The ACNC will only collect, store, use, disclose and destroy your personal information in accordance with the Privacy Act 1988.

Schedule 1 to the Privacy Act 1988 contains the Australian Privacy Principles which regulate the way in which organisations and government departments can collect and use personal information. The ACNC’s Privacy Policy sets out the way in which the ACNC complies with these principles. The full policy can be downloaded below, or you can click on the links below to find out more information.

ACNC Privacy Policy

The ACNC’s privacy policy can be read in full and downloaded below.

acnc.gov.au

When you view our website or log in to the ACNC Charity Portal, a record of your visit is logged for statistical purposes. This record includes the following information which is provided by your browser:

  • the user’s server address
  • the user’s top level domain name (for example .com, .gov, .au, .uk etc)
  • the date and time of visit to the site
  • the pages accessed and documents downloaded
  • the previous site visited
  • the type of browser used.

This information is used for statistical purposes, as well as helping us to maintain our server and to improve our services. This information will not be disclosed to any other government agency, organisation or individual unless we are required by law to do so.

Email addresses

If you subscribe to our email updates, we will need to collect your email address and only use your address for the purpose for which you have provided it. Your email address will not be disclosed to any other government agency, organisation or individual.

ACNC Charity Portal

Some fields in the portal require you to provide additional personal information than that which is covered by this privacy statement (for example, when updating responsible person details). Additional information in relation to your privacy will be provided on the portal.

Corporate Policy: ACNC Privacy Policy

This Corporate Policy is issued under the authority of the Commissioner and should be read together with the ACNC Policy Framework, which sets out the scope, context and definitions common to our policies.

About this Privacy Policy

This policy sets out how the ACNC will comply with the Australian Privacy Principles (APPs) contained in Schedule 1 to the Privacy Act 1988. In particular, this policy demonstrates the ACNC's compliance with APP 1 - Open and transparent management of personal information.

The APPs are contained in Schedule 1 to the Privacy Act 1988 and are legally binding on the ACNC.

The APPs regulate the way in which organisations and government agencies can collect, store, use and disclose personal information and how you can access and correct that information.

Detailed information on the APPs can be found on the Office of the Australian Information Commissioner’s (OAIC) website www.oaic.gov.au.

About the ACNC

The ACNC is the independent national regulator of charities. The ACNC was established to achieve the following objectives:

  • Maintain, protect and enhance public trust and confidence in the sector through increased accountability and transparency.
  • Support and sustain a robust, vibrant, independent and innovative not-for-profit sector.
  • Promote the reduction of unnecessary regulatory obligations on the sector.

To achieve our objectives, the ACNC:

  • Registers organisations as charities.
  • Helps charities to understand and meet their obligations through information, guidance, advice and other support.
  • Maintains a free and searchable public register so that anyone can look up information about registered charities.
  • Is working with state and territory governments (as well as individual federal, state and territory government agencies) to develop a ‘report-once, use-often’ reporting framework for charities.
  • Investigates complaints about potentially non compliant charities.

What is personal information?

Personal information is information or an opinion about an individual:

  • whether or not the information or opinion is true or not; and

  • whether the information or opinion is recorded in a material form or not.

The APPs apply only to information about individuals. The APPs do not cover information about charitable entities. Information about charitable entities is protected under the secrecy provisions of the ACNC Act.

If the ACNC does not collect personal information about you, the Privacy Act will not apply.

Who should read this Privacy Policy

You should read this Privacy Policy if you are:

  • An individual who is a responsible entity for a charity (i.e. a director of a company or a trustee of a trust that is a registered charity).

  • A contact person for a charity.
  • An agent for a charity.
  • An individual whose personal information may be given to or held by the ACNC.
  • A contractor, consultant or supplier or vendor of goods or services to the ACNC.
  • A person seeking employment with the ACNC; or
  • A person employed by the ACNC.

The ACNC Register

The ACNC Act requires the ACNC to collect and publish information about charities and their responsible entities on the ACNC Charity Register. The Charity Register allows members of the public to access and view information about registered charities. Subject to limited withholding provisions, the ACNC must publish this information in accordance with section 40-5 of the ACNC Act.

