Grains Research and Development

Privacy Policy

Purpose of this policy?

The Grains Research Development Corporation (GRDC) is required to have a Privacy Policy under the Privacy Act 1988 (Cth) (Privacy Act), specifically Australian Privacy Principle (APP) 1. The APPs are set out in a Schedule to the Privacy Act.

The APPs set out how we must collect, use, disclose and store personal information. The APPs also give individuals the right to access and correct their personal information in certain circumstances.

The purpose of this Privacy policy is to tell you about the personal information handling practices of the GRDC. It has been developed to use the ‘layered policy’ format, which means that it offers layers of greater or less content based on a person’s needs. For an overview of our personal information handling practices, you can have a look at our summary Privacy policy.

This Privacy policy is reviewed and updated from time to time to take account of new laws, technology or changes to our functions, operations and practices. Any amendments will be notified by posting an updated version on our website.  This policy was last reviewed and updated in May 2016.

What is ‘personal information’ and ‘sensitive information’?

The terms 'personal information' and ‘sensitive information’ come from section 6 of the Privacy Act. References to personal information throughout the Privacy policy include sensitive information unless otherwise indicated. 

‘Personal information’ means:

Information or an opinion about an identified individual, or an individual who is reasonably identifiable:

(a)    whether the information or opinion is true or not; and

(b)    whether the information or opinion is recorded in a material form or not.

Sensitive information’ means:

(a)    information or an opinion about an individual’s:

  1. racial or ethnic origin
  2. political opinions
  3. membership of a political association
  4. religious beliefs or affiliations
  5. philosophical beliefs
  6. membership of a professional or trade association
  7. membership of a trade union
  8. sexual orientation or practices
  9. criminal record.

(b)    health information about an individual

(c)    genetic information about an individual that is not otherwise health information

(d)    biometric information that is to be used for the purpose of automated biometric verification or biometric identification

(e)    biometric templates.

Types of personal information collected and held by the GRDC

Solicited Information

The main types of personal information we collect and hold relate to:

  • applications for GRDC funding for the purposes of a particular Research and Development project or for an award offered by the us
  • individuals participating in projects and initiatives we fund
  • our Panel members or individuals attending meetings or consulting with us
  • personnel, payroll and recruitment, Fringe Benefits Tax return, workers’ compensation files
  • procurement and contract management, including tenders
  • performance of our legislative functions
  • conflict of interest declarations
  • contact and mailing lists
  • requests for publications
  • media content
  • access to ICT equipment and security passes

Unsolicited Information

On occasion, unsolicited personal information is provided to GRDC by individuals or organisations without it being requested. In such circumstances, the GRDC must determine within a reasonable period if the information could have been collected in accordance with its functions and activities [APP 3.1 & 4.1].

If the information could not have been collected in accordance with the GRDC’s functions and activities, and is not contained in a Commonwealth record, the GRDC must ensure the information is lawfully destroyed or de-identified.

Purposes for which the GRDC collects, holds, uses and discloses personal information

We collect, hold, use and disclose personal information for purposes which are reasonably necessary for, or directly related to, our functions and related activities under the Primary Industries Research and Development Act 1989 (Cth) (PIRD Act) and the Grains Research and Development Regulations 1990 (Cth) or any other legislation such as, the Public Governance, Performance and Accountability Act 2013 (Cth) (PGPA Act). 

These functions and activities include:

  • assessing applications for GRDC funding for a particular research and development project or for an award given by the GRDC
  • collecting information from individuals or organisations undertaking a GRDC funded research and development project
  • preparing an annual operational plan each financial year
  • coordinating the carrying out of research and development activities that are consistent with the GRDC's current annual operational plan
  • employment and personnel matters, payroll and recruitment, Fringe Benefits Tax returns and workers’ compensation matters
  • procurement and contract management, including tenders
  • communicating with the public, stakeholders and the media including through websites and social media

Personal information collected and held by the GRDC

It is our usual practice to collect personal information directly from the individual or their authorised representative.  We collect personal information through a variety of means including through using forms (either electronic or hard copy), online portals, other electronic or paper correspondence (including emails and written correspondence) and at times verbal conversations or interviews.

