Privacy Policy
This document describes the policies and procedures that we have in place for the management and protection of personal information that the Australian National Soil Information System (ANSIS), which is currently administered by CSIRO, collects and holds.
CSIRO is a body corporate established by section 8 of the Science and Industry Research Act 1949 (Cth) (“SIR Act’) and is bound by the Privacy Act 1988 (Cth), as an agency.
The Privacy Act regulates the collection, use, disclosure, storage and security of personal information of government agencies and private organisations. The Privacy Act includes 13 binding Australian Privacy Principles (‘APPs’) with which CSIRO must comply in relation to its management of personal information.
Who we are
Our website address is: https://ansis.net.
How does CSIRO, on behalf of ANSIS, collect and hold personal information?
Where it is reasonably practicable to do so, we collect personal information directly from you. However, on occasions, we may need to collect personal information from other sources such as public records, parents or guardians of children under the age of 18 years and third parties. When dealing with children, we seek parental consent prior to the collection of personal information, including photographs.
We may collect personal information in various ways, including via:
- Online forms (such as contact forms or registration forms for an event e.g. hosted on Microsoft Forms)
- Surveys (hard copy or online)
- Research projects
- Information associated with accessing and using ANSIS websites
- Over the telephone
- In person in a meeting or interview scenario
- Via emails or other correspondence sent to ANSIS
- By taking photographs or videos at ANSIS events.
For what purposes does CSIRO, on behalf of ANSIS, collect, hold and use personal information?
With CSIRO’s extensive and diverse activities, we collect, hold and use personal information throughout CSIRO for many different purposes and via different methods. We only collect personal information for purposes directly related to our functions or activities under the SIR Act and only where it is necessary for or directly related to such purposes.
When we collect personal information from you for certain specific activities, where required, we will use a collection notice that deals specifically with that collection, including a description of the purposes for which we will use the personal information collected in that instance. Where relevant, our internal procedures and systems embed privacy protections to ensure we comply with our obligations under the Privacy Act.
We may use or hold personal and sensitive information for the following general purposes:
- to provide scientific and research services to both public and private sector clients
- to deliver programs, such as Innovation Programs and Hackathons
- to manage our employees and contractors, including to consider prospective employees
- to manage our business, operational and security functions
- to undertake research and testing as part of our functions under the SIR Act (such as information about individuals participating in focus group testing, including health information for food testing and information about physical reactions to food additives)
- to maintain membership or subscriber records for our publications or club members (such as the Double Helix Club)
- to promote and market our activities.
From time to time, we may need to disclose personal information to our joint venture partners or share information with contractors or agents who provide services to us, such as off-site file storage facilities and financial institutions which transmit payments on our behalf.
We will collect personal information from you for the purposes described in a collection notice and will only use or disclose your personal information for other purposes if:
- you have consented to the other use
- you would reasonably expect, or have been told, that your personal information is usually passed on to other entities
- it is required or authorised by law
- it will prevent or lessen a serious threat to someone’s life, health or safety (including public health and safety)
- required to take appropriate action in relation to suspected unlawful activity or serious misconduct
- required to locate a missing person
- required to assert a legal or equitable claim or to conduct an alternative dispute resolution process.
Set out below is some further detail of how we may use personal information collected for certain of our main activities.
What personal data we collect and why we collect it
When you visit our website
Cookies
A cookie is a small file containing a string of characters placed on your computer that uniquely identifies your browser. It is information that your web browser sends back to our website server whenever you visit it again. We use cookies to ‘remember’ your browser between page visits. In this situation, the cookie identifies your browser, not you personally. No personal information is stored within our cookies.
Some services that run on our sites, such as those provided by Google, Facebook and Vimeo, may also create or read their own cookies on your browser.
Analytics
We use Google Analytics and Clicky to collect anonymised data about your interaction with our websites, which are hosted by a third party provider. We may also use our own analytics on our websites.
The types of data collected may include your IP address, browser and operating system, screen size, geographic location, search terms and pages visited, actions performed on pages, and date and time of webpage access. Where you provide your email address, that information may be linked to your interactions with the websites.
