Our staff are required to respect your privacy in accordance with our standards, policies and procedures. We collect information that is necessary and directly related to our functions or responsibilities. We may collect additional information in support of enhancing our interaction with you and to improve our services.
This Privacy Statement sets out our roles and responsibilities in accordance with the Australian Privacy Principles. For more information you can read our
applicable to all of our staff. The information in this policy changes from time to time.
By using our website, you consent to us using your information in accordance with this statement.
The information we collect
We may collect personal information directly from you, your representative or a third party. This information may be collected through paper-based forms, online web-based forms, email, telephone contact, or other correspondence with us.
The information we collect and hold is necessary for, or directly related to, our functions and duties as a regulatory authority. The kinds of information include:
- applications for authorisations, such as licences, permits and certificates, that we are empowered to grant under civil aviation legislation as our regulatory function
- correspondence from aviation industry participants that we regulate, members of the public or government ministers and officials
- research and surveys conducted by us to monitor industry developments and review service delivery and performance
- information related to your financial affairs such as payment details and financial checks
- contractual, tender and submission documentation
- enforcement processes, litigation and court proceedings
- complaints and other feedback provided to us
- requests for access to information under the Freedom of Information Act 1982
- staffing, employment and personnel matters.
We may also collect the following sensitive personal information:
- biometrics such as photographs, voice or video recordings of you
- your medical and health records directly related to our licensing regulatory functions.
Collection through our website
Our website is hosted on a whole-of-government platform managed by the Department of Finance, called GovCMS.
Each time you visit our website, the following information is collected:
- your server address
- top level domain name (eg .com, .gov, .au)
- the type of browser and operating system you used
- date and time of your visit
- the previous site visited
- which pages are accessed
- the time spent on individual pages and the site overall
- which files were downloaded.
This information is recorded for statistical purposes and is used by us to monitor the use of the website and to make improvements.
This information does not identify you personally. We may use information we have collected to provide targeted advertising to you.
We don't identify individual users or their browsing activities except in the unlikely event of an irregularity that requires further official enquiries. A law enforcement agency may use their legal authority to inspect our service provider's log files.
We also use similar technology such as pixels or tracking tags which interact with the information generated by the cookie and which may be transmitted in an encrypted manner and stored for limited periods by Facebook, LinkedIn and Google outside of CASA's web server. You may opt-out of tracking for advertising by customising the ads settings on your Facebook, LinkedIn or Google account.
If you prefer to not receive or store cookies on your website browser, you can change the settings of your browser. However, this may affect the full functionality of our website.
The Department of Finance may, in its role as our service provider, collect and use website analytics. This includes being able to access visitor information for the purposes of providing website services to us.
We will only record your email address if you send us a message. Your address will only be used for the purpose for which you provided, and not for any other purpose. It won't be disclosed without your consent.
All correspondence and comments supplied to CASA will be stored for a period of time as set down in CASA's record authority.
Contacting us anonymously
For some interactions with us, you may be able to remain anonymous or use a pseudonym (for example, if contacting CASA in relation to a potential aviation safety breach).
This will not be possible for other interactions, such as when we assess your eligibility or application for a civil aviation authorisation where you are required to provide certain personal information.
If you contact us anonymously, we may require other kinds of non-identifying information to help us accurately understand or verify the subject of your enquiry.
Third party services
We use third party services such as Google maps, Google analytics and YouTube. Some services such as YouTube have embedded display of video material and captions on our website.
Google use this information to evaluate how you use our website, including website activity and the services relating to website activity and internet usage. Google may transfer this information to third parties where required by law, or where third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
Our online store is managed by BRN Benchmark Pty Ltd and is hosted by Shopify Inc. See the online store's privacy statement.
We use Swift Digital, an online marketing platform service provider to send and manage emails. In using this service, the company may collect personal information which may contain email addresses and other information to be used for the distribution of email campaigns and other important information.
All information collected using the Swift Digital service is the property of CASA and is never shared or used by third parties.
Swift Digital maintains your data in compliance with Australia's Spam Act 2003 and Australian privacy requirements.
