Privacy policy

Scroll down to read the AICIS Business Services portal privacy notice, or click on the anchor link in the above menu to go directly to the notice.

Scope

Our privacy policy sets out how we, the Executive Director of the Australian Industrial Chemicals Introduction Scheme (the Scheme) and staff who assist the Executive Director, comply with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). 

The APPs set out how personal information must be handled, used and managed. The Privacy Act also requires the Executive Director to have a privacy policy.

This policy describes how the Executive Director collects and holds your personal information in compliance with the APPs.

Read more about personal information and the APPs at the Office of the Australian Information Commissioner (OAIC).

Our functions and purposes

The Scheme is established by the Industrial Chemicals Act 2019 (IC Act). The key functions and activities of the Executive Director of the Scheme include:

• conducting scientific risk assessments on the introduction and intended use of industrial chemicals in Australia, and publishing our findings
• maintaining the Australian Inventory of Industrial Chemicals (the Inventory)
• issuing certificates and authorisations for the introduction of industrial chemicals in Australia
• making risk-management recommendations to protect human health and the environment for consideration by other state, territory or Australian Government agencies under their legislation, regulations and standards
• setting and maintaining the Industrial Chemicals Categorisation Guidelines
• maintaining the Register of Industrial Chemical Introducers
• monitoring compliance and investigating any breaches of our laws
• collecting statistics on the use of industrial chemicals in Australia
• assisting Australia to meet its obligations under international agreements regarding industrial chemicals
• collaborating with other regulatory authorities involved in chemical regulation in Australia
• working with other countries to harmonise and adopt (where applicable in the Australian context) international standards and risk-assessment methods

Find out more about the Scheme and the role of the Executive Director.

How we collect and hold your personal information

Most of the time, your personal information is collected straight from you. Sometimes we might also collect personal information about you from someone acting on your behalf. Whenever possible, we collect your personal information with your consent.

People and organisations acting on the Executive Director’s behalf may also collect your personal information – for example, contracted service providers.

We may also get your personal information from:

• other Australian Government agencies and bodies
• international organisations such as overseas chemical or environmental regulatory agencies

Ways we collect personal information

We may collect your information via:

• forms you complete (online or paper)
• the AICIS’s Business Services portal
• face-to-face meetings
• databases
• telephone, email and facsimile
• our website
• social media

Where it is reasonable to do so, a privacy notice explaining how your personal information is handled, will be provided to you.

The kinds of personal information we collect and hold

We collect and hold personal information relating to:

• the performance of the Executive Director’s statutory and administrative functions and activities
• the management of contracts, funding agreements and procurement processes
• a range of non-statutory committees, and working groups
• individuals signed up to distribution and mailing lists
• the management of fraud and compliance investigations and audits
• employment, occupational health and safety and personnel matters
• correspondence from the public to us, the Scheme, the Department, Ministers and Assistant Ministers
• correspondence referred to us or the Department by other departments, Ministers or Assistant Ministers
• complaints made and feedback provided to us or the Department
• requests for access to documents held by us or the Department
• requests under the Freedom of Information Act 1982 (FOI Act)

The kinds of personal information we collect may include:

• your name, address and contact details
• financial information (for example, payment details and bank account details)
• information about your identity (for example, date of birth and driver’s licence)
• information about your employment
• information about your background

The sensitive information that we collect may include:

• membership of a professional association where it is an eligibility criterion for a position in the Department

We will take reasonable steps to ensure that personal information collected about you is accurate, up-to-date, complete, relevant and not misleading.

We will take reasonable steps to protect the information – read more below.

How we use and disclose your personal information

The purpose for which your personal information is collected is important as it governs how the Executive Director can use and disclose your personal information, unless an exception in the Privacy Act applies.

Unless an exception applies:

• your personal information is only used and disclosed for the purpose we collected it for
• we will either tell you this purpose when we collect your personal information, or as soon as we can after we collect it
• when we collect your personal information, we will generally give information about how we will handle it, for example via a privacy notice
• we will only use or disclose your personal information for another purpose if we can under the Privacy Act

We may use or disclose your personal information for the following purposes (in a manner consistent with the APPs):

• administering the Industrial Chemicals Act (2019)
• undertaking legislative, administrative, policy and program-related functions
• managing the operation of committees and working groups
• undertaking fraud and compliance investigations    
• managing contracts
• managing and responding to correspondence and enquiries from members of the public
• undertaking research, surveys and reports of activities and businesses

We may disclose your personal information to the following entities (in a manner consistent with the APPs):

• contracted service providers that provide services on behalf of the Scheme
• the Department of Health or portfolio agencies in relation to its programs
• other Commonwealth or State and Territory government agencies and bodies
• the Department of Climate Change, Energy, the Environment and Water for the purpose of undertaking chemical assessments
• legal advisors for the purpose of obtaining legal advice 
• Courts or Tribunals 
• overseas chemical or environmental regulatory agencies
• review, audit, investigation and intelligence agencies and bodies
• external researchers 

How we protect your personal information

We will take reasonable steps to ensure your personal information is protected.

