Information on this page is summarised in our Privacy Statement.
‘The National Industrial Chemicals Notification and Assessment Scheme (the Scheme) is established by the Industrial Chemicals (Notification and Assessment) Act 1989 (ICNA Act). The Scheme’s Director (the Director) is a statutory office-holder appointed by the Governor-General, who performs functions set out in the ICNA Act, and who manages the day-to-day administration of the Scheme under the direction of the Secretary of the Australian Government Department of Health (the Department).’
This policy covers the personal information handling practices established by the Director. It explains the collection, storage, access to, use and disclosure of ‘personal information’.
It also explains how the Director ensures compliance with the Privacy Act 1988 (the Privacy Act) and how privacy enquiries and complaints are managed.
The Privacy Act and the Director’s obligations
The Privacy Act protects personal information and requires that the Director and staff comply with the Australian Privacy Principles (APPs).
This policy describes how the Director collects and holds your personal information in compliance with the APPs.
What is personal information?
‘Personal information’ is information or an opinion about an individual, whether the information or opinion is true or not and whether it is recorded in a material form or not.
Sensitive personal information
'Sensitive information' is a category of personal information. For example, sensitive information could include information about your health or information about your membership of a trade union.
The kinds of personal information the Director collects are discussed below.
How the Director collects and holds your personal information
Most of the time, your personal information is collected straight from you. Sometimes we might also collect personal information about you from someone acting on your behalf. Whenever possible, we collect your personal information with your consent.
People and organisations acting on the Director’s behalf may also collect your personal information – contracted service providers for example.
The Director may also get your personal information from other Australian Government agencies.
This table sets out the Australian Government agencies and bodies from which Director may collect personal information about you.
The Director may also obtain your personal information from international organisations such as overseas chemical or environmental regulatory agencies.
Ways we collect personal information
- forms you complete (online or paper)
- face to face meetings
- telephone, email and facsimile
- our website
- social media
Where it is reasonable to do so, a privacy notice explaining how your personal information is handled, will be provided to you.
Use and disclosure of personal information
The purpose for which your personal information is collected is important as it governs how the Director can use and disclose your personal information, unless an exception in the Privacy Act applies.
Unless an exception applies:
- your personal information is only used and disclosed for the purpose we collected it for
- we will either tell you this purpose when we collect your personal information, or as soon as we can after we collect it
- when we collect your personal information, we will generally give information about how we will handle it, for example via a privacy notice
- we will only use or disclose your personal information for another purpose if we can under the Privacy Act.
This table outlines the purpose for which information is usually collected, including how it is used and disclosed. For any other information gathering, not listed in this table, we will handle your personal information in accordance with the APPs and the Privacy Act.
The Director may also disclose your personal information as required or authorised under law or court order or where otherwise allowed under the Privacy Act and the APPs.
This table sets out what Australian Government agencies and other bodies the Director may give your personal information to.
The kinds of personal information collected and held by the Director
The Director collects and holds personal information relating to:
- employment, occupational health and safety and personnel matters
- the performance of the Director’s statutory and administrative functions and activities
- the management of contracts, funding agreements and procurement processes
- a range of non-statutory committees, and working groups
- individuals signed up to distribution and mailing lists
- the management of fraud and compliance investigations and audits
- correspondence from the public to the Director, the Scheme, the Department, Ministers and Assistant Ministers
- correspondence referred to the Director or the Department by other departments, Ministers or Assistant Ministers
- complaints made and feedback provided to the Director or the Department
- requests for access to documents held by the Director or the Department
- requests under the Freedom of Information Act 1982 (FOI Act)
- the provision of legal advice by internal and external lawyers
The personal information that the Director collects may include:
- your name, address and contact details
- financial information (for example, payment details and bank account details)
- information about your identity (for example, date of birth and driver’s licence)
- information about your employment
- information about your background
The sensitive information that the Director collects may include:
- membership of a professional association where it is an eligibility criterion for a position in the Department
The Director will take reasonable steps to ensure that personal information collected about you is accurate, up-to-date, complete, relevant and not misleading.
