Privacy, copyright and disclaimer

Privacy

The Commonwealth Grants Commission (CGC) collects a range of personal information from a wide range of people in carrying out its functions. Our Privacy Policy sets out how the CGC collects, uses, discloses and stores personal information.

The CGC also maintains a Register of Privacy Impact Assessments.

About this policy

This privacy policy seeks to enhance transparency by setting out how we collect, use, disclose and store personal information.

Our privacy policy also explains:

  • how you can access the information we hold about you and ask for that information to be corrected
  • how you can make a complaint about the way we have handled your personal information.

Remaining anonymous

Where possible, you can communicate with us anonymously or use a pseudonym. But for many of our functions and activities you may be required to give certain personal information.

For example, we will require personal information if:

  • you are applying for a job with us or
  • we need to confirm your identity for the release of personal information.

The Privacy Act

The Privacy Act 1988 (Privacy Act) protects personal information of individuals and requires the CGC to comply with the Australian Privacy Principles (APPs) in Schedule 1 to that Act.

The APPs set out standards, rights and obligations around personal information. 

Personal information

‘Personal information’ is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not.

Sensitive information

We protect all personal information, especially sensitive information.

Sensitive information includes information or an opinion about an individuals:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership or associations
  • sexual orientation
  • criminal record
  • health
  • biometrics.

How we collect personal information

We collect personal information in different ways, including:

  • correspondence and submissions
  • paper-based forms
  • online (website forms, virtual meetings and email)
  • phone calls and
  • face-to-face meetings.

The CGC may collect personal information directly from you or your representative, for example, your lawyer.

In some circumstances we may also collect information about you from another Australian, state or territory government body, or from another individual or organisation.

Privacy collection notice

When we collect your personal information, we will notify you with a privacy collection notice, if reasonable to do so. This notice will explain any specific privacy practices in more detail.

Why we collect personal information

We only collect personal information where that information is reasonably necessary for, or directly related to, one or more of our functions or activities, including to:

  • correspond with members of the public or with organisations who wrote to us
  • correspond with other Australian Government ministers and agencies
  • onboard new employees, contractors or statutory appointees
  • manage ongoing staff employment
  • facilitate appointments or meetings
  • manage our contracts
  • administer payments
  • undertake public consultation on public policy (if/as required)
  • handle complaints, including privacy complaints, and feedback given to us
  • process requests under the Freedom of Information Act 1982 and
  • undertake our legislative and administrative functions.

Use and disclosure of personal information

We generally only use and disclose personal information for the primary purpose for which we collected it.

We will only use or disclose your personal information for a secondary purpose if you consent or one of the following exceptions applies:

  • you would reasonably expect us to use the information for the secondary purpose and the secondary purpose is related (or directly related for sensitive information) to the primary purpose
  • it is legally required or authorised, such as by an Australian law, or a court or tribunal order
  • it is reasonably necessary for an enforcement-related activity
  • we reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
  • we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary in order for us to take appropriate action in relation to the matter
  • we reasonably believe that it is necessary to help locate a person who has been reported as missing
  • it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim
  • it is reasonably necessary for the purposes of a confidential alternative dispute resolution process or
  • we reasonably believe that it is necessary for our diplomatic or consular functions or activities.

Third party disclosure

The types of parties that we may share your personal information with, or who may collect personal information on our behalf, include but are not limited to:

  • other Commonwealth agencies
  • Commonwealth ministers and their offices
  • suppliers and other third parties with whom we have commercial relationships (for example, for research and programs directly related to one of our functions)
  • whole of government suppliers.

We will ensure that appropriate protections of your personal information are in place with these third parties, in accordance with our obligations under the Privacy Act.

Overseas recipient disclosure

We may need to provide your personal information to an overseas recipient as part of our work.

In some cases, we may have to disclose limited personal information to recipients overseas under legislation or international information sharing agreements. This may occur, for example, in relation to a law enforcement matter such as a criminal investigation.

Where there is no requirement for us to disclose personal information to an overseas recipient, we will either seek your consent or amend the information to ensure your personal information is not identifiable.

