Our privacy policy

Last updated

22 April 2022

The Australian Business Registry Services (ABRS) privacy policy deals with our collection, storage, access to, use and disclosure of personal information.

About our privacy policy

Our ABRS privacy policy seeks to:

explain our personal information handling practices
make our operations more transparent
give you a better and more complete understanding of the personal information we hold and how we deal with that information.

We review our privacy policy regularly and publish it here. If you would like a copy of our privacy policy in another form, or you want to give feedback, you can contact us.

We comply with the Privacy Act 1988 (Privacy Act) which protects your personal information. The Privacy Act also requires us to apply the Australian Privacy Principles (APPs) set out in Schedule 1 when we handle personal information.

Under the Privacy Act, ‘personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable. This includes whether the information is true or not, and whether it’s recorded in a material form or not.

The Australian Taxation Office (ATO) supports ABRS to ensure compliance with the requirements of the Australian Government Agencies Privacy Code which is registered under the Privacy Act.

Privacy notices

The first service for ABRS is director ID. The privacy notice for director ID outlines why the Registrar of Australian Business Registry Services (ABRS) is collecting your personal information and who they can give it to. Read this notice before you apply for your director ID so you are aware and understand why the Registrar requires this information to confirm your identity.

As we add more content to the website, we will add more privacy notices relating to those topics.

Our undertaking to you

To protect you, we undertake to:

collect personal information about you in a way that is fair, lawful and not unreasonably intrusive
not use any form of deception or threat when we collect personal information from you or anyone else
respect your privacy and keep your information confidential
handle your personal information as required by the Privacy Act and the Australian Government Agencies Privacy Code 2017.

We will be transparent and open about what personal information we collect, hold, use and disclose. You can also make a complaint if you think your privacy has been compromised.

Your personal information

In administering ABRS, we collect, hold, use and disclose a wide range of personal information This information is necessary for, or related to, the administration of business and registry services.

When authorised by law, the Registrar may give your information to other government departments and agencies, including:

Australian Taxation Office (ATO)
Australian Securities and Investments Commission (ASIC)
Australian Charities and Not-for-profits Commission (ACNC)
Office of the Registrar of Indigenous Corporations (ORIC)
law enforcement agencies
federal, state and local governments
courts and tribunals
certain bodies under the Public Governance, Performance and Accountability Act 2013.

Information that ASIC collects from the Registrar will be used to identify and investigate individuals and to perform enforcement functions.

Director identification number

A director ID is a unique number assigned to an existing or intending (new) director who has verified their identity with the Registrar.

Once you have a director ID, you will keep it forever. This is even if you either:

stop being a company director
change your name, or
move interstate or overseas.

Each director ID is issued just once, to one individual. It will not be recycled or reassigned to anyone else.

Personal information we collect, hold, use and disclose for administering director IDs can include:

name
contact details, including
- email address
- telephone number
date of birth
tax file number.

Tax file numbers

A tax file number (TFN) is a unique identifier. We are authorised by the Taxation Administration Act 1953 to request your TFN. We may use it to help us identify you and issue you with a director ID.

Sections 8WA and 8WB of the Taxation Administration Act 1953 and the Privacy (Tax File Number) Rule 2015 protect TFNs. We manage TFN information in line with those laws.

Biometric voiceprints

Web browsing records

When you visit our website, we'll collect information from your browser relating to:

your server address, operating system and top-level domain name
the date and time of your visit
the pages you accessed and documents you downloaded
the previous site you visited
the type of browser you used.

We will not attempt to identify you or your browsing activities. The exception to this is if there is an investigation where a law enforcement agency may exercise a warrant to inspect our internet web server logs.

When you authenticate with ABRS online systems directly or indirectly (for example, through myGovID), we will log certain information about your device, your browser and the authentication process. This includes:

your internet provider number (IP address)
the date and time you used the authentication service
the authentication information you provided
successful and unsuccessful attempts at authenticating.

We may use this information to:

confirm your identity
compile statistics and reports to enhance our systems and services
identify and respond to issues that may indicate authentication integrity is at risk
detect, investigate and prosecute criminal offences.

We don't share this information with other government agencies or other organisations without your permission, unless required or authorised by law.

Cookies are pieces of information that a website can transfer to an individual's computer hard drive or mobile device for record keeping.

Cookies can make websites easier to use by storing information about your preferences on a particular website. The information remains on your device after the internet session finishes.

The first time you visit our website, one cookie will be stored on your device. On each visit to our website, the system checks whether there is an abrs.gov.au cookie on your device. If so, it simply notes its presence and records your visit as a 'previous user'. If not, it will store a cookie and record your visit as a 'first time visitor'. This cookie will be stored permanently unless you choose to delete it. We use this information to understand how people to use our website to help improve it. We don’t attempt to identify individual users in any way.

On each use, a 'session cookie' is temporarily placed on your device to maintain navigation information during your site visit. These session cookies are deleted from your device at the end of each internet session.

In addition, we make use of third-party sites such as Twitter, VioStream, Facebook, LinkedIn and YouTube to deliver content. These third-party sites may send their own cookies to your device. We don’t control the setting of third-party cookies. You can check the third-party websites for more information about their cookies and how to manage them.

We use Google Analytics to understand how our websites are being used so we can improve the services we offer. Google Analytics uses cookies to analyse how someone uses a website. They do not collect identifying information. Parts of your IP address are also masked so your identity remains anonymous. Data captured by Google Analytics is processed and stored in the USA. If you don’t want your data to be used by Google Analytics when visiting our website, you can install the opt-out browser add-on.

