The Centre for Invasive Species Solutions is committed to the protection of privacy and is bound by applicable privacy and data protection legislation including the Australian Privacy Principles set out in the Privacy Act 1988 (Cth). Where necessary, the Centre will also comply with EU General Data Protection Regulation in relation to Personal Data (as defined below).
The Australian Privacy Principles are designed to protect the confidentiality of information and the privacy of individuals by regulating the way Personal Information is collected, used, disclosed and managed. Personal Information in this Policy is as defined in the Privacy Act and includes information or opinion about an individual who is identified or reasonably identifiable, regardless of how the information or opinion is recorded.
This Policy outlines CISS’ practices and policies for the collection, storage, use and management of Personal Information in connection with WeedScan, whether collected directly from the individual or indirectly from third parties.
In this Policy:
CISS means the Centre for Invasive Species Solutions.
GDPR means the EU General Data Protection Regulation together all other applicable EU laws and regulations governing the use of processing of Personal Data.
Privacy Act means the Privacy Act 1988 (Cth).
Privacy Law means the Privacy Act together with all other applicable Commonwealth, State and Territory laws relating to the protection of Personal Information or health information.
Personal Information means personal information (as defined in the Privacy Act and as set out below) collected, used and distributed in connection with WeedScan:
Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Personal Data means any information relating to an identified or identifiable natural person – one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.
Sensitive Information means Personal Information that is about:
- Racial, or ethnic origin
- Political opinions
- Membership of a political association
- Religious beliefs or affiliations
- Philosophical beliefs
- Membership of a professional or trade association
- Membership of a trade union
- Sexual preferences or practices
- Criminal record
- Education Information
- Health information
- Genetic information that is not otherwise health information.
User means an individual accessing WeedScan in order to make use of its services.
WeedScan means the WeedScan app and website developed by CISS and its partners and made available to the public for the identification and location of plant species (including invasive plant species) in Australia.
Our collection of Personal Information
Where necessary in the course of operating WeedScan, CISS may collect Personal Information about individual Users, including:
- Name and contact details (such as email, mobile number, home state and home LGA) - where practicable, CISS will allow Users to use a pseudonym.
- Location – this will be automatically generated by WeedScan in conjunction with the User’s device and the User may be required to give appropriate consent.
- Date and time - this will be automatically generated by WeedScan in conjunction with the User’s device, or manually entered by the User. The User may be required to give appropriate consent.
In addition, WeedScan may take and upload images from a User’s mobile device to aid in weed species identification and may request the User to suggest a species identification from WeedScan’s priority species list.
CISS will never collect Sensitive Information in connection with WeedScan.
CISS will generally only collect Personal Information about a User directly from that User. However, in some circumstances CISS may also need to collect Personal Information from a third party such as a User’s employer.
How and why does CISS collect, use and disclose Personal Information?
CISS will collect, use and disclose Personal Information to:
- identify plant species and locate invasive plant species in Australia in order to alert relevant authorities to the existence of a declared weed and to permit appropriate action to be taken. This is the primary purpose for which CISS will collect, use and disclosePersonal Information and other information.
- publish species identification and truncated location data on invasive species via WeedScan and associated websites
- contact the User or a third party such as the User’s employer to collect further necessary information (which may or may not include further Personal Information)
- monitor and improve Users’ interaction with WeedScan
- monitor and improve WeedScan’s operation and accuracy
- keep necessary records of WeedScan’s results
- pass necessary details to Commonwealth, State or Territory agencies or third parties to take appropriate action in respect of invasive plant species
- publish information (such as publications, promotional resources, subscriptions, training materials and products) to research, educational and training organisations and professionals
- coordinate and collaborate in research development and extension services provided by CISS and its partners
- enable contractors or service providers to provide services such as IT service to CISS
- perform its corporate and contractual obligations.
CISS may also disclose Personal Information where it is required or authorised to do so by law. This includes where we consider disclosure is reasonably necessary to avoid serious risks to health or safety or for the investigation of unlawful or seriously improper conduct, or where we are required to disclose by the order of a court or tribunal.
A User’s Personal Information may be stored and used for WeedScan internal operation and administration but will not be made available to third parties (including via the WeedScan app) without the User’s specific consent.
CISS does not supply, sell or rent Personal Information to unrelated third parties for the purpose of marketing those third parties’ products or services. CISS may send Users information from time to time about its own activities, programs and services and Users may unsubscribe from such information at any time using the appropriate links or by contacting the CISS Office Manager, Building 22, University of Canberra, Bruce ACT 2617 or Communications@invasives.com.au .
CISS uses contracted IT service providers who may store Personal Information in or route Personal Information through servers and or data storage facilities located outside Australia, which may include Asia and the United States.
Protecting Personal Information
CISS takes reasonable steps to protect Personal Information from misuse and loss and from unauthorised access, modification or disclosure. CISS maintains appropriate physical, technical and administrative security measures and safeguards, and ensures that its contractors and service providers do the same.
Website and app analytics
To improve WeedScan’s operation and User experience, we may use tracking and analytical software including ‘cookies’. This will not contain Personal Information about Users (although it may identify devices etc) and Users may set their system settings to block such software.
Where WeedScan or any related website contain links to other websites, CISS is not responsible for the privacy practices of these other websites and Users should refer to these websites’ privacy policies.
CISS may also use interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If Users choose to “like” or “share” information from WeedScan or CISS websites through these services, they should review those service’s privacy policies.
Access and correction
At any time, Users can advise CISS of changes to their Personal Information.
Users have the right to ask for access to their Personal Information held by CISS, and to request that inaccuracies are corrected and that Personal Information is withdrawn. There are some exceptions to this set out in the Privacy Act.
A User making a request may be asked to verify their identify and specify their request. CISS may ask for the reason for the request in order to comply with it most effectively, however Users need not provide one.
Updates to this Policy
This Policy may be reviewed from time to time e.g. to take account of new laws and technology, and changes to CISS operations, practices or procedures.
Complaints about Privacy
Where Users are concerned that:
- CISS have not complied with applicable privacy laws
- their Personal Information is not properly protected
- there has been a breach or potential breach of this Policy or the Privacy Act
please contact the CISS Office Manager Building 22, University of Canberra, Bruce ACT 02 6201 2887 or Communications@invasives.com.au to lodge a complaint. All complaints will be addressed in accordance with the CISS Complaint / Dispute Policy and CISS will make a genuine attempt to negotiate a resolution. Users will be notified of the process for dealing with their complaint.
If Users are not satisfied with the resolution of their complaint to CISS, please contact the Office of the Australian Information Commissioner (OAIC) at oaic.com.au/privacy. The OAIC may investigate complaints and has the power to award compensation against CISS in appropriate circumstances.