Information types we hold

The personal information we collect and hold varies depending on what we need to perform our functions and responsibilities. We may collect:

  • your name, address and contact details (for example your phone number or email address)
  • information about your identity (such as date of birth, country of birth, passport details, visa details and driver's licence)
  • information about your personal circumstances (for example age, gender, marital status and occupation)
  • information about your financial affairs (for example payment details, bank account details, and business and financial interests)
  • information about your employment (for example applications for employment, work history, referee comments and remuneration) and
  • government identifiers.

Generally, we will only collect sensitive information if you have consented and its collection is reasonably necessary for, or directly related to, one or more of our functions or activities or the collection is required or authorised by law.

Protected information

Some personal information we collect may be protected information under other legislation. Protected information is subject to rules for the collection, use and disclosure of information under the relevant legislation.

Our website

Generally, we only collect personal information from our website where a person chooses to provide that information (for example, submitting a webform).

Technical information

If you visit our websites to read or download information, we record different technical information which does not reveal your identity.

This information includes:

  • your internet protocol (IP) or server address
  • your general locality and
  • the date and time of your visit to the website.

This information is used for statistical and development purposes.

No attempt is made to identify you through your browser other than in exceptional circumstances, such as an investigation into the improper website use.

Third party sites

The CGC website may link to third party sites, which may include:

  • Facebook
  • LinkedIn
  • Vimeo
  • X
  • YouTube.

These third parties may capture and store your personal information outside Australia and may not be subject to the Privacy Act in the same way as the CGC or at all.

We are not responsible for the privacy practices of these third parties. We encourage you to examine each party's privacy policies and make your own decisions regarding their reliability.

Cookies

Cookies are used to maintain contact with a user throughout a website session.

A cookie is a small file supplied by the CGC's web server and stored by your web browser software on your computer’s hard drive when you access our websites.

Cookies allow us to recognise an individual web user as they browse our websites. When you close your browser the session cookie set for our websites is destroyed. No personal information is maintained which might identify you should you visit our websites again.

Digital communication

There are inherent risks associated with the transmission of information over the internet, including via email.

You should be aware of this when you send personal information to us via email or via our webforms.

If this is of concern to you then you may use other communication methods, such as post or phone (although these also have risks associated with them).

Treasury only records email addresses when a person sends a message or subscribes to a mailing list.

Storage and data security

We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse.

We store all personal information in Australia and take reasonable steps to ensure any third parties with whom we may share personal information in accordance with this policy, also store personal information in Australia.

The CGC will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information.

Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Australian Government's records management regime. When the personal information we collect is no longer required, we delete or destroy it in a secure manner, unless we are required to maintain it because of a law, or court or tribunal order.

Disposal freeze

For example, under the Archives Act 1983, we must maintain personal information that is, or forms part of, a Commonwealth record. We must also maintain records for certain other purposes, including where the National Archives of Australia issues a disposal freeze in response to prominent or controversial issues or events.

Visit the National Archives of Australia website to find out more about current disposal freezes

Notifiable data breaches

The CGC and its contractors are subject to the Notifiable Data Breaches Scheme under the Privacy Act.

We will act in accordance with the requirements of the scheme and OAIC's data breach preparation and response in assessing and responding to suspected notifiable data breaches.

Where a breach of personal information occurs that is likely to cause serious harm to individuals, we will notify OAIC and affected individuals as required.

We will aim to provide you with timely advice to ensure you are able to manage any loss – financial or otherwise – that could result from the breach.

Visit the OAIC website to read about the notifiable data breaches

Accessing and correcting personal information

You have a right to request access to the personal information the CGC holds about you and to request its correction in accordance with APPs 12 and 13 in the Privacy Act.

The Privacy Act permits access to be refused in certain cases, including where an exemption under the FOI Act would apply. There is no charge for making an access or correction request.

For a correction request, where we are satisfied that your personal information is incomplete, incorrect, out-of-date, irrelevant or misleading, we may amend the record.

