Australian Nuclear Science and Technology Organisation (ANSTO) is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles.
Personal information is information from which an individual's identity is apparent or can be reasonably ascertained.
ANSTO expects that all employees, officers and contractors will comply with the Privacy Act, the Australian Privacy Principles, this policy, and ANSTO procedures concerning the protection of personal information.
This policy provides detail on our practices with regards to the collection and processing of relevant personal information that may result from an individual engaging with ANSTO. In particular, it explains:
- why and how we collect your personal information;
- the kinds of personal information we collect;
- how your personal information is used;
- when and with whom we share your personal information;
- how we keep your personal information secure;
- how you can access and seek to correct your personal information; and
- how to make a complaint about ANSTO’s privacy practices.
In this page, personal information and sensitive information have the meanings given to them in the Privacy Act, which is available on the Comlaw website available at: www.comlaw.gov.au
Relevant information on privacy and the Australian Privacy Principles is available on the Office of the Australian Information Commissioner’s website: www.oaic.gov.au.
Why do we collect personal information?
We collect personal information to perform our functions and activities as set out in the Australian Nuclear Science and Technology Organisation Act 1987 (Cth) and the Public Governance, Performance and Accountability Act 2013. These functions and activities include:
- to undertake research and development in relation to nuclear science and nuclear technology;
- produce and use radioisotopes, isotopic techniques and nuclear radiation for medicine, science, industry, commerce and agriculture;
- provide advice to government and undertake international liaison in nuclear-related matters;
- make available (including on a commercial basis where appropriate) facilities, equipment and expertise for research in nuclear science and technology; and
- administrative functions including financial, employee/contractor, and work health and safety management.
How do we collect personal information?
In general, we collect your personal information directly from you when you deal with us by telephone, letter, email, face to face contact or through our website(s) where it is reasonably necessary for, or directly related to, our functions or activities.
At times we may need to collect sensitive information about you, for example, to conduct a security assessment. The Privacy Act provides additional safeguards for the collection and use of sensitive information. Sensitive information is defined in the Privacy Act to include information about a person’s health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, genetic or biometric information.
Collecting through our website
Our websites have an online enquiry/feedback function which enables you to send comments or enquires via email.
By sending such emails, you will be providing us with certain personal information and we may not be able to deal with your request or query without this information.
Analytic, session and cookie tools
When you visit our main website an internal system using analytic, session and cookie tools makes a record of your visit and logs your full IP address, the date and time of your visit to the website and the pages visited. These tools are provided by third parties including Google Analytics and Oracle who have their own privacy policies.
We use these tools to improve your experience when accessing our website and statistics are generated at the top-level domain only. In relation to Google Analytics you can opt out of the collection of this information using the Google Analytics Opt-out Browser Add-on.
ANSTO will not attempt to identify you except in the unlikely event of an investigation when a law enforcement agency exercises a warrant to inspect ANSTO’s statistical logs.
Social Networking Services
We collect your email address and, if you provide it, other contact details when you subscribe to our email lists. We use this information to send you regular updates on our activities and to administer the lists. You can unsubscribe to our email list via the ANSTO website.
Visiting ANSTO sites
ANSTO will collect personal information from anyone visiting ANSTO’s sites. This information is shared with our security team and the Australian Federal Police (AFP) and is held by our security team as a record of the visit. For minors visiting ANSTO we request additional information including information about allergies and emergency contact details for a parent or guardian.
Personal information we collect from other sources
Sometimes we collect your personal information from third parties, such as other Australian government agencies or health related entities. For example, ANSTO collects the initials, date of birth and gender of nuclear medicine patients in Australia. This information is included as part of documentation provided to ANSTO by the health related entity. The collection of this information is required by the Therapeutic Goods Administration, and is provided to the Australian Radiation Protection and Nuclear Safety Agency as part of the process for issuing radioactive import permits.
We may collect personal information from other sources with your consent, or if it is impracticable or unreasonable to obtain the information directly from you.
If we do collect your personal information from another source, we will take reasonable steps to ensure that you are notified:
- that we collected your personal information from another source;
- what we will do with the information;
- of any other person or body to whom we may share or disclose the information.
Event Management System
ANSTO is committed to delivering excellence in our work, health and safety and environmental performance. All ANSTO workers are encouraged to report events and potential hazards via an on-line Event Management System. The event reports may contain personal information including sensitive information which may be accessible to all staff members. ANSTO has made a provision for staff to log a confidential event by contacting Work, Health and Safety team directly.
What kind of personal information do we collect and hold?
