What is the Privacy Act?
The Privacy Act 1988 (Privacy Act) is Australian legislation that protects the way your personal information is handled.
Australian privacy principles
The Privacy Act contains 13 Australian Privacy Principles (APPs). The APPs regulate how we collect, store, provide access to and use personal information.
1. Open and transparent management of personal information
Ensures your personal information is managed in an open and transparent way. This includes having a clear, up-to-date privacy policy.
2. Anonymity and pseudonymity
Notes that people must be given the option to remain anonymous or use a pseudonym, except in limited cases.
3. Collection of solicited personal information
Outlines when solicited personal information can be collected. It enforces higher standards for sensitive information.
4. Dealing with unsolicited personal information
Determines how unsolicited personal information is dealt with.
5. Notification of personal information collection
Highlights when and what you must be told about when your information is collected.
6. Use or disclosure of personal information
Outlines the way and times that your personal information can be used or disclosed.
7. Direct marketing
Explains that personal information can only be used for direct marketing in certain circumstances.
8. Cross-border disclosure of personal information
Outlines what needs to be done to protect your personal information before it's disclosed overseas.
9. Adoption, use or disclosure of government related identifiers
Specifies when your government-related identifier can be used and disclosed by a government department or third party.
10. Quality of personal information
Requires that stringent measures are taken to ensure the accuracy and quality of personal information before it's disclosed to other parties.
11. Security of personal information
Ensures your personal information is protected from misuse, interference, loss, unauthorised access, modification and disclosure. It also details circumstances where personal information should be destroyed or de-identified.
12. Access to personal information
Describes how your requests to access your personal information must be handled.
13. Correction of personal information
Specifies how requests to correct the personal information must be handled.
Our privacy policy
The Privacy Act requires anyone bound by the Australian Privacy Principles (APPs) to have a privacy policy.
You should read our privacy policy if you're:
-
an applicant of an intellectual property (IP) right
-
an owner of an IP right
-
an attorney or agent for an applicant or owner
-
an individual whose personal information may be given to, or held, by IP Australia
-
a contractor, consultant, supplier or vendor of goods or services to IP Australia
-
a person seeking employment with IP Australia
-
an IP Australia employee.
Detailed information on the Privacy Act and APPs can be found at the Office of the Australian Information Commissioner (OAIC).
Privacy collection notices
This Privacy Collection Notice describes how the Innovation and Digital Services Team within IP Australia (IPA) collects and manages personal information. The Innovation and Digital Services Team manages the Vulnerability Disclosure Program which gives security research and users of IP Australia’s systems a point of contact for reporting to the agency potential vulnerabilities.
Your privacy rights
Your personal information is protected by law, including the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles, which regulate how entities including IPA may collect, use, disclose and store personal information.
IPA will only collect your personal information where it is reasonably necessary for, or directly related to, the performance of our functions or activities.
What personal information do we collect?
We collect your personal information from you when you notify IP Australia of a vulnerability.
The personal information we collect from you includes your email address and if you choose to provide it, your name and contact details.
Why do we collect your personal information?
We collect your personal information to assist in the investigation of a reported vulnerability of IP Australia’s systems or products.
Collection of this information is required or authorised by APP 3.1.
Without this information IP Australia may be unable to obtain further details of the vulnerability and provide recognition of the individuals who identified the vulnerability. Individuals may opt out of having recognition published should they choose.
How do we use and disclose your personal information?
We will use and disclose your personal information for the purpose of resolving the vulnerability identified. This includes forwarding your report to internal or external teams as necessary to commence investigations and publishing your name or alias in recognition (unless you advise otherwise).
Additionally, we may disclose your personal information to third parties where the disclosure is required or authorised by a court or tribunal order, or under an Australian law. For example, this could happen if IPA receives a court order compelling the production of information.
We may disclose your personal information to third parties such as software suppliers and development partners, including recipients who may be located overseas to investigate and resolve the vulnerability.
Any personal information disclosed to third parties located overseas may therefore be disclosed or stored overseas. By consenting to your personal information being collected and disclosed to these entities you agree that Australia Privacy Principle (APP) 8 will not apply to the disclosure. This means that if the overseas recipient handles your personal information in breach of the APPs, you agree that IP Australia will not be accountable for this breach under the Privacy Act.
IP Australia will not use or disclose any personal information provided for any other purposes unless authorised or required by law. For more information about how we handle your personal information, how you may access or correct your personal information or make a privacy-related complaint, read our privacy policy on this page.
Your personal information
We collect personal information about you only when it's necessary for, or directly related to, our functions or activities.
We're committed to protecting your personal details and the security of your information.
How we handle your information
We don't give your personal information to other government agencies or private-sector organisations unless one of the following applies:
-
You've given us your permission.
-
You're aware that information of this kind is usually passed to those bodies or agencies.
-
The disclosure is required or authorised by law (such as our IP rights legislation).
-
It's a special situation that:
-
will prevent or lessen a serious and imminent threat to somebody's life, health or safety
-
relates to suspected unlawful activity or serious misconduct.
-
We only disclose personal information to overseas recipients:
-
with your consent
-
where legally authorised
-
when required by an international treaty or convention.
When personal information is no longer required, we destroy or delete it in a secure manner.
You can request details of personal information we hold about you at any time. Reach out to us if you'd like to access or correct your information.
How we use your information online
We use a number of online platforms and third party software as part of our business operations. They allow us to:
-
monitor the performance of our systems
-
improve our online customer experience
-
communicate with you.
