The Future Fund Management Agency (Agency), Future Fund Board of Guardians (Board) and Australian wholly owned subsidiary companies (Subsidiaries) (together, we, us, our) are committed to ensuring that all Personal Information collected is handled in accordance with the Australian Privacy Principles outlined in the Privacy Act 1988 (Cth) (the Act). These principles provide a legal framework for the management of Personal Information collected from individuals by Australian Government agencies and businesses.
- Key definitions
Personal Details includes: full name, date of birth, current and past addresses, telephone numbers and email addresses.
Personal Information, as defined in the Act, is information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive Information, as defined in the Act, is:
i) information or an opinion (that is also Personal Information) about an individual's:
a) racial or ethnic origin;
b) political opinions;
c) membership of a political association;
d) religious beliefs or affiliations;
e) philosophical beliefs;
f) membership of a professional or trade association;
g) membership of a trade union;
h) sexual preferences or practices;
i) criminal record;
ii) health information about an individual;
iii) genetic information about an individual that is not otherwise health information;
iv) biometric information that is to be used for the purposes of automated biometric verification or biometric identification; or
v) biometric templates.
We only collect Personal Information lawfully, fairly and for purposes which are directly related to our functions or activities. Our functions are outlined on the Information Publication Scheme page of our website.
We generally collect Personal Information directly from individuals but may also collect Personal Information from intermediaries such as recruitment agents and temporary personnel providers.
The kinds of Personal Information we collect will generally be for a purpose which falls into one of the following two categories:
i) Personnel, including:
a) Workforce administration – from potential and current workers and members of the Future Fund Board of Guardians as part of recruitment, employment and administrative processes (this may include Sensitive Information).
Personal Information collected may include: Personal Details, payroll details (including tax file number and bank account), citizenship or visa information, passport details, qualifications and educational records, professional membership details, shareholdings in publically listed companies, company directorships or partnerships, paid or unpaid outside employment or services, investments in trusts or nominee companies, residential internet service provider bills, leave histories, medical information, travel histories and equal employment opportunity details;
b) Police records checks and security clearances – from potential and current workers and contractors as part of the recruitment, engagement and employment processes (this may include Sensitive Information).
Personal Information collected may include: Personal Details, place of birth, citizenship or visa information, copies of identification, criminal record and current security clearance details;
c) Office access – from potential and current workers and contractors in order to administer access to and from premises and buildings occupied by us (this may include Sensitive Information).
Personal Information collected may include: Personal Details and biometric finger scan(s); and
d) Emergency contact details – from potential and current workers in order to maintain effective business continuity arrangements and in case of an emergency.
Personal Information collected may include: Personal Details of nominated emergency contacts.
ii) Community, including:
a) Adding an individual to the website subscription mailing list
Personal Information collected may include Personal Details;
b) Responding to correspondence or a request for information
Personal Information collected may include Personal Details; and
c) Information collected by our website software
Information collected may include: user’s IP address, URL accessed, access date and time, bytes transferred, operating system and browser information.
Some Personal Information we collect is required or authorised by an Australian law, or otherwise required so we may discharge our duties under an Australian law. These laws include:
i) Australian Public Service Commissioner’s Directions 2013 (Cth);
ii) DisabilityCare Australia Fund Act 2013 (Cth);
iii) Financial Management and Accountability Act 1997 (Cth);
iv) Future Fund Act 2006 (Cth);
v) Nation-building Funds Act 2008 (Cth);
vi) Public Governance, Performance and Accountability Act 2013 (Cth); and
vii) Public Service Act 1999 (Cth).
There may be consequences if an individual does not provide us with certain ‘Personnel’ related Personal Information or Sensitive Information. For example, we will not assess an individual’s application for employment without the required Personal Information and Sensitive Information. There are not considered to be any serious consequences from an individual not providing to us ‘Community’ related Personal Information.
Individuals can remain anonymous or use a pseudonym when dealing with us, except where we are collecting Personal Information for a ‘Personnel’ related purpose. For example, when subscribing to our website subscription mailing list it is possible to use a pseudonym when prompted for a name.