Sometimes we collect personal information from a third party or a publicly available source, but only when the individual has consented to such collection, when we are required or authorised by law to collect information from someone other than the individual, or it is unreasonable or impracticable to collect the information from the individual.

In limited circumstances we may receive personal information about third parties from individuals who contact us and supply us with the personal information of others in the documents they provide to us.

Where sensitive personal information is concerned we will seek your express consent for that collection unless a legal exception under the Privacy Act applies.

Use and disclosure

We only use and disclose personal information for the purposes for which it was given to us, or for purposes which are reasonably necessary for, or directly related to one of our functions or activities. 

We do not give personal information to other government agencies, organisations or anyone else unless one of the following applies:

  • the individual has consented
  • the individual would reasonably expect GRDC to use or disclose the information for the secondary purpose and the secondary purpose is related (or directly related in the case of sensitive information) to the purpose for which it was collected
  • it will prevent or lessen a serious and imminent threat to somebody's life or health, or where it is necessary to assist with the location of a person who has been reported missing
  • is reasonably necessary to allow us to take appropriate action  when we suspect unlawful activity or misconduct of a serious nature that relates to our functions or activities
  • we are required or authorised by law or by an order of a court/tribunal
  • we reasonably believe that the use or disclosure of the information is necessary for conducting one or more enforcement related activities  

Schedule 1 describes how we handle certain classes of personal information.

Collecting through our website

When you visit our website to read or download information we may record, through our web server log files or Analytics, the following non-personal information for statistical purposes:

  • your computer’s location
  • the pages you accessed and the documents you downloaded
  • the search terms you used
  • the date, time and frequency you visited the site
  • the previous site you visited
  • details of the device used to access the site

This data is used for website administration, including monitoring to prevent security breaches, enhancement of the website to meet your needs, statistical purposes and research and development.

No attempt is made to identify you or your browsing activities, except in the unlikely event of a criminal investigation, eg. where a law enforcement agency may exercise a warrant to inspect our Internet Service Provider's (ISP) logs.

If you send a message to us through our contact us page, or subscribe to one of our publications or request one of our services, we only record or use the personal information you provide to us to respond to you or provide you with the requested service. Your email address will not be added to a mailing list or used for any other purpose. If we wish to use your email address for another purpose we will seek your prior consent by way of a specific request in writing to you.

Customer Analytics

In addition to web server logs, this website uses Google Analytics, a web analytics service provided by Google Inc. ('Google'). Reports obtained from Google Analytics are used to help improve the efficiency and usability of this web site.

Google Analytics uses 'cookies' to help analyse how users use this site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Google will use this information for the purpose of evaluating your use of our website and providing other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Please refer to Google's privacy policy. You can opt out of Google Analytics if you disable or refuse the cookie, disable javascript, or use Google's opt-out service.

Cookies

Cookies are pieces of information that a website can transfer to your web browser. Parts of our website may store cookies on your browser in order to service you better when you next visit the site.

You can change your web browser's settings to reject cookies or to prompt you each time a website wishes to add a cookie to your browser. Some functionality on the website may be affected by this.

For more information about cookies and instructions on how to adjust your browser settings to restrict or disable cookies, see the Office of the Australian Information Commissioner's Privacy Fact Sheet 4 or the Interactive Advertising Bureau website.

Links to external web sites

The GRDC's web site contains links to other web sites. The GRDC is not responsible for the content and the privacy practices of other web sites and encourages you to examine each web site's privacy policy and make your own decisions regarding the accuracy, reliability and correctness of material and information found.

Accessing our social media accounts

We use Facebook, Twitter or YouTube, to communicate with the public about our work, including responding to any comments you make. No attempt will be made to further identify you except where authorised or required by law.

