February 2026

Part 1

Overview

The Australian Naval Nuclear Power Safety Regulator (ANNPSR/the Regulator) Privacy Policy is designed to inform individuals about the way ANNPSR collects, stores, uses and discloses personal information. This Privacy Policy also sets out how you can access or seek correction of your personal information held by the Regulator. 

The Australian Privacy Principles (APPs) outlined in Schedule 1 of the Privacy Act 1988 (Privacy Act) regulate how ANNPSR, as an APP entity, handles your personal information. More information on the APPs can be found on the Office of the Australian Information Commissioner’s (OAIC) website.

In this Privacy Policy:

• Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable. This is regardless of whether the information or opinion is true or not.
• Sensitive information is a subset of personal information and includes information or an opinion about your racial or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, sexual orientation, criminal record, health information, biometric information and genetic information.

The ANNPSR Privacy Policy is reviewed annually to ensure the information it contains is accurate, complete, relevant and up-to-date. ANNPSR will also update the Privacy Policy when its information handling practices change. All updates will be published on the ANNPSR website.

Exemptions from the Privacy Act

The APPs do not apply to operational intelligence information collected, reported or analysed by ANNPSR and personal information for special access programs under which foreign governments provide restricted access to technologies.

Who should read this Privacy Policy?

You should read this Privacy Policy if you are:

• an individual considering employment at ANNPSR (including ADF members who may be or become engaged in an ANNPSR role)
• seeking a licence under ANNPSR’s legislative or regulatory framework
• have communicated with ANNPSR or the Minister for Defence about ANNPSR.

ANNPSR collects personal information about individuals within, and external to, ANNPSR, including:

• relevant members of the ADF
• ANNPSR APS employees or candidates seeking prospective ANNPSR employment
• emergency contacts of relevant ADF members and ANNPSR APS employees
• contractors, consultants, outsourced service providers, suppliers or vendors of goods and services to ANNPSR
• people and agents of organisations doing business with ANNPSR
• individuals involved in investigation and/or enforcement proceedings
• people seeking a licence under ANNPSR’s legislative or regulatory framework
• people who are or who have been in contact with ANNPSR or the Minister for Defence about ANNPSR.

Part 2

The kinds of personal information we collect and hold

We collect personal information about you when it is reasonably necessary for, or directly related to, our functions or activities.

We may also collect sensitive information where collection is allowed under the Privacy Act.

The nature and extent of personal information ANNPSR collects and holds will vary depending on an individual’s particular relationship and interaction with ANNPSR. The kinds of personal and sensitive information collected and held by ANNPSR include:

• information about you (e.g. name, address and contact details)
• information about your interactions with ANNPSR (e.g. services provided, applications, complaints and feedback, online services)
• information about your circumstances (e.g. family circumstances, financial situation, employment, health and welfare)
• information to verify your identity (e.g. tax file numbers, biometric information).

A more detailed list of the kinds of personal and sensitive information we collect and hold is set out in Annexure A of this Privacy Policy.

Part 3

How we collect personal information

ANNPSR collects personal information through a variety of channels. This includes information provided in forms you fill out, in applications you make, in electronic or paper correspondence you provide, in person, over the telephone, via the ANNPSR website, and through ANNPSR enterprise systems (eg PMKeyS (Personnel Management Key Solution) and Aurion - organisational data management systems).

Due to the scope and nature of ANNPSR’s activities it is not always possible to collect personal information directly from you. ANNPSR may collect personal information about you indirectly from a range of other sources including, but not limited to:

• publicly available sources
• your access to ANNPSR websites, or information and communications networks and systems
• your family members
• past and present employers and referees
• other government agencies and organisations
• your commander, manager and supervisor.

ANNPSR may also generate personal information about you in the course of undertaking its functions or activities. When your personal information is collected from a third party, we will only do so in accordance with the Privacy Act and any other applicable laws (e.g. secrecy provisions in other legislation).

Anonymity

Where possible, ANNPSR will allow you to interact with us anonymously or using a pseudonym. However, for most functions and activities we will usually need your name, contact details and enough information about the particular matter to enable us to deal with the matter fairly and efficiently.

Unsolicited personal information

If we receive unsolicited personal information and decide that ANNPSR is not permitted to collect it in accordance with the APPs, we will take reasonable steps to destroy or de-identify the information as soon as practicable unless it is a Commonwealth record, or it is unlawful or unreasonable to do so.

Part 4

How we hold personal information

ANNPSR takes reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. This includes:

• conducting regular system audits to ensure that it adheres to its established protective and information security practices
• applying protective measures include password protections, access privileges, secure cabinets or containers, and physical access restrictions
• documents containing personal information also carry dissemination limitation markers, where appropriate.