The types of personal information we collect and hold will depend on the function or activity being undertaken. Examples of personal information that we collect and hold include:
- Visitor records including name, parent contact information (in the case of minors), driver’s licence and passport details
- Customer records including name, position, work address, email and telephone details
- Complaint records
- Staff records
- Work, Health & Safety records
- Rehabilitation files
- Legal and Freedom of Information files
- Ministerial records
- Security files
Examples of sensitive information we collect and hold include:
- health information, including medical, of our staff.
- health information, including initials, date of birth and gender, of nuclear medicine patients .
- information contained in personnel records including information about a staff member’s physical and mental health, racial or ethnic origin and criminal convictions.
Can you deal with us anonymously or using a pseudonym?
To provide you with access to our facilities or a service, or to deal with your employment application, we will need to collect your name, contact details and other personal information.
In other circumstances, you may choose to remain anonymous or adopt a pseudonym when dealing with us. For example, you may choose to use a pseudonym to make an enquiry or provide feedback about ANSTO. However, the extent to which we may be able to respond or assist may be limited where you are anonymous or using a pseudonym.
How we deal with unsolicited information
If we receive personal information from you that we did not request (unsolicited personal information), we will determine whether or not the information is related to one or more of ANSTO’s functions or activities. If the information is not relevant to what we do, we may destroy or de-identify the personal information if it is lawful and reasonable to do so.
How do we use and disclose your personal information?
In general, we will use and disclose your personal information for the particular purpose for which it was collected. This may include disclosure to other parties / agencies like the Australia Federal Police.
Sometimes we may use and disclose your personal information for purposes that are related to the primary purpose for collection such as statistical reporting or conducting customer surveys.
We may also use your personal information for a purpose related to the purpose of collection, where you would reasonably expect that your information would be used for this other purpose. For example, if you are an ANSTO customer we may use your email address to keep you informed of any changes to goods or services that you receive.
When we collect personal information from you for certain specific activities, where required, we will use a collection notice that specifically deals with that collection.
We may also use or disclose your personal information for another purpose permitted by the Privacy Act and the Australian Privacy Principles, including where:
- you provide consent;
- we are required or authorised by or under an Australian law or a court or tribunal order;
- a permitted general situation exists as defined by the Privacy Act;
- a permitted health situation exists as defined by the Privacy Act;
- we reasonably believe that the use or disclosure is reasonably necessary for regulatory or enforcement related activities conducted by, or on behalf of, a regulatory enforcement body.
We will not use or disclose your sensitive information for a secondary purpose unless you would reasonably expect it to be used for this purpose and the secondary purpose is directly related to the purpose for which it was collect or with your consent.
Do we use your personal information for marketing purposes?
Ordinarily, we do not use your personal information for marketing purposes. However, in some circumstances, we may use or disclose your personal information for the purposes of direct marketing. Where information is used for marketing purposes, collection will be in compliance with the Privacy Act and we will always provide a simple means by which you can request not to receive direct marketing.
Do we send your personal information overseas?
It may be necessary for us to send personal information overseas, for example, sending personal information overseas about ANSTO staff where we are operating facilities overseas either directly or through an associated entity.
However, before sending personal information overseas or transmitting it back to Australia, we will either seek your consent or take reasonable steps to ensure appropriate contractual measures are in place to ensure that the overseas entity complies with the Privacy Act.
ANSTO uses a cloud-based Customer Relationship Management tool through a reputable third party IT supplier to manage the storage and use of certain personal information. The primary servers for the cloud are located in Australia but your information may be sent to a different overseas server in the event the primary server is not available. ANSTO IT suppliers who use overseas servers that may host personal information collected by ANSTO are required to comply with the Privacy Act.
How do we manage personal information of potential, current and former staff?
When you apply for a position with us, or if you are a former or current staff member of ANSTO, we will need to collect and deal with your personal information.
When you submit an employment application, we collect personal information included in your application and curriculum vitae (resume) such as your contact details, employment history and citizenship or immigration status. If it is relevant to the position, we may also collect sensitive information such as information about your health or details of your racial or ethnic background, with your consent.
When we process your application, we may need to collect and disclose your personal information to third parties where it is not reasonable or practicable for us to collect the information directly from you. For example, we will contact your referees to discuss your academic and employment history and suitability for the position.
If you are selected as the successful applicant, we will collect personal information from you as part of the ANSTO on boarding process, for example, we may collect sensitive information about your health and any criminal record to assess your suitability to maintain a valid security clearance.
We may also use your personal information for research purposes relating to the performance, quality, maintenance and improvement of ANSTO’s workplace practices and initiatives such as workplace equity, diversity and inclusion.