This data is collected for the purposes providing you with a better experience of, and improving our websites. Occasionally, we may also use this data for scientific research, including measuring the impact and outcomes of research.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Completing an online form
Should you decide to complete and submit an online form (for example a contact form) on any part of the ANSIS website, administered by CSIRO, we:
- may record personal details provided by you such as; e-mail address, street address, telephone number, occupation, company, areas of interest etc to the extent they are relevant to the purpose for which we are collecting them.
- will only use this information for the purpose for which it was collected.
- will not disclose this information without your consent except where CSIRO may be required by law to disclose the information.
Online forms and surveys hosted by third parties
CSIRO may use online forms and surveys which are hosted by third parties to facilitate internal CSIRO procedures or our research activities e.g. Microsoft Forms or Survey Monkey. Where CSIRO uses a third party for these purposes, CSIRO will ensure that the platform provider is subject to a law or binding scheme substantially similar to the APPs, including mechanisms for enforcement, we have sought your consent, or we have ensured appropriate contractual measurements are met.
Emailing CSIRO
When you send an email to a CSIRO address (name@csiro.au), the content and your details, including your email address, become part of our records. Your email address, acquired in this way, will not be added to any mailing list unless specified in a collection statement or unless we obtain your consent.
Where CSIRO contracts service providers to provide a service to CSIRO
CSIRO frequently engages third-party service providers (including some that are located overseas) to provide software, platforms and other services, which may collect personal information on CSIRO’s behalf. CSIRO takes appropriate contractual measures to ensure that any agreements with these platforms provide appropriate privacy protections. These providers also have their own privacy policies or service standards for where they hold, or are otherwise in control of, your personal information. Third-party service providers that CSIRO regularly engage with include but are not limited to:
- Microsoft Data protection and privacy
- Webex Cisco Online Privacy Statement
- SurveyMonkey Privacy Notice
- Qualtrics Privacy Policy
- QuestionPro Privacy Policy
How does CSIRO store personal information?
Each area of CSIRO that collects personal information stores that information securely on CSIRO’s IT systems. These systems are password protected and, where required, only certain people are authorised to access the information. We also have recordkeeping obligations under the Archives Act 1983 (Cth), and have record keeping codes specific to particular areas of CSIRO activity. We are also required to comply with other government policies in relation to storage and security of information, including the Australian Government Policy and Risk Management Guidelines for the storage and processing of Australian Government information in outsourced or offshore ICT arrangements and the Protective Security Policy Framework, complemented by the Australian Government Information Security Manual.
We may use third parties to store some personal information on servers and cloud services in Australia or overseas.
Disclosures of personal information overseas
We may disclose personal information overseas from time to time, for example in the course of a research project with an overseas entity, through publishing information or by storing information on a server located overseas. CSIRO will only disclose your information overseas in accordance with APP 8 and where certain conditions are met, for example, where the recipient is subject to a law or binding scheme substantially similar to the APPs, including mechanisms for enforcement, we have sought your consent, or we have ensured appropriate contractual measurements are met.
Access to and amendment of personal information held by CSIRO
We will provide you with access to your personal information that we hold, subject to any applicable exceptions under the Privacy Act. We will require you to verify your identity and specify, as clearly as possible, the information that you wish to access. We will not charge you for lodging a request for access to your own personal information but may charge for reasonable administrative costs. The fee will be determined on a case by case basis and you will be informed beforehand of the likely cost.
CSIRO employees seeking their employment details should initially do so in accordance with CSIRO’s human resources processes. CSIRO is also subject to the Freedom of Information Act 1984 (Cth) and this operates alongside your right to access your personal information under the Privacy Act.
If you can establish that information held by us about you is inaccurate, irrelevant, out of date, incomplete or misleading, we will take reasonable steps to amend the information. If we disagree with your view about the status of this information, we will provide reasons for the refusal and record a statement in our records of your view.
For more information visit CSIRO’s privacy policy.
Complaints
If you have a privacy related complaint about us, please contact CSIRO’s Privacy Officer at privacy@csiro.au.