Privacy Policy


In this Privacy Policy, “Data61” refers to National ICT Australia Limited (ABN 62 102 206 173).

“We”, “Us” and “Our” refer collectively to “Data61” and its Related Companies.

“Related Company” and “Related Companies” refers to Data61’s related bodies corporate, including:

  • Coviu Pty Ltd (ACN 601 027 570),
  • Goanna Software Pty Ltd (ABN 63 136 479 448),
  • In.Fact Analytics Pty Ltd (ABN 85 600 107 239),
  • Informed Structures Pty Ltd (ABN 55 161 274 684),
  • Data61 IPR Pty Limited (ABN 33 118 121 387),
  • Data61 Logistics Pty Ltd (ABN 68 600 107 168),
  • Personal MAGIC Pty Ltd (ABN 28 600 616 948), and
  • UserMetrix Pty Ltd (ABN 67 136 479 466).

We are committed to protecting your privacy in accordance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (“Privacy Act”).

Our Privacy Policy provides you with information about how “personal information” may be collected, accessed, used, stored, disclosed or otherwise handled by Data61 and its Related Companies.

In some cases a Related Company may also provide you with additional information about how it handles personal information. Please refer to the Related Company
websites listed above for further information.

1. What is “personal information”?

“Personal information” is defined in the Privacy Act to mean any “information or an opinion about an identified individual, or an individual who is reasonably identifiable”:

  • whether the information is true or not, and
  • whether the information or opinion is recorded in a material form or not.

What constitutes personal information will vary, depending on whether an individual can be identified or is reasonably identifiable in the particular circumstances.

Information that includes a person’s first name, mailing address, telephone number, title or e-mail address may be personal information, for example.

In this Privacy Policy we also use the term “sensitive information”. Sensitive information includes personal information relating to health, as well other kinds of personal information to which higher standards apply under the Privacy Act.

2. Purposes for which we may collect and use personal information

We collect personal information when reasonably necessary for one or more of our functions or activities. Purposes for which we collect, hold, disclose and otherwise use personal information include, but are not limited to, the following:

  • for research purposes,
  • to provide information, goods or services to you,
  • to promote and market Data61 and its Related Companies, including their people and activities, to you,
  • to provide statistical information (not including personal information) to government and other organisations,
  • to assess, receive, manage or terminate receipt of goods or services from you or the organisation which employs you,
  • to assess, manage and terminate scholarships and sponsorships (including applications and proposals),
  • to assess, manage and terminate joint ventures and collaborative projects,
  • to administer and improve the performance of our websites,
  • to support due diligence investigations, such as by a prospective purchaser of one of our Related Companies, and
  • as required by law.

Our practices in relation to electronic mailing lists
We do not send “commercial electronic messages” by email, SMS or other means unless the relevant electronic account holder consents or we are otherwise permitted to send them under the Spam Act 2003 (Cth). We include certain information about ourselves and an unsubscribe facility in any commercial electronic messages that we send.

If you provide your email address to us via one of our websites (for instance, by sending an electronic message or by completing a web form), we will only use your email address for the purposes for which you provided it or agreed it may be used. Your email address will not be subscribed to a mailing list without your consent. If you subscribe to one of our mailing lists, you will be sent a confirmation message before your email address is added to that mailing list.

3. How we collect personal information

If we collect personal information about you we will take reasonable steps to notify you or to ensure your awareness of at least the following:

  • our identity and contact details,
  • the facts and circumstances of collection,
  • whether collection is required or authorised by law,
  • the purposes of collection,
  • the consequences if personal information is not collected,
  • our usual disclosures of personal information of the kind collected,
  • information about this Privacy Policy, and
  • whether we are likely to disclose personal information about you to overseas recipients, and if practicable, the countries where they are located.

We may collect personal information about you in a number of ways, including:

  • directly from you, such as when you provide information by phone or in a form, or when you submit your personal details through our websites;
  • from third parties, such our partners and Data61’s members, credit reporting agencies or your representatives; or
  • from publicly available sources of information.

Sensitive information

We will collect sensitive information only with the consent of the individuals concerned, subject to limited exceptions permitted by the Privacy Act.

For example, if it is impracticable to obtain consent, we may collect and use health information for research purposes relevant to public health or public safety in accordance with the guidelines approved under section 95A of the Privacy Act. The guidelines require (among other things) obtaining an ethics approval from a human research ethics committee that is constituted and functioning in accordance with the National Statement of Ethical Conduct in Research Involving Humans.

