​1. Introduction


Fremantle Ports’ Maritime Security Identification Service Centre (MSIC Centre) is committed to ensuring that all information collected by it for the purpose of processing, issuing and maintaining MSIC Cards is managed in line with the Privacy Act, the Australian Privacy Principles and the Office of the Australian Information Commissioner’s Privacy Guidelines.  We reserve the right to change, modify or update this privacy policy at any time.
 
This policy governs the collection and use of personal information submitted or provided to and created by the MSIC Centre for the purpose of processing, issuing and maintaining MSIC Cards, and outlines how the MSIC Centre handles personal and sensitive information about individuals.  This includes the collection, use, storage and disclosure of personal and sensitive information, and access to and correction of that information.

Back to top
 

2. Scope


This policy applies to all Fremantle Ports MSIC Service Centre employees, consultants and officers and covers personal and sensitive information held by the MSIC Centre or offsite at remote storage facilities.
 
The policy only concerns the MSIC Centre, MSIC employees or consultants and any other related matters – it is in no other way concerned with or connected to the operation of Fremantle Ports’ or its internal privacy practices and procedures. 

2.1 What is a Maritime Security Identification Card (MSIC)?

A Maritime Security Identification Card is a nationally consistent card which is issued to identify a person who has been the subject of a background check.  It shows that the holder has met the minimum security requirements and needs to work unescorted or unmonitored in a maritime security zone.  The MSIC is not an access card and the relevant authority at each port or facility still controls access to its maritime security zones.
 
A standard MSIC is valid for two or four years unless you leave the regulated Australian maritime environment for 12 months or longer or you no longer have an operational need to be within a maritime security zone.  In this case, your card may be cancelled before the validity period has elapsed.

2.2 Who needs a MSIC?

A person has an operational need to hold a MSIC if his or her occupation or business interests require, or will require, him or her to have unmonitored access to a maritime security zone at least once a year. 

2.3 How is Fremantle Ports involved?

Fremantle Ports is an approved Issuing Body under the Maritime Transport and Offshore Facilities Security Regulations 2003 (Cth) for the purpose of receiving, processing and printing MSIC Cards.  The Fremantle Ports’ functions and activities as an Issuing Body are solely run through the MSIC Centre.

Back to top
 

3. Definitions


For the purposes of this policy, the following definitions are included:

3.1 Personal information

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
  1. whether the information or opinion is true or not; and
  2. whether the information or opinion is recorded in a material form or not.

3.2 Sensitive information

Sensitive information means:
  1. information or an opinion about an individual’s:
    1. racial or ethnic origin; or
    2. political opinions; or
    3. membership of a political association; or
    4. religious beliefs or affiliations; or
    5. philosophical beliefs; or
    6. membership of a professional or trade association; or
    7. membership of a trade union; or
    8. sexual orientation or practices; or
    9. criminal record;
that is also personal information; or
  1. health information about an individual; or
  2. genetic information about an individual that is not otherwise health information; or
  3. biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
  4. biometric templates.

Back to top

 

4. What personal information do we collect and hold?


Why and how do we collect and hold, use and disclose your personal information?

4.1 Collection of personal information

The kinds of information the MSIC Centre will collect from you will depend on what service(s) you are seeking from the MSIC Centre.  Although the MSIC Centre is primarily concerned with facilitating applications for and the issuing of MSICs, it also assists with other issues associated with MSICs such as when you may have lost your MSIC Card or the re-instatement of MSICs. 

