Guide to our privacy policy

The purpose of this privacy policy is to:

• clearly communicate the personal information handling practices of the Australian Maritime Safety Authority (AMSA)
• enhance the transparency of AMSA operations
• give individuals a better and more complete understanding of the sort of personal information that AMSA holds, and the way we handle that information.

Part A—Our personal information handling practices

Our obligations under the Privacy Act

This privacy policy sets out how we comply with our obligations under the Privacy Act 1988 (Privacy Act).  As an Australian Government agency, we are bound by the Australian Privacy Principles (APP’s) in the Privacy Act which regulate how entities may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them.

In this privacy policy, 'personal information' has the same meaning as defined by section 6 of the Privacy Act:

'personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• whether the information or opinion is true or not
• whether the information or opinion is recorded in a material form or not.'

Collection

It is our usual practice to collect personal information directly from the individual or their authorised representative.
Sometimes we collect personal information from a third party or a publicly available source, but only when the individual has consented to such collection, when we are required or authorised by law to collect information from someone other than the individual, or it is unreasonable or impracticable to collect the information from the individual.

In limited circumstances we may receive personal information about third parties from individuals who contact us and supply us with the personal information of others in the documents they provide to us.

We only collect personal information for purposes which are reasonably necessary for or directly related to our functions or activities under the Australian Maritime Safety Authority Act 1990, the Navigation Act 2012, the Marine Safety (Domestic Commercial Vessel) National Law Act 2012, the Shipping Registration Act 1981 or other AMSA legislation. We also collect personal information related to employment services, human resource management, and other corporate service functions (including finantial management, public consultation, public awareness and education).

We also collect personal information (including contact details) as part of our normal communication processes directly related to those purposes, including, for example, when an individual:

• emails staff members
• telephones us
• hands us their business card
• signs up to our social media or other services.

When we solicit personal information, where reasonable we ensure that the person providing the personal information is advised of the matters referred to in Australian Privacy Principle 5 within a Privacy Notice.

Use and disclosure

We only use and disclose personal information for the purposes for which it was given to us, and we do not give it to other government agencies, organisations or anyone else for another purpose unless one of the following applies:

• the individual has consented
• the individual would reasonably expect AMSA to use or disclose the information for the secondary purpose and the secondary purpose is related (or directly related in the case of sensitive information) to the purpose for which it was collected
• we are required or authorised by law or by an order of a court/tribunal
• we reasonably believe that the use or disclosure of the information is necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body
• where suspected unlawful activity or misconduct relating to AMSA’s functions has, is or may be engaged in and disclosure is necessary to take appropriate action in relation to the matter  
• it is unreasonable or impracticable to obtain the individual’s consent to the disclosure and it is necessary to prevent or lessen a serious and imminent threat to somebody's life or health
• where it is necessary to assist with the location of a person who has been reported missing
• it is necessary for the establishment, exercise, or defence of a legal or equitable claim or in relation to an alternative dispute resolution process.

Note that some of these words, including 'sensitive information' and 'enforcement body' have defined meanings under the Privacy Act .

Data quality

We take steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary. 

Data security

We take steps to protect the personal information we hold against misuse, loss, interference, and unauthorised access, disclosure or modification. These steps include maintaining up-to-date computer and network security systems with appropriate firewalls, access controls and passwords to protect electronic copies of personal information, and securing paper files and physical access restrictions.

When no longer required, personal information is destroyed in a secure manner, or deleted according to the AMSA 's Records Disposal Authority.

Access and correction

An individual has a right to request access to their personal information and to request its correction.  Requests for access and correction can be made to privacy@amsa.gov.au or freedomofInformation@amsa.gov.au. If an individual requests access to the personal information we hold about them, or requests that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the Privacy Act, the Freedom of Information Act 1982 (FOI Act) or other relevant law to withhold the information, or not make the changes.

If we do not agree to provide access to personal information or to amend or annotate the information we hold about them, the individual may seek a review of our decision or may appeal our decision under the FOI Act.

If we do not agree to make requested changes to personal information the individual may make a statement about the requested changes and we will attach this to the record.

Individuals can obtain further information about how to request access or changes to the information we hold about them by contacting us (see details below).

Making a privacy complaint

You can make a privacy complaint if you consider that an officer or part of AMSA has breached one of the APP’s or any other obligation under the Privacy Act.

You must generally make a complaint directly to AMSA at first instance.  This complaint should be in writing and should include a description of your privacy problem.  You may send your complaint to the Privacy Officer at privacy@amsa.gov.au .  AMSA will respond within a reasonable time (usually 30 days).

If you are dissatisfied with the response from AMSA, or you do not receive a response within 30 days, you may then complain directly to the Office of the Australian Information Commissioner (the OAIC).  Complaints to the OAIC must be made in writing.  The OAIC’s preference is for you to use the online Privacy Complaint form if possible.  It is free to lodge a complaint with the OAIC. Your complaint should include:

• your name and contact details
• any relevant reference numbers or identifiers 
• the name of the agency involved
• a brief description of your privacy problem (what happened and when)
• any action the agency or organisation has taken to fix the problem
• copies of any relevant documents, including copies of your complaint to the agency or organisation, and its response, and
• what outcome you’d like.

Go to the OAIC website for information about making a privacy complaint or making a complaint to the OAIC.

Overseas disclosures

AMSA may disclose information to overseas governments or maritime safety agencies for purposes related to legislation governing AMSA's operations, including AMSA’s functions as flag state, port state and enforcement body, or if required in accordance with Australia’s international obligations.   

