This Policy has been compiled in accordance with the Australian Privacy Principles (specifically APP 1.3 and 1.4) and the Australian Government Agencies Privacy Code. It describes how Sport Australia protects the personal information it holds and complies with the Privacy Act 1988 (Cth).
The Australian Sports Commission (ASC), referred to in this Policy as ‘Sport Australia’, is the legal entity responsible for administering the Policy.
The purposes for which Sport Australia collects, holds, uses and discloses personal information
Sport Australia is Australia’s primary national sports administration and advisory agency, and the cornerstone of a wide-ranging sports system. On behalf of the Australian Government, Sport Australia delivers key programs in line with the Australian Government’s sport policy objectives; providing financial support and other assistance to people and sporting organisations to deliver participation and high performance results; and building collaboration and capacity within the Australian sport sector.
Its activities and services include:
- Conducting sports science and research
- Providing medical, social and material support to athletes
- Providing sports information and education
- Delivering funding programs to sporting organisations and individuals
- Supporting participation growth and development
- Growing sport industry capability
- Managing sporting and commercial facilities
The kinds of personal information that Sport Australia collects and holds
In undertaking its activities Sport Australia collects personal information. The personal information that Sport Australia holds will depend on the nature of the activity or service. It may include (but is not limited to) a person’s name, contact details, date of birth, occupation, family background and financial records.
Sport Australia will only collect personal information to the extent relevant for the relationship it has with each person.
Sport Australia also holds sensitive personal information, for example about an employee or an athlete. This may include information about health, disability, racial or ethnic origin, criminal convictions, personnel files, employment histories and tax file numbers.
The Privacy Act places restrictions on collecting sensitive personal information about persons. Sport Australia may collect sensitive information when:
- providing health services to persons (for example to an athlete)
- providing sport services to persons (for example to an athlete)
- it is required to provide specific services (for example in allocating specifically targeted funding)
- assessing eligibility for employment (potential or existing employees)
- for the purpose of maintaining the employee/employer relationship
- for the purpose of meeting legal employment obligations
If Sport Australia conducts online collaboration, social media or market research, it may also ask for public opinions about its services or staff. Sport Australia will treat these opinions as personal information in accordance with the APPs if they contain personally identifiable information.
How Sport Australia collects and holds personal information
If it is reasonable and practical to do so, Sport Australia will collect personal information directly from the persons concerned and with their consent. This may be through application forms, over the telephone, the Internet, or in person.
Sport Australia may also need to collect personal information from other people or organisations. This information is collected with the person’s consent, except for in circumstances allowed for by legislation. Sometimes this may happen without direct involvement. Some examples of the people or organisations from which Sport Australia may collect personal information about persons are:
- sporting organisations
- publicly available sources of information
- person’s representatives (such as a parent, coach, legal adviser, medical practicioner)
- person’s employers
- other government agencies
- law enforcement agencies
So that Sport Australia can better tailor information and services to individual needs, when it sends email messages, it may use technology to identify persons to know when email is opened or links used within an email.
If persons log into Sport Australia intranet/extranet services, information will be collected from them to confirm their identity.
Sport Australia will hold the information it collects on electronic systems, and where appropriate in paper format. Sport Australia has an electronic documents and records management system that complies with government and archival standards and legislation.
Sport Australia holds its information on a cloud based system. Individual services may also use third party cloud services. Where third party cloud services are used the service will have been subject to a Sport Australia risk assessment and be compliant with the privacy and security standards required by Sport Australia in protecting personal information.
When Sport Australia will not need to collect personal information
Depending on the nature of a person’s relationship with Sport Australia, they may not need to personally identify themselves.
