National Sport Plan

para-banner.jpg

ASC Privacy Policy

This Policy has been compiled in accordance with the Australian Privacy Principles (specifically APP 1.3 and 1.4) and the Australian Government Agencies Privacy Code. It describes how the Australia Sports Commission (ASC) protects the personal information it holds and complies with the Privacy Act 1988 (Cth).

The purposes for which the ASC collects, holds, uses and discloses personal information

The ASC is Australia’s primary national sports administration and advisory agency, and the cornerstone of a wide-ranging sports system. On behalf of the Australian Government, the ASC delivers key programs in line with the Australian Government’s sport policy objectives; providing financial support and other assistance to people and sporting organisations to deliver participation and high performance results; and building collaboration and capacity within the Australian sport sector.

Its activities and services include:

  • Conducting sports science and research
  • Providing medical, social and material support to athletes
  • Providing sports information and education
  • Delivering funding programs to sporting organisations and individuals
  • Supporting participation growth and development
  • Growing sport industry capability
  • Managing sporting and commercial facilities

The kinds of personal information that the ASC collects and holds

In undertaking its activities the ASC collects personal information. The personal information that the ASC holds will depend on the nature of the activity or service. It may include (but is not limited to) a person’s name, contact details, date of birth, occupation, family background and financial records.

The ASC will only collect personal information to the extent relevant for the relationship it has with each person.

The ASC also holds sensitive personal information, for example about an employee or an athlete. This may include information about health, disability, racial or ethnic origin, criminal convictions, personnel files, employment histories and tax file numbers.

The Privacy Act places restrictions on collecting sensitive personal information about persons. The ASC may collect sensitive information when:

  • providing health services to persons (for example to an athlete)
  • providing sport services to persons (for example to an athlete)
  • it is required to provide specific services (for example in allocating specifically targeted funding)
  • assessing eligibility for employment (potential or existing employees)
  • for the purpose of maintaining the employee/employer relationship
  • for the purpose of meeting legal employment obligations

If the ASC conducts online collaboration, social media or market research, it may also ask for public opinions about its services or staff. The ASC will treat these opinions as personal information in accordance with the APPs if they contain personally identifiable information.

How the ASC collects and holds personal information

If it is reasonable and practical to do so, the ASC will collect personal information directly from the persons concerned and with their consent. This may be through application forms, over the telephone, the Internet, or in person.

The ASC may also need to collect personal information from other people or organisations. This information is collected with the person’s consent, except for in circumstances allowed for by legislation. Sometimes this may happen without direct involvement. Some examples of the people or organisations from which the ASC may collect personal information about persons are:

  • sporting organisations
  • publicly available sources of information
  • person’s representatives (such as a parent, coach, legal adviser, medical practitioner)
  • person’s employers
  • other government agencies
  • law enforcement agencies

So that the ASC can better tailor information and services to individual needs, when it sends email messages, it may use technology to identify persons to know when email is opened or links used within an email.

If persons log into the ASC intranet/extranet services, information will be collected from them to confirm their identity.

The ASC will hold the information it collects on electronic systems, and where appropriate in paper format. The ASC has an electronic documents and records management system that complies with government and archival standards and legislation.

The ASC holds its information on a cloud based system. Individual services may also use third party cloud services. Where third party cloud services are used the service will have been subject to an ASC risk assessment and be compliant with the privacy and security standards required by the ASC in protecting personal information.

When the ASC will not need to collect personal information

Depending on the nature of a person’s relationship with the ASC, they may not need to personally identify themselves.

Persons generally have a right to pseudonymity or anonymity when dealing with the ASC, unless:

  • the ASC is required or authorised by or under an Australian law, or a court/tribunal order to deal with individuals who have identified themselves;
  • it is impracticable to deal with individuals who have not identified themselves; and
  • the person is receiving a service or financial benefit from the ASC - which necessitates assurance that the service or monies are being directed to an identified person

How the ASC will keep personal information accurate and up-to-date

The ASC seeks to maintain the quality of its information holdings by taking reasonable administrative and technical steps to make sure that the information collected, used and disclosed is accurate, complete and up-to-date. For example, the ASC employs audit and access control functions within its ICT systems to ensure information is not lost or damaged and conducts ongoing reviews of its holdings to ensure information currency.

