top of page

Privacy Policy

NDRI is committed to protecting your personal information and complying with the Privacy Act 1988 (Cth) (“Privacy Act”) and Australian Privacy Principles (APPs).

This document describes the policies and procedures that we have in place for the management and protection of personal information that NDRI collects and holds.

The Privacy Act regulates the collection, use, disclosure, storage and security of personal information of government agencies and private organisations. The Privacy Act includes 13 binding Australian Privacy Principles (“APPs”) with which NDRI must comply in relation to its management of personal information.

What sorts of personal information does NDRI collect and hold?

Personal information is:

information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.

We collect personal information from staff, contractors, partners and from the public from a wide range of areas across NDRI. For example, we may hold personal information in the following types of records:

  • Research data for projects involving human participants

  • Client records

  • Project files with research partners

  • Personnel records

  • Recruitment records

  • Contractor information

  • Statutory appointment information (e.g. Board members)

  • Occupational Health and Safety records

  • Rehabilitation case management files

  • Security Files

  • Freedom of Information Requests

  • Subscription details (e.g. for NDRI publications)

  • Legal files

  • Education files

  • Ministerial correspondence

  • Complaint details

These types of files held by us from time to time may include personal information such as:

  • Name, residential address, occupation and residential email and telephone contact details;

  • Opinions and reactions to testing and research;

  • Health information; and

  • Credit card or other personal financial details.

The personal information on some of these files may also include sensitive information, including information about a person’s race or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information or genetic information.

How does NDRI collect and hold personal information?

Where it is reasonably practicable to do so, we collect personal information directly from you. However, on occasions, we may need to collect personal information from other sources such as public records, parents or guardians of children under the age of 18 years and third parties. When dealing with children, we seek parental consent prior to the collection of personal information, including photographs.

We may collect personal information in various ways, including via:

  • Online forms (such as subscription forms or registration forms for an event);

  • Surveys (hard copy or online);

  • Information associated with accessing and using NDRI websites;

  • Over the telephone ;

  • The use of biometric technology;

  • In-person in a meeting or interview scenario;

  • Via emails or other correspondence sent to NDRI;

  • By taking photographs or videos at NDRI events;

  • Third parties, for example, reports from referees of prospective employees; or

  • From publicly available information, such as interactions with NDRI via social media sites.

For what purposes does NDRI collect, hold and use personal information?

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.

NDRI will not charge any fee for your access request but may charge an administrative fee for providing a copy of your Personal Information.

In order to protect your Personal Information, we may require identification from you before releasing the requested information.

Disclosures of personal information overseas

We may disclose personal information overseas from time to time, for example in the course of a research project with an overseas entity, through publishing information or by storing information on a server located overseas. Where we may be transferring personal information overseas, we will either inform you and seek your consent to the arrangement or ensure that appropriate contractual measures are in place to ensure that the overseas entity protects the personal information to the same level as required of NDRI under the Privacy Act.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at:


With NDRI’s extensive and diverse activities, we collect, hold and use personal information throughout NDRI for many different purposes and via different methods. We only collect personal information for purposes directly related to our functions or activities under the SIR Act and only where it is necessary for or directly related to such purposes.

When we collect personal information from you for certain specific activities, where required, we will use a collection notice that deals specifically with that collection, including a description of the purposes for which we will use the personal information collected in that instance. Where relevant, our internal procedures and systems embed privacy protections to ensure we comply with our obligations under the Privacy Act.

We may use or hold personal information for the following general purposes:

  • to provide scientific and research services to both public and private sector clients;

  • to manage our employees and contractors, including to consider prospective employees;

  • to undertake research and testing as part of our functions under the SIR Act (such as information about individuals participating in focus group testing, including health information for food testing and information about physical reactions to food additives);

  • to maintain membership or subscriber records for our publications or club members; and

  • to promote and market our activities.

From time to time, we may need to disclose personal information to our joint venture partners or share information with contractors or agents who provide services to us, such as off-site file storage facilities and financial institutions which transmit payments on our behalf.

