This policy was last updated on 26 November 2021.
This Policy sets out how NAPL (Newcastle Airport, us, or we) collects and manages personal information to comply with relevant legal requirements including the Australia Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (the Act).
2.0 Policy statement
Personal information is information or an opinion about you from which you can be reasonably identified. NAPL is committed to protecting all collected personal information in accordance with the APPs. NAPL will take all reasonable steps to ensure the accuracy, security, integrity and privacy of personal information we collect.
3.0 Application and Scope
This Policy applies to all employees, officers, tenants, contractors, customers and stakeholders. This Policy applies to both NAPL and Greater Newcastle Aerotropolis Pty Limited (GNAPL) / Astra Aerolab, any reference to NAPL should be considered to apply to both entities.
4.0 What personal information do we collect and hold?
The type of personal information we collect will depend on how you deal with us.
4.1 Information collected in general dealings
This information may include:
- Your name, address, contact details, date of birth, gender, flight details, photograph, ASIC number, and driver’s licence number;
- Information collected when you use our website or Wi-Fi service;
- Recordings of your image on Closed Circuit Television (CCTV) systems; and/or
- Vehicle licence plate numbers.
4.2 Additional information collected relating to employment and safety
This information may include:
- Employment history, psychometric testing results and other employment details (eg bankdetails, superannuation fund details, tax file number, etc);
- Workplace injury investigations, including reports prepared by third parties;
- Drug and alcohol testing and information regarding specific medication you may be taking, in accordance with SE PLA Drug and Alcohol Management Plan (DAMP);
- Training records and evidence of competency;
- COVID-19 vaccination records;
- Criminal history check; and
- Evidence of an applicant’s right to work in Australia.
It is important to note that as a private employer, our handling of employee records in relation to current and former employment relationships is exempt from the APPs in certain circumstances.
4.3 Information collected relating to security or airfield operations
We may collect additional personal information, including sensitive information, to process aircraft movement approval requests, manage and administer our security systems and comply with security related legislation. This includes when individuals apply for security restricted access to our site or an Authority to Drive Airside (ADA).
4.4 Information collected in commercial and marketing-related matters
In the case of car park, retail, tenant and marketing-related matters, we might collect additional information such as:
- Your preferences concerning types of products or services;
- Products purchased or services used at the Airport, including frequency and amount spent;
- How often you visit the Airport, and the period of time that you spend at the Airport;
- Your partially redacted credit card number, if used in our car park equipment.
- The methods, purpose and frequency of travel;
- Your income demographics; and
- Your use of our website, www.newcastleairport.com.au or www.astraaerolab.com.au ("Website"), and social media platforms, including identifying details of the device you are using.
5.0 How does NAPL collect and hold personal information?
5.1 Collection generally
The main ways we collect information are from you directly when you:
- Visit our website;
- Contact our business;
- Visit the Airport precinct or Astra Aerolab;
- Apply for a security restricted access to our site or an ADA;
- Form a business relationship with us;
- Seek employment with us;
- Undergo DAMP testing;
- Use our free public Wi-Fi;
- Subscribe to a newsletter or participate in surveys, questionnaires, requests for feedback, competitions or promotions; or
- Use our car parks, pay for our services, or request a refund.
There may be occasions when we collect personal information about you from a third party, such as:
- Market research companies;
- Service providers;
- Marketing partners;
- In relation to security matters, a government department, body or law-enforcement agency; or
- A publicly available source.
5.2 Collection through our website
Through the website, we may collect personal information when you:
- Ask to be placed on one of our mailing lists, or
- Make an enquiry about our services.
Our website collects some general information each time it is accessed (including the IP address and browser type of the device used to access it). None of this information is used to identify an individual user. We use it to monitor and improve the IT services we provide. We also use 'cookies' (small files used to manage internet browsing sessions) which can show us if your internet device has visited our website before. Many internet browsers allow you to control how cookies are used. If cookies are turned off, you may not be able to use all the features of our website.
