Privacy statement

We are committed to respecting your right to privacy and protecting your personal information. We are bound by the Privacy Act 1988 including the Australian Privacy Principles, and our staff are required to respect your privacy in accordance with our standards, policies and procedures. We collect information that is necessary and directly related to our functions or responsibilities. We may collect additional information in support of enhancing our interaction with you and to improve our services.

This Privacy Statement sets out our roles and responsibilities in accordance with these Australian Privacy Principles. For more information you can read our  Privacy policy (pdf 164.04 KB) applicable to all of our staff. The information in this policy changes from time to time.

By using our website, you consent to us using your information in accordance with this statement.

The information we collect

We may collect personal information directly from you, your representative or a third party. This information may be collected through paper-based forms, online web-based forms, email, telephone contact, or other correspondence with us. The information we collect and hold is necessary for, or directly related to, our functions and duties as a regulatory authority. The kinds of information include:

• applications for authorisations, such as licences, permits and certificates, that we are empowered to grant under civil aviation legislation as our regulatory function
• correspondence from aviation industry participants that we regulate, members of the public or government ministers and officials
• research and surveys conducted by us to monitor industry developments and review service delivery and performance
• information related to your financial affairs such as payment details and financial checks
• contractual, tender and submission documentation
• enforcement processes, litigation and court proceedings
• complaints and other feedback provided to us
• requests for access to information under the Freedom of Information Act 1982
• staffing, employment and personnel matters.

We may also collect the following sensitive personal information:

• biometrics such as photographs, voice or video recordings of you
• your medical and health records directly related to our licensing regulatory functions.

Collection through our website

Our website is hosted on a whole-of-government platform managed by the Department of Finance, called GovCMS.

Each time you visit our website, the following information is collected:

• your server address
• top level domain name (eg .com, .gov, .au)
• the type of browser and operating system you used
• date and time of your visit
• the previous site visited
• which pages are accessed
• the time spent on individual pages and the site overall
• which files were downloaded.

This information is recorded for statistical purposes and is used by us to monitor the use of the website and to make improvements.

This information does not identify you personally. We may use information we have collected to provide targeted advertising to you.

We don't identify individual users or their browsing activities except in the unlikely event of an irregularity that requires further official enquiries. A law enforcement agency may use their legal authority to inspect our service provider's log files.

Cookies

A cookie is an electronic token that is passed to your browser when you access a website, typically used to store preferences. This site may use cookies. They can record information about your visit to the site, allowing it to remember you next time you visit and provide a more meaningful experience. We also use similar technology such as pixels or tracking tags which interact with the information generated by the cookie and which may be transmitted in an encrypted manner and stored for limited periods by Facebook, LinkedIn and Google outside of CASA's web server. You may opt-out of tracking for advertising by customising the ads settings on your Facebook, LinkedIn or Google account. If you prefer to not receive or store cookies on your website browser, you can change the settings of your browser. However, this may affect the full functionality of our website.

The Department of Finance may, in its role as our service provider, collect and use website analytics. This includes being able to access visitor information for the purposes of providing website services to us.

Emailing us

We will only record your e‑mail address if you send us a message. Your address will only be used for the purpose for which you provided, and not for any other purpose. It won't be disclosed without your consent.

All correspondence and comments supplied to CASA will be stored for a period of time as set down in CASA's record authority.

Contacting us anonymously

For some interactions with us, you may be able to remain anonymous or use a pseudonym (for example, if contacting CASA in relation to a potential aviation safety breach). This will not be possible for other interactions, such as when we assess your eligibility or application for a civil aviation authorisation where you are required to provide certain personal information. If you contact us anonymously, we may require other kinds of non-identifying information to help us accurately understand or verify the subject of your enquiry.

Third party services

Citizen Space

We have an online consultation hub and the technology behind this service (Citizen Space) and its operation is provided by Delib. Please refer to the CASA Consultation Hub privacy policy.

Google products

We use third party services such as Google maps, Google analytics and YouTube. Some services such as YouTube have embedded display of video material and captions on our website.

Google products may use cookies and other information to track and see how users interact with their services. The information generated by the cookie about your use of the service, including your IP address, will be transmitted to and stored by Google on servers in the United States.

Google use this information to evaluate how you use our website, including website activity and the services relating to website activity and internet usage. Google may transfer this information to third parties where required by law, or where third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

See Google's privacy policy.

Online Store

Our online store is managed by BRN Benchmark Pty Ltd and is hosted by Shopify Inc. See the online store's privacy statement.

Swift Digital

We use Swift Digital, an online marketing platform service provider to send and manage emails. In using this service, the company may collect personal information which may contain email addresses and other information to be used for the distribution of email campaigns and other important information.

All information collected using the Swift Digital service is the property of the Civil Aviation Safety Authority and is never shared or used by third parties.

