Whole of Government Customer Relationship Management System (CRM) - Privacy Notice
ACT Public Sector Agencies (“the Directorates”) take your privacy seriously, and will collect, secure and hold, use and disclose, access and correct, your personal information in accordance with the Territory Privacy Principles (TPPs) in Schedule 1 of the Information Privacy Act 2014 (the Information Privacy Act).
This privacy notice sets out certain matters the Directorates must advise you of when collecting your personal information, including:
- how you may contact us to access and correct your personal information that we may hold about you; and
- how you may make a complaint about the handling of your personal information.
What is the CRM?
The Chief Minister, Treasury and Economic Development Directorate (CMTEDD) is working to implement a whole of government engagement CRM. CMTEDD is the lead policy agency.
The CRM system has been designed to provide the Directorates’ employees or authorised contractors with a place to store information about engagements with stakeholders and access information about engagements with stakeholders undertaken by other employees or authorised contractors. Information in the CRM may be used to inform subsequent engagements with the same or similar stakeholders. The use of the database is intended to strengthen coordination between ACT Public Sector agencies and reduce duplication of effort and stakeholder fatigue, by sharing information about engagement activities across government. Personnel in any of the Directorates may collect your personal information for the CRM and may access the CRM, including personnel in the following directorates:
- Chief Minister, Treasury and Economic Development Directorate
- Environment, Planning and Sustainable Development Directorate and City Renewal Authority
- Transport Canberra and City Services Directorate
- Suburban Land Agency
- Health Directorate
- Canberra Health Services
- Education Directorate
- Justice and Community Safety Directorate
- Community Services Directorate.
Consultation Manager (CM) is the software selected to provide an online CRM system and is hosted by MySite Pty Ltd. The CM can be used to record interactions with a range of government stakeholders when undertaking engagement activities, to give the Executive and Ministers greater visibility of the Territory’s key stakeholder relationships.
Who do we collect personal information from?
Usually we will collect personal information that is reasonably necessary for or directly related to one of more of our functions or activities, directly from you. In general, we will only collect sensitive information from you with your consent.
Participation in a Directorate’s consultation and the inclusion of your information in the CRM is entirely voluntary and you can opt-out.
The CRM may collect:
- telephone numbers, and
- other information relating to the particular feedback.
To opt out from the CRM, please send an email requesting the removal of your personal information from the CRM to CMTEDDStrategicEngagement@act.gov.au.
We may collect personal information available in the public domain, for example, contact details and a person’s role in an organisation may be collected from the organisation’s website and stored in the CRM.
At times, however, we may also collect personal and sensitive information about you from third parties without your consent where we: are required or authorised under or by an Australian law, or court or tribunal order to collect it; or where permitted general situation may apply under the TPPs, and the Information Privacy Act.
What is personal information?
The term ‘personal information’ means:
- …‘information or an opinion about an identified individual, or an individual who is reasonably identifiable; whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not’.
- Sensitive information’ is a subset of ‘personal information’ and includes:
- racial or ethnic origin;
- political opinions;
- religious beliefs or affiliations;
- criminal records;
- philosophical beliefs;
- membership of political associations, trade unions, or a professional or trade association;
- sexual orientation or practices;
- biometric information (including photographs, video recordings and audio recordings of you); and
- genetic information.
Sensitive information is provided a higher level of protection and safeguarding due to the greater risk of harm to the induvial if their personal information was subject to a data breach, unauthorised access, misuse or other interference.
Personal information does not include ‘personal health information’ about the individual for the purpose of the Information Privacy Act, but may for the purposes of the Health Records (Privacy and Access) Act 1997 and the Privacy Act 1988 (Cth).
The purposes for which we collect your personal information
The collecting directorate will collect your personal information for the purposes of recording your feedback on government services, functions, policies or programs. The collecting directorate may use your personal information for these purposes, any other purpose listed on a collection statement at the point of collection, or in any other way made clear at the time of collecting the personal information .
The Directorates use the CRM to collect personal information for the purposes of researching and analysing stakeholder feedback. The other purpose of CRM is to better coordinate, enhance and improve engagement with key stakeholders. Information stored on the CRM may be accessed by personnel in any other ACT Government Directorate for the purposes of:
- analysing stakeholder feedback to understand views on various issues
- using stakeholder feedback to inform policy and program evaluation,
- identifying, and potentially contacting, stakeholders who may have an interest in particular issues, and
- managing other stakeholder engagement projects
What happens if we do not collect your personal information?