The publication of personal information onto our Register is permitted under the Privacy Act.

Our personal information handling practices

Collection of personal information

The ACNC will always endeavour to collect any required personal information from you directly. However sometimes we may ask for your personal information from your agent (for example, your lawyer or accountant) or from a third party. A common example will be where you are a responsible entity for a charity. As we are required to collect personal information including name and position of all responsible entities, another person acting on the authority of the charity may supply your personal information to us.

Common ways we collect and use personal information

When applying to register your charity, we will ask for personal information about the responsible person.

We are required to collect personal information about the responsible person under paragraph 40-5(c) of the ACNC Act. This section of the ACNC Act requires us to collect the name and position of the responsible person and to publish this information onto the ACNC Register (publication will only occur if the registration of the charity is approved).

If the responsible person wants to contact the ACNC to discuss confidential matters belonging to the charity, we need to have enough information on our record to conduct a Proof of Identity (POI) check. Only the name and position of the responsible person are published onto the ACNC Register. Any additional information we ask for the purpose of conducting a POI check will not be published.

If the responsible person is not the same person who is completing the registration form, we will also ask for personal information belonging to the person who is completing the form on behalf of the charity. We ask for this information so that we can conduct a POI check if this person wants to contact us to discuss the registration application or any other confidential details belonging to the charity.

If the online registration form is started but not submitted to the ACNC, the applicant will be prompted to complete the form. If the form remains pending after eight months, it will be deleted from the system as part of the ACNC's commitment to ensuring that personal information we collect is accurate, up to date and complete.

Each time you complete a form on behalf of your charity, we will ask for your personal information. We ask for this information so that we can conduct a POI check if you need to contact us to discuss the form or any other confidential details belonging to your charity.

We may also request the details of an alternative contact if you would like us to contact someone else should we have any follow up questions with regard to the particular form or report. Providing this personal information is voluntary. However it enables us to conduct a POI check so that we can discuss the content of the particular form with you.

If any online form is started but not submitted to the ACNC, the applicant will be prompted to complete the form. If the form remains pending after eight months, it will be deleted from the system as part of the ACNC's commitment to ensuring that personal information we collect is accurate, up to date and complete.

The ACNC Charity Portal is a way for charities to log in and update information we hold about them electronically. Updates to responsible persons can be made through the ACNC Portal. Updates to the responsible persons via the portal require us to collect the same information as if we were collecting the information via a paper form. This means we must collect the name and position of the responsible person and publish that information onto the ACNC Register in accordance with our obligations under the ACNC Act. We will also collect additional personal information so that we can conduct a POI check should you need to contact us and discuss your information or your charity’s information.

You can make a correction or update to your charity’s information online using the portal.

The Charity Passport is used by the ACNC to reduce reporting duplication. It is an electronic way for government agencies to share and use charity information and is in line with the development of our 'report once, use often' reporting framework.

The Charity Passport contains information that you have reported to us (in your registration application, Annual Information Statement, annual financial reports and updates that have been made to your information) that we have published on the ACNC Register. This means that it is only publicly available information that is shared between Charity Passport Partners.

Some of this information includes personal information, such as responsible person details (only those details that have been published on the ACNC Register).

All Australian government agencies, both Commonwealth and state and territory, can access the Charity Passport data by becoming an authorised Charity Passport Partner.

Use of the Charity Passport is subject to both the Privacy Act 1988 and the secrecy provisions contained in Part 7-1 of the ACNC Act. This means the ACNC will only disclose your information where lawful and Charity Passport Partners can only access and use your information in accordance with those laws.

If you telephone us to discuss your charity’s details, we will need to conduct a proof of identity 'POI' check to ensure that you are a person authorised to discuss the confidential matters of the charity. When conducting POI we will ask you a number of questions (generally three) that relate to information we hold about you on our system. We ask you this information so that we can verify your identity.

In line with our objective of reducing red tape for charities, where it is practicable, we will collect your personal information from other agencies and government departments to whom you have reported. We do this so that you do not need to report the same information to a number of agencies and departments.

We have agreements with the Commonwealth government agencies and departments listed below regarding the sharing of personal information. These agreements are in the form of a Memorandum of Understanding (MOU) and subject to the Privacy Act. This means information will not be shared where doing so would result in a breach of your privacy.

