This policy applies to personal information collected by the Murray-Darling Basin Authority (the MDBA).
The MDBA is bound by the Australian Privacy Principles (the APPs) in the Privacy Act 1988 (Cth) which set out how we should collect, use, secure, or disclose personal information and how you can access records containing your personal information. We also follow the APP guidelines issued by the Office of the Australian Information Commissioner (OAIC)
We do not collect identifiable personal information about you if you only browse our website to read or download information.
If you send a message to us through our Contact Us page, or subscribe to one of our publications or request one of our services, we only record or use the personal information you provide to us to respond to you or provide you with the requested service.
Your email address will not be added to a mailing list or used for any other purpose. If we wish to use your email address for another purpose we will seek your prior consent by way of a specific request in writing to you.
When you visit our website to read or download information, we may record through our web server log files or Google Analytics statistical information such as your server address, pages you access or download, search terms you used.
This data helps us manage our website efficiently and securely and no attempt is made to identify you or your browsing activities, except in the unlikely event of a criminal investigation authorised by law.
Cookies are pieces of information that a website can transfer to your web browser. Parts of our website may store cookies on your browser in order to service you better when you next visit the site. You can change your web browser's settings to reject cookies.
The MDBA's website contains links to other web sites. The MDBA is not responsible for the content or the privacy practices of other external web sites.
When using Free Flow — the MDBA blog, or Facebook, Twitter or YouTube, the information posted on their pages is used only to administer the pages and to consider and respond to any comments you make.
The main kinds of personal information we collect and hold relate to:
The MDBA collects personal information only where it is reasonably necessary for, or directly related to, the MDBA's functions or activities, or if collecting sensitive information, if the person concerned expressly consents to the collection.
We only collect personal information directly from the person concerned, unless this is unreasonable or impracticable, and we only collect it by lawful and fair means.
When we receive personal information that we did not ask for we deal with it as if we had requested it.
You have the option of dealing with us without revealing your identify. You may remain anonymous or use a pseudonym, unless we are required or authorised by law to deal only with an identified person, or it is impracticable for us to respond to you if you have not identified yourself, e.g. to deliver a publication to you, or provide you with feedback.
The MDBA uses a range of physical and electronic systems to store the personal information and takes all reasonable steps to secure the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
These measures include, but are not limited to, restricted physical access to our offices; secure cupboards and storage containers for paper records; secure computer systems and networks for electronic records; controlled access to databases by authorisation, training and passwords; workplace policies; and regular review and testing of our physical and electronic systems.
Personal information is stored in paper and electronic form. Paper records are held in secure cabinets with restricted access. Our electronic records are stored in secured computer servers or networks with restricted access.
Records containing personal information are kept or disposed of in accordance with the section 24 of the Archives Act 1983 (Cth). No personal information is stored overseas.
The MDBA only collects, holds, uses or discloses personal information for purposes which are reasonably necessary for, or directly related to, one of our functions or activities. The MDBA is not likely to disclose personal information to overseas recipients.
The purposes for which the MDBA might collect personal information include:
You have the right to see what information we hold about you and to request that it be corrected if it is inaccurate, out-of-date, incomplete, irrelevant or misleading, having regard to the purpose for which it is held.
There is no charge for making a request for either access to, or correction of, your own personal information.
You also have access and correction rights under the Freedom of Information Act 1982 (Cth).
If you have any concerns about the way we handle your personal information and wish to make a complaint, please contact the Privacy Contact Officer by mail, phone, fax or phone (contact details provided at the end of this policy statement).
The MDBA is committed to the consistent, fair and confidential handling of a complaint. We are also committed to resolving complaints as quickly as possible, generally within 20 working days. You can also expect us to acknowledge your complaint and to keep you advised of progress.
If you are not satisfied with our response, you may request us to reconsider it. You may also make your complaint directly to the Office of the Australian Information Commissioner. However, in most cases the Office of the Australian Information Commissioner will refer you to us to make the complaint in the first place.
Privacy Contact Officer
Murray–Darling Basin Authority
GPO Box 1801
CANBERRA ACT 2601
phone: (02) 6279 0100 and ask for the Privacy Contact Officer
fax: (02) 6248 8053
You have the option to contact us without identifying yourself or of using a pseudonym. Further information on dealing with us anonymously or by using a pseudonym is in our Collection policy above.