Access to personal information about you is restricted to ANNPSR personnel who have a need to access the information for purposes which are directly related to or reasonably necessary for their duties in support of ANNPSR’s functions or activities.

ANNPSR personnel are also required to undertake mandatory protective and information security training as part of on boarding, and personnel with access to ANNPSR organisational management systems; PMKeyS and Aurion, must demonstrate knowledge and an understanding of the APPs. In addition to the statutory and policy security measures for the protection of personal information practised by ANNPSR, reasonable steps must be taken to ensure that the information is protected.

ANNPSR stores personal information about you as hardcopy documents or as electronic data within its record management or information technology systems.

ANNPSR protects personal information about you in accordance with the policy provided for in the Protective Security Principles Framework in order to take reasonable steps to protect that information against loss, unauthorised access, use and disclosure, modification and misuse.

ANNPSR will only destroy personal information in accordance with statutory requirements, including the Archives Act 1983 and in consultation with relevant authorities authorised to destroy the information. ANNPSR records must be retained and accessible for as long as they are legally required.

Part 5

Why we collect, hold, use and disclose your personal information

ANNPSR only collects personal information that is reasonably necessary for, or directly related to, its functions or activities.

The legislative framework under which ANNSPR operates has the following objectives[1]:

• promoting the nuclear safety of activities relating to AUKUS submarines
• promoting public confidence and trust in relation to the nuclear safety of Australia’s nuclear-powered submarine enterprise
• promoting the defence and interests of Australia
• supporting the AUKUS partnership.

To satisfy these objectives and ANNPSR’s functions under the legislation, ANNPSR collects personal information for various purposes depending on the individual’s relationship with ANNPSR. Generally, the ANNPSR collects personal information for the following purposes:

• the recruitment, administration and management of relevant ADF members and APS employees in ANNPSR
• conduct of ANNPSR business activities with the individual and/or operations
• ANNPSR community engagement
• the engagement of external service providers
• workforce planning and HR reporting
• identifying potential conflicts of interest
• performing security functions associated with information management, which includes website and email access
• legislative and regulatory purposes that require the grant of a licence and the subsequent regulation of any licence
• ANNPSR obligations under law including an international treaty or agreement.

Privacy notice

At the time (or as soon as reasonably practicable after) ANNPSR collects your personal information, we will provide you with a notice (known as the Privacy Notice or APP5 Notice). This APP5 Notice will contain information about:

• the purpose for which the information has been collected
• if the collection is required or authorised by law
• any person or entity to whom we usually disclose the information.

Use of consultants, contractors and outsourced service providers

ANNPSR uses consultants, contractors and outsourced service providers to undertake certain business functions. Personal information about you may be collected by or provided to an ANNPSR consultant, contractor or outsourced service provider when necessary. In situations where personal information about you is provided to a consultant, contractor or outsourced service provider, ANNPSR will generally retain effective control of the information and require privacy requirements (such as compliance with the APPs, information security, data breach response, training and auditing) are met in its terms of contract with the third party.

ANNPSR also has service agreements with other entities such as the Department of Defence and the Department of Industry, Science and Resources. Personal information about you may be provided to such entities in order for them to perform services for ANNPSR. These services include, but are not limited to, payroll, information and communications technology, and security services. Under the Privacy Act, we are required to take contractual measures to ensure that contracted service providers (including consultants, contractors and subcontractors) comply with the same privacy requirements applicable to ANNPSR.

Disclosure of your personal information

Generally, ANNPSR will use and disclose your personal information for the same purpose as collected. ANNPSR may use and disclose your personal information for a secondary purpose if you consent, or another provision in the Privacy Act allows it.

ANNPSR may, if you agree or it is permissible under the Privacy Act, disclose personal information about you to other APP entities such as:

• the relevant Minister and Assistant Ministers
• organisations that have a function in relation to, or affecting the administration of, ANNPSR APS employees, such as the Australian Taxation Office, Comsuper, Comcare, Comcover, the Child Support Agency or SmartSalary
• law enforcement agencies such as the Australian Federal Police, State and Territory Policing agencies
• Federal, State and Territory Courts and Tribunals
• other Australian Government departments and agencies for legislative, regulatory and administrative purposes
• overseas recipients for legislative, regulatory and reporting purposes to meet Australia’s national security and international obligations. 