You can also disable cookies and JavaScript in your browser. However, this may prevent you from accessing certain services and functionality.

How we manage your personal information

How we collect personal information

We may collect personal information directly from you, a third party (including other government agencies, employers, your clients or customers (if applicable)), and publicly available sources. We will only do this if:

you consent to this
we are authorised to do so under an Australian law
you would reasonably expect us to collect the information in that way, for example, from a company you are a director of.

If we receive unsolicited information, we will handle it in accordance with Australian Privacy Principle 4.

What we do with personal information

We take steps to ensure that the personal information we collect about you is accurate, up-to-date and complete. These steps include updating personal information when you tell us that this has changed and at other times as necessary.

We protect the personal information we hold about you against:

misuse
interference
loss
unauthorised access, modification and disclosure.

We apply best practice industry security methods, including:

information technology and physical security audits
penetration testing
industry best practice risk management
system security technologies.

Staff who undertake Registry work are not allowed to disclose personal information contained in records. The exception is when undertaking their functions and duties required under relevant laws.

When you contact us

We must be certain of your identity before we can discuss your director ID with you. If you contact us, you must be able to prove your identity. This ensures we protect your personal information by only giving it to you or someone who can prove they are lawfully authorised to act on your behalf.

For example, if you phone us you can prove your identity by giving us your:

date of birth
address (as notified to us previously)
answers to 2 questions based on details we know about you.

Other information can be used as proof of identity, depending on the circumstances.

If you have a general enquiry that doesn’t involve discussing your personal information, you don’t have to provide identification. You’ll be able to deal with us without identifying yourself.

When we contact you

You have the right to be told why we’re asking for your personal information and what legal authority we’re relying on to request it from you.

Generally, when we collect personal information from you, we’ll tell you:

about your rights and obligations under the law (as early as possible). This will include the main consequences of not providing the requested information
about any other entity we usually disclose your personal information to
whether your personal information is likely to be disclosed overseas
how you can make a complaint if you think your privacy has been compromised.

Call recordings

We record all inbound and outbound telephone calls routed by our call management system unless callers ask us not to.

The call recording system also contains a screen capture facility which we use to help us administer Registry laws.

We may also use call recordings and screen captures for:

coaching and quality assurance purposes
gathering business data
managing complaints
training our staff
undertaking fraud investigations
making system and business improvements.

Overseas disclosures

How we dispose of personal information

When we receive personal information about you (whether solicited or unsolicited) the information will be treated as a Commonwealth record in almost all cases.

We are bound by the Archives Act 1983 to retain Commonwealth records until we can lawfully dispose of them. This is generally through either:

a ‘records authority’ issued or agreed to by the National Archives, where a records authority determines how long we hold information and when we dispose of it
‘normal administrative practice’ which permits the destruction of information that is duplicated, unimportant or of short-term facilitative value.

How to manage your personal information

You can update your own personal information, including details for your director ID, in ABRS online services. See how to View or update your details.

You may need access to information you can’t obtain through our online services or through our administrative access arrangements. If so, you can lodge a request for access to your:

personal information under the Privacy Act
documents under the Freedom of Information Act 1982 (FOI Act).

Accessing your personal information

Under Australian Privacy Principle 12, you have the right to request access to your own personal information.

However, there may be circumstances where we can refuse to give you access to the requested personal information. This may be under the Privacy Act, FOI Act or any other Commonwealth Act. We will explain the reasons why we can’t give you access to your personal information under APP 12 or to documents under the FOI Act.

We’ll respond within 30 days. This advice is free. We’ll also advise you how to can complain about the decision we make.

Correcting your personal information

Under Australian Privacy Principle 13, you have the right to ask to have your personal information corrected.

We’ll take reasonable steps to correct personal information we hold about you to ensure it’s accurate, up-to-date, complete, relevant and not misleading. We do this with the purpose for which the information is held where you ask for your information to be corrected.

We will respond within 30 days. We won’t charge you and we’ll also advise you how you can complain about the decision we make.

Making a request under freedom of information

You can also make a request for documents about you under the Freedom of Information Act 1982 (FOI Act).

The FOI Act gives you the right to:

•   access copies of documents we hold (except exempt documents)
•   ask for information about you to be amended or annotated if it is incomplete, out-of-date, incorrect or misleading
•   seek a review of our decision not to allow you access to a document or not to amend your personal record. This review can be undertaken by us or by the Information Commissioner.

There is more information on our FOI page, including the instructions about how to make a request.

Help and support

Questions

If you have a general question about privacy, or if you want to report an instance where you think your privacy may have been compromised, you can phone our Privacy Hotline on 1300 661 542.

If our staff are not available to speak with you, please leave a message. An officer will contact you to respond to your question or to obtain further information.

If you have other questions you can, contact us.

Complaints

There may be a situation where you’re not satisfied with how we’ve collected, held, used or disclosed your personal information, or a related matter. In this case, you can contact us or lodge a complaint. We treat complaints seriously and try to resolve them quickly and fairly.

If you are not satisfied with how we deal with your complaint, the Privacy Commissioner at the Office of the Australian Information Commissioner may be able to help you. For more information, visit the Office of the Australian Information Commissioner or phone 1300 363 992.

QC 20