We may allow a third-party contractor to access your personal information for specific purposes. 

To ensure third parties follow the APPs, all contracts we enter into that may involve personal information include privacy clauses. 

The Scheme utilises Department of Health infrastructure to collect and store personal information. 

The Department contracts to an Information and Communications Technology (ICT) service provider. This provider holds certain personal information about you. The contractor is required to protect your information in the same way as the Department.

The Department’s networks and websites have security features to protect the information the Department holds from misuse, interference, loss due to unauthorised access, modification or disclosure.

The Department stores all records, information and data on its Electronic Document and Records Management System and cloud computing solutions. The Department also holds personal information on paper files.

The Department protects all types of records under Australian Government security policies, including the:

• Attorney-General Department’s Protective Security Policy Framework
• Department of Defence Information Security Manual

Go to the National Archives of Australia for more information.

Retention and disposal of personal information

We will take steps to destroy or de-identify your personal information if it is no longer needed, unless:

• it is required by law or a court/tribunal order to keep the information, or
• if it is part of a Commonwealth record

Personal information is stored and disposed of in accordance with the Archives Act 1983.

Staying anonymous

You don’t always have to provide us with your personal details, for example, if you have a general question for us. Sometimes it may not be practical for you to stay anonymous or to use a pseudonym, or we may be legally required to deal with you in an identified form. We will let you know if this is the case.

Privacy Impact Assessment

A Privacy Impact Assessment (PIA) looks at any privacy impacts and makes recommendations for managing, minimising or removing that impact. 

We may at times carry out a PIA on our activities or projects that involve the handling of personal information.

The Privacy (Australian Government Agencies – Governance) APP Code 2017 (Cth) requires that all agencies, including the Executive Director, must conduct a PIA for all high-privacy risk projects. The Executive Director must undertake a PIA if directed to by the OAIC. 

Privacy Impact Assessment Register

The Executive Director maintains a register of PIAs. The following table has details of assessments completed since the code came into effect on 1 July 2018. 

Completion date	Title	Summary	PIA register last updated / reviewed
September 2020	Introduction of AICIS IT System	Assessment of privacy impacts of a new ICT system to support the administration of AICIS.	2 November 2023

You can request a copy of our Privacy Impact Assessment by making a Freedom of Information request.

Website privacy

We do not automatically collect personal information about you when you visit our website and you can use our website without telling us who you are or revealing other personal information.

If you complete the contact us form we will collect your name, email, phone number and other details you supply. When using the form, you may choose to use a pseudonym to make an enquiry or provide feedback; however, the extent to which we may be able to respond or assist may be limited.

Website security

This site is hosted in Australia in secure, government-accredited facilities. To help protect the privacy of data and personal information we collect and hold, physical, technical and administrative safeguards are maintained.

Cookies

To improve your experience on our website, ‘cookies’ are used. Cookies are an industry standard and most major websites use them. A cookie is a small text file that our site may place on your computer as a tool to remember your preferences. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, if you do this, you may not benefit from the full functionality of the website.

Links

Our website has links to other websites. We are not responsible for the privacy practices of any other site and they may have a different privacy policy.

Analytics

Our website uses a range of analytics services. These services do not identify individual users or associate your IP address with any other data held for other purposes. We use reports provided by analytics providers (such as Google Analytics) to understand website traffic and web page usage.

You can opt out of analytics if you disable or refuse the cookie or disable JavaScript.

How you can access and correct personal information we hold about you

You have a right under the FOI Act and the Privacy Act to access your personal information. You also have a right to request correction of your personal information including if you believe it is irrelevant or misleading.

To request access to documents that contain your personal information, please contact us outlining what personal information you are seeking to access or correct. 

A request for access to personal information under APP 12 or a request to amend personal information or associate a statement with personal information under APP 13 may be made by contacting us.