We will collect personal information from you for the purposes described in a collection notice and will only use or disclose your personal information for other purposes if:

  • you have consented to the other use;

  • you would reasonably expect, or have been told, that your personal information is usually passed on to other entities;

  • it is required or authorised by law;

  • it will prevent or lessen a serious threat to someone’s life, health or safety (including public health and safety);

  • required to take appropriate action in relation to suspected unlawful activity or serious misconduct;

  • required to locate a missing person; or

  • required to assert a legal or equitable claim or to conduct an alternative dispute resolution process.

Set out below is some further detail of how we may use personal information collected for certain of our main activities.

Visiting the NDRI website

When visiting, a record of your visit is logged. The following information, supplied by your browser, is recorded for statistical purposes to help improve the NDRI website:

  • user's server address (IP address)

  • user’s internet service provider (ISP)

  • user's operating system (for example Windows, Mac etc)

  • user's top level domain name (for example .com, .gov, .au, .uk etc)

  • date and time of the visit to the site

  • pages accessed and the documents downloaded

  • previous site visited if you visited from a hyperlink to our website via another web page

  • exit link

  • screen resolution

  • type of browser used.

No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation required by law where a law enforcement agency may exercise a warrant to inspect the Internet Service Provider's logs.

We will not release your personal information collected via the NDRI website to any person unless the law requires or permits it or your permission is given. We provide a secure environment and a reliable system but you should be aware that there are inherent risks associated with the transmission of information via the Internet. For those who do not wish to use the Internet, we provide alternative ways of obtaining and providing information; e.g. by contacting NDRI Enquiries by phone or e-mail.

Emailing NDRI

When you send an e-mail to a NDRI address (, the content and your details, including your e-mail address, become part of our records. Your e-mail address, acquired in this way, will not be added to any mailing list unless specified in a collection statement or unless we obtain your consent.

Completing an online form

Should you decide to complete and submit an online form on any part of the NDRI website, we:

  • may record personal details provided by you such as; e-mail address, street address, telephone number, occupation, company, areas of interest etc to the extent they are relevant to the purpose for which we are collecting them.

  • will only use this information for the purpose for which it was collected.

  • will not disclose this information without your consent except where NDRI may be required by law to disclose the information.

Research activities

We may conduct research involving human participants and this research may involve the collection of personal information, including health information, genetic information, or information about a person as part of social research. The collection of such information may also have ethical approval requirements.

When dealing with personal information in a research context, we will usually de-identify that information. If personal information is not de-identified, we will deal with personal information collected in the course of research in accordance with the Privacy Act.

We may also deal with personal information of research partners or clients when providing scientific research services and testing services to both public and private sector clients. This may include the following sorts of personal information:

  • Name, address, occupation and residential email and telephone contact details;

  • Opinions and reactions to testing and research; or

  • Health information.

  • Client information;

  • credit card or other personal financial details.

If we collect your personal information as part of our research activities, we will use that information for the purposes of the specific research activity and we may also add it to a database for the purpose of contacting you about future NDRI activities, but only where you would reasonably expect this or have consented.

NDRI Enquiries service

When you contact us for general information about our activities or about our research & Development we will:

  • Log the contact (online or otherwise) in a secure database;

  • Record your name and other contact details, and information about the nature of the enquiry and response provided;

  • Record phone calls for the purpose of quality assurance and coaching;

  • Not add you to a mailing list, but may seek consent to contact you to provide feedback on the service provided.

  • Not disclose the information collected without your consent except where NDRI may be required by law to disclose the information.

Direct communication from NDRI

We store the contact details of a wide range of clients and stakeholders, ranging from direct subscribers to periodical publications, to business, research and community contacts. This information may be used to disseminate information and to facilitate participation in events and NDRI activities. In managing this information, we will:

  • hold all personal information in secure databases, both at onsite and offsite locations.

  • ensure that at any time, a recipient of e-mailed mass communication may ask to “unsubscribe” from our central marketing/communication database.

  • ensure that a direct link to “unsubscribe” is generally made available in mass communications from us. Alternatively, unsubscribe requests can be made directly to NDRI Enquiries.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only:


  • For the primary purpose for which it was obtained

  • For a secondary purpose that is directly related to the primary purpose

  • With your consent; or where required or authorised by law.

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.

Access to your Personal Information

bottom of page