This Policy sets out in Part 1 the general principles and practices that are applied to the business.gov.au initiative, followed by more detailed information in Part 2 about the specific applications available on business.gov.au, listed below.
Part 1: General principles and practices applying in this policy
Part 2: Details about the specific applications hosted on business.gov.au
Part 1: General principles and practices applying in this policy
Introduction
The Australian government's business.gov.au initiative is an internet based, whole-of-government, one-stop service to business. The business.gov.au initiative is designed to reduce red tape for business and make it easier for users to interact with all levels of Australian governments. It is the principal Australian Government online business portal.
The business.gov.au initiative is managed by the Online eBusiness Services programs team in the Australian Department of Innovation, Industry, Science and Research.
The primary delivery mechanism used for the business.gov.au initiative is the Internet. Businesses or individuals without Internet access can use the service through community Internet access facilities.
In this business.gov.au Personal Privacy Policy, the term 'business.gov.au facility' covers what is under the control of the Australian government, which is the business.gov.au domain and the Australian public servants and consultants ("business.gov.au personnel") responsible for that facility.
Further information about the business.gov.au initiative is published on the 'About business.gov.au' page.
Users should note there are inherent risks associated with transmission of information via the internet. Therefore users should make their own assessment of the potential risks to the security of their information when making a decision as to whether or not they should utilise the business.gov.au facility. There are alternative ways to obtain government information and transact business with governments for those users who do not wish to use public networks such as the Internet.
Most Australian government agencies and their personnel are governed by the Privacy Act 1988 and the Crimes Act 1914. Personnel who are mainly Australian public servants operate the business.gov.au facility. In addition, some private sector consultants work on the business.gov.au facility under contracts with terms and conditions by which they agree to comply with the Information Privacy Principles in the Privacy Act relevant to their work. Consultants are also required in their contracts to acknowledge their awareness of the relevant provisions of the Crimes Act.
As part of the business.gov.au initiative's whole-of-government approach, the business.gov.au facility provides access to state and territory government agencies which do not come within the scope of the Australian privacy legislation (except for the ACT Government which is subject to the Privacy Act). Some of these agencies are subject to state privacy legislation. The business.gov.au facility endeavours to encourage all agencies to observe high standards of privacy protection. However the Australian government cannot guarantee the privacy of information once data has left the business.gov.au facility.
Therefore, all users are strongly advised to investigate the level of privacy protection provided by each particular state or territory agency accessible through the business.gov.au website. This should be done before users decide whether to proceed to transact with the particular agency online, by examining their Privacy and Security policies, that may be provided online or by contacting the agency directly.
Users seeking more information about personal privacy protection in the states and territories are also referred to Federal Privacy Commissioner's Information Sheet.
The business.gov.au personnel welcome questions and feedback in relation to the business.gov.au initiative's design and practices, which should be addressed to support@business.gov.au.
Scope
The business.gov.au Personal Privacy Policy addresses personal privacy matters. This Policy does not extend to commercial-in-confidence and other security matters, which are addressed by the business.gov.au Security Policy.
The federal and ACT agencies participating in the business.gov.au initiative are collectors and record-keepers for the purposes of the Privacy Act. The Department of Innovation, Industry, Science and Research is the Australian agency that is the initial collector and record-keeper of personal information gathered by the business.gov.au facility.
More detailed information on the specific applications hosted on the business.gov.au website are provided in Part 2 of this Policy.
Accountability
The Privacy Act 1988 and the Crimes Act 1914 may provide redress mechanisms and sanctions if users of the business.gov.au facility suffer loss or damage as a result of a breach of those Acts by the business.gov.au facility.
Users inquiring about their rights and remedies for breaches of privacy can access detailed information at the Federal Privacy Commissioner's website.
Collection of personal information
Under the Privacy Act, Information Privacy Principles 1-3 regulate collection of personal information.
The main way in which the business.gov.au facility collects information from users is through forms provided on web pages.
The user's information is not collected by the business.gov.au facility without the user's consent, for example, the user must click on a button provided on a particular web page to submit their information to the business.gov.au facility.
At or before the time the business.gov.au facility collects personal information, the business.gov.au facility will take reasonable steps to inform the user of the business.gov.au website as follows:
At or before the time the business.gov.au facility collects personal information, the business.gov.au facility will give notice to the user of the business.gov.au website as follows:
-
the purposes for which the information is collected
-
to whom, or the types of individuals or organisations to which, the business.gov.au facility might usually disclose information of this kind
-
any law that requires the particular information to be collected, and the main consequences for the user if all or part of the information is not provided.
The business.gov.au facility, like most other web servers, collects clickstream data. This data enables us to approximate the numbers of users visiting the site, the pages accessed and documents downloaded. Our clickstream data does not in itself identify individuals, and is collected by us to improve the business.gov.au services.
