Privacy Policy
The Australian Office of Financial Management (AOFM) collects a range of personal information in carrying out its functions.
This Privacy Policy sets out how the AOFM collects, uses, discloses and stores personal information in accordance with the requirements of the Privacy Act 1988 (Privacy Act). The AOFM also complies with the Australian Privacy Principles (APPs), established by the Privacy Act, which protect the privacy of individuals and respect their rights in relation to their personal information.
This Privacy Policy explains:
- the types of personal information we collect and hold, and how we collect and hold it
- the reasons, or purposes for which we collect, hold, use and disclose that personal information,
- whether we disclose personal information to overseas entities,
- how you can access the information we hold about you and ask for that information to be corrected, and
- how you can make a complaint about the way we have handled your personal information.
How we collect personal information
When used in this privacy policy, the term “personal information” has the meaning given to it in the Privacy Act. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information the AOFM collects personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
At all times we try to only collect the personal information we need for the function or activity we are carrying out—that is, personal information that is reasonably necessary for it.
In addition to our Privacy Policy, we may need to explain specific privacy practices in more detail. In such circumstances, we develop and provide separate privacy notices to describe how we will handle the personal information that we collect.
Types of information we hold
The personal information we collect, and hold varies depending on what we need to perform our functions and responsibilities. It may include:
- name
- address
- phone number
- email address
- date of birth
- country of birth
- information about your personal circumstances (for example, gender and occupation)
- information about your financial affairs (for example, Tax File Number, Holding Identification Number, payment details, bank account details, business and financial interests)
- government identifiers.
We may collect or hold ‘sensitive information’ which is a subset of personal information under the Privacy Act. Generally, we will only collect sensitive information if you have consented and its collection is reasonably necessary for, or directly related to, one or more of our functions or activities or the collection is required or authorised by law. This might include information about your health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, genetic or biometric information.
Use of personal information
We collect personal information about you so that we can perform our business activities and functions and to provide best possible quality of service. We collect, hold, use and disclose your personal information for the following purposes:
-
to send communications requested by you
-
to facilitate meetings (for example, meetings with investors or intermediaries)
-
to administer programs for which the AOFM is the administering agency
-
to provide retail investor information
-
for procurement and contract management
-
to respond to requests under the Freedom of Information Act 1982 (FOI Act)
-
to assess the performance of the website and to improve the operation of the website;
-
to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
-
for the administrative, planning, quality control and research purposes of AGB, its related bodies corporate, contractors or service providers;
-
to update our records and keep your contact details up to date;
-
to process and respond to any complaint made by you; and
-
to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country.
We use this information for our regular business including:
-
the issuance of different instruments: Treasury Bonds (including Green Treasury Bonds), Treasury Indexed Bonds and T-Notes.
-
the administration of two funds which are for investing in securitisation products - the Australian Business Securitisation Fund (ABSF) and the Structured Finance Support Fund (SFSF).
-
the ongoing management of AOFM.
If you do not provide us with the personal information described above, some or all of the following may happen:
-
we may not be able to provide you with information about products and services that you may want; or
-
we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful.
Direct marketing
We may send you direct marketing communications and information about our products and services that we consider may be of interest to you where you have directly consented and in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth).
These communications may include tender program updates, forthcoming tenders, tender results, investment updates, investor insights sent via email. If you choose to subscribe to receive AOFM updates, you may select which types of communication you wish to received.
In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.
We do not provide your personal information to other organisations for the purposes of direct marketing.
Artificial intelligence
The AOFM is engaging with artificial intelligence (AI) in a way that allows us to discover and adapt to new opportunities and practices, while keeping humans at the centre of our decision-making.
Our intention is to leverage AI to drive innovation, improve operational efficiency, and support the broader goal of managing the government’s debt portfolio. Our AI Transparency Statement outlines the principles we apply in the use of AI.
The AOFM does not use AI to collect, analyse or generate personal information. We do not enter personal information into publicly available generative AI tools, and we do not use personal information to make automated decisions.
Where we collect our information
The main way we collect personal information about you is when you (or your representative) give it to us. However, in some circumstances we may also collect personal information about you from another Australian, State or Territory government body, or from another organisation such as a syndication institution or supplier.
Our websites
The AOFM has two websites, www.aofm.gov.au and www.australiangovernmentbonds.gov.au, hosted using arrangements established by the Department of Finance known as GovCMS.