All data is maintained within Australia and never leaves Australian jurisdiction. Where stipulated, data is encrypted in transit using SSL connections. All data stored via Swift Digital is encrypted at rest.
How we use your information
We use or disclose information for the primary purpose for which it was collected unless you consent to another use, which may be given during the collection of that information. There are limited circumstances where we may use or disclose information for a secondary purpose in accordance with the Australian Privacy Principles.
The type of information we collect from you will depend on what online services you use.
When you provide information through our website (for example, through an online form), we may prompt you to provide personal information such as your name and address, email address and contact phone numbers. In the forms we will usually tell you how we use the personal information we collect, who can access to that information and how you can access it, if we have retained it.
Disclosing personal information
Before we disclose personal information to a person, we will take reasonable steps to verify that person's identity.
If communicating with you, or with an authorisation holder about a matter that concerns you, we may ask for information to verify your identity (for example, details of your ARN number, current address and date of birth). We may cross‑reference these details against information held in our licensing database.
If communicating with a member of the public about a matter that concerns you, we may ask the member to verify your identity in some way (for example, if your only contact with us was by email, it could be to ask for your address and the general content of your email).
Access and correction of personal information
You may request access to personal information that we hold. Your request will need to describe the context in which we collected that information so that we can locate it. We will require you to provide proof of identity before confirming that we hold, or before we allow access to, your personal information. Contact us to request your data.
Publication of authorisation holder details
We may publish details about authorisation holders. This may include publishing:
- the holder's name and address
- the type of authorisation held, including a copy or summary of the authorisation.
Some of our online services are restricted to users with login accounts. Additional information may be collected when creating accounts for these areas. Access to these areas will be associated with the user account used to login. Information on the user account stored in these areas is protected by the login name and password assigned by the user.
Your personal licensing information
The way we use and disclose any information you provide for aircraft registration, aviation medical certification and licensing applications is limited by the Privacy Act 1988.
We disclose name and address details to mailing houses and other contractors disseminating information on our behalf. We may use this information for research and analysis into matters affecting aviation safety.
Where we collect information for personnel licensing and security identity document applications, we will use it for licensing, identity and security checking purposes. We may disclose this information as part of our accountability obligations to the government and to parliament. We may also disclose it to any of the following government agencies for the following purposes:
- the Department of Infrastructure, Transport, Regional Development and Communications, for aviation safety and security purposes, and for research, statistical analysis, economic modelling, and other policy development purposes
- the Australian Transport Safety Bureau (ATSB) for investigating aviation accidents and incidents, and for research into matters affecting aviation safety
- the Australian Security and Intelligence Organisation, Australian Federal Police, Attorney General's Department and the Department of Immigration and Border Control, for aviation security purposes
- Airservices Australia, for air traffic management
- the Australian Maritime Safety Authority, for search and rescue purposes.
We may also disclose this information to the national aviation authority of another country to check claims made in the application, or for enforcement purposes. That authority may also provide this information to the national aviation authority of another country if requested for genuine aviation safety or security purposes.
We also disclose personal information in compliance with mandatory legal requirements, for example, in response to notices of production from the ATSB or by court order.
Permission to contact you
If you do not want to receive further mailing list emails from us, you can do this by using the 'unsubscribe' link in any of our mailing list emails.
Where you contact us by email or through our websites, we may respond by email. In some cases, we may include personal information we hold in our response. You should be aware that email has associated risks including potential for non-delivery, interception or modification.
Securing your information
To protect your information from misuse, we store it using multiple firewalls, secure passwords and sign in processes.
Privacy impact assessment register
We conduct a privacy impact assessment (PIA) for all high privacy risk projects. A project may be a high privacy risk if it has a significant impact on a person's privacy.
Making a complaint
If you believe we have breached your privacy, you can make a written complaint to our privacy contact officer using our webform found in contact us. We will respond within 30 days of receiving your complaint.
You can also contact the privacy contact officer if you have any questions about this privacy statement or any privacy concerns.
Under the Privacy Act you can complain to the Office of the Australian Information Commissioner (OAIC) about how we have handled your personal information. However, before complaining to the OAIC, you will generally need to complain to us first and allow us 30 days to respond.