The business.gov.au website provides cookie tools in some applications, to filter information for a user during a browser session. A "cookie" resides on the user's own computer. It is a piece of information sent by a web server to the user's web browser that the browser software saves and sends back to the server whenever the browser makes additional requests from the server. Cookies on the business.gov.au website are session based and are provided to assist session management by the user. The information collected by cookies used in the business.gov.au website does not include personal information but includes the industry sector and the states or territories the user has selected. Where cookies are provided that are optional, a decision by a user not to use such cookies will not limit the user's access to any information, but will limit their ability to refine large lists of search results to suit the user's specific requirements. Users should note that the cookies used in GovForms are not optional, being necessary for session management by the individual user. GovForms is described in more detail in Part 2 of this Policy.
The business.gov.au facility will not retain information from cookies.
Users seeking more information about cookies in general are referred to W3C "The World Wide Web Consortium" where a search on the word "cookie" will provide current discussions.
Data security
Under the Privacy Act, Information Privacy Principle 4 regulates storage and security of personal information.
The business.gov.au initiative has a Security Policy which complies with Information Privacy Principle 4.
The business.gov.au facility is protected by SSL (Secure Socket Layer) encryption while the user remains on the business.gov.au facility. Users should be aware that sites that the business.gov.au facility links to may not use encryption technology, and that information transferred from the business.gov.au facility to an unsecured site will be passed on an unsecured link. Users seeking more information about SSL in general are referred to W3C "The World Wide Web Consortium" where a search on the word "SSL" or browsing the Security FAQs will provide current information.
The business.gov.au facility generally stores data as follows:
-
completed transaction details are removed from the database upon transmission to the receiving agency, and are stored in a highly secured environment for up to 14 days
-
incomplete transactions are stored for a maximum of 7 days in a highly secured environment
-
the non-personal transaction log will be retained in archival storage for up to 7 years
-
voluntary site feedback will be retained in archival storage for up to 7 years
-
cookies (which are session based and do not store any personal information) are deleted when the user logs off.
Access to and alteration of records containing personal information
Under the Privacy Act, Information Privacy Principles 6 and 7 provide for individuals' access to and alteration of records containing their personal information.
The Freedom of Information Act 1982 provides the mechanism and process by which users of the business.gov.au facility are allowed to have access to records containing their personal information, and to have their records changed or annotated if necessary.
A key objective of the business.gov.au facility is to provide in the specific applications described in Part 2 of this Policy, routine transactions that enable users to access and alter their data without having to exercise their legal rights under the Freedom of Information legislation.
Data quality
Under the Privacy Act, Information Privacy Principles 7 and 8 regulate data quality.
Users should note that when they provide data to the business.gov.au facility, including data entered by them on the website, the business.gov.au initiative relies on the accuracy of that data.
Use and disclosure of information
Under the Privacy Act, Information Privacy Principles 9 and 10 regulate the use of personal information.
Under the Privacy Act, Information Privacy Principle 11 regulates the disclosure of personal information.
Generally the business.gov.au facility does not itself use information, other than feedback to improve the business.gov.au service. Instead the business.gov.au facility passes information to other government agencies participating in the business.gov.au initiative. The information is passed by the business.gov.au facility in accordance with the Information Privacy Principles, and normally with the user's consent (for example, the user must click on a button provided on the business.gov.au web page), so that the transaction for which the user is on the business.gov.au website can proceed.
The business.gov.au facility will only disclose personal information in accordance with the Information Privacy Principles, for example, as required or authorised by or under law.
Part 2: Specific applications hosted on business.gov.au
ABN Lookup database and search facility
ABN Lookup is an online database that contains the publicly available information provided by businesses when they register for an ABN. It is a convenient way for you to access a partial version of the Australian Business Registry (ABR). Data available on ABN Lookup.
When you use our search facilities, the clickstream data collected does not identify individuals, and is used to improve the services provided.
There are no cookies used in this application.
ABN Lookup data usage statement
Use of your information by private sector organisations
Private sector organisations may access the publicly available information on ABN Lookup in order to simplify their dealings with the Australian Government, and to identify themselves reliably for the purposes of taxation laws. For example, a business may search ABN Lookup to verify the ABN details of a trading partner, or to find ABN details to incorporate these into their existing business records.
However, private sector organisations are not permitted to access ABN Lookup with the intention of downloading public ABN Lookup records to reproduce the ABN Lookup database for their own purposes.
ABN Lookup has been designed to prevent such “milking” of the database, with searches limited to a response of 150 records, and users only able to extract one full public record at a time. The Australian Taxation Office and the Department of Innovation, Industry, Science and Research monitor access to ABN Lookup to ensure that “milking” does not take place, and will take steps to prohibit access by anyone attempting such activities.
