Privacy statement

We respect your privacy

CASA is committed to respecting your right to privacy and protecting your personal information. We are bound by the Privacy Act 1988, and our staff are trained to respect your privacy in accordance with our standards, policies and procedures.

For more information you can read our privacy policy. The information in this policy changes from time to time.

This following list explains what sort of information we collect when you go to our website and how we use it.

• The information we collect
• Emailing us
• Third party services
• How we use your information
• Login accounts
• What CASA does with your personal licensing information
• Permission to contact you
• Securing your information
• Disclaimer
• Contacts
• Complaints about breaching your privacy

By using our website, you consent to us using your information in accordance with this document.

Disclosing personal information

Before CASA discloses personal information to a person, CASA will take reasonable steps to verify that persons identity.

1. If communicating with an authorisation holder, whether by telephone or email, a CASA officer will verify the person’s identity by obtaining their ARN number, current address and date of birth if personal information about the person is proposed to be disclosed – upon provision of this information, CASA will cross reference it against information held by CASA in its licensing database.
2. If communicating with a member of the public, whether by telephone or email, CASA will verify their identity in some way (for example, if their only contact with CASA was by email, it could be to ask for the email address).

The information we collect

Each time you visit CASA’s website, our web server collects the following information:

• your server address
• top level domain name (e.g.: .com, .gov, .au)
• the type of browser and operating system you used
• date and time of your visit
• the previous site visited
• which pages are accessed
• the time spent on individual pages and the site overall, and
• which files were downloaded.

We use this information to monitor our website's usage statistics.

We don’t identify individual users or their browsing activities except in the unlikely event of an irregularity that requires further official enquiries by our IT security advisor. A law enforcement agency may use their legal authority to inspect our service provider's log files. In some areas of the site we use technology called cookies when you visit our site. Cookies are small pieces of information which can be stored on your hard drive or in memory. They can record information about your visit to the site, allowing it to remember you next time you visit and provide a more meaningful experience.

The cookies we send to your computer can’t read your hard drive, gather any information from your browser or command your computer to perform any action. They can’t be sent to another site or be retrieved by any site other than CASA.

Emailing us

We will only record your email address if you send us a message. Your address will only be used for the purpose for which you provided, and not for any other purpose. It won’t be disclosed without your consent.

All correspondence and comments supplied to CASA will be stored for a period of time as set down in CASA's record authority.

Third party services

Citizen Space

We have an online consultation hub and the technology behind this service (Citizen Space) and its operation is provided by Delib. Please read the CASA Consultation Hub privacy policy for more information.

Google maps

This service uses the Google Maps Application Programming Interface (API) to embed google maps. Google maps uses first-party cookies and JavaScript code to help analyse how users use the service. It anonymously tracks how our visitors interact with the service, including where they came from, what they did with the service and, in the case of mobile applications or services, your geographic location, using GPS signals sent by a mobile device.

The information generated by the cookie about your use of the service, including your IP address, will be transmitted to and stored by google on servers in the United States.

Google will use this information for reporting on activity and usage. You can refuse the use of cookies or GPS by selecting the appropriate settings on your browser or mobile device.

Google analytics

In addition to web server logs, we also use Google analytics which is a web analytics service provided by Google. We use the information from Google analytics to help improve our website.

Google analytics uses cookies to help analyse how users use the site. The information generated by the cookie about your use of the service, including your IP address, will be transmitted to and stored by Google on servers in the United States.

Google use this information to evaluate how you use our website, including website activity and the services relating to website activity and internet usage. Google may transfer this information to third parties where required by law, or where third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

See Google's privacy policy for more information.

Online Store

Our online store is managed by BRN Benchmark Pty Ltd and is hosted by Shopify Inc. See the online store's privacy statement for more information.

YouTube

We use YouTube, owned by Google, for the embedded display of video material and captions. The information collected about your use of the YouTube video service will be transmitted to and stored by Google on servers in the United States. Google will use this information to report on video activity, for development and improvement purposes. You may refuse to provide this information by not viewing videos presented via YouTube’s service.

Swift Digital

We use Swift Digital, an online marketing platform service provider to send and manage emails. In using this service, the company may collect personal information which may contain email addresses and other information to be used for the distribution of email campaigns and other important information.