Persons generally have a right to pseudonymity or anonymity when dealing with Sport Australia, unless:
- Sport Australia is required or authorised by or under an Australian law, or a court/tribunal order to deal with individuals who have identified themselves;
- it is impracticable to deal with individuals who have not identified themselves; and
- the person is receiving a service or financial benefit from Sport Australia - which necessitates assurance that the service or monies are being directed to an identified person
How Sport Australia will keep personal information accurate and up-to-date
Sport Australia seeks to maintain the quality of its information holdings by taking reasonable administrative and technical steps to make sure that the information collected, used and disclosed is accurate, complete and up-to-date. For example, Sport Australia employs audit and access control functions within its ICT systems to ensure information is not lost or damaged and conducts ongoing reviews of its holdings to ensure information currency.
How Sport Australia will keep information and data secure
Sport Australia commissions and utilises up-to-date techniques and processes, which meet current Australian government requirements to protect personal information from misuse, loss and unauthorised access, modification or disclosure.
Paper documents are protected from unauthorised access or use through the various physical security systems that we have over our premises. We also maintain or procure up-to-date computer and network security systems with appropriate firewalls, access controls and passwords to protect personal information held digitally.
The only people who have access to personal information are employees of Sport Australia, those staff accredited by partner sport organisations, and those who perform services for Sport Australia who need personal information to do their jobs. All employees of Sport Australia are made aware of good privacy practices and are bound by the ASC Code of Conduct to not misuse personal information. Those who perform services on Sport Australia’s behalf are also bound by contractual agreements that include privacy clauses.
If we no longer require an individual’s personal information, we will take reasonable steps to destroy it in a secure manner or remove identifying features from it. This is subject to any legal obligation (such as the Archives Act 1983) that requires Sport Australia to keep information for a certain period of time.
In what circumstances would Sport Australia provide personal information to others
Sport Australia may provide personal information to external organisations. Generally, these are organisations that help Sport Australia conduct its programs and activities. These organisations may include:
- sport partners
- cloud based services that host Sport Australia data on its servers
- authorised representatives of Sport Australia
- superannuation funds
- payment systems operators (for example, our online shop to receive credit card payments)
- our accountants, auditors or lawyers
- person’s representatives (for example a parent, coach, legal adviser, medical practicioner).
Sport Australia seeks to work collaboratively with a range of sport organisations (including sporting organisations, Australian State and Territory Institutes and Academies of Sport and state and territory government departments) to deliver its programs. This collaboration includes using shared information holding systems and sharing information which was collected for the primary purpose of delivering sport services. Where Sport Australia shares personal information it will do so where the system and the organisation meets the privacy expectations of Sport Australia.
Sport Australia strives to limit the information it provides to other external organisations to what they need to provide their services to us - or to provide services to Sport Australia clients. Sport Australia ensures that any organisation that it contracts with:
- meets the privacy standards required by Sport Australia in protecting personal information and complies with the Privacy Act 1988 or if overseas, a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the Privacy Act; and
- uses the personal information provided only for the purposes of the specific service being provided to Sport Australia, and for no other purpose.
Sport Australia may also need to provide personal information to external parties where:
- the information relates to a sports drug and safety matter or is otherwise relevant to the performance of the functions of the Australian Sports Anti‑Doping Authority and as such may be provided to the Australian Sports Anti‑Doping Authority;
- Sport Australia is required to by law or has a public duty to do so. For example, a Court, a regulator (such as the Australian Taxation Office or the police can compel Sport Australia to disclose personal information to them); or
- persons have expressly consented to their personal information being supplied to others for particular purposes
Disclosure of Sport Australia held personal information to overseas recipients
Sport Australia seeks to limit where possible the disclosure of personal information to overseas recipients.
Sport Australia provides its services to Australian sport and Australian athletes throughout the world, which at times requires personal and/or sensitive personal information to be disclosed overseas. Sport Australia maintains a permanent overseas facility in Italy and other overseas locations on a temporary basis (for example during Olympic and Paralympic Games).
Sport Australia may also need to provide personal information to overseas recipients, where:
- the information relates to providing information to an international sporting organisation (for example the IOC, FINA, IAAF) for the purposes of administering or assisting sport and sporting competition
- the information relates to an anti-doping and/or safety matter or is otherwise relevant to the functions of the World Anti‑Doping Authority
- the information is provided in the management of travel or logistics for administrating staff, athletes and teams
- a person has expressly consented to their personal information being supplied to overseas recipients.