Anonymity and pseudonymity

You can interact with us anonymously or by using a pseudonym when it is lawful and practicable to do so.

For example, you may be able to provide comments or make certain inquiries anonymously or by using a pseudonym. However, if you choose to remain anonymous or use a pseudonym, it may be impracticable for us to respond to some inquiries (e.g. investigate a complaint) without knowing your identity.

Where you interact with us via one of our websites, we may automatically collect various connection parameters, such as your IP address and details about your internet service provider, in order to administer and improve the performance of the website. If the website uses “cookies” you may choose to configure your web browser to access our websites without accepting the cookies, but it may reduce your user experience and require you re-enter certain information from time to time.

4. How we hold personal information

We will take reasonable steps to protect any personal information that we hold from misuse, loss, unauthorised access, modification or disclosure. We will also take reasonable steps to destroy or permanently de-identify personal information that is no longer needed for the purpose for which the information was collected.

Your personal information may be stored in hardcopy documents, as electronic data, in our internal software or systems, or using a third party under an outsourced arrangement for data storage or backup.

Our practices in relation to emails

Data61’s IT Department logs and stores email messages by capturing each email log file on a mail server. The details captured are date, sender, receiver, subject, size of email message, routing information and group that the sender belongs to. This information may be stored on a server for up to 10 years, after which time it is deleted. This information may be “de-identified” (so that it is no longer personal information) and then used in its de-identified form for internal research purposes and aesthetic purposes approved through applicable Data61 processes. Further, if an investigation is necessary, Data61, a law enforcement agency or other government agency may inspect the above information for the purposes of the investigation. We do not otherwise use or disclose the above information except in accordance with applicable laws, including the Privacy Act.

5. Disclosure of personal information

Data61 and its Related Companies may disclose your personal information (including to each other) for the primary purpose for which it was collected, for a related purpose as you would reasonably expect, with your consent, or otherwise as required or authorised by law.

For example, we may disclose your personal information to:

  • our professional advisors including our accountants, auditors and lawyers,
  • your authorised representatives or legal advisors (e.g. when requested by you to do so),
  • credit-reporting and fraud-checking agencies,
  • third parties to whom we have outsourced various business functions,
  • Government and regulatory authorities and other organisations, as required or authorised by law,
  • Data61’s members,
  • companies which “spin out” from Data61 to commercialise our research outcomes, and
  • our partners or other third parties who assist us in achieving the purpose for which the information was collected.

In general, we are not likely to disclose your personal information to overseas recipients, although we may from time to time engage, under an outsourcing arrangement, the data storage or backup services of a cloud service provider that hosts (or may host) data outside of Australia.

In some cases we may also expressly seek your consent to disclose your personal information to an overseas recipient, for the purpose of excluding any potential liability to you for acts or practices done by the overseas recipient in breach of applicable Australian Privacy Principles.

6. How to access and correct your personal information

You have a right under the Privacy Act to request access to your personal information, and to request its correction.

We will provide you with access to personal information that we hold about you, subject to any exceptions allowed by law. We may charge you for providing access, but the charge (if any) will not be excessive and we will never charge you for making a request for access.

If you are aware that personal information which we hold about you is inaccurate, incomplete or out-of-date, please contact us and we will take reasonable steps to correct the information or, if necessary, to associate a statement that the personal information is inaccurate, out-of-date, incomplete, irrelevant or misleading, in such a way that will make the statement apparent to users of the personal information.

We will also respond to each request within a reasonable period after it is made. If we do not provide access or make corrections as requested, then we will notify you of our reasons except to the extent that it would be unreasonable to do so.

7. Updates to this Privacy Policy

We may change or modify this Privacy Policy from time to time. We encourage you to check our websites regularly for updates.

8. How to contact us

For any matter relating to this Privacy Policy or your personal information, including if you wish to complain about a breach of the Australian Privacy Principles, please contact:

Privacy Officer
Postal Address:
Locked Bag 9013
Alexandria NSW 1435
Phone: +61 2 9376 2300

We will respond to you, and we will try to resolve any complaints, as soon as possible.

To opt out of receiving marketing communications from Data61, such as via a mailing list or other information stream, please send an email to, or by calling Data61’s Communications Manager on +61 2 9376 2300.