Our privacy policy

Our privacy policy tells you how we collect and use information.


The DTA is bound by Australian Privacy Principles (APPs). APP 5 says that we must tell you about collecting your personal information. 

DTA as COVIDSafe Data Store Administrator

During COVID-19, the Digital Transformation Agency is supporting the Australian Department of Health to implement COVIDSafe to help State and Territory health officials (health officials) conduct contact tracing to stop the spread of COVID-19

Contact tracing is a fundamental element of a public health response to disease outbreak. It is the process of identifying people who may have come into contact with someone who has COVID-19, so that they can be advised to take measures to help stop the further spread of COVID-19 (such as getting tested or self-isolating

The Secretary of the Department of Health has determined that the Digital Transformation Agency is the National COVIDSafe Data Store Administrator. We will collect, use or disclose your personal information only in accordance with the COVIDSafe privacy policy and the Privacy Act 1988. This Act was amended by the Privacy Amendment (Public Health Contact Information) Act 2020) in May 2020 to provide stronger privacy protections for users of the COVIDSafe App and information collected through the App. 

DTA’s role in the Enhanced myGov Beta site

The DTA is responsible for managing the vision, design and user experience of the myGov Enhancements program (Beta). From 20 September 2020, Services Australia is responsible for hosting and operating the Beta, and has published its privacy policy on beta.my.gov.au

DTA is supporting the further development of the Beta through collecting data from research and feedback provided by users from DTA’s website, emails to DTA, telephone interviews and from the feedback form linked from the Beta. As part of these activities, DTA may collect personal information, as defined in the Privacy Act 1988 (Cth). DTA’s privacy policy below applies to personal information collected by DTA in relation to the Beta in the ways listed above. DTA will not share any personal information we collect from a participant in relation to the Beta with any other person without the consent of the participant.

DTA may share de-identified information and data that it collects with other Commonwealth agencies, and as part of its wider reporting and activities about the design and development of the Beta.

The Beta uses Google Analytics 360, configured to operate without collecting personal information about you (such as your IP address, email or username).

Google uses cookies to gather website usage data on the Beta (for example, whether you've visited before, how long you've been on the site and how you reached the site). To preserve your anonymity, you should not enter your personal information into the Beta search function.

Google processes analytics in accordance with their Privacy Policy. You can prevent data from being used by Google Analytics if you disable or refuse the cookie, disable javascript or use the opt-out service provided by Google.

The DTA's Privacy Policy

Our Privacy Policy tells you what information we will collect about you, in what circumstances and what we will do with that information.

The term ‘personal information’ in this privacy policy means any information in which your identity is clear or from which it can be discovered.

We do not automatically collect personal information about you when you visit this website.

You can use this website without telling us who you are or revealing other personal information.

If you fill out our feedback form, you do not need to identify yourself or use your real name.

What this policy applies to

This policy applies to the dta.gov.au website managed by the Digital Transformation Agency (DTA).

How we collect and use your information

If you fill in a feedback or contact form on any of our pages or on the Beta we may collect the email address you provide and any other identifying information you include, such as a name or phone number.

Other than circumstances such as unlawful activity or serious threats to health and safety, we do not share personal information.

If you ask us about an issue that needs to be dealt with by another agency, we will provide you with the necessary details so that you can make contact with that agency yourself.

You may opt out of further contact from us at any time by emailing info@dta.gov.au  

How we protect your personal information

This site is hosted in Australia in secure, government-accredited facilities. To help protect the privacy of the data and personal information we collect and hold, we maintain physical, technical and administrative safeguards.

Access to your personal information is restricted to employees who need it to provide services to you.

Website analytics

To improve your experience on our site, we use ‘cookies’. Cookies are an industry standard and most major websites use them. 

A cookie is a small text file that our site may place on your computer as a tool to remember your preferences. You can read more about  what information is collected in the cookies from our site. 

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, if you do this you may not be able to use the full functionality of this website.

Our website may contain links to other websites. We are not responsible for the privacy practices of any other site and they may have a different privacy policy.

Our website uses a range of analytics services which send website traffic data to servers offshore.

These services do not identify individual users or associate your IP address with any other data held by the company for other purposes.

We use reports provided by analytics providers to help us understand website traffic and web-page usage.

By using this website, you consent to the processing of data about you for the purposes set out above.

For information about website analytics on the myGov Beta site, see DTA’s role in the Enhanced myGov Beta site

You can opt out of analytics if you disable or refuse the cookie or disable JavaScript.

Find out more about what cookies we collect

MailChimp and privacy consent

To provide our news we use MailChimp, which provides online tools to create, send and manage emails.

