The Australian Office of Financial Management (AOFM) collects a range of personal information in carrying out its functions.
It also explains:
- how you can access the information we hold about you and ask for that information to be corrected
- how you can make a complaint about the way we have handled your personal information.
The Privacy Act
The Privacy Act 1988 (Privacy Act) protects personal information of individuals and requires the AOFM to comply with the Australian Privacy Principles (APPs).
The APPs set out standards, rights and obligations around personal information. ‘Personal information’ is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not.
Personal information includes ‘sensitive information’, which is a sub-set of personal information. While we recognise that protecting all personal information is important in gaining and maintaining your trust, sensitive information is often afforded a higher level of protection.
How we collect personal information
At all times we try to only collect the information we need for the function or activity we are carrying out—that is, personal information that is reasonably necessary for it.
The main way we collect personal information about you is when you (or your representative) give it to us. However, in some circumstances we may also collect information about you from another Australian, State or Territory government body, or from another organisation.
The personal information we collect, and hold relates to:
- correspondence and feedback from members of the public or organisations
- employment and personnel matters relating to staff and contractors
- facilitating meetings (for example, meetings with investors or intermediaries)
- administering programs for which the AOFM is the administering agency
- retail investor information
- requests under the Freedom of Information Act 1982 (FOI Act)
- contract management.
Types of information we hold
The personal information we collect, and hold varies depending on what we need to perform our functions and responsibilities. It may include:
- your name, address and contact details (for example your phone number or email address)
- information about your identity (such as date of birth, country of birth, passport details and driver's licence)
- information about your personal circumstances (for example age, gender, marital status and occupation)
- information about your financial affairs (for example payment details, bank account details, and business and financial interests)
- information about your employment (for example applications for employment, work history, referee comments and remuneration)
- government identifiers.
We may also collect or hold ‘sensitive information’ which is a subset of personal information under the Privacy Act.
Generally, we will only collect sensitive information if you have consented and its collection is reasonably necessary for, or directly related to, one or more of our functions or activities or the collection is required or authorised by law.
This might include information about your health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, genetic or biometric information.
Retail bond holders
Computershare maintains the register of retail bond holders for the AOFM. In managing the register, Computershare can provide AOFM staff with the personal information of investors.
GovCMS is hosted in Australia in secure, government accredited facilities. To help protect the privacy of data and personal information, GovCMS maintain physical, technical and administrative safeguards, which are updated and tested on an ongoing basis.
Generally, the AOFM only collects personal information from its website where a person chooses to provide that information (for example, in submitting a web form or survey).
If you visit our website, the AOFM records a range of technical information which does not reveal your identity. This information includes your IP or server address, your general locality and the date and time of your visit to the website. This information is used for statistical and development purposes.
No attempt is made to identify you through your browsing other than in exceptional circumstances, such as an investigation into the improper use of the website.
The AOFM makes use of third-party sites, which may include MailChimp, LinkedIn and Google Analytics, to deliver some functionality. These third parties may capture and store your personal information outside Australia and may not be subject to the Privacy Act in the same way as the AOFM or at all. The AOFM is not responsible for the privacy practices of these third parties and encourages you to examine each party's privacy policies and make your own decisions regarding their reliability.
The websites also contain links to other websites. The AOFM is not responsible for the content and privacy practices of other websites and encourages you to examine each website's privacy policies and make your own decisions regarding their reliability.
The AOFM uses Mailchimp to send bulk emails to individuals who have subscribed through the AOFM website. MailChimp is based in the United States and is owned by Intuit (see Intuit's Global Privacy Statement). Mailchimp may store and transfer data outside of Australia. In subscribing you agree to this.
Mailchimp may capture additional data from the emails sent to you or when you visit their website to subscribe or view online versions of the emails, for statistical reporting purposes and to monitor service performance.
Individuals can unsubscribe from this service at any time.
Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
Social networking services
We use social networking services such as LinkedIn to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes.
These services have their own privacy policies. The AOFM is not responsible for the privacy practices of these third parties and encourages you to examine each party's privacy policies and make your own decisions regarding their reliability.
There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via the websites. If this is of concern to you then you may use other methods of communication with the AOFM, such as post or phone (although these also have risks associated with them).