All information collected using the Swift Digital service is the property of the Civil Aviation Safety Authority and is never shared or used by third parties.

Swift Digital maintains your data in compliance with Australia's SPAM ACT 2003 and Australian Privacy Provisions.

All data is maintained within Australia and never leaves Australian jurisdiction. Where stipulated data is encrypted in transit using SSL connections. All data stored via Swift Digital is encrypted at rest.

Should you wish to contact Swift Digital, you can find contact details on the website and view their privacy policy.

How we use your information

The type of information we collect from you will depend on what online services you use. When you subscribe to a mailing list, we use your e-mail address to send information on the topics you nominated. We may also use your email address to send regular communications about aviation safety information.

When responding to items displayed in our website we may request (for example, in an order form), and you may provide personal information such as your name and address, email address and contact phone numbers. In the forms we will usually tell you how we use the personal information we collect, who we give access to that information and how you can access it, if we have retained it.

We will only record your e-mail address if you send us a message or enter it into a form on our site. It will only be used for the purpose for which you have provided it and we will not disclose it without your consent.

Publication of authorisation holder details

CASA may publish details about authorisation holders. This may include publishing:

1. the name of the holder
2. the address of the holder
3. the type of authorisation held by the holder including a copy of the authorisation, or a summary of it.

Login Accounts

Some areas of our websites are restricted to users with login accounts. Additional information may be collected when creating accounts for these areas. Access to these areas will be associated with the user account used to login. Information on the user account stored in these areas is protected by the login name and password assigned by the user.

What CASA does with your personal licensing information?

The way we use and disclose any information you provide for aircraft registration, aviation medical certification and licensing applications is limited by the Privacy Act.

We use this information internally for the purposes of its functions under the Civil Aviation Act 1988 and the Aviation Transport Security Act 2004.

We disclose name and address details to mailing houses and other contractors disseminating information on CASA’s behalf. We may use this information for research and analysis into matters affecting aviation safety.

Where we collect information for personnel licensing and security identity document applications, we will use it for licensing, identity and security checking purposes. We may disclose this information as part of our accountability obligations to the Government and to Parliament. We may also disclose it to the following government agencies for the following purposes:

• Department of Infrastructure and Transport for aviation safety and security purposes, and for research, statistical analysis, economic modelling, and other policy development purposes
• Australian Transport Safety Bureau (ATSB) for investigating aviation accidents and incidents, and for research into matters affecting aviation safety
• Australian Security and Intelligence Organisation, Australian Federal Police, Attorney General's Department and the Department of Immigration and Border Control, for aviation security purposes
• Airservices Australia for air traffic management, and
• Australian Maritime Safety Authority for search and rescue purposes.

We may also disclose this information to the national aviation authority of another country to check claims made in the application, or for enforcement purposes. That authority may also provide this information to the national aviation authority of another country if requested for genuine aviation safety or security purposes.

We also disclose personal information in compliance with mandatory legal requirements, for example, in response to notices of production from the ATSB or by court order.

Permission to contact you

If you do not want to receive further mailing list emails from us, you can do this by contacting the CASA webmaster or using the ‘unsubscribe’ link in any of our mailing list emails.

Where you contact us by email or through our websites, we may respond by email. In some cases, we may include personal information we hold in our response. You should be aware that internet email has associated risks including potential for non-delivery, interception or modification.

Securing your information

To protect your information from misuse, we store it using multiple firewalls, secure passwords and sign in processes.

Privacy impact assessment register

We conduct a privacy impact assessment (PIA) for all high privacy risk projects. A project may be a high privacy risk if it has a significant impact on a person's privacy.

Making a complaint

If you believe we have breached your privacy, you can make a written complaint to our privacy contact officer using the contact details below. We will respond within 30 days of receiving your complaint.

You can also contact the privacy contact officer if you have any questions about this privacy statement or any privacy concerns.

Contact details

• You can call us on 131 757 within Australia, or +61262171111 outside Australia.
• You can send any queries or complaints about privacy to privacy@casa.gov.au
• Under the Privacy Act you can complain to the Office of the Australian Information Commissioner (OAIC) about how we have handled your personal information. However, before complaining to the OAIC, you will generally need to complain to us first and allow us 30 days to respond.