The GRDC is not responsible for the privacy practices of Facebook, Twitter or YouTube and you should refer to their privacy policies on their websites: Facebook privacy policy; Twitter privacy policy; and YouTube privacy policy.

Data quality

GRDC ensures that the personal information we collect is accurate, up-to-date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary. 

Data security

GRDC takes all reasonable steps to protect the personal information we hold against misuse, loss, interference, and unauthorised access, disclosure or modification. These steps include maintaining up-to-date computer and network security systems with appropriate firewalls, access controls and passwords to protect electronic copies of personal information, and securing paper files and physical access restrictions.

Sensitive personal information will have very restricted access placed on it and will be managed under strict governance requirements which will vary depending on the nature of the information concerned.

Authority to keep, destroy or transfer records

Records containing personal information are kept, destroyed or transferred in accordance with the Archives Act 1983 (Cth) (Archives Act).  Further information on records management under the Archives Act is available at www.naa.gov.au.

The GRDC follows the Administrative Functions Disposal Authority (AFDA) and to keep, destroy or transfer records of an administrative nature common to most Commonwealth agencies. This includes functions such as finance, human resources, procurement and publications management.

Records relating to our core business functions and activities are being retained in accordance with the Research and Development Corporations Records Authority covering the GRDC.

How you can access or seek correction of your personal information held by GRDC

Under the Privacy Act (APPs 12 and 13), you have the right to ask for access to the personal information that we hold about you and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must take reasonable steps to correct your personal information if we consider it is incorrect, unless we are required or authorised to refuse to give you access or make corrections under the Freedom of Information Act 1982 (Cth) (the FOI Act) or any other Commonwealth law.

We will ask you to verify your identity before we give you access to your information or correct it. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.

If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.

If we refuse to correct your personal information, you can ask us to associate with it a statement that you believe the information is incorrect and why.

You also have the right under the FOI Act to request access to documents that we hold and ask for information that we hold about you to be changed or annotated if it is incomplete, incorrect, out-of-date or misleading.

Anonymity and Pseudonymity

The APPs give you the option of not identifying yourself, or using a pseudonym (alias) when dealing with us, unless:

  • we are required or authorised by law to deal only with individuals who have identified themselves
  • it is impracticable to deal with individuals on an anonymous basis or who are using an alias.

If you contact us on an anonymous basis, or by using an alias (for instance to make a general enquiry or to make a complaint) we will only be able to provide general information to you. In order to give you information specific to your circumstances, we will need to establish your identity. We may be unable to progress or resolve your specific issue if you choose not to identify yourself.

Overseas disclosure

We are not likely to disclose personal information overseas.  If, at some point, we do disclose personal information to an overseas recipient, we will comply with APP 8, including seeking to provide assurances that the information will be protected in accordance with the APPs.

Making a privacy complaint and how it will be handled

If you have concerns about the way we handle your personal information you make a complaint.  Any complaints should be in writing and sent to the Privacy Officer using the contact details provided below.  The complaint should provide as much detail as possible so the issues and concerns can be investigated.

The GRDC is committed to resolving complaints fairly and efficiently while maintaining confidentiality.  We will take reasonable steps to investigate any complaint, and to notify you of the outcome of our investigation within 30 days.

If we do not respond to the complaint within 30 days, or you are not satisfied with the outcome of our investigations, you can make a complaint directly to the Office of the Australian Information Commissioner (OAIC). Further details about how to make a privacy complaint to the OAIC are available at www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint.

How to contact us

Privacy Officer

Grains Research and Development Corporation

PO Box 5367

Kingston ACT 2604

Australia

Email: privacy@grdc.com.au

Phone: (02) 6166 4500

Fax: (02) 6166 4599

Further information

For more general information on the Privacy Act and the APPS visit the OAIC’s website: www.oaic.gov.au, or contact the OAIC on ph 1300 363 992.