On 21 December 2001, the Privacy Amendment (Private Sector) Act 2000 came into effect, regulating the way the private sector organisations can collect, use, keep secure and disclose personal information. The Office of the Federal Privacy Commissioner website has more information about the new private sector privacy regime. The publicly available records on ABN Lookup are not intended to include personal information, as ABN Lookup holds information relating to businesses, not individuals. However if you do have any concerns about how private sector organisations may be using information found on ABN Lookup, please contact the Department's Legal and Procurements Branch (Contact details can be found at the bottom of this page) .
The Australian Taxation Office and the Department of Innovation, Industry, Science and Research are bound by the Privacy Act 1988 and the A New Tax System (Australian Business Number) Act 1999 in their handling of information provided by businesses.
GovForms access
GovForms is a single access point for businesses to quickly and conveniently find, manage and complete forms online with all levels of government - everything from registering for an ABN, applying for licenses to simply paying your rates.
As set out above in Part 1 of this Policy, the business.gov.au facility provides access to state and territory government agencies which do not come within the scope of the Commonwealth privacy legislation (except for the ACT Government which is subject to the Privacy Act). Some of these agencies are subject to state privacy legislation. The business.gov.au facility endeavours to encourage all agencies to observe high standards of privacy protection. However the Australian government cannot guarantee the privacy of information once data has left the business.gov.au facility.
Therefore, all users are strongly advised to investigate the levels of privacy protection and security provided by each particular state or territory agency accessible through the business.gov.au website. This should be done before users decide whether to proceed to transact with the particular agency online, by examining their Privacy and Security policies, that may be provided online or by contacting the agency directly.
Information about personal privacy protection in the states and territories is also available at Federal Privacy Commissioner's Information Sheet.
GovForms enables a user to choose to register and to:
-
discover transactions by searching via criteria that the user selects and enters
-
customise into one or more groups those forms that the user selects
-
store their form access history in the system.
In this application, the initial collector and record-keeper of personal information gathered is the Department of Innovation, Industry, Science and Research, which passes on the information to the receiving agency if the user consents to that (for example by the user clicking on a button provided on the business.gov.au web page).
The clickstream data collected does not identify individuals, and is used to improve the services provided.
The cookies that are provided in GovForms must be used in order to operate the system, because they are necessary for session management by the user.
Data storage and security arrangements are as follows:
-
GovForms is protected by SSL encryption while the user remains on the business.gov.au facility. Users should be aware that sites that the system links to may not use encryption technology, and that information transferred from GovForms to an unsecured site will be passed on an unsecured link.
-
the non-personal transaction log will be retained in archival storage for up to 7 years
-
voluntary site feedback will be retained in archival storage for up to 7 years
-
cookies (which are session based and do not store any personal information) are deleted when the user logs off.
It should be noted however, that where an individual chooses to register to use GovForms, groups of forms that they select and their access history will be stored in this system until whichever one of the following things occurs first:
It is important that users are aware of the uses and disclosures of the information they are providing. To safeguard the integrity of such transactions, the business.gov.au facility makes back up tapes that are retained as a record of the transactions that are passed through the GovForms for a period of 7 days, after which the tape records are destroyed.
Content Syndication Service
Content syndication is an easy and cost free way to publish and maintain business compliance information, from all three levels of government, on your website.
The information we syndicate is designed to complement the services you already provide on your website. Visitors to your site will be able to access up-to-date and relevant government information on starting, running and growing their businesses, without having to spend time searching on numerous government websites.
This service is available via RSS feeds and / or our full syndication service. (See Content syndication on the business.gov.au website or email syndication@business.gov.au for more information)
Accessing the service requires you to register your business, company or individual details, including a personal contact within, on the business.gov.au website. Information collected during the registration process is minimal and required to confirm legitimate registrations. This information is also generally publicly available via a telephone directory or contact information from your website.
All information collected is retained in-confidence, and kept in accordance with the Privacy Act 1988 .
Business Consultation website
business.gov.au's Business Consultation website allows the Australian Government to easily consult with business owners, associations and people interested in business.
By registering your interest on the Business Consultation website, you have the opportunity to be consulted about proposed or existing government regulations or policy that may affect your business.
During the registration process, you will need to provide the following information:
-
How you would like to be consulted
-
Personal and Contact Information: Name, Address, Phone, etc.
-
Your business role: Owner, Employee, Individual, etc.
-
Years of business experience
-
Business Information: Size of Business, Business Type, etc.
-
Business Sector and Subject Information
Information that will be collected during the registration process is handled with confidentiality.
The Department of Innovation, Industry, Science and Research, including the Business Consultation Website, are bound by the Privacy Act 1988 and in their handling of information provided by businesses.
Should you have any questions with regards to the way the department handles privacy, please contact:
Legal and Procurement Branch
Department of Innovation, Industry, Science and Research
Ph: 61-2-6213 7742
Fax: 61-2-6290 8557
Email: legalandprocurementbranch@industry.gov.au
Last updated 6 December 2007