MailChimp may collect personal information, such as distribution lists that contain email addresses, and other information relating to those email addresses.

For further information about the type of personal information MailChimp collects, refer to the MailChimp Privacy Policy.

We will only use this information to:

  • create, send and manage emails relating to the work of the DTA
  • measure email campaign performance
  • improve the features for specific segments of customers
  • evaluate your use of our website
  • compile reports on website activity for website operators, and
  • provide other services relating to website activity and internet usage.

MailChimp may transfer this information to third parties where required to do so by law, or where such third parties process the information on MailChimp’s behalf.

MailChimp collects information about when you visit the website, when you use the services, your browser type and version, your operating system and other similar information.

MailChimp is based in the United States of America (USA) and the information collected about your use of the website (including your IP address) will be transmitted to and stored by MailChimp on servers located outside Australia.

We are required to inform you that by subscribing to our eNewsletter:

  • You consent to your personal information being collected, used, disclosed and stored as set out in Mail Chimp’s Privacy Policy and agree to abide by Mail Chimp’s Terms of Use.
  • You understand and acknowledge that this service utilises a MailChimp platform, which is located in the United States of America (USA) and relevant legislation of the USA will apply.
  • Australian Privacy Principle 8.1 contained in Schedule 1 of the Privacy Act will not apply.
  • You understand and acknowledge that MailChimp is not subject to the Privacy Act 1988 (Cth) and you will not be able to seek redress under the Privacy Act 1988 (Cth) but will need to seek redress under the laws of the USA.

You can opt out of our mailing list if you choose the ‘unsubscribe’ service provided by MailChimp in every email, or contact DTA.

You can also disable or refuse cookies or disable Flash player; however, you may not be able to use the services provided by MailChimp if cookies are disabled. Contact MailChimp.

MailChimp has the endorsement of TRUSTe’s Privacy Seal, which means this privacy policy has been reviewed by TRUSTe for compliance with their program requirements including transparency, accountability, and choice related to the collection and use of your personal information.

TRUSTe is an independent third party that operates a globally-recognised privacy trustmark.

Our obligations

The DTA website is bound by the Privacy Act 1988 (Cth), including the Australian Privacy Principles.

We also follow the Guidelines for Federal and ACT government websites issued by the Office of the Australian Information Commissioner.

How we deal with complaints and requests

At no cost you can:

  • request access to personal information about you that we hold
  • ask us to correct your personal information if you find that it is not accurate, up to date or complete
  • make a complaint about our handling of your personal information

You can get in touch with us to make a request for information or a complain.

To protect your privacy and the privacy of others, we will need evidence of your identity before we can grant you access to information about you or change it.

We undertake to respond within 30 days. If the request or complaint will take longer to resolve, we will provide you with a date by which we expect to respond.

Privacy Impact Assessments

A Privacy Impact Assessment (PIA) is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising, or eliminating that impact.

While PIAs assess a project’s risk of non-compliance with privacy legislation and identify controls to mitigate the risk, a PIA is much more than a simple compliance check. It should ‘tell the full story’ of a project from a privacy perspective, going beyond compliance to also consider the broader privacy implications and risks, including whether the planned uses of personal information in the project will be acceptable to the community. PIAs are key to building community trust and have a range of other benefits, such as demystifying the project and its objectives

From 1 July 2018, the Australian Government Agencies Privacy Code require agencies to conduct a PIA for all high privacy risk projects. A high privacy risk project is one that involves a new or changed way of handling personal information that is likely to have a significant impact on the privacy of individuals.

A register of PIAs completed by the DTA can be found below.

Register of Privacy Impact Assessments (PIAs)
Title Summary Date Author

Initial Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF) Alpha

The purpose of this PIA is to assist in identifying and managing privacy issues that are raised by the broad concept and design of the overall Trusted Digital Identity Framework (TDIF) and some of its components. The key components are: 1. The proposed development of mandatory standards, policies and agreements for all TDIF participants; 2. The proposed development of an Identity Exchange; and 3. The proposed development of a Commonwealth Identity Provider (IdP) 05 December 2016 Galexia

Second Independent Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF)

The purpose of this PIA is to assist in identifying and managing privacy issues that are raised by the establishment of the TDIF. This PIA is the second step in a multi-phase and independent PIA process commissioned by the Digital Transformation Agency. September 2018 Galexia

Get in touch

You can send requests for information or complaints to info@dta.gov.au. You can also send your request or complaint by post to Digital Transformation Agency, GPO Box 457, Canberra, ACT 2601.
Last updated – 15 October 2020