How the ASC will keep information and data secure

The ASC commissions and utilises up-to-date techniques and processes, which meet current Australian government requirements to protect personal information from misuse, loss and unauthorised access, modification or disclosure.

Paper documents are protected from unauthorised access or use through the various physical security systems that we have over our premises. We also maintain or procure up-to-date computer and network security systems with appropriate firewalls, access controls and passwords to protect personal information held digitally.

The only people who have access to personal information are employees of the ASC, those staff accredited by partner sport organisations, and those who perform services for the ASC who need personal information to do their jobs. All employees of the ASC are made aware of good privacy practices and are bound by the ASC Code of Conduct to not misuse personal information. Those who perform services on the ASC’s behalf are also bound by contractual agreements that include privacy clauses.

If we no longer require an individual’s personal information, we will take reasonable steps to destroy it in a secure manner or remove identifying features from it. This is subject to any legal obligation (such as the Archives Act 1983) that requires the ASC to keep information for a certain period of time.

In what circumstances would the ASC provide personal information to others

The ASC may provide personal information to external organisations. Generally, these are organisations that help the ASC conduct its programs and activities. These organisations may include:

  • sport partners
  • cloud based services that host ASC data on its servers
  • authorised representatives of  the ASC
  • superannuation funds
  • payment systems operators (for example, our online shop to receive credit card payments)
  • our accountants, auditors or lawyers
  • person’s representatives (for example a parent, coach, legal adviser, medical practitioner).

The ASC seeks to work collaboratively with a range of sport organisations (including sporting organisations, Australian State and Territory Institutes and Academies of Sport and state and territory government departments) to deliver its programs. This collaboration includes using shared information holding systems and sharing information which was collected for the primary purpose of delivering sport services. Where the ASC shares personal information it will do so where the system and the organisation meets the privacy expectations of the ASC.

The ASC strives to limit the information it provides to other external organisations to what they need to provide their services to us - or to provide services to ASC clients. The ASC ensures that any organisation that it contracts with:

  • meets the privacy standards required by the ASC in protecting personal information and complies with the Privacy Act 1988 or if overseas, a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the Privacy Act; and
  • uses the personal information provided only for the purposes of the specific service being provided to the ASC, and for no other purpose.

The ASC may also need to provide personal information to external parties where:

  • the information relates to a sports drug and safety matter or is otherwise relevant to the performance of the functions of the Australian Sports Anti‑Doping Authority and as such may be provided to the Australian Sports Anti‑Doping Authority;
  • The ASC is required to by law or has a public duty to do so. For example, a Court, a regulator (such as the Australian Taxation Office or the police can compel the ASC to disclose personal information to them); or
  • persons have expressly consented to their personal information being supplied to others for particular purposes

Disclosure of ASC held personal information to overseas recipients

The ASC seeks to limit where possible the disclosure of personal information to overseas recipients.

The ASC provides its services to Australian sport and Australian athletes throughout the world, which at times requires personal and/or sensitive personal information to be disclosed overseas. The ASC maintains a permanent overseas facility in Italy and other overseas locations on a temporary basis (for example during Olympic and Paralympic Games).

The ASC may also need to provide personal information to overseas recipients, where:

  • the information relates to providing information to an international sporting organisation (for example the IOC, FINA, IAAF) for the purposes of administering or assisting sport and sporting competition
  • the information relates to an anti-doping and/or safety matter or is otherwise relevant to the functions of the World Anti‑Doping Authority
  • the information is provided in the management of travel or logistics for administrating staff, athletes and teams
  • a person has expressly consented to their personal information being supplied to overseas recipients.

The ASC contracts overseas commercial organisations to provide products or services to the ASC or its clients. These agreements are entered into where:

  • the ASC has conducted a risk assessment;
  • the organisation meets the privacy and security standards required by the ASC in protecting personal information; and
  • the organisation uses personal information only for the specific service the ASC asks them to provide, and for no other purpose.

Access to personal information held by the ASC and to correction of that information

Any person who believes that the ASC holds personal information about them may contact the agency to seek access to that information in accordance with APP 12.

Please view the ASC Procedures for accessing and correcting personal information for more information.