  • Australian Taxation Office
  • Australian Securities and Investment Commission
  • Office of the Register of Indigenous Corporations
  • Tertiary Education Quality and Standards Agency

The MOUs we have in place are published on our website. For a complete list and to access any of our MOUs visit the ACNCs MOU page on our website.

All Commonwealth government agencies and departments are subject to the Privacy Act. This means that they can only collect, store, use and disclose your information in accordance with the Privacy Act.

We also have agreements with State and Territory government departments and agencies regarding the sharing of personal information. Whilst the State and Territory departments and agencies are not subject to the Commonwealth privacy laws (there are different state and territory privacy laws that apply to those organisations), this does not change the fact that the ACNC are. This means we will only collect your information from these organisations, store, use or disclose your information in accordance with the Privacy Act.

For more information on State and Territory privacy laws go to the OAIC’s page on State and territory privacy law.

The ACNC established a research network. The network is designed to support researchers and strengthen the ties between researchers and the sector.

The ACNC manages a mailing list for network members. Persons who wish to be added to this list provide their details voluntarily. When the ACNC adds a person to the list, their name, workplace, email address and phone number are collected.

The ACNC conducts face to face education and training sessions for charities. The name, workplace and contact details of participants are collected (voluntarily) to facilitate registration for these sessions.

Persons who are employed by the ACNC are Australian Taxation Office (ATO) employees who are effectively loaned to the ACNC so that the ACNC can achieve its objects. As such all ACNC employees are covered by ATO employment policies and procedures.

This means that when you commence employment with the ATO, the ATO will collect the information it needs from you for human resource purposes. This information is stored in an electronic database called the ATO SAP system. This information is kept confidential and only a select number of ACNC human resource officers have access to the ATO SAP system.

This information is used for employment related purposes only.

If employees or managers want access to information contained in the database, they must contact the ATO People Helpline.

Use and disclosure of personal information

When we collect personal information, we will notify you of the purpose for which we are collecting it. Generally, we will only use or disclose your personal information for the very purpose for which it was collected.

We will only use and disclose your information where the use or disclosure is lawful.

The most common ways we collect personal information and the reasons we collect it are explained in detailed above in the section headed “Common ways we collect and use personal information.”

The ACNC will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information.

All ACNC employees are made aware of their obligations to handle personal information in accordance with the Privacy Act.

Our practices and procedures are regularly reviewed to ensure ongoing compliance with the Privacy Act.

Where an accidental or unauthorised use or disclosure occurs, the ACNC will act quickly to rectify and remedy the situation.

External service providers contracted by the ACNC are bound contractually to comply with the requirements of the Privacy Act.

Potential accidental or unauthorised use or disclosure of information, including personal information, is also covered by the following:

  • The ACNC secrecy provisions contained in Division 150 of the ACNC Act. Where an employee discloses personal information that is also protected information unlawfully, they will be subject to penalties including, in the most serious cases, up to two years imprisonment.
  • All ACNC employees are covered by the Public Service Act 1999, the Public Service Regulations 1999 and the Australian Public Service (APS) Values and Code of Conduct. If employees disclose official information without authority they may face disciplinary sanctions including, in the most serious cases, termination of employment.
  • Current and former employees and service providers are generally covered by the Crimes Act 1914 which provides for criminal penalties for unauthorised disclosure of official information.
  • The Criminal Code Act 1995 provides for similar penalties if former employees dishonestly use official information gained during their employment to benefit themselves or others or to cause harm to another person.

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, unauthorised access, modification or disclosure. We do this by ensuring that:

  • Personal information collected by the ACNC is collected and stored in accordance with Australian Government security policy. All paper files are secured in locked cabinets, Australian Government approved security containers or Secure Rooms with restricted access.
  • Information that has been stored electronically can only be accessed by ACNC officers.
  • Our internal network and databases are protected using firewall, intrusion detection and other technologies.
  • The ACNC’s premises are under 24 hour surveillance and access is via security pass only, with all access and attempted access logged electronically.
  • All ACNC employees and service providers are made aware of their obligations under the Privacy Act during the induction stage of their employment. Ongoing training is provided to ensure that we adhere to our established security practices.

