Privacy notice

Changes to our Privacy notice

From October 2024, how we store and use your information in the Export Service has changed. We now use audit logs to keep information you share with us more secure.

How we manage information under the Export Control Act 2020 has also changed. This includes changes to what is ‘protected information’ and introduces ‘relevant information’.

We've updated our Privacy notice with these changes.

How we store and use your personal information in the Export Service.

The Department of Agriculture, Fisheries and Forestry collects your information including personal and sensitive information, as defined in the Privacy Act 1988 (Cth). This is in relation to the Export Service (the Export Service).

We do this for the purposes of administering your Export Service account for the Export Service, assessing applications you submit through the service and related purposes.

Your personal information will be used and stored in accordance with the Australian Privacy Principles in the Privacy Act 1988, opens in a new tab (Cth).

Administration of your account

The department collects, uses and discloses personal information to operate the Export Service. This includes, but is not limited to:

  • enabling you to sign in to your Export Service account using your myID and Relationship Authorisation Manager (RAM)
  • ensuring you are authorised to access the Export Service on behalf of your business or organisation
  • providing access to your messages via the Export Service
  • enabling you to use the Export Service to update your details with the department
  • viewing information on your dashboard.

The department will also collect limited personal information about you each time you access and use the Export Service. We store this in audit logs. This is used to ensure that your access to the Export Service is appropriate, through auditing and security monitoring. 

The department may share this information with our service providers. This is so we can receive technical and product support and other services.

myID and RAM

When you sign in to the Export Service using your myID, the administrator of the myID and RAM solutions (the Australian Taxation Office, as part of the Australian Government Digital ID System) will provide us with your:

  • name
  • date of birth
  • email address
  • information about the permissions your business or organisation has given you.

The department will use this personal information to confirm your identity and give you access to the Export Service, and to allow you to use the Export Service to take actions for your business or organisation. Your access on behalf of a business or organisation will depend on the permissions granted to you by that business in RAM or the Export Service.

For more information about the collection, use and disclosure of your personal information by the Australian Taxation Office in connection with the myID and RAM solutions, see the myID Privacy Notice, opens in a new tab and the RAM Privacy Notice., opens in a new tab

Applications submitted through the Export Service

The department is authorised under the Export Control Act 2020 (Cth) (Export Control Act) to assess your application and related purposes. Information collected by the department for this purpose is ‘relevant information’, and may be ‘protected information’, as defined in the Export Control Act, and will only be used or disclosed as authorised under the Export Control Act.

For example, your personal information may be disclosed to relevant employees within your business or organisation for the purpose of approving your licence and to maintain the currency of your personal information for the purpose of the licence.

The department may also disclose your personal information to a foreign country’s relevant authorities where it is necessary for:

  • the export of goods
  • management of Australia’s international trade relations, or
  • giving effect to Australia’s international obligations.

The department has not taken steps to ensure that the relevant authorities in the importing country do not breach the Australian Privacy Principles. Relevant authorities in the importing country may not be subject to any privacy obligations or to any principles similar to the Australian Privacy Principles. This means that:

  • relevant authorities in the importing country will not be accountable under the Privacy Act
  • you will not be able to seek redress under the Privacy Act
  • you may not be able to seek redress in the overseas jurisdiction.

Important definitions

'Personal information' is defined in the Privacy Act 1988 (Cth) and means any information or opinion about an identified, or reasonably identifiable, individual. Personal information may include your: 

  • name 
  • signature 
  • address 
  • phone number 
  • date of birth.  

'Sensitive personal information' is also defined in the Privacy Act 1988 (Cth) as a subset of personal information. It means any information or opinion about an individual's racial or ethnic origin, political opinion or association, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices, trade or professional associations and memberships, union membership, criminal record, health or genetic information and biometric information or templates.

‘Relevant information’ under the Export Control Act includes information collected by the department in the course of performing functions or exercising powers under the Export Control Act.

‘Protected information’ is also defined in the Export Control Act. It is a subset of relevant information (including some relevant information that is commercially sensitive).

Further privacy information and contacts

You can learn more about accessing or correcting personal information or making a complaint. For more information, see our Privacy, opens in a new tab policy.

Email: privacy@aff.gov.au.