The Director will take reasonable steps to keep the information protected - read more below.
Unsolicited personal information
If the Director receives unsolicited personal information about you, it will be destroyed unless it is a Commonwealth record or if it is lawful for us to collect it (refer APPs).
Personal information held by third parties
To ensure third parties follow the APPs, all contracts the Director enters into which relate, or potentially relate, to personal information, include privacy clauses.
Ways the Director protects your personal information
Only authorised staff can access personal information on a need to know basis to help them do their job.
The Scheme operates within the Department of Health. The Department contracts to an Information and Communications Technology (ICT) service provider. This provider holds certain personal information about you. The contractor is required to protect your information in the same way as the Department.
The Department’s networks and websites have security features to protect the information the Department holds from misuse, interference, loss due to unauthorised access, modification or disclosure.
The Department stores all records, information and data on its Electronic Document and Records Management System and cloud computing solutions. We also hold personal information on paper files.
We protect all types of records under Australian Government security policies, including the:
- Attorney-General Department’s Protective Security Policy Framework
- Department of Defence Information Security Manual
Go to the National Archives of Australia website for more information.
Retention and disposal of personal information
The Director will take steps to destroy or de-identify your personal information if it is no longer needed, unless:
- it is required by law or a court/tribunal order to keep the information, or
- if it is part of a Commonwealth record
Personal information is stored and disposed of in accordance with the Archives Act 1983.
You don’t always have to provide us with your personal details, for example if you have a general question for us. Sometimes it may not be practical for you to stay anonymous or we may be legally required to deal with you in an identified form. We will let you know if this is the case.
Privacy Impact Assessment (PIA)
A PIA looks at any privacy impacts and makes recommendations for managing, minimising or removing that impact. The Director may at times carry out a PIA on our activities or projects that involves the handling of personal information.
The Director must undertake a PIA if directed to by the OAIC.
Where appropriate, the Director will publish the results of the PIA.
How you can access and correct personal information held about you
You have a right under the (FOI Act) and the Privacy Act to access your personal information. You also have a right to request correction of your personal information including if you believe it is irrelevant or misleading.
To request access to documents that contain your personal information please email our FOI contact officer at firstname.lastname@example.org.
We will take reasonable steps to provide you with access and/or make a correction to your personal information within 30 calendar days.
If the Director corrects your personal information at your request, we will take reasonable steps to tell any agencies or organisations that we have disclosed your personal information to (who are bound by the Privacy Act) of the correction.
We may not do so if there is a reason under the Privacy Act or other relevant law to withhold the information or not make the changes.
If the Director does not provide you with access to your personal information or refuses to correct it, where reasonable:
- we will tell you why in writing
- we will provide you with information about how you can contest/complain about this
- at your request, the Director will take reasonable steps to associate a statement with the personal information that you believe to be inaccurate, out of date, incomplete, irrelevant or misleading
General questions and complaints
If you believe we have breached the Privacy Act or the APPs or mishandled your personal information, please contact us. For us to investigate your complaint, we prefer that you make your complaint in writing. Please explain your complaint and give us your contact details. If you do not provide enough information, the Director may not be able to fully investigate and respond to your complaint.
We will acknowledge your concern or complaint if you provide your contact details. The Director will try to respond within 30 calendar days. We will let you know if we cannot respond within this time.
Our Service Charter has more information on our complaints handling procedures.
How to contact us
Use our contact us form or call us on 1800 638 528.
You can also write to the:
NICNAS Privacy Contact Officer
GPO Box 5218
SYDNEY NSW 2001
If you are not happy with the Director’s response, you can complain directly to the Office of the Australian Information Commissioner.
Visit the OAIC website for more information or call them on 1300 363 992.
Please note that the OAIC prefers complaints to be raised with agencies first.
Feedback on this policy
As well as providing feedback about this Policy to the Director, you can also give your feedback or express a privacy concern by contacting the Department of Health.
Contact us if you have any accessibility issues with this page.
Last update 29 July 2018