If you participate in a Directorate stakeholder engagement activity that may include your personal information in the CRM, you may:
- provide your personal information for inclusion in the CRM, where it will be shared with other ACT Government Directorates
- tell us that you are only providing your personal information to the Directorate, and do not want it included in the CRM for broader use by other ACT Government Directorates in the CRM, or
- decline to provide your personal information, remain anonymous, or use a pseudonym.
If you do not want your personal information included in the CRM, please email CMTEDDStrategicEngagement@act.gov.au .
If the Directorate is not able to collect your personal information for inclusion in the CRM, it will not affect your participation in any stakeholder engagement activities offered by the Directorate. Where the ACT Government cannot identify who provided the information collected in CRM, this may result in:
- some individuals being consulted again or repeatedly on the same topic
- not being invited to ongoing or new consultative processes on topics of interest to you, or
- less effective coordination across ACT Government agencies.
If you tell us you do not want to have your personal information collected for inclusion in either the CRM, you can still participate if the stakeholder engagement activity, and the Directorate will still collect your feedback and views.
To whom will we usually disclose your personal information?
If your personal information is included in the CRM, the Directorate may usually disclose your personal information to personnel in other ACT Government agencies.
We may at times disclose your personal information for a secondary purpose, to other Australian Government agencies, public sector agencies, other state/territory government entities, or to a law enforcement body, where it is related to the primary purpose for which it was collected. In the case of your sensitive information, we will only use or disclose it for a secondary purpose that is directly related to the primary purpose unless an exception under the Information Privacy Act permits the use or disclosure.
Permitted exceptions under the Information Privacy Act that may apply if we use or disclose your personal information and sensitive information for a secondary purpose include:
- with your consent; or
- where we are required or authorised under or by an Australian law, or a court or tribunal order to do so; or
- where we reasonably believe that the use or disclosure is reasonably necessary for an enforcement body to undertake one or more of its enforcement related functions or activities conducted by that enforcement body; or
- where another permitted exception, consistent with the TPPs and the Information Privacy Act is met.
De-identified information and data stored in the CRM may be publicly disclosed.
For more information about how ACT Government directorates may usually disclose your personal information please refer to the section below on Privacy Policies, for links to other ACT Government Directorate Privacy Policies.
How will we store and secure your personal information?
CMTEDD is the business owner of the CRM system which is hosted by MySite Pty Ltd under contract. CMTEDD and the ACT Government will take reasonable steps to protect and secure the personal information it holds about you from; misuse, interference or loss, and from unauthorised access, modification or disclosure.
The CRM meet the ACT Government ICT Security and Protective Security Standards and uses 2 ISO accreditations. ISO 2001:2013 (Information Security) and ISO 9001:2015 (Quality Management). ISO 27001:2013 is an international security standard that specifies security management best practices.
In addition, access by staff to CM is limited to a role based, or need to know basis, and must comply with relevant data and record keeping policies and procedures and physical security procedures. De-identified information and data stored in the ECRM may be publicly disclosed.
Cross border disclosure
Personal information held in the CRM will not be usually disclosed by the Directorate, or other ACT Government Directorates, to an overseas recipient without your consent, or unless a permitted exception to disclosure under TPP8 applies.
Where to find relevant Privacy Policies
As the lead agency for the CRM, CMTEDD is the business owner of the database and ‘holds’ your personal information and is responsible for managing any complaints or data breaches.
- can access your personal information;
- seek correction of your personal information;
- how you may make a complaint about a breach of the TPPs; and
- how we will deal with privacy complaints.
How to contact CMTEDD Privacy Contact Officer
If you have any questions about the collection, use, security of, or access to your personal information please contact:
Mail: CMTEDD Privacy Contact Officer
Chief Minister, Treasury and Economic Development Directorate
GPO Box 158,
CANBERRA ACT 2601
Telephone: CMTEDD Privacy Contact Officer, +61 2 6207 8175
National Relay Service
Access the National Relay Service ↗. Choose the ‘Making a call’ option that suits your needs to contact one of the Telephone numbers listed above.
Translating and Interpreting Service
Call the Telephone Interpreter Service on:
13 14 50 (within Australia) or +613 9203 4027 (outside Australia)