ANNPSR does not disclose personal health information to any other person, including emergency contacts, unless the individual about whom the information relates has given express consent, or the disclosure is required or authorised by or under Australian law, or in circumstance where it is unreasonable to obtain the individual’s consent and the disclosure is necessary to lessen or prevent a serious threat to life, health or safety of an individual or to public health and safety.

If it is necessary for the acquisition or use of ANNPSR equipment and capability, ANNPSR may also disclose the personal information of those involved directly, or indirectly, to recipients in the countries where the recipients are located or the activities or functions are performed.

Overseas use and disclosures

ANNPSR may disclose personal information about you to a person or entity who is not in Australia or an external territory (overseas recipient) where it relates to ANNPSR activities or functions.

Personal information about you may be disclosed in the country where the recipient is ordinarily located, or in a country where the recipient is or, is soon to be, undertaking work related activities. 

For example, an ANNPSR employee posted to perform activities overseas through a personnel exchange program may have their personal information disclosed to overseas recipients in the country where the activities are being undertaken.

Part 6

Access to and correction of personal information

Under the Privacy Act you have the right to request:

• access to personal information that we hold about you, and
• correction to the personal information that we hold about you.

ANNPSR will provide you with access to the personal information that we hold about you in the manner requested if it is reasonable and practicable to do so. We will also take reasonable steps to correct personal information that we hold about you if we consider it is inaccurate, out-of- date, incomplete, irrelevant or misleading.

If we refuse to provide you with access or correct your personal information, we will notify you in writing and explain our reasons. You should be aware that ANNPSR’s ability to correct or amend personal information may be limited in some circumstances, such as if the refusal is required or authorised by law.

To make an access or correction request please put your request in writing to ANNPSR Privacy at privacy@annpsr.gov.au. 

Individuals may also want to seek their personal information by following the process set out below:

Part 7

Concerns about how personal information about you is handled

If you have questions about how personal information about you will be, or has been, handled by ANNPSR, you should contact ANNPSR Privacy (see contact details in Part 8 of this policy). Your concerns may be forwarded to the relevant area within ANNPSR for consideration and action, if appropriate.

ANNPSR is committed to quick and fair resolution of privacy complaints. However, some cases may require more detailed inquiry. ANNPSR undertakes to keep you informed of the progress of your complaint.

If you are dissatisfied with the way ANNPSR handles your privacy-related complaint, you may contact the Office of the Australian Information Commissioner. (See Part 8)

Part 8

Contact details

ANNPSR Privacy

Email:              privacy@annpsr.gov.au

Post:                PO Box 7925, Canberra BC ACT 2600

Office of the Australian Information Commissioner

Phone:             1300 363 992

Web:                www.oaic.gov.au/privacy 

Email:              enquiries@oaic.gov.au

Post:                GPO Box 5218, Sydney NSW 2001

[1] The following are Objects as per the Australian Naval Nuclear Power Safety Act 2024.

ANNEX A: Personal Information collected by the ANNPSR

The kinds of personal information collected by the ANNPSR for purposes directly related to or reasonably necessary for its functions or activities may include:

Information about you

• Name/Title
• Gender
• Marital Status
• Date and place of birth
• Contact details

Information relating to your employment and the workplace

• Equity and diversity information
• Next of kin details
• Emergency contact details
• Occupation
• Rank or classification
• Post nominals
• Professional areas of interest
• Languages spoken
• Hobbies/interests
• Driver license details
• Education qualifications
• Certificates/awards
• PMKeyS/Service number
• Training and development
• Employment history
• Professional references
• AGS number
• Personal history
• Discipline
• Workplace management history
• Biographies
• Application for recruitment/employment
• Written tasks undertaken during selection process
• Notes taken about you during selection process
• Personal information contained in selection process reports
• Records relating to attendance and overtime
• Leave applications and approvals
• Payroll and pay-related information
• Performance appraisals
• Trade, skill and aptitude test records
• Honours and awards
• Information related to character checks and security clearances
• Applications for compensation
• Information relating to rehabilitation and fitness for duty
• Information relating to workplace incidents

Information about your circumstances

• Financial information (e.g. taxation information, superannuation information)
• Residency details
• Citizenship details

Information about your interactions with us

• Completed questionnaires and personnel survey forms
• Complaints and grievances
• FOI requests
• Social media accounts
• Use of ANNPSR websites (e.g. server address, top level domain, pages accessed and documents downloaded)
• Any unsolicited or solicited material that enters the ANNPSR IT network
• Voice data
• Video images
• Photographic images
• Court documents
• Information relating to court proceedings
• Evidence provided in relation to enforcement matters and other investigations
• Witness statements