The Australian Privacy Principles (APP) are the requirements that apply to Australian Government agencies in relation to handling personal information.
This Policy has been compiled in accordance with APP 1.3 and 1.4 and describes how the Australian Sports Commission (ASC) complies with the Privacy Act 1988 (Cth).
The purposes for which the ASC collects, holds, uses and discloses personal information
The ASC is Australia’s primary national sports administration and advisory agency, and the cornerstone of a wide-ranging sports system. On behalf of the Australian Government, the ASC delivers key programs in line with the Australian Government’s sport policy objectives; providing financial support and other assistance to national sporting organisations to deliver participation and high performance results and improve their capability, sustainability and effectiveness; and building collaboration, alignment and effectiveness within the Australian sport sector.
Its activities and services include:
- Conducting sports science and research
- Providing medical, social and material support to athletes
- Providing sports information and education
- Delivering funding programs to sporting organisations and individuals
- Supporting participation development
- Managing sporting facilities
The kinds of personal information that the ASC collects and holds
In undertaking its activities the ASC collects personal information. The personal information that the ASC holds will depend on the nature of the activity or service. It may include (but is not limited to) a person’s name, contact details, date of birth, occupation, family background and financial records.
The ASC will only collect personal information to the extent relevant for the relationship it has with each person.
The ASC also holds sensitive personal information, for example about an employee or an athlete. This may include information about health, disability, racial or ethnic origin, criminal convictions, personnel files, employment histories and tax file numbers.
The Privacy Act places restrictions on collecting sensitive personal information about persons. The ASC may collect sensitive information when:
- providing health services to persons (for example to an athlete)
- it is required to provide specific services (for example in allocating specifically targeted funding)
- assessing eligibility for employment (potential or existing employees)
- for the purpose of maintaining the employee/employer relationship
- for the purpose of meeting legal employment obligations
If the ASC conducts online collaboration, social media or market research, it may also ask for public opinions about its services or staff. The ASC will treat these opinions as personal information in accordance with the APPs if they contain personally identifiable information.
How the ASC collects and holds personal information
If it is reasonable and practical to do so, the ASC will collect personal information directly from the persons concerned with their consent. This may be through application forms, over the telephone, the Internet, or in person.
The ASC may also need to collect personal information from other people or organisations. This information is collected with the person’s consent, except for in circumstances allowed for by legislation. Sometimes this may happen without direct involvement. Some examples of the people or organisations from which the ASC may collect personal information about persons are:
- sporting organisations
- publicly available sources of information (such as telephone directories)
- person’s representatives (such as a parent, coach, legal adviser, manager)
- person’s employers
- other government agencies
- law enforcement agencies
So that the ASC can better tailor information and services to individual needs, when it sends email messages, it may use technology to identify persons to know when email is opened or links used within an email.
If persons log into ASC intranet/extranet services, information will be collected from them to confirm their identity.
The ASC will hold the information it collects on electronic systems, and where appropriate in paper format. The ASC has an electronic documents and records management system that is fully compliant with government and archival standards and legislation.
The ASC may also hold or receive some information on cloud based systems. Where this occurs the relevant service will have been subject to an ASC risk assessment and be compliant with the privacy and security standards required by the ASC in protecting personal information.
When the ASC will not need to collect personal information
Depending on the nature of a person’s relationship with the ASC, they may not need to personally identify themselves.
Persons generally have a right to pseudonymity or anonymity when dealing with the ASC, unless:
- the ASC is required or authorised by or under an Australian law, or a court/tribunal order to deal with individuals who have identified themselves;
- it is impracticable to deal with individuals who have not identified themselves; and
- the person is receiving a service or financial benefit from the ASC - which necessitates assurance that the service or monies is being directed to an identified person.
How the ASC will keep personal information accurate and up-to-date
The ASC seeks to maintain the quality of its information holdings by taking reasonable administrative and technical steps to make sure that the information collected, used and disclosed is accurate, complete and up-to-date.
How the ASC will keep information and data secure
The ASC utilises up-to-date techniques and processes, which meet current government requirements to protect personal information from misuse, loss and unauthorised access, modification or disclosure.
Paper documents are protected from unauthorised access or use through the various security systems that we have over our physical premises. We also maintain up-to-date computer and network security systems with appropriate firewalls, access controls and passwords to protect electronic copies of personal information.
The only people who are allowed to handle or have access to personal information are those employees of the ASC and those who perform services for the ASC who need personal information to do their jobs. All employees of the ASC are bound by the ASC Code of Conduct to not misuse personal information. Those who perform services on the ASC’s behalf are also bound by agreements that include privacy clauses.
If we no longer require an individual’s personal information, we will take reasonable steps to destroy it in a secure manner or remove identifying features from it. This is subject to any legal obligation (such as the Archives Act 1983) that requires the ASC to keep information for a certain period of time.
In what circumstances would the ASC provide personal information to others
Sometimes the ASC may provide personal information to external organisations. Generally, these are organisations that help the ASC conduct its programs and activities. These organisations may include:
- sport partners (sporting organisations with whom we have agreements to provide funding or services)
- cloud based services that host ASC data on its servers
- authorised representatives of the ASC
- superannuation funds
- payment systems operators (for example, our online shop to receive credit card payments)
our accountants, auditors or lawyers
- person’s representatives (for example a parent, coach, legal adviser, manager).