As part of your employment, we will maintain the following files:
Information maintained as part of the staff file includes:
- name, date of birth, address, citizenship, immigration status, academic qualifications, credentials, references, photographs, professional memberships and employment history;
- recruitment, contracts and conditions of employment records;
- payroll and administrative information of ANSTO staff;
- attendance records;
- medical certificates;
- performance appraisals and records relating to personal development and training;
- records of complaints and grievances;
- police clearance reports (such as working with children), and
- recommendations for honours and awards.
Depending on the date it was created, your staff file maybe stored in hardcopy or electronically or both securely within the People Culture Safety and Security Division of ANSTO.
Personal information relating to your employment is also stored electronically in the ANSTO Enterprise digital system. This personal information will be accessible to staff directly involved in your role through the ANSTO delegation framework.
Sensitive information on your staff file will be shared with others on as needs to know basis and in accordance with the permitted purposes under the Privacy Act.
ANSTO may also use de-identified information to analyse employment and staffing.
If you are a current or former staff member of ANSTO and wish to obtain your personal information, there are existing processes in place to facilitate access without the need to make a Privacy Act or FOI Act request. Please contact ANSTO People Culture Safety and Security Division on 9717 3111 before submitting a formal request for information under the Privacy Act or the FOI Act.
Personal Security File
Information maintained as part of the Personal Security file includes:
- Criminal record checks and any security assessments;
Personal Security files are stored securely in the ANSTO People Culture Safety and Security Division. This information will be shared with others on an a need to know basis and in accordance with the permitted purposes under the Privacy Act
Information maintained as part of this file includes:
- vaccination records
- health monitoring records
- health assessment
- details of any accidents and injuries and compensation and rehabilitation files
These medical files are stored securely and separately to your staff files and access is restricted to ANSTO on-site nurses and contracted medical practitioners. This information will be shared with others on an as needs to know basis and in accordance with the permitted purposes under the Privacy Act
For any person (including employees, contractors or visitors), working regularly or infrequently in blue or red radiation classified areas, ANSTO collects, stores and maintains individual radiation dose records to detect any instances of the person exceeding the occupational dose limit. These records are stored electronically on a secure database. Before 1993, these records were stored in hard copy files marked ‘Sensitive- Personal’. Subject to the provisions of the Privacy Act, radiation dose records may be transferred to Australian Radiation Protection and Nuclear Safety Agency to be stored on the Australian National Radiation Dose Register.
How we hold and keep your personal information secure?
Personal information held by ANSTO is stored on electronic media including, for example, the Customer Relationship Management database and also in paper files. ANSTO stores and disposes of personal information in accordance with its legal obligations.
ANSTO uses a range of physical and electronic security measures to protect personal information from misuse and loss and from unauthorised access, modification or disclosure. For example, we restrict physical access to our offices housing personal information, utilise safes, vaults and lockable cabinets, secure databases, permission restrictions and password protection.
Emails you send to us are screened by our email security systems and may be viewed by authorised ANSTO information technology personnel for security or other official purposes.
How do you access and correct your personal information?
You have a right to request access to your personal information and to request its amendment or correction.
Upon receiving a request we will provide you with access to your personal information or take reasonable steps to amend/correct your personal information to ensure that it is accurate, up-to-date, complete, relevant and not misleading, subject to any applicable exceptions under the Privacy Act.
To obtain access or seek correction of your personal information, you should make a request through one of the following means:
- sending a letter to:
Privacy Contact Officer (Building 25)
Australian Nuclear Science and Technology Organisation Locked Bag 2001
Kirrawee DC NSW 2232
- sending an email to our Privacy Contact Officer at email@example.com
- telephoning (02) 9717 3111 and making your request to the Privacy Contact Officer or
- visiting ANSTO reception at our Lucas Heights campus
For staff, further details on how ANSTO handles requests to access and amend/correct your personal information is found in the ANSTO Privacy Guidelines.
How do you make a complaint about our privacy practices?
If you are unhappy with the way ANSTO has handled your personal information you may make a complaint to ANSTO’s Privacy Contact Officer (contact details above).
You may also make a complaint directly to the Privacy Commissioner.
Privacy impact assessment register
The Privacy (Australian Government Agencies – Governance) APP Code 2017 requires that all agencies, including ANSTO, conduct a Privacy Impact Assessment for all high privacy risk projects.
The Privacy Impact Assessment Register records details of the Privacy Impact Assessments conducted by ANSTO for high privacy risk projects since July 2018.
Table of Privacy Impact Assessments
Chemical Management System
Incident Management System
To find out more about how ANSTO manages personal information, contact: ANSTO Privacy Contact Officer
Tel: (02) 9717 3111
Fax: (02) 9543 5097
For more general information on the Privacy Act and the Australian Privacy Principles:
- Visit the website the Office of the Australian Information Commissioner http://www.oaic.gov.au/
- Contact the OAIC Privacy Enquiries Line 1300 363 992 (local call charge).