All Commonwealth agencies, including the ACNC, are bound by the Archives Act 1983. This means that all our records management policies, including storage and destruction of information, are in accordance with the Archives Act 1983, Records Authorities and General Disposal Authorities.

Other Acts which impact on our records management polices are:

  • The Australian Charities and Not-for-profits Act 2012
  • The Freedom of Information Act 1982
  • The Australian Information Commissioner Act 2010
  • The Privacy Act 1988
  • The Evidence Act 1995
  • The Electronic Transactions Act 1999
  • The Financial Management and Accountability Act 1997
  • The Crimes Act 1914

You have a right under Australian Privacy Principle 12 to access the personal information we hold about you.

There is no charge for making a request.

You can make a request for access to the personal information we hold about you by contacting us at advice@acnc.gov.au, phone 13 22 62 or GPO Box 5108 Melbourne Victoria 3001.

You will need to include the following details in your request:

  • That you are making a request for access to the personal information we hold about you under the Privacy Act.
  • Your full name, date of birth and contact details (phone number, address or email address that we will have on our systems). We ask for this information so that we can verify your identity.
  • An address (email or postal address) that you would like the information you have requested forwarded to.
  • A contact phone number so that we can speak with you if we need any further details regarding your request.
  • Any relevant details regarding the information you are requesting.

We will respond to your request within 30 days.

Note that the ACNC may refuse to give access to personal information or refuse to give the information in the manner requested where we are required or authorised to refuse access under the Freedom of Information Act 1982 or another Act of the Commonwealth or a Norfolk Island enactment that provides for access by persons to documents.

If we make a decision to refuse to give access or refuse to give access in the manner you have requested we will send a written notice to the address you have provided to us, outlining our reasons for refusal (except to the extent that having regard to the grounds for the refusal, it would be unreasonable to do so).

We will also let you know the mechanisms available to you to complain about the refusal.

You may also request access to information we hold about you under the Freedom of Information Act 1982. More information on how to make a request for information,

You can make a request for us to correct personal information we hold about you where you believe that information is out of date, inaccurate, incomplete, irrelevant or misleading.

There is no charge for making the request.

You can make a correction to the personal information we hold about you by changing your details via the charity portal at: https://charity.acnc.gov.au. You may also contact us.

n some instances, you will have the right to not identify yourself or to use a pseudonym when dealing with the ACNC.

However, in some instances it will be impracticable for the ACNC to deal with you without identifying you. Alternatively, we may be required by law to deal with identified individuals.

For example, Division 40 of the ACNC Act requires the ACNC to publish responsible person details on the ACNC register. As the law requires us to deal with identified individuals, there is no discretion to grant the right to anonymity or the use of a pseudonym in these instances.

However, an example where you may be entitled to remain anonymous or to use a pseudonym is where you would like to make a complaint about a charity or where you would like to provide the ACNC with feedback.

The right to anonymity and the use of a pseudonym will be decided on a case by case basis in accordance with Australian Privacy Principle 2.

The ACNC is committed to monitoring, maintaining and improving the quality of our products and services.

In the event that become aware that data we hold is inaccurate, out of date, misleading or incorrect, we will take proactive steps to correct the information.

We will use email to correspond with you where you have indicated that this is your preferred mode of communication.

There are risks when transmitting information over the internet, including via email. We will consider these risks before we make an informed decision based on all the circumstances to correspond with you via email.

You should also be aware of these risks when sending personal information to us via email. If this is a concern to you, then you should use other methods of communication with the ACNC such as post, fax or phone.

How to make a complaint

If you think the ACNC has breached your privacy rights, you may contact us by:

Phone: 13 ACNC (13 22 62) weekdays 9:00 am to 6:00 pm AEST

Email: advice@acnc.gov.au

Write to:

Advice Services
Australian Charities and Not-for-Profits Commission
GPO Box 5108
Melbourne Victoria 3001.

Please mark your feedback “Attention: Privacy Contact Officer” when sending it via any of the above methods.

The ACNC’s complaint handling procedure

We will respond to your complaint within a reasonable time. This will usually be within 30 days. If for any reason we need additional time to provide a considered response to your complaint, we will contact you to explain the delay and let you know an expected timeframe.

