1.1 The Future Fund Management Agency (Agency), Future Fund Board of Guardians (Board) and Australian wholly owned subsidiary companies (Subsidiaries) (together, we, us, our) are committed to ensuring that all Personal Information and Sensitive Information is collected is handled in accordance with the Australian Privacy Principles outlined in the Privacy Act 1988 (Cth) (the Act). These principles provide a legal framework for the management of Personal Information and Sensitive Information collected from individuals by Australian Government agencies and businesses.
2. Key definitions
2.1 “Personal Details” includes: full name, date of birth, current and past addresses, telephone numbers and email addresses.
2.2 “Personal Information”, for the purposes of the Act, is information or an opinion about an identified individual, or an individual who is reasonably identifiable:
i) whether the information or opinion is true or not; and
ii) whether the information or opinion is recorded in a material form or not.
2.3 “Sensitive Information”, as defined in the Act, is:
i) information or an opinion (that is also Personal Information) about an individual's:
- racial or ethnic origin;
- political opinions;
- membership of a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership of a professional trade association;
- membership of a trade union;
- sexual preferences or practices;
- criminal record;
ii) health information about an individual;
iii) genetic information about an individual that is not otherwise health information;
iv) biometric information that is to be used for the purposes of automated biometric verification or biometric identification; or
v) biometric templates.
3.1 We only collect Personal Information lawfully, fairly and for purposes which are related to our functions or activities, including those of the Board and Subsidiaries. Our functions are outlined on the Information Publication Scheme page of our website.
3.2 We generally collect Personal Information directly from you, but sometimes we might also collect your Personal Information from intermediaries such as recruitment agents, temporary personnel providers, investment managers and service providers.
3.3 The kinds of Personal Information we collect will generally be for a purpose which falls into one of the following two categories:
i) “Personnel”, including:
a) Workforce administration (including travel) – from potential and current workers, contractors and members of the Board, as part of recruitment, employment and administrative processes (including travel). This may include Sensitive Information.
Personal Information collected may include: Personal Details, payroll details (including tax file number and bank account), citizenship or visa information, passport details, qualifications and educational records, professional membership details, shareholdings in publically listed companies, company directorships or partnerships, paid or unpaid outside employment roles (including directorships) or services, investments in trusts or nominee companies, residential internet service provider bills, leave histories, medical information, travel histories and equal employment opportunity details;
b) Police records checks and security clearances – from potential and current workers and contractors as part of the recruitment, engagement and employment processes. This may include Sensitive Information.
Personal Information collected may include: Personal Details, place of birth, citizenship or visa information, copies of identification, criminal record and current security clearance details;
c) Office access – from potential and current workers and contractors in order to administer access to and from premises and buildings occupied by us. This may include Sensitive Information.
Information collected may include: Personal Details (as Personal Information) and biometric finger scan(s) (as Sensitive Information); and
d) Emergency contact details – from potential and current workers and contractors in order to maintain effective business continuity arrangements, and in case of an emergency.
Personal Information collected may include: Personal Details of nominated emergency contacts.
ii) “Community”, including:
a) Adding an individual to the website subscription mailing list
Personal Information collected may include Personal Details;
b) Corresponding with, and due diligence on, investment managers, service providers and other third parties
Personal Information collected for these investment management or related business purposes may include Personal Details of persons associated with those organisations;
c) Responding to correspondence or a request for information
Personal Information collected may include Personal Details; and
d) Information collected by our website software
Information collected may include: user’s IP address, URL accessed, access date and time, bytes transferred, operating system and browser information.
3.4 Some Personal Information we collect is required or authorised by an Australian law, or otherwise required so we may discharge our duties under an Australian law. These laws include:
i) Aboriginal and Torres Strait Islander Land and Sea Future Fund Act 2018 (Cth);
ii) Australian Public Service Commissioner's Directions 2016 (Cth);
iii) DisabilityCare Australia Fund Act 2013 (Cth);
iv) Emergency Response Fund Act 2019 (Cth);
v) Future Drought Fund Act 2019 (Cth);
vi) Future Fund Act 2006 (Cth);
vii) Medical Research Future Fund Act 2015 (Cth);
viii) Nation-building Funds Act 2008 (Cth);
ix) Public Governance, Performance and Accountability Act 2013 (Cth); and
x) Public Service Act 1999 (Cth).
3.5 There may be consequences if you do not provide us with certain “Personnel” related Personal Information or Sensitive Information. For example, we will not assess your application for employment without the required Personal Information and Sensitive Information. There will not be any serious consequences if you do not provide to us “Community” related Personal Information, although, for investment management and related purposes, we will usually require Personal Information from or relating to you if you are (or are employed by) investment managers, service providers and other third parties that we may deal with.
3.6 You can remain anonymous or use a pseudonym when dealing with us, except where we are collecting Personal Information for a “Personnel” or investment management related purpose. For example, when subscribing to our website subscription mailing list it is possible to use a pseudonym when prompted for a name.
