Privacy policy summary

The Grains Research and Development Corporation (GRDC, we) handle personal information in accordance with the Privacy Act 1988 (Cth).

For more information, view our privacy policy.

Collection of your personal information

We usually collect your personal information (including sensitive information) for purposes which are reasonably necessary for, or directly related to our functions and activities under the:

We sometimes collect personal information from a third party or a publicly available source, so we can carry out assessments of applications for funding, for a particular research and development project or from referees as part of a recruitment process.

We also collect personal information through our website and social media platforms. We use this information to improve our services and receive feedback.


We only use and disclose personal information for the purposes for which it was given to us, or for purposes which are reasonably necessary for or directly related to one of our functions or activities.

We don’t disclose sensitive information about you unless you agree or would reasonably expect us to.

We are not likely to disclose personal information overseas. If we do disclose your personal information to an overseas recipient, we will comply with the Australian Privacy Principles (APP) 8. This includes seeking to provide assurances that the information will be protected in accordance with the APPs.

Accessing and correcting your personal information

If you ask, in most cases we must give you access to the personal information that we hold about you. We will take reasonable steps to correct the information if we consider it is incorrect.

You also have the right under the Freedom of Information Act 1982 (Cth) to request access to:

  • documents that we hold and ask for
  • information that we hold about you, to be changed or annotated if it is incomplete, incorrect, out-of-date or misleading.

How to make a complaint about GRDC's handling of your personal information

You can complain to us in writing about how we have handled your personal information. We will respond to the complaint within 30 days.

If you wish to lodge a complaint, you can visit the contact us page and complete the form provided.

If you are not satisfied with GRDC’s response, you can make a complaint directly to the Privacy Commissioner within the Office of the Australian Information Commissioner. Further details about how to make a privacy complaint to the OAIC.

The Privacy Commissioner can be contacted at:

Email:  [email protected]
Phone:  1300 363 992
Postal:  GPO Box 5218, Sydney NSW 2001

Data breach

A data breach response plan has been established to enable us to:

  • contain, assess and respond to data breaches quickly
  • help mitigate potential harm to affected individuals
  • comply with the notifiable data breaches (NDB) scheme that commenced on 22 February 2018.

Privacy Impact Assessments

GRDC’s Privacy Impact Assessment (PIA) Register is published pursuant to section 15(1) of the Australian Government Agencies Privacy Code. Privacy Impact Assessments are required for all high-risk privacy projects. As of December 2022, GRDC had no high-risk privacy projects.

Last updated: 13 December 2022.

ReferenceDate Project Title/Description PIA required?
2018-01 September 2018 Levy Payer Register No
2022-01 June 2022 New payroll system - ELMO No
2022-02 July 2022 Upgrade FMIS No

How to contact us

Phone:  (02) 6166 4500

Postal:  Privacy Officer
Grains Research and Development Corporation
PO Box 5367
Kingston  ACT  2604