Our application and administration processes involve collecting and using personal information. We respect your privacy and follow the Privacy Act 1988 (Privacy Act) when handling your information.  

What is the Privacy Act?

The Privacy Act 1988 (Privacy Act) is Australian legislation that protects the way your personal information is handled.

Australian privacy principles

The Privacy Act contains 13 Australian Privacy Principles (APPs). The APPs regulate how we collect, store, provide access to and use personal information.

1. Open and transparent management of personal information

Ensures your personal information is managed in an open and transparent way. This includes having a clear, up-to-date privacy policy.

2. Anonymity and pseudonymity

Notes that people must be given the option to remain anonymous or use a pseudonym, except in limited cases.

3. Collection of solicited personal information

Outlines when solicited personal information can be collected. It enforces higher standards for sensitive information.

4. Dealing with unsolicited personal information

Determines how unsolicited personal information is dealt with.

5. Notification of personal information collection

Highlights when and what you must be told about when your information is collected.

6. Use or disclosure of personal information

Outlines the way and times that your personal information can be used or disclosed.

7. Direct marketing

Explains that personal information can only be used for direct marketing in certain circumstances.

8. Cross-border disclosure of personal information

Outlines what needs to be done to protect your personal information before it's disclosed overseas.

9. Adoption, use or disclosure of government related identifiers

Specifies when your government-related identifier can be used and disclosed by a government department or third party.

10. Quality of personal information

Requires that stringent measures are taken to ensure the accuracy and quality of personal information before it's disclosed to other parties.

11. Security of personal information

Ensures your personal information is protected from misuse, interference, loss, unauthorised access, modification and disclosure. It also details circumstances where personal information should be destroyed or de-identified.

12. Access to personal information

Describes how your requests to access your personal information must be handled.

13. Correction of personal information

Specifies how requests to correct the personal information must be handled.

Our privacy policy

The Privacy Act requires anyone bound by the Australian Privacy Principles (APPs) to have a privacy policy.

 You should read our privacy policy if you're:

  • an applicant of an intellectual property (IP) right

  • an owner of an IP right

  • an attorney or agent for an applicant or owner

  • an individual whose personal information may be given to, or held, by IP Australia

  • a contractor, consultant, supplier or vendor of goods or services to IP Australia

  • a person seeking employment with IP Australia

  • an IP Australia employee.

Detailed information on the Privacy Act and APPs can be found at the Office of the Australian Information Commissioner (OAIC).

Privacy collection notices

This Privacy Collection Notice describes how the Innovation and Digital Services Team within IP Australia (IPA) collects and manages personal information. The Innovation and Digital Services Team manages the Vulnerability Disclosure Program which gives security research and users of IP Australia’s systems a point of contact for reporting to the agency potential vulnerabilities. 

Your privacy rights

Your personal information is protected by law, including the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles, which regulate how entities including IPA may collect, use, disclose and store personal information.

IPA will only collect your personal information where it is reasonably necessary for, or directly related to, the performance of our functions or activities.

What personal information do we collect?

We collect your personal information from you when you notify IP Australia of a vulnerability.  

The personal information we collect from you includes your email address and if you choose to provide it, your name and contact details.  

Why do we collect your personal information?

We collect your personal information to assist in the investigation of a reported vulnerability of IP Australia’s systems or products. 

Collection of this information is required or authorised by APP 3.1.

Without this information IP Australia may be unable to obtain further details of the vulnerability and provide recognition of the individuals who identified the vulnerability. Individuals may opt out of having recognition published should they choose.

How do we use and disclose your personal information?

We will use and disclose your personal information for the purpose of resolving the vulnerability identified. This includes forwarding your report to internal or external teams as necessary to commence investigations and publishing your name or alias in recognition (unless you advise otherwise). 

Additionally, we may disclose your personal information to third parties where the disclosure is required or authorised by a court or tribunal order, or under an Australian law. For example, this could happen if IPA receives a court order compelling the production of information.

We may disclose your personal information to third parties such as software suppliers and development partners, including recipients who may be located overseas to investigate and resolve the vulnerability. 

Any personal information disclosed to third parties located overseas may therefore be disclosed or stored overseas. By consenting to your personal information being collected and disclosed to these entities you agree that Australia Privacy Principle (APP) 8 will not apply to the disclosure. This means that if the overseas recipient handles your personal information in breach of the APPs, you agree that IP Australia will not be accountable for this breach under the Privacy Act. 

IP Australia will not use or disclose any personal information provided for any other purposes unless authorised or required by law.  For more information about how we handle your personal information, how you may access or correct your personal information or make a privacy-related complaint, read our privacy policy on this page.

Your personal information

We collect personal information about you only when it's necessary for, or directly related to, our functions or activities.

We're committed to protecting your personal details and the security of your information.

How we handle your information

We don't give your personal information to other government agencies or private-sector organisations unless one of the following applies:

  • You've given us your permission.

  • You're aware that information of this kind is usually passed to those bodies or agencies.

  • The disclosure is required or authorised by law (such as our IP rights legislation).

  • It's a special situation that:

    • will prevent or lessen a serious and imminent threat to somebody's life, health or safety

    • relates to suspected unlawful activity or serious misconduct.

We only disclose personal information to overseas recipients:

  • with your consent

  • where legally authorised

  • when required by an international treaty or convention.

When personal information is no longer required, we destroy or delete it in a secure manner.

You can request details of personal information we hold about you at any time. Reach out to us if you'd like to access or correct your information.

