Privacy Policy
Privacy Policy
About This Policy
This Privacy Policy describes how the Institute for Autonomous Governance Pty Ltd (ACN 696 112 277) (Institute, we, our) handles personal information in connection with araf-standard.org.
The Institute is bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Information We Collect
2.1 Information collected automatically
When you visit this site, our hosting infrastructure (Netlify) automatically collects certain technical data, including:
- IP address;
- browser type and version;
- referring URL;
- pages accessed and time of access; and
- approximate geographic location derived from IP address.
This data is collected and retained by Netlify in accordance with Netlify’s own privacy policy. The Institute does not actively use this data to identify individuals. It may be used in aggregated, anonymised form to understand site usage patterns.
2.2 Information you provide
This site does not currently operate contact forms, newsletter subscriptions, user accounts, or other mechanisms through which visitors are invited to submit personal information.
If you contact us directly (for example, by email), we will collect the information you provide for the purpose of responding to your enquiry.
2.3 Cookies
This site does not use tracking cookies or third-party advertising scripts. Basic session or functional cookies may be set by the hosting platform. These do not identify you individually and are not used for advertising or behavioural profiling.
How We Use Information
Any personal information we hold is used only for the purpose for which it was collected, which is limited to:
- responding to direct enquiries; and
- maintaining the security and operation of this website.
We do not use personal information for marketing purposes, and we do not sell, rent, or share personal information with third parties except as described in section 4.
Disclosure of Information
We may disclose personal information:
- to our hosting and infrastructure service providers (currently Netlify), who process data on our behalf subject to appropriate confidentiality obligations;
- where required or authorised by Australian law; or
- with your consent.
We do not disclose personal information to third parties for their own marketing or commercial purposes.
Data Storage and Security
This site is hosted via Netlify and served from the araf-standard.org domain. Data processed in connection with site hosting may be stored on infrastructure located outside Australia. Where this occurs, we take reasonable steps to ensure that the overseas recipient handles the information in a manner consistent with the Australian Privacy Principles, including by selecting service providers with published privacy and security commitments (such as Netlify’s Data Processing Agreement).
We take reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access. However, no internet transmission is entirely secure, and we cannot guarantee the security of information transmitted to or from this site.
Data Retention
We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Enquiry correspondence is retained for a reasonable period to allow us to respond and maintain a record of the exchange.
Server logs retained by Netlify in connection with site hosting are subject to Netlify’s own retention policies, available at netlify.com.
International Visitors and GDPR
If you access this site from outside Australia, you do so on your own initiative and are responsible for compliance with local laws.
Where the General Data Protection Regulation (GDPR) applies to your use of this site, our lawful basis for processing automatically collected technical data is legitimate interest, specifically the operation and security of the website. You may have additional rights under the GDPR, including the right to erasure and data portability. To exercise these rights, contact us using the details in section 11.
Assessment and Accreditation Activities
Personal information submitted in connection with ARAF pilot assessments, accreditation applications, or other Institute programmes is governed by the specific agreements applicable to those activities (including the Pilot Participation Agreement or Accreditation Standard, as applicable), not by this website Privacy Policy.
Your Rights
You have the right to:
- request access to personal information we hold about you;
- request correction of inaccurate or incomplete personal information; and
- make a complaint about our handling of your personal information.
To exercise these rights or to make a complaint, contact us using the details in section 11. We will respond within a reasonable time and in accordance with the Privacy Act 1988 (Cth).
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date. We encourage you to review this page periodically.
Contact
For privacy enquiries:
© 2026 Institute for Autonomous Governance Pty Ltd (ACN 696 112 277) | Terms of Use | araf-standard.org