Purpose of collection

In order to get a MSIC you will need to complete and sign an MSIC application form and you will need to provide the MSIC office with:
  1. proof of your identity, which may be:
    1. by way of primary identification: an original full Australian (or New Zealand) Birth Certificate or Current Passport or Australian Citizenship Certificate
    2. by way of secondary identification: an original Australian Driver’s Licence, a government employee identification document issued to the applicant, an Australian student identification document issues to the applicant or a verifiable reference, and
    3. by way of tertiary identification: a signed statement by an employer or former employer about that employment, a copy or a record issued under a law about land titles, a document by a rating authority from its records about land ownership or occupation, a document issued by a bank or similar financial institution from its records about a mortgage or other security given to the bank or institution, an extract from the electoral roll compiled by the Australian Electoral Commission or a record issued under a law in force in Australia other than a law about land titles
  2. evidence of an operational need to hold an MSIC (this evidence can be in the form of a letter of sponsorship from your employer, a port facility with whom you are engaged or a maritime industry participant, stating that you require the card in order to perform your duties)
  3. proof of eligibility to work in Australia
  4. a demonstrated requirement to access Fremantle Ports (if required), and
  5. a passport photograph and payment.
The MSIC Office is responsible for confirming your identity and your citizenship or your right to work in Australia. The MSIC Office will also provide you with the application and consent forms that need to be completed for all applicable background checks. The MSIC Centre will also be responsible for producing an MSIC.

Information that may be collected

The personal information we collect is only the information you choose to tell us, or which you authorise us to obtain for the purpose of providing a MSIC.  The personal information we collect may include, but it is not limited to:
  1. Identity: your name, gender, date of birth, contact details, previous and current residential addresses, your billing information and your current contact details
  2. Work: your employer’s name and business address, and
  3. Immigration: date of arrival in Australia, port of arrival and other relevant details, such as your travel document or visa number, flight number or name of vessel and the full name of your parent if you entered Australia on your parent’s passport, billing information and police history (if any). 
We only collect personal information necessary for providing a MSIC. All information will be collected lawfully, fairly and not in an intrusive way. 

Use and disclosure of personal information

  1. The MSIC Centre will only use and disclose personal information for the purpose of providing an MSIC, to government authorities or third parties involved in court proceedings (where required by law), or, where applicable, to the employer or organisation named in your MSIC application in order to assess your operational need.
  2. The MSIC Office will also use or disclose personal or sensitive information collected from you:
    1. if you have agreed to such use or disclosure at the time of collection
    2. if the use or disclosure is required by law or is necessary for the purpose of a judicial process or an enforcement-related activity
    3. if use or disclosure is necessary to protect the rights of Fremantle Ports or to reduce or prevent unlawful activity or serious threats to individuals, public  health or safety, and
    4. to contact individuals in the event of an emergency or crisis situation.
We will send the information you provided us with to AusCheck (a department of the Commonwealth Attorney-General’s Office) which will co-ordinate a background check by using the information you provide to the MSIC Centre to ask the following government agencies for information about you:
  1. Australian Security Intelligence Agency (ASIO) – ASIO will investigate your background and any past activities to determine whether you pose a politically motivated violence threat in the maritime environment or to national security.  Politically motivated violence is any act or threat of violence or unlawful harm that is intended or likely to achieve a political objective, whether in Australia or elsewhere.  ASIO will keep your information and use it as is necessary for national security purposes.  Should ASIO make any recommendation against the issuing of an MSIC, you will be informed of the recommendation and how you can have it reviewed by the Administrative Appeals Tribunal.
  2. CrimTrac – If you are over 18 years of age, CrimTrac will check your criminal history in the database of all Australian legal jurisdictions and supply a copy of your criminal record to AusCheck.  CrimTrac will not use your information for any other purpose.
We may also request that your personal information be sent to the Department of Immigration and Boarder Protection in order to check your citizenship status or your legal right to work in Australia.  The Department of Immigration and Boarder Protection may use your information for immigration compliance purposes.
 
Only the bodies referred to above, and other applicable Australian Government entities will have access to your background checking information.  The agencies that have access to the AusCheck database must be accredited by AusCheck as an appropriate agency and must have functions relating to law enforcement or national security prescribed under legislation.
 
The MSIC Centre will not receive the details of your criminal history check or security assessment.  The MSIC Centre will only receive approvals or non-approvals from AusCheck, for authority to issue an MSIC.
 
The MSIC Centre will only disclose personal information or sensitive information to other third parties to the extent necessary to carry out the purposes outlined above. Whenever possible, the MSIC Centre will ensure that third parties to whom personal or sensitive information is disclosed have in place privacy practices that protect the confidentiality of personal and sensitive information. The MSIC Centre will also ensure that any contracts with third parties to whom personal or sensitive information is disclosed imposes contractual obligations on those third parties to comply with this policy.