- Use and disclosure
Personal Information provided to us will only be used for the purpose for which it is collected and will not be disclosed to any other party, except in accordance with this Policy.
We may disclose Personal Information to our employees, contractors or service providers for the purposes of performing our functions or activities noted in section 3 above. These parties may include: police check firms, employee vetting firms, security firms, IT systems administrators, website hosting firms, content management firms, access gateway firms, accountants, lawyers, advisors, auditors, consultants and other government entities.
In addition to the disclosures outlined above, we may also disclose Personal Information to another party if:
i) the individual has consented;
ii) the individual would reasonably expect, or has been told, that information of that kind is usually passed to that party;
iii) it is otherwise required by law;
iv) it will prevent or lessen a serious and imminent threat to somebody’s life or health; or
v) it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue.
If we receive unsolicited Personal Information we will only use that information for the purpose for which the individual providing the information would reasonably expect. For example, an unsolicited resume provided to us will only be used to assess the individual for a possible position of employment.
We may disclose certain ‘Personnel’ Personal Information we collect to overseas recipients. For example, when arranging the appropriate visas for employees travelling on official business, or when arranging regulatory lodgements which require details of our workers.
We may share Personal Information between the Agency, Board and Subsidiaries for the purposes stated in section 3 above.
- Quality and security
We take reasonable steps to ensure that the Personal Information we collect is accurate, up-to-date and complete. These steps include maintaining and updating Personal Information when we are advised by individuals that their Personal Information has changed, and at other times as necessary.
We take reasonable steps to protect the Personal Information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse.
All Personal Information is retained for a period of up to seven years. When no longer required Personal Information is destroyed in a secure manner, or deleted in accordance with Commonwealth General records authorities and our Records Authority. Certain information may be required to be retained for a longer period and may be transferred to the National Archives of Australia, however this is likely to be rare.
- Access and correction
If an individual requests access to the Personal Information we hold about them, or requests that we change that Personal Information, we will allow access or make the changes unless we consider that there is a sound reason under the Act or other relevant law to withhold the information, or not make the changes (see below for reasons why we may refuse access).
Individuals wishing to access their ‘Personnel’ Personal Information held by us, or request for it to be updated, should contact Human Resources. Before granting access to Personal Information the relevant record keeper may require evidence of identification or authority to access the individual's Personal Information.
Individuals wishing to access their ‘Community’ Personal Information held by us, or request for it to be updated, should write to:
Privacy Contact Officer
Future Fund Management Agency
Locked Bag 20010
MELBOURNE VIC 3001
Before granting access to Personal Information the relevant record keeper will require evidence of identification or authority to access the individual's Personal Information.
Reasons for refusing access to Personal Information held by us include:
i) We reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
ii) Giving access would have an unreasonable impact on the privacy of other individuals;
iii) The request for access is frivolous or vexatious;
iv) The information relates to existing or anticipated legal proceedings between us and the individual, and would not be accessible by the process of discovery in those proceedings;
v) Giving access would be unlawful;
vi) Denying access is required or authorised by or under an Australian law or a court/tribunal order;
vii) We have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
viii) Giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
ix) Giving access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process.
Individuals with a concern about the privacy of their Personal Information held by us should lodge their concern in writing to:
Privacy Contact Officer
Future Fund Management Agency
Locked Bag 20010
MELBOURNE VIC 3001
Individuals must ensure they provide contact details so we may respond to their concern in writing. This may be in the form of either a postal or email address.
Once your complaint is received we will assess it to make sure the complaint is about Personal Information of the individual and which we hold. We will then assess the complaint to see if it is something we can investigate.
If we decide to investigate we may request further information from the individual. We will forward all requests for information in writing.
Following completion of the investigation we will make a determination and respond to the individual in writing with details of the outcome. This will include any resolutions we have determined.
We will endeavour to complete all investigations within 30 days from receiving the complaint, however this may take longer depending on the details of the particular matter.
If our complaint process is unable to address an individual’s concern to their satisfaction they may choose to contact the Office of the Australian Information Commissioner by visiting www.oaic.gov.au or by calling 1300 363 992.