experience on our site. Our website also uses Google Analytics, which sends data to Google servers in the USA. Google Analytics does not identify you or link your IP address with other data held by Google. We use Google Analytics reports to understand website traffic and usage.

By using the NIAA website, you agree to how Google handles your data as explained in their Privacy Policy. You can opt out of Google Analytics by:

• disabling or refusing cookies
• disabling JavaScript
• using Google's opt-out service.

Our website may have links to other websites. We are not responsible for their privacy practices. When you visit other websites, please read their privacy policies.

Accessing and correcting personal information

You have the right to ask for the personal information we hold about you and to ask us to correct it. We will respond within 30 calendar days.

Sometimes, we may not be able to give you access. This can happen if the law says we can't, you can refer to the Freedom of Information Act 1982 (FOI Act) for more information. If we refuse, we will tell you why in writing, and explain how you can dispute the decision.

We will make sure the personal information we collect is correct, up to date and complete, in line with the Australian Privacy Principle (APP) 10. Refer to APP 10 in the Privacy Act 1988 - Federal Register of Legislation. We may review the personal information we receive. We may correct it if it is wrong, out-of-date, incomplete, not relevant, or misleading.

To ask for your personal information or to correct it, contact our Privacy Officer on email: privacy@niaa.gov.au. Liaising with our Privacy Officer can help us understand your request better. They may tell you the best way to handle your request, like under the Privacy Act, the FOI Act, or another way.

How to make a privacy complaint

If you are not happy with how we handle your personal information, you can complain to the Privacy Officer.
 

Lodging a complaint:

• email our Privacy Officer at: privacy@niaa.gov.au
• include:
  • a short description of your privacy concern
  • any actions or dealings with our staff about your concern
  • your contact details.

What we will do:

• acknowledge your complaint
• use the information to address your complaint
• update you on the handling of your complaint
• talk to other areas or third parties if needed
• respond within a reasonable time (usually 30 calendar days)

If your complaint involves another department, we may:

• ask for more information to decide who should handle it
• refer you to that department or agency
• work with them to respond to your complaint

Anonymous complaints:

• you can complain anonymously, but it might be hard for us to investigate or respond.

If we can't resolve your complaint:

• you can lodge a complaint to the: Office of the Australian Information Commissioner (OAIC).

How to contact the OAIC:

• online form on the OAIC website
• email: enquiries@oaic.gov.au
• fax: 02 9284 9666
• post to:

Office of the Australian Information Commissioner
Sydney Offices
GPO Box 5218
Sydney NSW 2001

Contacting the NIAA Privacy Officer

Contact the NIAA’s Privacy Officer, if you would like to:

• ask questions about our Privacy Policy or need it in a different format
• get access to or correct your personal information
• make a privacy complaint.

How to contact our Privacy Officer:

• email: privacy@niaa.gov.au
• phone: 02 6152 3080
• post to:

The Privacy Officer
National Indigenous Australians Agency
PO Box 2191
Canberra ACT 2600

Privacy Impact Assessment Report Register

We must do a Privacy Impact Assessment (PIA) for high privacy risk projects.
The below Register lists all NIAA's PIAs done since 1 July 2019.