The NTC (ABN 67 890 861 578) is an independent statutory body that contributes to the achievement of national transport policy objectives by developing regulatory and operational reform of Australia’s road, rail and intermodal transport systems.
Where the collection or handling of personal information by the NTC is subject to the Privacy Act, the NTC must comply with the requirements of that Act. The Privacy Act regulates the manner in which personal information is handled throughout its life cycle, from collection to use, storage, accessibility and disposal.
What is personal information?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
Special provisions apply to the collection of personal information which is sensitive such as health information and information about a person’s race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual preferences and criminal history.
Collection of personal information
What personal information does the NTC collect?
In the course of business, the NTC may collect personal information that is reasonably necessary for, or directly related to, our functions or activities. The NTC will only collect personal information by lawful and fair means and not in an unreasonably intrusive manner.
The NTC may collect personal information about:
- persons who contact the NTC in relation to its activities and services
- persons who participate in any public consultations, reform proposals, surveys or market research conducted by or on behalf of the NTC
- subscribers to publications of the NTC (such as newsletters, news releases and reports)
- third parties providing a service to the NTC
- employees, contractors and consultants of the NTC.
Our functions and activities and our range of services may change from time to time.
The types of personal information we may collect and hold may vary depending on the nature of our interaction with the individual and may include:
- identifying and contact information (for example, name, address, date of birth, email address and emergency contact details
- responses or submissions to any consultations, reform proposals, surveys or market research of the NTC
- bank account, tax file number and credit card details
- information relating to employment or engagement by the NTC including education and qualifications, superannuation details, insurance details and results of psychometric testing, reference checks, police checks and ergonomic assessments.
Through our website, we may also collect de-identified information about a user’s computer which may include IP address, type of browser, operating system, domain name and the details of any website which has referred the user to the NTC’s website. We may also collect de-identified information about the user’s activities on our website (for example, tracking which areas of the website are visited and the content viewed).
Why does the NTC collect personal information?
The Privacy Act generally requires the NTC to use personal information only for the primary purpose for which it is collected, or for secondary purposes which are related (or directly related in the case of sensitive information) to the primary purpose.
In general, the NTC collects, holds, uses and discloses personal information for the following purposes:
- to consider, develop and deliver regulatory and operational reform in respect of Australia’s road, rail and intermodal transport systems including conducting public consultations, surveys and research, reviewing and publishing submissions and forming final recommendations/positions for consideration by the Transport and Infrastructure Council
- if requested, to provide copies of our publications (such as newsletters, news releases and reports)
- to manage our relationship with stakeholders including members of the public, responding to queries or requests, and for follow up purposes
- to verify and update any personal information held by us
- to recruit and manage personnel (including employees, contractors and consultants)
- to review, develop and improve our functions and activities and business processes including our website
- to comply with legal or regulatory obligations
- for other purposes required or authorised by or under law, including purposes for which we have obtained express or implied consent.
If anyone provides the NTC with their email address, telephone and/or mobile phone number, they also consent to the NTC using that email address, telephone and/or mobile phone number for contact purposes (including by telephone call, SMS or email) for any of the above reasons.
The NTC may collect personal information in a number of ways, including
- through our website, submissions made to the NTC, forms and correspondence (written and verbal) received
- from third parties such as persons or organisations engaged by the NTC to assist the NTC in carrying out its business processes such as ergonomic assessment providers, market researchers and recruitment organisations.
How does the NTC store personal information?
The NTC will store personal information securely in its systems providing restricted access to staff for work purposes only. The personal information is maintained and disposed in accordance with the NTC’s information management policy.
To whom may the NTC disclose personal information?
To carry out the above purposes, the NTC may disclose personal information:
- to the public through publishing submissions on our website (unless requested not to publish online or to only publish online on an anonymous basis)
- to the Transport and Infrastructure Council when forming final recommendations/positions on a public consultation matter (although the NTC typically prepares such recommendations and submissions in a de-identified form)
- to persons or organisations engaged by the NTC to assist the NTC in carrying out its business processes such as online survey platform providers, enews providers, recruitment organisations, website developers, IT support providers, compliance program providers, record management system providers, insurers and professional advisors
- for other purposes required or authorised by or under law or to comply with legal or regulatory obligations.
Does the NTC transfer personal information overseas?
The NTC may disclose personal information to service providers located overseas including online survey platform providers located overseas.
If the NTC transfers personal information to another party outside Australia, we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient will not breach the privacy principles set out in the Privacy Act in relation to the information.
The NTC also utilises Google Analytics in the USA to provide us with information, reports and analysis about the usage and browsing patterns of users of our website. All information provided is de-identified.
The NTC may use personal information for contact purposes (including by telephone call, SMS or email) in relation to publications, surveys, notifications about public consultations or other such initiatives.
Opting-out of receiving such marketing information from the NTC can be done at any time by contacting us using the contact details which appear immediately below under the heading “How can you access or correct your personal information and contact the NTC?” or clicking the unsubscribe link found at the bottom of any electronic newsletter, news alert or promotional email that may be received from us.
Rights and choices
How can personal information be accessed and/or corrected?
Contact the NTC’s Privacy Officer – see contact details section – to seek access to or request that we correct personal information held by the NTC.