Dynatrace application performance monitoring (APM) platform
Our online services platform uses Dynatrace Application Performance Monitoring (APM) to monitor technical faults. This allows our systems support team to quickly rectify issues and identify improvements.
Dynatrace doesn't collect personally identifiable information.
Clickstream data
Clickstreams record your path when navigating a web page or the internet.
When you visit our website, our internet service provider (ISP) makes a record of your visit and logs your clickstream information.
We use this information to see what pages you've visited on our website. We analyse it to improve overall customer experience, establish priorities and allocate resources.
We don't identify you or your browsing activities, except if a law enforcement agency provides a warrant to inspect our ISP logs as part of an official investigation.
Cookies
A cookie is a short piece of data sent from a web server to a web browser on your computer or device when you visit a website. We use cookies to help co-ordinate your experience
We can't use cookies to find out names, email address or anything about your computer. We don't store or collect cookie information.
Survey Monkey
We use Survey Monkey to administer online surveys. These surveys use third party cookies.
The information collected by the cookies is not capable of identifying. It's only used to ensure our surveys run effectively. We only use this information for statistical and maintenance purposes. For more information, see Survey Monkey's Privacy Policy.
Qualtrics
We use Qualtrics to administer online surveys. Qualtrics uses cookies to analyse, measure and improve its performance. These surveys also use third party cookies.
Neither we or Qualtrics retain control over, or access to, the information supplied by the cookies to third parties.
You can find out how to amend your cookie setting to suit your preferences in Qualtrics privacy statement and Qualtrics Cookie Statement.
Google Analytics
We use Google Analytics to collect anonymous information about how you arrive at and interact with our website. Google uses first-party cookies and JavaScript code to collect this information.
Google Analytics doesn't track any application processes or procedures from online services.
You can opt out of Google Analytics by disabling or refusing the cookie or disabling JavaScript.
Eventbrite
We coordinate our events through Eventbrite. Eventbrite facilitates the registration process and handles any personal information collected in accordance with their Privacy Policy. They'll also provide your name, contact details and email address to us for the purpose of registration for the event.
Any personal information collected by IP Australia will be handled in accordance with our Privacy Policy and the Privacy Act 1988.
Emails
We have a number of subscription-based email lists to keep you informed about what's happening at IP Australia. If you choose to subscribe to any of these lists, you'll need to provide us with personal information such as your contact details and email address. We don't share this information with anyone.
If you apply for an IP right in Australia, you'll need to register with our online services.
Before you can register, you need to read, accept and agree to follow our terms and conditions.
SpendConsole is a cloud-based supplier invoice management and compliance system that supports Pan-European Public Procurement On-Line (PEPPOL) invoicing standards and provides some automation to IP Australia’s Accounts Payable processes.
Any personal information you provide and stored in SpendConsole will be used for the purposes of:
-
processing and paying invoices received via any channel (including PEPPOL, email or mail)
-
managing vendor information/records
-
maintaining financial records.
All personal information you provide will be handled by IP Australia in accordance with the Privacy Act 1988, the Archives Act 1983 (Cth) and IP Australia’s Privacy Policy.
IP Australia’s Privacy Policy sets out:
-
how you may seek access to and correction of the personal information we hold
-
how we protect your personal information
-
how you may make a complaint about a breach of the Privacy Act and how we'll deal with your complaint
-
the contact details for IP Australia’s Privacy Contact Officer.
IP Australia will not otherwise use or disclose your personal information without your consent, unless authorised or required by or under law, and will also not disclose any personal information collected through this process to any overseas recipients.
By providing your personal information, you provide your consent to your personal information being handled in accordance with this privacy notice and IP Australia’s Privacy Policy.
If you don't consent to your personal information being handled in the manner described above, please contact the Assistant Director Accounting Operations at accounting.ops@ipaustralia.gov.au.
How we handle high privacy risk projects
Under the Privacy (Australian Government Agencies – Governance) APP Code 2017 (Cth) (APP Code), we're required to conduct a privacy impact assessment (PIA) for each high privacy risk project.
| PIA | Date of completion |
| TM-Link — release 1 | July 2018 |
| Smart trade mark | July 2018 |
| RIO auto user provisioning | April 2019 |
| Performance management system and recruitment system | May 2019 |
| Customer satisfaction survey | May 2019 |
| Digital access service | June 2018 |
| Transactional digital services party address book | November 2019 |
| Patent landscape reports | November 2019 |
| Business intelligence and analytics platform | December 2019 |
| New support ticket portal | April 2020 |
| Adobe Acrobat update | June 2020 |
| New fax system | June 2020 |
| Transactional digital services – web build | July 2020 |
| Interactive voice response | July 2020 |
| Contact centre transition | April 2021 |
| TM-Link 2021 | July 2021 |
| ICT advisory services (DTA Marketplace) | December 2021 |
| LXP learning experience platform (replacing Learnhub) | April 2022 |
| ServiceNow ITMS tool (replacing LANdesk) | January 2023 |
| EDRMS Replacement Project (Recordpoint replacing BRIK) | March 2023 |
| TM Checker | March 2023 |
| 360 degree feedback survey for ITG directors | May 2023 |
| Expense8 | December 2023 |
| SpendConsole | December 2023 |
| PBR Reform Systems Modernisation Program | January 2024 |
| LXP - Learning Experience Platform (PIA update) | July 2024 |
| TM Checker (PIA update) | December 2024 |
| SuccessFactors | February 2025 |
Last updated on 26 February 2025.