1. Privacy Statement

(a) This policy outlines the Centre of Decommissioning Australia Limited’s (CODA) approach to protecting the privacy of its customers, consultants, and business contacts. CODA understands that privacy is important in its dealings. CODA complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), as amended, which governs how personal information is collected, used, disclosed and managed.

(b) The CEO has the overall responsibility for the effectiveness of this privacy policy and ensuring compliance.

(c) The Company Secretary ensures the integrity of the Privacy Policy is maintained.

(d) All employees and consultants/contractors have the responsibility to ensure that the gathering of personal information is in accordance with this policy, or as amended.

2. Personal information collection

(a) CODA may collect personal information about its partners, customers, consultants, and business contacts. This may include but is not limited to:

(i) Name;

(ii) Address;

(iii) Contact information;

(iv) Areas of interest and/or expertise;

(v) Employment and engagement details (for consultants and contractors);

(vi) Participation in events, projects or surveys.

3. Online collection

(a) CODA will, in addition to the information identified above, collect additional information as a result of their use of the website. This additional information may or may not identify the user. Information collected through CODA’s online products will include information that is voluntarily provided. It may also include the type of the Internet browser, operating system, address of the referring site, the IP address.

(b) CODA may use automated tools such as analytics software, cookies, session tracking, and AI-based monitoring tools to collect user interaction data. This data may be anonymised and used to improve website functionality.

4. Use of personal data

(a) CODA may use information, including that collected through its website, for statistical purposes to improve the range of its products and services and update its own database.

(b) CODA does not use personal information to make automated decisions, including profiling, without human review.

5. Handling requests for information

(a) CODA will not disclose or sell personal information about existing and potential partners, customers to third parties except for:

(i) To provide services to you

(ii) Research, develop, administer, protect and improve our services;

(iii) Surveys conducted on behalf of CODA

(iv) Legal reasons, for example disclosures may need to be made to law enforcement agencies, government agencies (as per our funding agreement), courts or external advisers.
Centre of Decommissioning Australia 4

(b) If you provide us with your email address, CODA may, from time to time, share with you information about other products and services that we think you may find to be of interests. If you wish to change the types of communications you received from us, you may do so by emailing your request via the contact page.

(c) CODA will not sell or rent personal data to third parties. Third-party service providers handling personal data on behalf of CODA must comply with privacy obligations.

6. Information quality

(a) CODA will take reasonable steps to ensure that stakeholder data is processed promptly, accurately, and completely and that relevant corrections are made as soon as possible.

7. Cookies and Other Technologies

(a) CODA uses “cookies” and other technologies to collect data that enables us to better understand and improve the usability, performance, and effectiveness of our website. Cookies are files sent to your browser and stored on your computer. If you do not want CODA to send cookies to your browser, you can set your browser options to reject cookies or notify you when a website tried to put a cookie into your browser software. Rejecting cookies may affect your ability to use some features on the CODA website.

(b) CODA uses Google Analytics and other analytic tools in compliance with their respective privacy policies. This data may include geolocation, device type, and referral paths. We do not combine this data with personally identifiable information unless explicitly authorised.8. Access and correction.

8. Access and correction

(a) Under the Privacy Act, stakeholders have a right to seek access to information that CODA holds about them (although there are some exceptions to this). The stakeholders also have the right to ask for the correction of information that is inaccurate, incomplete, or out of date. If there is a request to exercise their right under the Privacy Act to seek access to the personal information that CODA holds about them, we ask that they contact CODA’s Company Secretary who will explain how CODA will handle their access request.

(b) If the view that personal information is not accurate, complete, or up to date, we ask the stakeholder to provide CODA’s Company Secretary with their request for correction.

(c) CODA reserves the right to charge stakeholders to obtain access to their personal information.

(d) Individuals or organisations may contact CODA at integrity@decommissioning.org.au to query their personal information.

9. Personal information storage

(a) Privacy issues are important. CODA and individual employees share responsibility for ensuring that personal information is used in such a manner that the rights and legitimate interests of others are respected.

(b) Personal information will be stored appropriately by CODA.

(c) Personal information regarding employees and contractors will not be given to a third party without permission.

(d) Appropriate training or authorisations with relevant legislation and guidelines concerning the safeguarding and privacy of personal information will be provided to relevant employees.

(e) CODA takes reasonable steps to ensure the security of personal information held by it from such risks as loss or unauthorised access, destruction, use, modification, or disclosure. CODA takes a range of technical, contractual, administrative, and physical security steps to protect all stakeholders’ information. If personal information is held on paper files it is handled in a responsible manner in a secure office environment.
Centre of Decommissioning Australia 5

(f) Where personal information is stored in cloud-based services, CODA ensures that service providers meet Australian data protection standards. Where data is stored or processed overseas, reasonable steps are taken to ensure compliance with privacy obligations.

10. Employee awareness and induction (Privacy Act)

(a) New employees

(i) New employees are to be made aware of the existence and content of CODA’s Privacy Policy by the Company Secretary within seven days of commencement of employment. (In addition to the normal induction process)

(b) Existing employees

(i) All existing employees are to be re-inducted with CODA’s Privacy Policy at intervals no greater than two years. This ensures that the awareness is maintained and that any changes are brought to the attention of employees in a formal way. A record of this retraining is made and logged into employee’s personnel files.

(c) Consultants and contractors

(i) All consultants and contractors to CODA are required to comply with this policy and, as a condition of engagement, agree to abide by the contents.

(d) Privacy compliance will be integrated into CODA’s cybersecurity awareness and training programs, including handling of personal and sensitive data.

11. Changes to this privacy policy

(a) This privacy policy may change from time to time in accordance with legislative requirements and will be published on this website.