5.3 Collection at our site
The Airport precinct, Astra Aerolab, and our administration offices are subject to continual surveillance by CCTV, and we may collect images of people in and around these areas. CCTV and other surveillance devices are used to monitor access and ensure the safety of NAPL’s personnel and the public generally, as part of ongoing crime prevention which targets crime and other risks to aviation safety and airport security. All footage captured by surveillance devices is retained for a specific period, after which time it is erased, unless it has been identified and is retained for the purpose of investigating a specific incident, or training purposes. Further information about surveillance activities is set out in our HR PRO Workplace Surveillance Procedure.
If you use our car parking services, we may collect details of your car's registration number. When you use a payment card to pay for our services, we may collect partially redacted details of the card.
6.0 How does NAPL store the information we collect and keep it safe?
No data transmission over the Internet can be guaranteed to be totally secure. However, we will endeavour to take all reasonable steps to protect personal information transmitted to us online. Once we do receive your transmission, we will also make our best efforts to ensure its security on our systems and in our physical premises.
NAPL has implemented security measures that are designed to provide reasonable protection against the misuse, interference or loss of your personal information and to prevent unauthorised access, modification or disclosure of your personal information. These measures include:
- Network segregation to separate systems of different functions and sensitivity;
- Firewalls protecting the network and access control mechanisms;
- Secure, access-controlled premises;
- Secure, access-controlled electronic document management system;
- Secured locations with limited access for information stored as hard copy;
- Confidentiality provisions in all our employment and service contracts; and
- Ensuring visitors to our administration offices, which may include areas where personal information may be stored, are accompanied by a member of our staff at all times, and a register of visitors to any part of our premises is kept.
Our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us.
CCTV footage is stored securely and access is restricted. NAPL is required to store CCTV footage for a minimum of 30 days, in accordance with aviation security regulations.
We use secure methods to destroy or de-identify personal information, which is undertaken when permitted by law and where such information is no longer required by us.
7.0 Purpose, use and disclosure
Personal information collected by us is generally held and used as reasonably necessary for purposes directly related to our functions and activities including in any of the following ways:
- To develop, improve, manage and administer our services;
- To ensure that our business systems are functional, reliable and compliant;
- To process applications for access to security restricted areas or other authorities, licenses, passes, permissions and permits (and also to assess whether any of these should be cancelled or suspended);
- To conduct marketing activities including market research, customer profiling and targeted marketing and communicating to you about our products and services (with your consent, if required);
- As part of the investigation and analysis of incidents (including potential incidents) which occur on or at the Airport precinct or Astra Aerolab;
- To investigate and respond to complaints;
- To investigate, respond to and defend claims made against, or involving, any of our corporate entities;
- To contract with individuals (such as verifying your identity or communicating with you);
- To enforce a contract or agreement which NAPL has with you;
- As required or authorised by or under an Australian law such as aviation and taxation laws, counter terrorism legislation and the Corporations Act.
Where possible, we will ask you to “opt in” to consent to us using your personal information for marketing purposes. In these circumstances you will generally be given the opportunity to “opt out” from receiving communications from us or from third parties that send communications to you in accordance with this Policy. If you do not wish to receive such information, please let us know. Contact details are provided at the end of this Policy.
We will not use your personal information for purposes other than those set out in this Policy, or otherwise advised, without your consent or unless that use is authorised or permitted under the Act.
If you have given us your contact details, you agree that we can use them to contact you, for example, to assess customer satisfaction or to reply to any social media contact. If you do not want us to use your personal information for direct marketing, please contact us using the details at the end of this Policy.
Where a device (for example mobile telephones, tablets or laptops) is identifiable by our Wi-Fi networks, we (or our third-party service providers) may collect data relating to the device identification code and its location. We use this data to better understand space utilisation and passenger flows for security purposes and in order to improve the customer experience and our services.