Schedule 1 – How the GRDC handles certain classes of personal information

Certain classes of personal information collected, held, used and disclosed by us are described below.

The records in which they are held are stored in digital and paper media. Not all of the records described are kept in a common storage facility.  Separate security arrangements will typically apply, depending on the sensitivity of the information.

1. APPLICATIONS FOR GRDC RESEARCH AND DEVELOPMENT FUNDING, AWARDS, PROCUREMENTS AND OTHER ACTIVITIES

The purpose of these records is to provide details about proposed activities (such as research and development projects, awards, Grains Research Updates, and goods and/or services procurements) which the GRDC can assess and decide whether or not to fund, support or otherwise proceed with, including activities under the “Applying & Reporting” section of GRDC’s website.

These records are collected directly from the applicant (whether individuals or organisations).  Content may include:  name, address, telephone number, mobile number, fax number, email address, gender, educational qualifications, employment history, occupation, organisation, date ofbirth, citizenship, residency status, referees and financial information.

The following GRDC staff have access to this information: certain GRDC staff in the relevant application assessment areas.

The records are kept for a minimum period of 7 years.

The personal information contained in these records is not usually disclosed to other persons or organisations.

Individuals can obtain information regarding access to personal information in this class of records by contacting the Privacy Officer - see contact details above.

2. GRDC RESEARCH PROJECTS AND AWARDS

The purpose of these records is to obtain information from projects and awards funded by the

GRDC.

These records are collected directly from the applicant individual or their organisation in the course of performing a research project or in relation to an award granted by GRDC.

Content may include: name, address, gender, occupation, qualifications, biographies, email address, telephone, mobile and fax number, date of birth, residency status, all project/activity details, salary, budgets and other financial, IP and commercial information.

The personal information in these records relates to:  researchers and other contributors to research, research organisation contacts, academic records for scholarship recipients.

The following GRDC staff have access to this information:   certain GRDC staff in the relevant program areas and contractors working on GRDC’s behalf.  These contractors are required by their contracts with the GRDC to keep information confidential and comply with privacy laws to the same extent as is required of the GRDC.

The records are kept for a period of 7 years or until the individuals ask to be removed. The personal information is not usually disclosed to other persons or organisations.

Individuals can obtain information regarding access to personal information in this class of records by contacting the Privacy Officer – see contact details above.

3. MEDIA CONTENT

The purpose of these records is to obtain media content and related data for GRDC’s functions and activities under the PIRD Act.

These records are collected directly from the individual or organisation, including via contractors acting on GRDC’s behalf.

Content may include:  name, address, occupation, qualifications, email address, telephone, mobile number, fax number and social media account credentials (for example, social media handles).

The personal information on these records relates to: media content from which individuals can be identified (such as video, audio and images), and related information (metadata, name and contact details of individuals appearing in media content).

The following GRDC staff have access to this information: certain GRDC staff responsible for GRDC

publications and communications.

The personal information may be disclosed to other persons or organisations which are contracted to carry out work on behalf of the GRDC. These contractors are required by their contracts with the GRDC to keep information confidential and comply with privacy laws to the same extent as is required of the GRDC

The records are kept for as long as GRDC may require them for its publication or communications purposes or until the individuals ask for the records to be removed.

Individuals can obtain information regarding access to personal information in this class of records by contacting the Privacy Officer – see contact details above.

4. CONTACTS LISTS

The purpose of these records is to maintain mailing lists for dissemination of information relating to the Australian grains industry as required or permitted by the PIRD Act, including publications and reports.  GRDC uses an electronic customer relationship management system to manage these records and to generate relevant contact lists.  These contact lists are used for GRDC’s purposes and activities including, for example, conducting regular surveys to measure stakeholder satisfaction with GRDC performance, sending relevant communications to grain growers and research partners, and distributing GRDC’s Ground Cover Newspaper.