Back to top
 

5. Where and how will my information be stored? What security mechanisms are used to protect my personal information?


The MSIC Office employs a number of different strategies to protect personal or sensitive information.  These include, depending on the service and the nature of the personal information held in the relevant system:
  1. encryption technologies
  2. firewalls and intrusion detection systems
  3. restricted access
  4. vulnerability and penetration testing
  5. security policies and staff training, and
  6. access controlled physical storage on and off site.
The MSIC Centre holds electronic personal and sensitive information on Australian based servers.  The MSIC Centre’s email archiving solution, which may hold some personal and sensitive information, uses servers based within the European Union. Fremantle Ports’ Human Resources recruitment application and injury management application uses a third party data storage provider which operates on Australian-based servers.
 
In addition, hard copy personal and sensitive information is stored both in the MSIC Centre’s office and in a locally based external archiving facility.
The MSIC Centre strives to protect personal and sensitive information from misuse, interference, loss and from unauthorised access, modification or disclosure.  However, data transmission over the Internet cannot be guaranteed to be absolutely secure because risks do change over time.

Back to top
 

6. Can you deal with me anonymously or via a pseudonym?


The MSIC Centre cannot deal with requests to deal with individuals anonymously or by pseudonym because it would be impracticable for it to do so due to the nature of the MSIC Centre’s business, and because in some instances it would be unlawful for the MSIC Centre to do so.
 

7. Will my personal information be disclosed to overseas recipients?


The MSIC Centre does not disclose personal information to any overseas recipients, other than is referred to above.  The MSIC Centre will, unless it is necessary for the provision of a particular service, attempt to avoid the disclosure of any of the personal information it holds to overseas recipients.
 

8. What do you do with unsolicited information or documentation?


The MSIC Centre will destroy unsolicited personal information that is not required for its functions or activities as soon as practicable.

Back to top
 

9. How can I access and make a correction to my personal information?


You have the right to access your personal information held by the MSIC Centre. If you wish to update your personal information you may ask us to correct it.  Before granting access or making any corrections to your personal information, we will need to verify your identity.
 
If you wish to access or update information we hold about you, please contact us on the details referred to in section 10 below.
 
The MSIC Centre cannot change your criminal record, ASIO security assessment or Department of Immigration and Border Protection immigration assessment.  If you believe the results of your criminal record check are incorrect, you need to apply for a correction with the relevant police service.  Challenges to your security assessment or immigration status should be made directly to AusCheck or the Department of Immigration and Border Protection.
 
If information is not routinely available, the Freedom of Information Act 1992 (WA) provides members of the public with the right to apply for access to or to make changes to personal information held by the MSIC Centre in accordance with the Fremantle Ports Information Statement.

Back to top
 

10. How can I make a complaint?


If you believe the MSIC Centre has breached the Privacy Act 1988 and/or the Australian Privacy Principles, please contact us via the details outlined below:

Email: privacy@fremantleports.com.au

Telephone: +61 8 9430 3555
Mail: PO Box 95, Fremantle, WA 6959
In person: 1 Cliff Street, Fremantle, Western Australia
The MSIC Centre takes privacy of personal information very seriously.  We will use reasonable efforts to deal promptly with inquiries and, in any event, will acknowledge your inquiry within 30 days.
 
MSIC Centre staff or employees may contact Fremantle Ports’ Human Resources department directly to update their personal information and can update their personal information directly via the internal Human Resources system.
 
If your complaint is not resolved, you may then contact the Office of the Australian Information Commissioner for further review on 1300 363 992.  You may complain directly to the Office of the Australian Information Commissioner on that number at any time, though it is likely that they will request you use our complaint process before they review your complaint further.

Back to top
 

11. Non-personal information


Fremantle Ports’ website records visits and logs the following information for statistical purposes:
  1. user’s server address
  2. user’s top level domain name (eg. .com, .gov, .au, etc.)
  3. the date and time of the visit to the website
  4. pages accessed and documents downloaded
  5. the previous website visited, and
  6. the type and version of browser used.

No attempt is made to identify users or their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the service provider’s logs. This website does not use cookies.

Back to top