Where we agree to amend a record, we must, as far as possible, retain the text of the record as it was prior to the amendment. Where an amendment request is refused, we must provide reasons for the refusal and the mechanisms available to you to dispute that decision.

To request access or correction to your personal information held by the CGC, you can contact our Privacy Officer.

See Privacy contact and complaints

We will discuss the nature of your request with you and provide guidance on whether your request is better dealt with under the Privacy Act, the FOI Act or another arrangement. This will likely depend on your circumstances.

For example, for complex access requests, we may suggest that you use the FOI Act instead of the Privacy Act for the following reasons:

  • an FOI access request can relate to any document held by an agency and is not limited to personal information
  • the FOI Act has a consultation process for dealing with documents that contain the personal or business information of third parties
  • the FOI Act includes a right to apply for internal review or Information Commissioner review of an access refusal decision.

Proof of identity

In all cases where a request relates to documents that contain your personal information, we will ask you to provide evidence of your identity before we deal with your request.

If you authorise another person to make a request on your behalf, we will ask you for the letter to authorise the request.

If you are seeking documents containing personal information on behalf of another person, we will ask for evidence of both identities, showing clearly that you are the person who is authorised to apply on behalf of the other person.

Acceptable identity documents

Acceptable identity documents include:

  • a passport
  • an Australian driver’s licence or
  • any other official identification in the English language which contains your photo, signature and address.

Certified copies

Copies of identification documents should be certified as true copies of the originals by a person with the power to witness a Commonwealth statutory declaration.

Visit the Attorney-General’s Department website to download a Commonwealth statutory declaration

Privacy contact and complaints

You can contact the Privacy Officer if you want to:

  • ask a question about our privacy policy, or how we manage personal information
  • obtain access to or seek correction of your personal information held by the CGC
  • make a privacy complaint about the CGC
  • obtain a copy of this policy in another format.

You can contact the Privacy Officer by:

Email: services@cgc.gov.au

Phone: 02 6218 5700

Post: Privacy Officer, Commonwealth Grants Commission, PO Box 1899, CANBERRA CITY ACT 2601

Privacy complaint

If you have a complaint about the way the CGC handled your personal information, you may contact our Privacy Officer.

A complaint may be made on behalf of a complainant by a guardian, friend, advocate or family member, but the person acting on behalf of the complainant must have written authorisation and verify their identity.

There are no fees or charges for making a privacy complaint to the CGC. Your complaint should include:

  • a brief description of your privacy problem, including:
    • what happened
    • when it happened
  • what personal information of yours was affected
  • the name of the relevant department area or contact person
  • your contact details.

We will use your contact details to contact you about your complaint. Sometimes we may ask you for more information to investigate your complaint. If you do not provide this, it may affect how we handle your complaint.

If we receive a complaint from you we will decide what action, if any, we should take to resolve the complaint.

OAIC complaint

You may also complain to OAIC about how the CGC handled your personal information.

Before you can lodge a complaint with OAIC, you will need to first complain directly to us. You must allow us 30 days to investigate, unless OAIC decides that a complaint to the CGC is not appropriate in the circumstances.

If you do not receive a response after 30 days, or you are dissatisfied with the CGC’s response to your complaint, you may complain to OAIC, and the Commissioner will attempt to resolve the complaint.

We review this policy regularly and may update it from time to time.

Open Access Information 

The Principles on open public sector information form part of a core vision for government information management in Australia. They rest on the democratic premise that public sector information is a national resource that should be available for community access and use.

Transparency and public access to government information are important in their own right and can bolster democratic government. Information sharing better enables the community to contribute to policy formulation, assist government regulation, participate in program administration, provide evidence to support decision making and evaluate service delivery performance. A free flow of information between government, business and the community can also stimulate innovation to the economic and social advantage of the nation.

These Principles were developed by the Office of the Australian Information Commissioner (OAIC) through a process of public consultation. They draw on considerable work in Australia and overseas that defines standards and principles to shape government information management practices. That work, undertaken by government agencies, public inquiries and the Organisation for Economic Co-operation and Development, is discussed in an OAIC issues paper, Towards an Australian Government Information Policy (2010).