Swift Digital maintains your data in compliance with Australia's Spam Act 2003 and Australian privacy requirements.

All data is maintained within Australia and never leaves Australian jurisdiction. Where stipulated, data is encrypted in transit using SSL connections. All data stored via Swift Digital is encrypted at rest.

Should you wish to contact Swift Digital, you can find contact details on the website and view Swift Digital's privacy policy.

How we use your information

We use or disclose information for the primary purpose for which it was collected unless you consent to another use, which may be given during the collection of that information. There are limited circumstances where we may use or disclose information for a secondary purpose in accordance with the Australian Privacy Principles.

The type of information we collect from you will depend on what online services you use.

When you provide information through our website (for example, through an online form), we may prompt you to provide personal information such as your name and address, email address and contact phone numbers. In the forms we will usually tell you how we use the personal information we collect, who can access to that information and how you can access it, if we have retained it.

Disclosing personal information

Before we disclose personal information to a person, we will take reasonable steps to verify that person's identity.

If communicating with you, or with an authorisation holder about a matter that concerns you, we may ask for information to verify your identity (for example, details of your ARN number, current address and date of birth). We may cross‑reference these details against information held in our licensing database.

If communicating with a member of the public about a matter that concerns you, we may ask the member to verify your identity in some way (for example, if your only contact with us was by email, it could be to ask for your address and the general content of your email).

Access and correction of personal information

You may request access to personal information that we hold. Your request will need to describe the context in which we collected that information so that we can locate it. We will require you to provide proof of identity before confirming that we hold, or before we allow access to, your personal information. Requests may be sent by email to privacy@casa.gov.au.

Publication of authorisation holder details

We may publish details about authorisation holders. This may include publishing:

• the holder's name and address
• the type of authorisation held, including a copy or summary of the authorisation.

Login accounts

Some of our online services are restricted to users with login accounts. Additional information may be collected when creating accounts for these areas. Access to these areas will be associated with the user account used to login. Information on the user account stored in these areas is protected by the login name and password assigned by the user.

Your personal licensing information

The way we use and disclose any information you provide for aircraft registration, aviation medical certification and licensing applications is limited by the Privacy Act 1988.

We use this information internally for the purposes of our functions under the Civil Aviation Act 1988 and the Aviation Transport Security Act 2004.

We disclose name and address details to mailing houses and other contractors disseminating information on our behalf. We may use this information for research and analysis into matters affecting aviation safety.

Where we collect information for personnel licensing and security identity document applications, we will use it for licensing, identity and security checking purposes. We may disclose this information as part of our accountability obligations to the Government and to Parliament. We may also disclose it to any of the following government agencies for the following purposes:

• the Department of Infrastructure, Transport, Regional Development and Communications, for aviation safety and security purposes, and for research, statistical analysis, economic modelling, and other policy development purposes
• the Australian Transport Safety Bureau (ATSB) for investigating aviation accidents and incidents, and for research into matters affecting aviation safety
• the Australian Security and Intelligence Organisation, Australian Federal Police, Attorney General's Department and the Department of Immigration and Border Control, for aviation security purposes
• Airservices Australia, for air traffic management
• the Australian Maritime Safety Authority, for search and rescue purposes.

We may also disclose this information to the national aviation authority of another country to check claims made in the application, or for enforcement purposes. That authority may also provide this information to the national aviation authority of another country if requested for genuine aviation safety or security purposes.

We also disclose personal information in compliance with mandatory legal requirements, for example, in response to notices of production from the ATSB or by court order.

Permission to contact you

If you do not want to receive further mailing list emails from us, you can do this by contacting the CASA webmaster or using the 'unsubscribe' link in any of our mailing list emails.

Where you contact us by email or through our websites, we may respond by email. In some cases, we may include personal information we hold in our response. You should be aware that email has associated risks including potential for non-delivery, interception or modification.

Securing your information

To protect your information from misuse, we store it using multiple firewalls, secure passwords and sign in processes.

Privacy impact assessment register

We conduct a privacy impact assessment (PIA) for all high privacy risk projects. A project may be a high privacy risk if it has a significant impact on a person's privacy.

Making a complaint

If you believe we have breached your privacy, you can make a written complaint to our privacy contact officer using the contact details below. We will respond within 30 days of receiving your complaint.

You can also contact the privacy contact officer if you have any questions about this privacy statement or any privacy concerns.

Contact details

You can call us on 131 757 within Australia, or +61262171111 outside Australia.

You can send any queries or complaints about privacy to privacy@casa.gov.au

Under the Privacy Act you can complain to the Office of the Australian Information Commissioner (OAIC) about how we have handled your personal information. However, before complaining to the OAIC, you will generally need to complain to us first and allow us 30 days to respond.