The International Convention on Standards of Training, Certification and Watchkeeping for Seafarers (STCW Convention) establishes a system whereby a country may recognise a seafarer certificate issued by another party to the convention.  If a seafarer wishes to have their Australian certificate recognised for use in another country, AMSA may need to disclose some personal information to the country where the seafarer wishes to work.  It is also a requirement of the STCW Convention that in order for a country to recognise the qualifications of a seafarer from another country, there must be an agreement in place between those two countries.  For a list of countries which can issue a Certificate of Recognition for an AMSA issued certificate, please visit the Certificates of Recognition webpage.

AMSA also provides an automated service to maritime administrations and domestic and international shipping companies to verify the validity of a STCW certificate issued by AMSA.  AMSA may also disclose personal information overseas in limited situations related to search and rescue emergencies or in other circumstances related to our statutory functions.  

Part B—Files: how we handle specific types of personal information

Purpose

The purpose of collecting this information is to provide email updates to those that subscribe to various newsletters or updates such as:

• AMSA Updates for domestic commercial vessel owners, operators and crew
• Marine Safety Awareness Bulletin which includes trends and recent developments in shipping incidents
• Safety Alerts on safety issues and
• Marine Notices providing information and guidance about upcoming changes to legislation as they arise. 

Personal information collected by AMSA may include name, email address, Australian state or country location, your occupation and business interests.

Collection

We collect information directly from individuals when they voluntarily subscribed to our email marketing and newsletters.

Use and disclosure

AMSA uses Swift Digital, an online marketing platform, to manage and send emails.  AMSA staff who manage our email service and Swift Digital will have access to this information.

We use the personal information of subscribers for email marketing and newsletters to:

• send emails related to a subscriber’s business interests
• send newsletters
• manage AMSA’s email marketing and newsletter service
• report email campaign performance

We may also use or disclose this information in circumstances described under the ‘Use and Disclosure’ heading in Part A of this policy.

All information collected using the Swift Digital service is the property of AMSA and is never shared or used by third parties.

Data quality

Any person that subscribes to AMSA newsletters and email marketing updates can manage their subscription preferences or unsubscribe from AMSA newsletters and marketing email updates at any time.

Data security

Swift Digital holds the personal information and where stipulated, data is encrypted in transit using SSL connections. All data stored via Swift Digital is encrypted at rest. 

Swift Digital maintains data in compliance with Australia's Spam Act 2003 and Australian privacy requirements. All data is maintained within Australia and never leaves Australian jurisdiction.  

Read more about how Swift Digital manages data on the Swift Digital website.

Data retention

When no longer required, personal information is destroyed in a secure manner or deleted in accordance with the AMSA's Records Disposal Authority.

Access and correction

For information about how to access or correct personal information see 'Access and correction' in Part A of this document.

Part C—Information collected online by AMSA

Information collected

When you browse our website, our system may automatically make a record of your visit and log the following information for analytical purposes:

• your server address
• top level domain name (for example .com, .net, .gov, .au, etc)
• the type of browser and operating system you used
• date and time of your visit
• the previous site visited
• which pages are accessed
• the time spent on individual pages and the site overall
• mouse actions (such as clicks, movement and scrolling)
• type of device used
• which files were downloaded.

This information is analysed to determine this website's usage statistics and opportunities for improving the way we deliver information.

However, no attempt will be made to identify individual users except where a law enforcement agency (eg the Australian Federal Police) exercises a warrant to inspect our service provider's log files.

We collect no personal information about you unless you voluntarily choose to participate in an activity through this website that involves the provision of personal information, such as:

• sending electronic mail to this website
• participating in a survey or providing feedback on this website
• suggesting a link from this website to an external website.

If you choose not to participate in these activities, your choice will in no way affect your ability to use this website.

Cookies

A cookie is a small file sent by AMSA’s web server onto the user's web browser software when the user accesses our website. (An explanation of cookies generally can be found at the site of the Australian Privacy Commissioner).

Some parts of our website may use a cookie to maintain contact through a session. The cookie allows AMSA to recognise you as an individual as you move from one page of this website to another. This cookie will expire on the close of your browser session or on the closing down of your computer.

Most Internet browsers are pre-set to accept cookies. If you prefer not to receive cookies, you can adjust your Internet browser to disable cookies or to warn you when cookies are being used.

No attempt will be made to identify anonymous users unless we are legally compelled to do so, such as in the event of an investigation, where a law enforcement agency may exercise a warrant to inspect the internet service provider's log files.

Use of personal information collected

Any personal information you choose to provide will only be used for the purpose for which it was provided. We do not give personal information collected online to other agencies or organisations otherwise than in accordance with the circumstances described under the 'Use and Disclosure' heading in Part A of this policy.

The Internet is an insecure medium and users should be aware that there are inherent risks transmitting information across the Internet.

Information submitted unencrypted via electronic mail or web forms may be at risk of being intercepted, read or modified. If you do not wish to email or send an online form to AMSA, you can send mail by post.

Data quality

We will delete or correct any personal information that we hold about you on request.

If you are on one of our automated email lists, you may opt out of further contact from us by clicking the 'unsubscribe' link at the bottom of the email. 

Data security

There are inherent risks in transmitting information across the internet and we do not have the ability to control the security of information collected and stored on third party platforms. In relation to our own servers, we take all reasonable steps to manage data stored on our servers to ensure data security.

Access and correction

For information about how to access or correct personal information collected on our website see 'Access and correction' in Part A of this document.

How to contact us

Individuals can obtain further information in relation to this privacy policy, or provide any comments, by contacting us:  

Telephone

Head office +61 2 6279 5000 (8 am to 5.15 pm Monday to Friday)

Post

Privacy Officer
Australian Maritime Safety Authority
GPO Box 2181
Canberra City ACT 2601

Fax

02 6279 5950

Email

privacy@amsa.gov.au