The AOFM only records email addresses when a person sends a message or subscribes to a mailing list. Any personal information provided, including email addresses, will only be used or disclosed for the purpose for which it was provided.
Use and disclosure of personal information
We will not provide your personal information to other government agencies, private sector organisations, or anyone else unless you consent, you would reasonably expect us to use the information for that purpose or one of the exceptions in the Privacy Act applies.
Disclosure to overseas recipients
We may need to provide your personal information to an overseas recipient as part of our work.
However, where there is no requirement for us to disclose personal information to an overseas recipient, we will either seek your consent or amend the information to ensure your personal information is not identifiable. The most common example of disclosure of personal information overseas will be to arrange overseas deployment or travel for AOFM staff.
Storage and data security
We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse. The AOFM will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information.
The Department of the Treasury (Treasury) provides IT services to the AOFM under a Service Agreement. The Treasury and the AOFM regularly assess the risk of unauthorised access, modification and disclosure of information, and monitor the security of the network.
The AOFM and its contractors are subject to the Notifiable Data Breaches Scheme under the Privacy Act, and we will act in accordance with the requirements of the Scheme and the Office of the Australian Information Commissioner's (OAIC) Data breach preparation and response guidance and the AOFM’s Data Breach Response Plan, in assessing and responding to suspected notifiable data breaches.
Where a breach of personal information occurs that is likely to cause serious harm to individuals, we will notify OAIC and affected individuals as required. We will aim to provide you with timely advice to ensure you are able to manage any loss—financial or otherwise—that could result from the breach.
Access and correction
You have a right to request access to the personal information the AOFM holds about you and to request its correction.
The Privacy Act allows us to refuse access in certain cases, including where an exemption under the Freedom of Information Act 1982 (FOI Act) would apply. Where we have refused access, we will give you reasons in writing. We will also provide you with information about how you can dispute the decision.
To request access to, or correction of, your personal information you can contact the AOFM’s Privacy Officer using our contact details below.
Evidence of identity
In all cases where a request relates to documents that contain your personal information, we will ask you to provide evidence of your identity before we deal with your request. Your request should include a physical address, as we prefer to forward documents containing personal information to you by registered post rather than email.
If another person has authorised you to make a request on their behalf, we will ask you for the letter authorising you to make the request. If you are seeking documents containing personal information on behalf of another person, we will ask for evidence of both identities, showing that you are authorised to apply on behalf of the other person.
If you have a complaint about the way the AOFM has handled your personal information, you may contact our Privacy Officer using our contact details below.
A complaint may be made on behalf of a complainant, but the person acting on behalf of the complainant must have written authorisation and verify their identity.
There are no fees or charges for making a privacy complaint. Your complaint should include a brief description of your privacy problem, including what happened, what personal information of yours was affected, and your contact details so that we can contact you about your complaint.
Sometimes we may ask you for additional information in order to investigate your complaint. If you do not provide this, it may affect how we handle your complaint.
If you do not receive a response after 30 days, or you are dissatisfied with the AOFM’s response to your complaint, you may complain to OAIC, and the Commissioner will attempt to resolve the complaint.
How to contact us
Contact the AOFM’s Privacy Officer if you want to:
- Obtain access to or seek correction of your personal information held by the AOFM, or
- Make a privacy complaint about the AOFM.
Australian Office of Financial Management
PARKES ACT 2601
You can obtain further information about the Privacy Act from the Office of the Australian Information Commissioner website.
We review this policy regularly and may update it from time to time.
This policy was last updated on: 6 June 2022
Privacy Impact Assessment Register
The AOFM is required to conduct a Privacy Impact Assessment (PIA) for all projects with a high privacy risk or if directed by the Office of the Australian Information Commissioner (OAIC).
A PIA is conducted where the AOFM considers that the project involves new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals.
This following PIA register is published in compliance with the Privacy Code.
Privacy Impact Assessments undertaken 1 July 2018 onwards
|PIA Reference||Title of PIA||Completed|
Privacy Impact Assessment Report – Commonwealth Domestic Debt Registry Services
This PIA assesses privacy impacts associated with the delivery of Commonwealth Domestic Debt Registry Services.
|5 October 2022|
Register last updated: 8 February 2023