The NTC will generally provide access to personal information if practicable, and will take reasonable steps to amend any inaccurate or out-of-date personal information. In some circumstances and in accordance with the Privacy Act, the NTC may not permit access, or may refuse to correct personal information, in which case reasons will be provided for this decision.
The access and correction requirements in the Privacy Act operate alongside and do not replace other informal or legal procedures by which access to, or correction of, personal information can be made including the Freedom of Information Act 1982 (Cth).
What happens if personal information is lost or subjected to unauthorised access, modification, disclosure or other misuse?
Following a risk assessment, the NTC will invoke its notifiable data breach plan and will notify affected individuals where the breach has been assessed as likely to cause a real risk of serious harm to the individual.
Notification will include:
- The description of the incident
- Type of personal information involved
- The NTC’s response to the breach
- What assistance is available to those affected
- How to lodge a complaint to the NTC or the Office of the Australian Information Commissioner (OAIC)
How to make a complaint
Any concerns or complaints about the manner in which personal information has been collected or handled by the NTC, should be advised to the NTC in writing to the NTC’s Privacy Officer – see contact details section. Concerns or complaints will be considered or investigated and will be responded to within 30 days from the day of request.
Any complaint not resolved to the complainant’s satisfaction can be referred to the Office of the Australian Information Commissioner who may investigate the complaint further.
NTC Privacy Officer
NTC Chief Corporate Officer
Email: [email protected]
Tel: 9236 5000
Level 3/600 Bourke Street
Melbourne Vic 3000
Further information about the application of the Privacy Act can be found at the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.
Harvest respects the rights and privacy of all individuals and is committed to complying with the Privacy Act 1988 and the Australian Privacy Principles and protecting the personal information Harvest holds.
Why does Harvest collect personal information? How does Harvest use it?
Harvest generally collects your personal information as part of providing its online community engagement services, informing you about these services, complying with its contractual and other legal obligations, responding to your enquiries and administering its community engagement technology.
Harvest needs your personal information to carry out these aims. Harvest may use your personal information for those purposes, any other purpose listed on a collection statement at the point of collection or in any other way made clear at the time of collecting the personal information.
How does Harvest collect personal information?
Harvest may collect your information via its websites.
What personal information does Harvest collect?
Harvest collects the types of personal information required to assist with providing Harvest’s services.
We may collect information from you when you sign-up for the platformsite, leave feedback or otherwise input data. Required information may include personal information such as your name, phone number, email and suburb.
By providing an email address you help us protect the integrity of the discussion from individuals and groups who may attempt to unduly influence the outcomes of the consultation process. For example, we check the database to ensure each user has a single email account on the site. We also frequently review the site for trolls and spammers.
How does Harvest use your personal information? To whom will it be disclosed?
Harvest may use your personal information for the primary purpose for which it was collected, i.e. the purpose specified in a privacy collection statement or the purpose that could be reasonably expected at the time the information was collected. Harvest may also use your personal information for a secondary related purpose.
By submitting your personal information, you consent to Harvest using it to:
(a) complete an activity that you have chosen to undertake;
(b) administer Harvest’s relationship with you;
(c) monitor online activity on the Harvest website(s) and/or application(s);
(d) improve and add to Harvest’s services (including online); or
(e) where required or authorised by law.
Harvest may disclose personal information to other entities with whom it contracts.
Can you remain anonymous or withhold personal information?
Yes. Where practical, you may choose not to identify yourself, deal with us on an anonymous basis or use a pseudonym.
Will you receive direct marketing?
If you provide us with your personal information you will not receive direct marketing communications from Harvest unless otherwise stated.
Will your information be disclosed overseas?
Harvest will not disclose your personal information to any person or entity outside Australia.
How can you access and correct your personal information?
You generally have the right to access your personal information free of charge, subject to some limitations contained in the Privacy Act 1988.
The APPs set out some circumstances in which Harvest is not required to provide you with such access. If you ask for your personal information and any of these circumstances exist, you may be given access to the personal information in a way that is permitted under the Privacy Act 1988.
To protect personal information held by Harvest, you may need to confirm your identity before access to your personal information is granted. It may take a little time to process your application for access and retrieve information from storage (if applicable).
Harvest encourages you to provide updates so that Harvest has accurate, current and complete information. You may correct any errors or request that Harvest deletes all or some of your personal information. You may also opt out of any further contact from us.
Does Harvest use “cookies”?
Yes. When you use Harvest’s website(s), Harvest or its IT service providers may obtain information using technologies such as cookies, tags, web beacons, and navigational data collection (log files, server logs, and clickstream data). For example, Harvest or its IT service providers may collect information like the date, time and duration of visits and which webpages are accessed.
This information is generally not linked to your identity, except where it is accessed via links in Harvest e-message or where you have identified yourself.
How can you complain about privacy breaches?
If you have a complaint in relation to the collection, use or and disclosure of your personal information, please contact the Harvest Privacy Officer via the details provided below. The Harvest Privacy Officer will review all complaints received and respond to each complainant upon due consideration (which may require further information to be provided).
If a privacy breach occurs, Harvest will notify you where possible of the breach and seek your direction about how you would like to respond to the incident.
Who can you contact about your personal information?
To contact Harvest about your personal information, concerns or complaints, email the Privacy Officer at [email protected].