GovCMS is hosted in Australia in secure, government accredited facilities. To help protect the privacy of data and personal information, GovCMS maintains physical, technical and administrative safeguards, which are updated and tested on an ongoing basis.
Generally, the AOFM only collects personal information from our websites where a person chooses to provide that information (for example, in submitting a web form or survey).
If you visit our website, the AOFM records a range of technical information which does not reveal your identity. This information includes your IP or server address, your general locality and the date and time of your visit to the website. This information is used for statistical and development purposes.
No attempt is made to identify you through your browsing other than in exceptional circumstances, such as an investigation into the improper use of the website.
To improve your experience on our website, we may use cookies. Cookies are an industry standard and most major websites use them. A cookie is a small text file that our website may place on your computer as a tool to remember your preferences or gather website usage data for the purpose of improving our website.
You may refuse the use of cookies by selecting the appropriate settings on your browser.
Our websites also contain links to other websites. The AOFM is not responsible for the content and privacy practices of other websites and encourages you to examine each website’s privacy policies and make your own decisions regarding their reliability.
Electronic communication
There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via our websites. If this is of concern to you, then you may use other methods of communication with the AOFM, such as post or phone (although these also have risks associated with them).
The AOFM only records email addresses when a person sends a message or subscribes to a mailing list. Any personal information provided, including email addresses, will only be used or disclosed for the purpose for which it was provided.
Telephone
The AOFM maintains a recorded telephone lines policy to protect the interests of the AOFM. Recording telephone conversations of specific roles serve several purposes including dispute resolution, complaint handling and fraud control, and are a necessary tool to protect the AOFM from reputational damage and/or financial loss.
The AOFM adheres to the legislative and regulatory requirements for the notification, storage and access of recorded information in line with the Privacy Act; Listening Devices Act 1992 (ACT); Surveillance Devices Act 2004 (Cth); and the Telecommunications (Interception and Access) Act 1979 (Cth).
Information from third parties
The AOFM makes use of third-party sites to deliver some functionality. These third parties may capture and store your personal information outside Australia and may not be subject to the Privacy Act in the same way as the AOFM or at all.
Third party providers may also send data overseas, as set out in their privacy policy. The AOFM is not responsible for the privacy practices of these third parties and encourages you to examine each party’s privacy policies and make your own decisions regarding their reliability.
Computershare
Computershare maintains the register of retail bond holders for the AOFM. In managing the register, Computershare can provide AOFM staff with the personal information of investors including their HIN number, address, and contact details. AOFM retains this information for up to twelve months in order to process transactions.
Computershare’s Privacy Policies are available on their website: Learn more about our privacy policies.
Mailchimp
The AOFM uses Mailchimp to send bulk emails to individuals who have subscribed through the AOFM website. MailChimp is based in the United States and is owned by Intuit (see Intuit’s Global Privacy Statement). Mailchimp may store and transfer data outside of Australia. In subscribing, you agree to this.
Mailchimp may capture additional data from the emails sent to you or when you visit their website to subscribe or view online versions of the emails, for statistical reporting purposes, and to monitor service performance.
Individuals can unsubscribe from this service at any time.
Google Analytics
Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
By using this website, you consent to the processing of data about you by Google in the manner described in Google's Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.
Social networking services
We use social networking services such as LinkedIn to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes.
These services have their own privacy policies. The AOFM is not responsible for the privacy practices of these third parties and encourages you to examine each party's privacy policies and make your own decisions regarding their reliability.
How we share, store and secure information
Disclosure of personal information
We may disclose your personal information to our employees, contractors or service providers for the purposes of operation of the AOFM and to otherwise provide information to you including without limitation web hosting providers, IT systems administrators, data entry service providers, electronic network administrators.
We will not provide your personal information to other government agencies, private sector organisations, or anyone else unless you consent, you would reasonably expect us to use the information for that purpose, or one of the exceptions in the Privacy Act applies.
Storage and data security
Our staff and contractors are required to manage personal information in accordance with our policies, which adhere to the Privacy Act and the Archives Act. Staff and contractors are not allowed to keep information we have provided to them for longer than is required to undertake their business and information is only provided on a need-to-know basis.
AOFM requires that repositories used for the information asset and copies maintained must be minimised and that access listings for the repositories where the information asset is stored must be reviewed annually. Our records management is supported by Castlepoint which improves compliance through automated review and classification.
We are required to retain all records which may include personal information related to our functions for 7 years after the action is completed or from finalisation or maturity of the Australian Government Security or investment; or between 10-15 years for contracts.