4. Use and disclosure
4.1 Personal Information provided to us will only be used for the purpose for which it is collected and will not be disclosed to any other party, except in accordance with this Policy.
4.2 We may disclose Personal Information to our employees, Board members, contractors or service providers for the purposes of performing our functions or activities noted in section 3 above. These parties may include: police check firms, employee vetting firms, security firms, IT systems administrators, website hosting firms, content management firms, access gateway firms, travel providers, accountants, lawyers, investment managers, custodians, advisors, auditors, consultants and other government entities.
4.3 In addition to the above, we may also use and disclose Personal Information for another purpose, including giving it to another party, if:
i) you have consented;
ii) you would reasonably expect, or have been told, that information of that kind may be used or disclosed for another purpose, which is related to the primary purpose of collection;
iii) it is required or authorised by law;
iv) it will prevent or lessen a serious threat to somebody's life or health;
v) it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue; or
vi) it is otherwise permitted under the Act.
4.4 If we receive unsolicited Personal Information from you, we will only use that information for purposes which would be reasonably expected. For example, an unsolicited resume relating to you and provided to us will only be used to assess you for a possible position of employment.
4.5 We may disclose certain “Personnel” Personal Information we collect to overseas recipients. For example, when arranging the appropriate visas for employees travelling on official business, when arranging regulatory lodgements or when dealing with overseas based investment managers, entities and persons related to overseas investments, professional and other advisors located overseas and other bodies or persons connected with our overseas investment activities.
4.6 At some point in the future it is likely that Personal Information will be located on cloud services platforms operated by third party providers as part of the safe retention of our broader information databases. Third party service providers may also use cloud as part of their current information technology infrastructure.
4.7 Where Personal Information is stored overseas, we take reasonable steps to ensure that the overseas recipient of the information handles it in accordance with Australian privacy laws.
4.8 We may share Personal Information between the Agency, Board and Subsidiaries for the purposes stated in clause 3 above.
4.9 Where Personal Information is provided to other parties, those parties may use the information in accordance with their own privacy policies and applicable laws.
5. Quality and security
5.1 We take reasonable steps to ensure that the Personal Information we collect is accurate, up-to-date and complete. These steps include maintaining and updating your Personal Information when you advise us that your Personal Information has changed, and at other times as necessary.
5.2 We take reasonable steps to protect the Personal Information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse. We also have procedures to respond to any data breaches involving Personal Information should they occur.
5.3 All Personal Information is to be retained for a period of up to seven years. When no longer required Personal Information may be destroyed in a secure manner, or deleted in accordance with Commonwealth general records authorities and our records authority. Certain information may be required to be retained for a longer period and/or transferred to the National Archives of Australia.
6. Access and correction
6.1 You can request access to the Personal Information we hold about you. You can also request that we change the Personal Information we hold about you.
6.2 If you request access to your Personal Information, or ask that we change the Personal Information we hold about you, we will either allow you reasonable access or make the changes ourselves unless we consider that there is a sound reason under the Act or other relevant law to withhold the information, or else not make the changes (see below for reasons why we may refuse access).
6.3 If you wish to access ”Personnel” Personal Information held by us, or request for it to be updated, you should contact Human Resources. Before granting access to Personal Information, the relevant record keeper may require evidence of identification or authority for you to access your Personal Information.
6.4 If you wish to access ”Community” Personal Information held by us, or request for it to be updated, you should write to:
Future Fund Management Agency
Locked Bag 20010
MELBOURNE VIC 3001
Before granting access to Personal Information the relevant record keeper will require evidence of identification or authority for you to access your Personal Information.
6.5 Reasons for refusing access to Personal Information held by us include where we believe that:
i) giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
ii) giving access would have an unreasonable impact on the privacy of other individuals;
iii) the information relates to existing or anticipated legal proceedings between us and you, and would not be accessible by the process of discovery in those proceedings;
iv) giving access would be unlawful;
v) denying access is required or authorised by or under an Australian law or a court/tribunal order;
vi) we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
vii) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
viii) giving access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process.
7.1 If you have a concern about the privacy of your Personal Information held by us, you should lodge your concern in writing to:
Future Fund Management Agency
Locked Bag 20010
MELBOURNE VIC 3001
7.2 You must ensure that you provide contact details so that we may respond to your concern in writing. This may be in the form of either a postal or email address.
7.3 Once your complaint is received, we will assess it to make sure that the complaint is about your Personal Information, which we hold. We will then assess the complaint to see if it is something we can investigate.
7.4 If we decide to investigate, we may request further information from you. We will forward all requests for information in writing.
7.5 Following completion of the investigation, we will make a determination and respond to you, in writing, with details of the outcome. This will include any resolutions we have determined.
7.6 We will endeavour to complete all investigations within 30 calendar days from receiving the complaint. However, this may take longer depending on the details of the particular matter.
7.7 If our complaint process is unable to address your concern to your satisfaction, you may choose to contact the Office of the Australian Information Commissioner by visiting www.oaic.gov.au, or by calling 1300 363 992.