The ASC strives to limit the information it provides to outside organisations to what they need to provide their services to us - or to provide services to ASC clients. The ASC ensures that any organisation that it contracts with:
- meets the privacy standards required by the ASC in protecting personal information and complies with the Privacy Act 1988; and
- uses the personal information provided only for the purposes of the specific service being provided to the ASC, and for no other purpose.
The ASC may also need to provide personal information to others outside the ASC where:
- the information relates to a sports drug and safety matter or is otherwise relevant to the performance of the functions of the Australian Sports Anti‑Doping Authority and as such may be provided to the Australian Sports Anti‑Doping Authority
- the ASC is required to by law or has a public duty to do so. For example, a Court, a regulator (such as the Australian Taxation Office or the police can compel the ASC to disclose personal information to them)
- persons have expressly consented to their personal information being supplied to others for particular purposes.
Disclosure of ASC held personal information to overseas recipients
The ASC seeks to limit where possible the disclosure of personal information to overseas recipients.
The ASC provides its services to Australian sport and Australian athletes throughout the world, which at times requires personal and/or sensitive personal information to be disclosed overseas. The ASC maintains a permanent overseas facility in Italy and other overseas locations on a temporary basis (for example during Olympic and Paralympic Games).
The ASC may also need to provide personal information to overseas recipients, where:
- the information relates to providing information to an international sporting organisation (for example the IOC, FINA, IAAF) for the purposes of administering or assisting sport and sporting competition
- the information relates to a sports drug and/or safety matter or is otherwise relevant to the functions of the World Anti‑Doping Authority
- the information is provided in the management of travel or logistics for administrating staff, athletes and teams
- a person has expressly consented to their personal information being supplied to overseas recipients.
The ASC contracts overseas commercial organisations to provide products or services to the ASC or its clients. These agreements are entered into where:
- the ASC has conducted a risk assessment
- the organisation meets the privacy and security standards required by the ASC in protecting personal information
- the organisation uses personal information only for the specific service the ASC asks them to provide, and for no other purpose.
Access to personal information held by the ASC and to correction of that information
Any person who believes that the ASC holds personal information about them may contact the agency to seek access to that information in accordance with APP 12.
If after accessing information held about any person, they consider that it is inaccurate, out-of-date, incomplete, irrelevant or misleading for the purposes for which it is held, then they may request the ASC to amend it in accordance with APP 13.
In the first instance a person can request access to their personal information by contacting the ASC.
ASC Privacy Contact Officer
Australian Sports Commission
PO Box 176 Belconnen ACT 2616
The ASC may not always be able to provide access to all the personal information it holds about a person. For example, it may not be able to provide access to information that would reveal personal information about another person. Any person may also obtain access to their personal information held by the ASC through the Privacy Act 1988 and the Freedom of Information Act 1982.
The ASC will be efficient and fair when investigating and responding to any privacy complaints.
The ASC complies with the Guidelines published by the Office of the Australian Information Commissioner in relation to complaints management.
Any privacy complaints received by the ASC must be in writing and will be initially investigated by the ASC Privacy Contact Officer, and will be escalated as required. The ASC will respond to all complaints within a reasonable time period appropriate to the specific complaint.
Any person may also complain to the Australian Information Commissioner who may investigate the ASC’s actions. The Commonwealth Ombudsman may also investigate complaints about ASC actions. However, the Commonwealth Ombudsman and the Privacy Commissioner will consult to avoid the same matter being investigated twice.
Privacy Impact Assessment Register
The Privacy (Australian Government Agencies — Governance) APP Code 2017 (APP Code) requires all agencies to conduct a privacy impact assessment for all high risk privacy projects.
A project is considered a high risk privacy project if we consider that it involves any new or changed ways of handling personal information which is likely to have a significant impact on the privacy of individuals.
A register of privacy impact assessments conducted by us since the APP Code came into effect is below.
Link to information
Microsoft Office 365 / Azure
Implementation of Microsoft Office 365 / Azure as a cloud service for Sport Australia
Document in PDF
For further information you can write to us at:
PO Box 176
Belconnen ACT 2616
Website Privacy Statement
The Australian Sports Commission (ASC) is committed to protecting online privacy in accordance with Guidelines for Federal and ACT Government World Wide Websites issued by the Privacy Commissioner.
The ASC records visits to this website and logs the following information for statistical purposes:
- user's server or proxy address
- date/time/length of the visit
- files requested
- user's cookies
- user's searches
The information is used to analyse our server traffic. No attempt will be made to identify users or their browsing activities except where authorised by law. For example in the event of an investigation, a law enforcement agency may exercise their legal authority to inspect the internet service provider's logs.
If you send us an email message we will record your contact details (in accordance with government record keeping standards). This information will only be used for the purpose for which you have provided it. We will not use your email for any other purpose and will not disclose it without your consent except where such use or disclosure is permitted under an exception provided in the Privacy Act.
When users choose to join a mailing list their details are added to that specific mailing list and used for the stated purpose of that list only. You will not be added to any mailing list without your consent.
As a user, you need to be aware of inherent risks associated with the transmission of information via the Internet. If you have concerns in this regard, the ASC has other ways of obtaining and providing information. Normal mail, telephone and fax facilities are available.
The ASC is not responsible for the privacy practices or the content of the linked web sites and the other pages hosted by the ASC on behalf of non-ASC agencies and organisations.