How to make a complaint to the Federal Privacy Commissioner

If you are not happy with the way the ACNC handles your privacy complaint, you may contact the Federal Privacy Commissioner.

You may also make a complaint directly to the Privacy Commissioner before contacting us. However, the Privacy Commissioner will generally recommend that you try to resolve your complaint by contacting us in the first instance.

You can contact the Privacy Commissioner by:

Phone: 1300 363 992

Email: privacy@privacy.gov.au

Write to:
The Privacy Commissioner
The Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001

Most updates or changes to your personal information can be done via the charity portal https://charity.acnc.gov.au/

If you have any questions about changes to your personal information, this Privacy Policy or you wish to make a complaint about a breach of your privacy you may contact ACNC Advice Services

Email: advice@acnc.gov.au

Phone: 13 ACNC (13 22 62) weekdays 9.00 am to 5.00 pm AEST

Write to:

Advice Services
Australian Charities and Not-for-Profits Commission
GPO Box 5108
Melbourne Victoria 3001.

More contact details

This policy will be reviewed annually to ensure the ACNC’s compliance with all relevant privacy laws and policies.

Version

Date of effect

Brief summary of change

Version 1 - Initial policy

12 March 2014

Initial policy endorsed by Commissioner ACNC.

Version 2 - Revised policy

22 September 2014

Revision to clarify deletion of form information after eight months.

ACNC Act

Part 2-2 ACNC Register

Division 40 ACNC Register

Section 40-5 Commissioner to maintain Australian Charities and Not-for-profits Register

Information

(1) The Commissioner is to maintain a register (known as the ACNC Register) in which the Commissioner includes the following information:

A the following information in respect of each registered entity:

  • the entity's name;
  • the entity's contact details (including its address for service);
  • the entity's ABN;
  • the type of entity as which it is registered or has been registered;
  • each subtype of entity (if any) as which it is registered or has been registered;
  • the date of effect of each such registration;
  • the entity's governing rules;

B the following information in respect of each former entity:

  • the entity's name;
  • the entity's ABN;
  • the type of entity as which it was registered;
  • each subtype of entity (if any) as which it was registered;
  • the date of effect of each such registration;
  • the entity's governing rules;

C the following details in respect of each responsible entity of each registered entity:

  • the name of each responsible entity;
  • the position held by the responsible entity in relation to the registered entity

D information statements given by registered entities under Division 60 (except to the extent (if any) that information in the information statement is classified, in the approved form mentioned in section 60-5, as "not for publication");

E financial reports, and any audit or review reports, given by registered entities under Division 60;

F the details of the following matters (including a summary of why the matter arose, details regarding any response by the relevant registered entity and the resolution (if any) of the matter):

  • each warning issued to a registered entity by the Commissioner under Division 80;
  • each direction issued to a registered entity by the Commissioner under Division 85;
  • each undertaking given by a registered entity and accepted by the Commissioner under Division 90;
  • each injunction (including interim injunctions) made under Division 95;
  • each suspension or removal made under Division 100;

G any other information:

  • that the Commissioner is authorised to collect under a provision of this Act; and
  • that is specified in the regulations.
  • Note: Regulations made for the purposes of subsection 40-10(1) may provide that the Commissioner must not include information on the register in certain circumstances.
  • The Commissioner must not include the information mentioned in paragraph (1)(f) before the end of 14 days after the day the warning made or the suspension or removal occurs, unless the Commissioner considers that the public interest requires the information to be included earlier.
  • Register to be maintained by electronic means. The Register is to be maintained by electronic means.
  • The Register is to be made available for public inspection on the internet.
  • Note: See section 150-35 for limitations on including personal information on the register.

ACNC Act

Section 150-35 Exception - disclosure on Register to achieve objects of this Act

An ACNC officer may disclose protected ACNC information if:

(a) the Commissioner may include the information on the Register under Division 40; and

(b) the disclosure is for the purpose of including the information on the Register under Division 40; and

(c) if the information is personal information (within the meaning of the Privacy Act 1988) - the disclosure is necessary to achieve the objects of this Act.

Files