Privacy statement - AUSkey

We will request personal information when applications are made for:

  • Administrator AUSkeys (AUSkey Standard Certificates with administrator privileges)
  • Standard AUSkeys (AUSkey Standard Certificates without administrator privileges)
  • Device AUSkeys (AUSkey Device Certificates).

Collecting personal information

We need this information to help us manage the AUSkey system and, in the case of Administrator AUSkeys, to help us administer the A New Tax System (Australian Business Number) Act 1999 (the ABN Act).

Certain personal information provided in relation to AUSkeys will be used and disclosed in the operation of the AUSkey system:

  • The subject field of an AUSkey Certificate will include the Australian Business Number (ABN) of the business for which it is held and (in the case of an Administrator or Standard AUSkey) the holder’s common name, display (or distinguished) name, and identifier value. A person holding an AUSkey for a business will be able to view and update the details of their AUSkey.
  • A person holding an Administrator AUSkey for a business will be able to view and update some details of all other AUSkeys held for that business. When updating an email address, the AUSkey user will be asked to confirm the change.
  • The AUSkey system includes personal information in its Certificate Revocation Lists, and uploads information to the Trust Broker’s system to allow the Trust Broker to identify the type and validity status of AUSkeys, the ABN of the business for which they are held, and the user’s legal name, display name, identifier value and email address, so the Trust Broker can provide validation and assertion information to relying parties.

We're also authorised by the Taxation Administration Act 1953 and by the A New Tax System (Australian Business Number) Act 1999 (ABN Act) to ask for a tax file number (TFN) for identification purposes. You don't have to provide your TFN but it will help us confirm your identity and complete your transactions with us faster.

What happens to your personal information

We may provide some personal information to other federal government agencies authorised by law to receive it, for example

  • law enforcement agencies
  • revenue agencies
  • benefit payment agencies
  • other agencies providing statistical information to government.

We may also provide personal information to state, territory and local government entities, such as law enforcement agencies, benefit payment agencies and revenue offices carrying out functions under taxation law.

For further information, refer to the terms and conditions associated with your AUSkey, and the AUSkey system’s GKP002 Certification Practice Statement and GKP003 Certificate Policies.

What to do if you think we have breached your privacy

If you're not satisfied with our decisions, services or actions regarding the privacy of your personal information or access to it, you have the right to make a complaint. A complaint enables you to express dissatisfaction and seek a remedy to your situation.

We aim to acknowledge all complaints within three working days of receiving them. We will also work with you to resolve your complaint and will keep you informed about its progress.

If you're unable to resolve the issue with us, or if you're not satisfied with the way we've handled your complaint, the Australian Information Commissioner may be able to help you. You can contact the Office of the Australian Information Commissioner by visiting their website at OAIC.

Privacy concerns

Contact us if you have concerns about privacy. Alternatively, you can obtain further information from the Privacy Commissioner’s website.

Last modified
29 Aug 2018