Contact us

How we use your information online

We use a number of online platforms and third party software as part of our business operations. They allow us to:

  • monitor the performance of our systems

  • improve our online customer experience

  • communicate with you.

Dynatrace application performance monitoring (APM) platform

Our online services platform uses Dynatrace Application Performance Monitoring (APM) to monitor technical faults. This allows our systems support team to quickly rectify issues and identify improvements.

Dynatrace doesn't collect personally identifiable information.

Clickstream data

Clickstreams record your path when navigating a web page or the internet.
When you visit our website, our internet service provider (ISP) makes a record of your visit and logs your clickstream information.

We use this information to see what pages you've visited on our website. We analyse it to improve overall customer experience, establish priorities and allocate resources.

We don't identify you or your browsing activities, except if a law enforcement agency provides a warrant to inspect our ISP logs as part of an official investigation.


A cookie is a short piece of data sent from a web server to a web browser on your computer or device when you visit a website. We use cookies to help co-ordinate your experience

We can't use cookies to find out names, email address or anything about your computer. We don't store or collect cookie information.

Survey Monkey

We use Survey Monkey to administer online surveys. These surveys use third party cookies.

The information collected by the cookies is not capable of identifying. It's only used to ensure our surveys run effectively. We only use this information for statistical and maintenance purposes. For more information, see Survey Monkey's Privacy Policy.


We use Qualtrics to administer online surveys. Qualtrics uses cookies to analyse, measure and improve its performance. These surveys also use third party cookies.

Neither we or Qualtrics retain control over, or access to, the information supplied by the cookies to third parties.

You can find out how to amend your cookie setting to suit your preferences in Qualtrics privacy statement and Qualtrics Cookie Statement.

Google Analytics

We use Google Analytics to collect anonymous information about how you arrive at and interact with our website. Google uses first-party cookies and JavaScript code to collect this information.

Google Analytics doesn't track any application processes or procedures from online services.
You can opt out of Google Analytics by disabling or refusing the cookie or disabling JavaScript.


We coordinate our events through Eventbrite. Eventbrite facilitates the registration process and handles any personal information collected in accordance with their Privacy Policy. They'll also provide your name, contact details and email address to us for the purpose of registration for the event.

Any personal information collected by IP Australia will be handled in accordance with our Privacy Policy and the Privacy Act 1988.


We have a number of subscription-based email lists to keep you informed about what's happening at IP Australia. If you choose to subscribe to any of these lists, you'll need to provide us with personal information such as your contact details and email address. We don't share this information with anyone.

If you apply for an IP right in Australia, you'll need to register with our online services.

Before you can register, you need to read, accept and agree to follow our terms and conditions.

SpendConsole is a cloud-based supplier invoice management and compliance system that supports Pan-European Public Procurement On-Line (PEPPOL) invoicing standards and provides some automation to IP Australia’s Accounts Payable processes.

Any personal information you provide and stored in SpendConsole will be used for the purposes of:

  • processing and paying invoices received via any channel (including PEPPOL, email or mail)

  • managing vendor information/records

  • maintaining financial records.

All personal information you provide will be handled by IP Australia in accordance with the Privacy Act 1988, the Archives Act 1983 (Cth) and IP Australia’s Privacy Policy.

IP Australia’s Privacy Policy sets out:

  • how you may seek access to and correction of the personal information we hold

  • how we protect your personal information

  • how you may make a complaint about a breach of the Privacy Act and how we'll deal with your complaint

  • the contact details for IP Australia’s Privacy Contact Officer.

IP Australia will not otherwise use or disclose your personal information without your consent, unless authorised or required by or under law, and will also not disclose any personal information collected through this process to any overseas recipients.

By providing your personal information, you provide your consent to your personal information being handled in accordance with this privacy notice and IP Australia’s Privacy Policy.

If you don't consent to your personal information being handled in the manner described above, please contact the Assistant Director Accounting Operations at

How we handle high privacy risk projects

Under the Privacy (Australian Government Agencies – Governance) APP Code 2017 (Cth) (APP Code), we're required to conduct a privacy impact assessment (PIA) for each high privacy risk project.

PIA Date of completion 
TM-Link — release 1 July 2018
Smart trade mark July 2018
RIO auto user provisioning April 2019
Performance management system and recruitment system May 2019
Customer satisfaction survey May 2019
Digital access service June 2018
Transactional digital services party address book November 2019
Patent landscape reports November 2019
Business intelligence and analytics  platform December 2019
New support ticket portal April 2020
Adobe Acrobat update June 2020
New fax system June 2020
Transactional digital services – web build July 2020
Interactive voice response July 2020
Contact centre transition April 2021
TM-Link 2021 July 2021
ICT advisory services (DTA Marketplace) December 2021
LXP learning experience platform (replacing Learnhub) April 2022
ServiceNow ITMS tool (replacing LANdesk) January 2023
 EDRMS Replacement Project (Recordpoint replacing BRIK) March 2023
TM Checker March 2023
 360 degree feedback survey for ITG directors May 2023
 Expense8 December 2023
 SpendConsole December 2023
 PBR Reform Systems Modernisation Program January 2024
 Learning Experience Platform (LXP) July 2024

Last updated on 12 July 2024.

Related content

Copyright Corporate

About this site

We have guidelines for navigating and accessing the information on our website so you can get the most out of your visit.

Our research

As part of our goal to continuously improve our products and services, research is one of our core activities. 

Accountability and reporting

We're committed to ensuring accountability and transparency in the way we operate and in our procurement activities. We report details on our annual budget, corporate planning and procurement.