We will take reasonable steps to provide you with access and/or make a correction to your personal information within 30 calendar days.

If we correct your personal information at your request, we will take reasonable steps to tell any agencies or organisations that we have disclosed your personal information to (who are bound by the Privacy Act) about the correction.

We may not do so if there is a reason under the Privacy Act or other relevant law to withhold the information or not make the changes.

If we do not provide you with access to your personal information or refuse to correct it, where reasonable:

• we will tell you why in writing
• we will provide you with information about how you can contest/complain about this
• at your request, we will take reasonable steps to associate a statement with the personal information that you believe to be inaccurate, out of date, incomplete, irrelevant or misleading

If you prefer, you may instead make a freedom of information (FOI) request for access to personal information, or to seek amendment or annotation of personal information. You should make your request to the FOI officer, and must specify that your request is made under the FOI Act. 

For further details, see our FOI page.

AICIS Business Services portal privacy notice

The Privacy Act and your personal information 

The Executive Director of the Australian Industrial Chemicals Introduction Scheme (the Scheme), collects, uses and discloses your personal information to administer the AICIS Business Services portal. The Scheme is established by the Industrial Chemicals Act 2019 (IC Act).

Your personal information will be visible in the AICIS Business Services portal to other users associated with your application. 

Learn more about how the Executive Director will manage your personal information, including our privacy policy.

Australian privacy principle 5 notification

Your personal information is protected by law, including the Privacy Act 1988 and the Australian Privacy Principles (APPs). 

The Executive Director of the Australian Industrial Chemicals Introduction Scheme (the Scheme), collects, uses and discloses your personal information to process applications and administer the Scheme’s Business Services portal (the AICIS Business Services portal). The Scheme is established by the Industrial Chemicals Act 2019 (IC Act).

Types of personal information collected

The Executive Director will collect your personal information to create your profile and associate this profile with an application. This information includes:

• your name, AICIS Business Services portal role, business name, position title, email, phone number business address and payment information
• for Representative Users - your name, AICIS Business Services portal role, business name, position title, email, phone number, business address, authority to represent the Applicant and payment information

Without this information, you or your business will be unable to access the AICIS Business Services portal to make or manage applications under the Scheme.

How collection occurs

The Executive Director may collect personal information directly from you or from another person, with your prior consent, as part of:

• receiving information via the AICIS Business Services portal
• managing your roles and permissions within the AICIS Business Services portal

Use and disclosure of personal information

Where you are associated with an application, your personal information will be visible in the AICIS Business Services portal to other users associated with that application, including users based overseas. This includes your contact information and your actions in relation to the application (for example, to submit information).

Personal information disclosed to other users may not be protected by the Privacy Act 1988.

The Executive Director may use or disclose your personal information for purposes, including:

• chemical registration processing and chemical assessment
• payments management
• web publishing
• industrial chemical inventory management
• audit and compliance

How we use or disclose your personal information may also depend on the role you undertake. 

If the business name is your name, this information may be published in the online register of industrial chemical introducers. 

The Department of Health and Department of Climate Change, Energy, the Environment and Water may also have access to personal information within the AICIS Business Services portal for purposes consistent with the IC Act.

The Executive Director uses Department of Health and Aged Care infrastructure to support the AICIS Business Services portal. For further details about how the Health and Aged Care Department handles personal information, see the department’s privacy policy. 

General questions and complaints

If you believe we have breached the Privacy Act or the APPs or mishandled your personal information, you may contact us. For us to investigate your complaint, we prefer that you make your complaint in writing. Please explain your complaint and give us your contact details. If you do not provide enough information, we may not be able to fully investigate and respond to your complaint.

We will acknowledge your concern or complaint if you provide your contact details. We will try to respond within 30 calendar days. We will let you know if we cannot respond within this time.

How to contact us

Use our contact us form or call us on 1800 638 528.

You can also write to the:

AICIS Privacy Contact Officer
GPO Box 5218
SYDNEY NSW 2001

If you are not happy with the Executive Director’s response, you can complain directly to the Office of the Australian Information Commissioner or by calling them on 1300 363 992.

Please note that the OAIC prefers complaints to be raised with agencies first.

Feedback on this policy

As well as providing feedback about this Policy to us, you can also give your feedback or express a privacy concern by contacting the Department of Health and Aged Care.

You may also contact us if you have any accessibility issues with this page.

This policy makes up part of the Executive Director’s Information Publication Scheme.