These records are collected in a number of ways:  when an individual subscribes to receive a GRDC publication; when an individual submits a query through the GRDC's website; or when an individual provides their contact details during an interaction with a GRDC employee.

Content may include: name, address, gender, occupation, qualifications, email address, telephone, mobile and fax number and areas of interest.

The personal information on these records relates to: subscribers to GRDC publications and/or communications which may include grain growers and people working in or interested in GRDC’s activities and/or the Australian grains industry.

The following GRDC staff have access to this information: certain GRDC staff with responsibility for maintenance of the mailing and industry contact list, certain GRDC staff with responsibility for GRDC publications and communications.

The personal information may be disclosed to other persons or organisations which are contracted to carry out work on behalf of the GRDC. These contractors are required by their contracts with the GRDC to keep information confidential and comply with privacy laws to the same extent as is required of the GRDC.

The records are kept until individuals ask to be removed.

Individuals can obtain information regarding access to personal information in this class of records by contacting the Privacy Officer – see contact details above.

5. CORPORATE AND PERSONNEL RECORDS

The purpose of these records is to maintain corporate records, employment history and payroll and administrative information relating to all permanent, contract and temporary staff members and employees of an agency.

These records are typically collected directly from the relevant individual in connection with their employment by the GRDC, collected directly from a third party (such as a treating doctor or an individual's referee) with the consent of the relevant individual, or created by the GRDC in the course of an individual's employment.

Personnel and payroll

The records may include any one or more of the following:

  • records relating to attendance and overtime
  • leave applications and approvals
  • medical and dental records
  • payroll and pay related records, including banking details
  • tax file number declaration forms
  • declarations of pecuniary interests
  • personal history files
  • performance appraisals, etc
  • records relating to personal development and training
  • trade, skill and aptitude test records
  • completed questionnaires and personnel survey forms
  • record relating to removals
  • travel documentation
  • records relating to personal welfare matters
  • contracts and conditions of employment
  • Equal Employment Opportunity Data
  • next of kin details

Recruitment

The records may include any one or more of the following:

  • recruitment records and dossiers;
  • records relating to relocation of staff and removals of personal effects; and
  • records relating to character checks and security clearances.

Other

The records may include any one or more of the following:

  • records of accidents and injuries
  • compensation case files
  • rehabilitation case files
  • records relating to counselling and discipline matters, including disciplinary, investigation and action files, legal action files, records of criminal convictions, and any other staff and establishment records as appropriate
  • complaints and grievances
  • recommendations for honours and awards
  • legal and financial records relating to GRDC’s functions and activities
  • internal quality assurance records and audits

Contents of these records may include: name, address, email address, telephone number, mobile number, date of birth, occupation, gender, qualifications, equal employment opportunity group designation, next of kin, details of pay and allowances, leave details, work reports, security clearance details and employment history.

Sensitive contents of these records may include: physical and mental health, disabilities, racial or ethnic origin, disciplinary investigation and action, criminal convictions, adverse performance and security assessments, tax file numbers, relationship details and personal financial information.

Personal information on these records relates to current and former employees including, contractors and temporary staff.

The following GRDC staff have access to records: executive and senior personnel management staff, supervisors and members of selection committees (if appropriate), the individual to whom the record relates and, as is appropriate, personnel staff, security officers and case managers.

The personal information may be disclosed to other persons or organisations which are contracted to carry out work on behalf of the GRDC. These contractors are required by their contracts with the GRDC to keep information confidential and comply with privacy laws to the same extent as is required of the GRDC.

These records are kept according to the applicable provisions of the General Disposal Authority for staff and establishment records issued by Australian Archives.

Information held in personnel records may be disclosed, as appropriate, to: Comcare, Medical Officers, Attorney-General's Department, superannuation administrators, Australian Taxation Office, and the receiving agency following movement or re-engagement of an employee.

Individuals can obtain information regarding access to their personal information by contacting the Privacy Officer or personnel section of the relevant agency.