8.0 Disclosure to third parties
We will only disclose your personal information to third parties where authorised or permitted by the Act, including in the following circumstances:
- Where you consent to the disclosure;
- In the case of information collected through an application for access to security restricted areas, this may be provided to a government agency for security, safety or law enforcement purposes;
- To our contractors or service providers (for the purpose of the services which they provide) so that we can store information, complete a transaction on your behalf, provide you with a service that you have requested or seek your participation in surveys, questionnaires or requests for feedback;
- Where required by law, including under an order issued by a court or tribunal, or at the request of a law enforcement agency; or
9.0 Sensitive information
The Act gives greater protection to certain categories of "sensitive information", such as health information. We will collect this information only when reasonably necessary for our functions and activities. Examples of circumstances where we collect sensitive information include:
- From a visitor to the Airport where it is necessary to provide services (such as requiring wheelchair assistance);
- If there is an incident within the Airport precinct, Astra Aerolab or on the airfield;
- In connection with NAPL’s HR POL COVID-19 Vaccination Policy;
- In connection with recruitment. If you apply for a position with us, you must provide all information requested, including by assisting us to obtain criminal record check, participating in health assessments to determine your fitness for work, and undergoing testing under our DAMP; and
- In connection with workplace investigations.
10.0 What if you refuse to supply information?
You are not obliged to provide us with personal information about you. However, failure to do so may mean that we are unable to transact with you, process any application for the issue of an authority, licence, pass or permit, or provide you with a service.
11.0 Dealing with NAPL anonymously or using a pseudonym
In many cases, we will need certain personal information to respond to queries, or to transact with you, such as contact details, or other information as set out in this Policy.
You may access the website on an anonymous basis or contact NAPL with a general query anonymously or using a pseudonym. However, some services may not be available to you unless you provide us with certain personal information.
12.0 Accessing and correcting information
You may request access to, and correction of, any of your personal information held by NAPL, and such access will be provided, and corrections made except where NAPL refuses such requests in accordance with the APPs.
All requests for access and/or correction will be processed within a reasonable time. If you have a contact at NAPL, please contact them to request the correction. Otherwise, please contact our Privacy Officer (contact details below).
There is no application fee for making a request to access your personal information. However, we may charge an administrative fee to recover the costs associated with providing the information.
If NAPL does not agree to provide you with access to your personal information or to amend or annotate the information that we hold about you, you may seek a review of our decision.
If NAPL does not agree to make the requested changes to your personal information, you may make a statement about the requested changes and we will attach it to your record.
13.0 Concerns or complaints
If you make a privacy complaint, we will usually give a copy of the complaint or application to the respondent and, where relevant, affected third parties. If a complainant or applicant requests that only limited information is disclosed to the respondent, we may not have enough information to be able to fairly proceed with the matter. The respondent must have sufficient information to respond to the matter in a meaningful way.
We take complaints seriously and will endeavour to respond in writing within 30 days. We may need to contact you to obtain more information in order to investigate the matter to which your complaint relates.
If your complaint is not related to a privacy matter, please refer to OP POL Customer Compliant Handling Policy, which is available on our website.
If you have not been able to resolve your privacy compliant directly with us in accordance with this Policy, you may wish to contact external complaint body, such as the Office of the Australian Information Commissioner (OAIC):
GPO Box 5218, Sydney NSW 2001
Enquiries: 1300 363 992
14.0 Data breach notifications
A data breach happens when personal information is accessed or disclosed without authorisation or is lost. Under the Act, we are required to notify affected individuals (and the OAIC) when a data breach involving personal information is likely to result in serious harm. We are required to conduct a prompt and reasonable assessment if we suspect that we may have experienced an eligible data breach.
GO PRO Data Breach Response Procedure is regularly reviewed to ensure it is up to date and effective, to manage this process.
15.0 Contact us
A copy of this Policy is available on www.newcastleairport.com.au and www.astraaerolab.com.au. Newcastle Airport will take reasonable steps to provide you with a copy of this Policy in another form, if requested.
You may contact us in relation to the Policy using the details below:
- Privacy Officer
- Newcastle Airport Pty Limited
- Private Bag 2001, RAYMOND TERRACE NSW 2324
- +61 2 4928 9800