Sport Australia contracts overseas commercial organisations to provide products or services to Sport Australia or its clients. These agreements are entered into where:
- Sport Australia has conducted a risk assessment;
- the organisation meets the privacy and security standards required by Sport Australia in protecting personal information; and
- the organisation uses personal information only for the specific service Sport Australia asks them to provide, and for no other purpose.
Access to personal information held by Sport Australia and to correction of that information
Any person who believes that Sport Australia holds personal information about them may contact the agency to seek access to that information in accordance with APP 12.
If after accessing information held about any person, they consider that it is inaccurate, out-of-date, incomplete, irrelevant or misleading for the purposes for which it is held, then they may request Sport Australia to amend it in accordance with APP 13.
In the first instance a person can request access to their personal information by contacting Sport Australia.
PO Box 176 Belconnen ACT 2616
By email: firstname.lastname@example.org
Sport Australia may not always be able to provide access to all the personal information it holds about a person. For example, it may not be able to provide access to information that would reveal personal information about another person. Any person may also obtain access to their personal information held by Sport Australia through the Privacy Act 1988 and the Freedom of Information Act 1982.
How Sport Australia will handle complaints
Sport Australia will be efficient and fair when investigating and responding to any privacy complaints.
Sport Australia complies with the Guidelines published by the Office of the Australian Information Commissioner in relation to complaints management.
Any privacy complaints received by Sport Australia must be in writing and will be initially investigated by the Sport Australia Privacy Officer, and will be escalated as required. Sport Australia will respond to all complaints within a reasonable time period appropriate to the specific complaint.
Any person may also complain to the Australian Privacy Commissioner who may investigate Sport Australia’s actions. The Commonwealth Ombudsman may also investigate complaints about Sport Australia actions. However, the Commonwealth Ombudsman and the Privacy Commissioner will consult to avoid the same matter being investigated twice
Privacy Impact Assessment Register
The Privacy (Australian Government Agencies — Governance) APP Code 2017 (APP Code) requires all agencies to conduct a privacy impact assessment for all high risk privacy projects.
A project is considered a high risk privacy project if we consider that it involves any new or changed ways of handling personal information which is likely to have a significant impact on the privacy of individuals.
A register of privacy impact assessments conducted by us since the APP Code came into effect is below.
Link to information
Microsoft Office 365 / Azure
Implementation of Microsoft Office 365 / Azure as a cloud service for Sport Australia
Document in PDF
For further information you can write to us at:
PO Box 176
Belconnen ACT 2616
Website Privacy Statement
Sport Australia is committed to protecting online privacy in accordance with Guidelines for Federal and ACT Government World Wide Websites issued by the Privacy Commissioner.
Sport Australia records visits to this website and logs the following information for statistical purposes:
- user's server or proxy address
- date/time/length of the visit
- files requested
- user's cookies
- user's searches
The information is used to analyse our server traffic. No attempt will be made to identify users or their browsing activities except where authorised by law. For example in the event of an investigation, a law enforcement agency may exercise their legal authority to inspect the internet service provider's logs.
If you send us an email message we will record your contact details (in accordance with government record keeping standards). This information will only be used for the purpose for which you have provided it. We will not use your email for any other purpose and will not disclose it without your consent except where such use or disclosure is permitted under an exception provided in the Privacy Act.
When users choose to join a mailing list their details are added to that specific mailing list and used for the stated purpose of that list only. You will not be added to any mailing list without your consent.
As a user, you need to be aware of inherent risks associated with the transmission of information via the Internet. If you have concerns in this regard, Sport Australia has other ways of obtaining and providing information. Normal mail, telephone and fax facilities are available.
Sport Australia is not responsible for the privacy practices or the content of the linked web sites or of other content hosted by Sport Australia on behalf of third party agencies or organisations.