As a Commonwealth entity we must keep and transfer records to the National Archives Authority under the Archives Act 1983. Records capture decisions, actions, and the results of consultations, communications, transactions, and outputs related to our operations and government policy. These records do not generally contain personal information.
We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse. The Department of the Treasury (Treasury) provides IT services to the AOFM under a Memorandum of Understanding. The Treasury and the AOFM regularly assess the risk of unauthorised access, modification and disclosure of information, and monitor the security of the network in accordance with the Protective Security Policy Framework.
The AOFM will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information. The AOFM and its contractors are subject to the Notifiable Data Breaches Scheme under the Privacy Act, and we will act in accordance with the requirements of the Scheme and the Office of the Australian Information Commissioner's (OAIC’s) data breach preparation and response guidance and the AOFM’s Data Breach Response Plan, in assessing and responding to suspected notifiable data breaches.
Where a breach of personal information occurs that is likely to cause serious harm to individuals, we will notify the OAIC and affected individuals as required. We will aim to provide you with timely advice to ensure you are able to manage any loss—financial or otherwise—that could result from the breach.
How you can access and correct your information
You have a right to request access to the personal information the AOFM holds about you and to request its correction.
The Privacy Act allows us to refuse access in certain cases, including where an exemption under the FOI Act would apply. Where we have refused access, we will give you reasons in writing. We will also provide you with information about how you can dispute the decision.
To request access to, or correction of, your personal information, you can contact the AOFM’s Privacy Officer using our contact details below.
Evidence of identity
In all cases where a request relates to documents that contain your personal information, we will ask you to provide evidence of your identity before we deal with your request. Your request should include a physical address, as we prefer to forward documents containing personal information to you by registered post rather than email.
If another person has authorised you to make a request on their behalf, we will ask you for the letter authorising you to make the request. If you are seeking documents containing personal information on behalf of another person, we will ask for evidence of both identities, showing that you are authorised to apply on behalf of the other person.
Privacy complaints
If you have a complaint about the way the AOFM has handled your personal information, you may contact our Privacy Officer using our contact details below.
A complaint may be made on behalf of a complainant, but the person acting on behalf of the complainant must have written authorisation and verify their identity.
There are no fees or charges for making a privacy complaint. Your complaint should include a brief description of your privacy problem, including what happened, what personal information of yours was affected, and your contact details so that we can contact you about your complaint.
Sometimes we may ask you for additional information in order to investigate your complaint. If you do not provide this, it may affect how we handle your complaint.
We will endeavour to respond to your complaint within a reasonable time, generally 30 days, to discuss your concerns and outline options regarding how they may be resolved.
If you are dissatisfied with the AOFM’s response to your complaint, you may complain to the OAIC. Details of how to lodge a complaint with the OAIC may be found at www.oaic.gov.au or by calling 1300 363 992.
How to contact us
Contact the AOFM’s Privacy Officer if you want to:
- Ask questions about our Privacy Policy, or if you need a copy of this Policy in an alternative format
- Obtain access to or seek correction of your personal information held by the AOFM, or
- Make a privacy complaint about the AOFM.
Email: privacy@aofm.gov.au
Post:
Privacy Officer
Australian Office of Financial Management
Treasury Building, Newlands Street
PARKES ACT 2600
You can obtain further information about the Privacy Act from the Office of the Australian Information Commissioner website.
We review this policy regularly and may update it from time to time.
This policy was last updated in April 2025
Privacy Impact Assessment Register
The AOFM is required to conduct a Privacy Impact Assessment (PIA) for all projects with a high privacy risk in accordance with the Privacy (Australian Government Agencies – Governance) APP Code 2017 (Cth) (the Privacy Code), or if directed by the OAIC.
A PIA is conducted where the AOFM considers that the project involves new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals.
This following PIA register is published in compliance with the Privacy Code.
Privacy Impact Assessments undertaken 1 July 2018 onwards
PIA Reference | Title of PIA | Completed |
---|---|---|
PIA/202201 |
Privacy Impact Assessment Report – Commonwealth Domestic Debt Registry Services This PIA assesses privacy impacts associated with the delivery of Commonwealth Domestic Debt Registry Services. |
October 2022 |
PIA/202501 |
Privacy Impact Assessment – Castlepoint This PIA assesses the privacy impacts of modernising records management using Castlepoint to manage records where they reside (known as in-place records management). |
March 2025 |
Register last updated: April 2025