The Principles will be applied by the OAIC in its role of monitoring compliance by Australian Government agencies with the publication objectives of the Freedom of Information Act 1982- external site (FOI Act). The Principles are not otherwise binding on agencies, and operate alongside legal requirements about information management that are spelt out in the FOI Act, Privacy Act 1988- external site, Archives Act 1983- external site and other legislation and the general law.

Information held by Australian Government agencies is a valuable national resource. If there is no legal need to protect the information it should be open to public access. Information publication enhances public access. 

The CGC uses information technology, in line with Principle 1: Open access to information, to disseminate public sector information (as applicable), applying a presumption of openness and adopting a proactive publication stance.

Public data

Public data is a valuable national asset underpinning Australia’s ability to realise economic and social objectives. Public data is information collected or generated by the Australian Government and includes demographic, location, health, education, economic, business and other information.

The effective use and sharing of public data helps improve the evidence-base for government policy decisions, supports better government service delivery and provides Australians with the data they need. A balance exists in maximising the economic, social and environmental benefits of using public data, while maintaining a strong commitment to appropriate guardrails, such as ethics, privacy and security.

Privacy Impact assessment 

The CGC has responsibilities under the Privacy Act 1988. The Privacy (Australian Government Agencies – Governance) APP Code 2017 (Privacy Code) requires us to conduct a Privacy Impact Assessment (PIA) for all high privacy risk projects or initiatives.

High privacy risk project

A project may be a high privacy risk project if the CGC considers that the project involves any new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals.

The CGC's responsibilities

The CGC is also required to conduct a PIA if directed to do so by OAIC.

We are required to:

  • maintain a register of all PIAs we conduct and
  • publish that register, or a version of that register, on our website.

Visit the OAIC website to view the Privacy Code

Register

We publish the privacy impact assessment register in compliance with the Privacy Code.

The PIA register below sets out the PIAs the CGC has completed since 1 July 2018. This register will be updated as PIAs are completed*.

PIA ReferenceTitle of PIACompleted
---

* No PIAs have been conducted.

The CGC encourages the dissemination and exchange of information provided on this website.

The Commonwealth owns the copyright in all material produced by this department.

All material presented on this website is provided under a Creative Commons Attribution 4.0 International licence, with the exception of:

  • the Commonwealth Coat of Arms
  • this department's logo
  • content supplied by third parties.

The details of the relevant licence conditions are available on the Creative Commons website, as is the full legal code for the CC BY 4.0 license.

Attribution

Material obtained from this website is to be attributed to this agency as:

© Commonwealth of Australia

Third party copyright

Wherever a third party holds copyright in material presented on this website, the copyright remains with that party. Their permission may be required to use the material.

This agency has made all reasonable efforts to:

  • clearly label material where the copyright is owned by a third party
  • ensure that the copyright owner has consented to this material being presented on this website.

Use of the Commonwealth Coat of Arms

The terms of use for the Coat of Arms are available from the Department of Prime Minister and Cabinet

Disclaimer

This website is provided by the CGC to share information with the public for free. We check the information on this site and update it often.

We do not guarantee that the information is always accurate, reliable, up to date, or complete. We are not responsible for any problems caused by using this site or any linked sites. Users should use their own judgment and check that the information suits their needs.

This website is not a replacement for professional advice. Users should get advice from a qualified professional if needed.

Some content on this site may include opinions or suggestions from other people. These do not always reflect the views of the CGC.

Links to other websites

This website contains links to other websites outside the CGC. We take care when linking to other sites, but we do not control their content. Users should check the information on those sites themselves.

A link to another website does not mean the CGC endorses that site or any products or services mentioned there. Users should check who runs any website they visit.

Website security

The CGC uses security measures to protect this website from unauthorised access. However, the internet is not completely secure. There is a risk that others could see, change, or damage your information, or that downloaded files might contain viruses or harmful software.

The Commonwealth is not responsible for any damage to your computer, software, or data caused by using this website. Users should protect their own systems by checking that anything they download is safe.

Last updated