If after accessing information held about any person, they consider that it is inaccurate, out-of-date, incomplete, irrelevant or misleading for the purposes for which it is held, then they may request the ASC to amend it in accordance with APP 13.

In the first instance a person can request access to their personal information by contacting the ASC.

By post:

Privacy Officer
Australian Sports Commission
PO Box 176 Belconnen ACT 2616

By email: privacy@ausport.gov.au

The ASC may not always be able to provide access to all the personal information it holds about a person. For example, it may not be able to provide access to information that would reveal personal information about another person. Any person may also obtain access to their personal information held by the ASC through the Privacy Act 1988 and the Freedom of Information Act 1982.

How the ASC will handle complaints

The ASC will be efficient and fair when investigating and responding to any privacy complaints.

The ASC complies with the Guidelines published by the Office of the Australian Information Commissioner in relation to complaints management.

Any privacy complaints received by the ASC must be in writing and will be initially investigated by the ASC Privacy Officer, and will be escalated as required. The ASC will respond to all complaints within a reasonable time period appropriate to the specific complaint.

Any person may also complain to the Australian Privacy Commissioner who may investigate the ASC’s actions. The Commonwealth Ombudsman may also investigate complaints about ASC actions. However, the Commonwealth Ombudsman and the Privacy Commissioner will consult to avoid the same matter being investigated twice.

ASC Privacy Impact Assessment Register

The Privacy (Australian Government Agencies — Governance) APP Code 2017 (APP Code) requires all agencies to conduct a privacy impact assessment for all high risk privacy projects.

A project is considered a high risk privacy project if we consider that it involves any new or changed ways of handling personal information which is likely to have a significant impact on the privacy of individuals.

A register of privacy impact assessments conducted by us since the APP Code came into effect is below.

Date

Project name

Description

Link to information

2018

Microsoft Office 365 / Azure

Implementation of Microsoft Office 365 / Azure as a cloud service for the ASC

Document in PDF

2022AcendreImplementation of Acendre eRecruit as a recruitment systemContact Privacy Officer 
2022Aurion Migration of Aurion to the AWS CloudContact Privacy Officer
2022Google Cloud Services

Implementation of Google Cloud Services storageContact Privacy Officer

2023

Content Manager Cloud

Migration of Content Manager from the server to the Cloud

Contact Privacy Officer

2023

OHO

Automate the ASC’s process of checking and verifying WWCC in OHO

Contact Privacy Officer

2023

CultureAmp

Implementation of CultureAmp to assist with the performance management of ASC staff.

Contact Privacy Officer

2023

RefAssist

Implementation of RefAssist to provide the SaaS solution for the sport workforce management component

Contact Privacy Officer

2024

Zscaler and SSL inspection

Implementation of Zscaler and SSL inspection

Contact Privacy Officer

   This register was last updated on 11 July 2024.

For further information you can write to us at:

Privacy Officer
Australian Sports Commission
PO Box 176
Belconnen ACT 2616

Privacy@ausport.gov.au

Website Privacy Statement

The ASC is committed to protecting online privacy in accordance with Guidelines for Federal and ACT Government World Wide Websites issued by the Privacy Commissioner.

The ASC records visits to this website and logs the following information for statistical purposes:

  • user's server or proxy address
  • date/time/length of the visit
  • files requested
  • user's cookies
  • user's searches

The information is used to analyse our server traffic. No attempt will be made to identify users or their browsing activities except where authorised by law. For example in the event of an investigation, a law enforcement agency may exercise their legal authority to inspect the internet service provider's logs.

If you send us an email message we will record your contact details (in accordance with government record keeping standards). This information will only be used for the purpose for which you have provided it. We will not use your email for any other purpose and will not disclose it without your consent except where such use or disclosure is permitted under an exception provided in the Privacy Act.

When users choose to join a mailing list their details are added to that specific mailing list and used for the stated purpose of that list only. You will not be added to any mailing list without your consent.

As a user, you need to be aware of inherent risks associated with the transmission of information via the Internet. If you have concerns in this regard, the ASC has other ways of obtaining and providing information. Normal mail, telephone and fax facilities are available.

The ASC is not responsible for the privacy practices or the content of the linked web sites or of other content hosted by the ASC on behalf of third party agencies or organisations.