Privacy Collection Notice
Data Clearing House platform
Last updated
Data Clearing House platform
Last updated
This privacy collection notice sets out how CSIRO collects and manages your personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act).
For further information about how the CSIRO manages personal information including how to make a complaint, please see our Privacy Policy available at
access data hosted on the ‘Hub’ via (website), which is the data clearing house platform maintained by CSIRO that supports near real-time data analytics and equipment control services in relation to connected buildings and building systems (Portal);
access services, being the provision of and access to the Hub, the Hub data and the Portal and any service provided by CSIRO that are incidental to or necessary for the provision or support of those services (Services).
interact with the Website, the Portal or the Services
provide it to us verbally or in writing for the purpose of requesting an Account to access the Portal and Services (Account), or where you request support or maintenance regarding your Account
send us information by email or regular mail
your full name
your work and mailing address
contact details, such as your email address, mobile or phone number
the organisation that employs you
Your personal information will not be collected if you are only browsing the Website but we do use cookies to better tailor our information and our services to meet your needs. Cookies may record information about your visit, including the type of browser and operating system you use, the previous site you visited, your server’s IP address, the pages you access and the information downloaded by you. While this anonymous statistical data may be aggregated and used in broader statistical analysis by us and our web monitoring service provider to improve our services, at no time can we personally identify you as the source of that data.
Generally, we will not collect your sensitive information.
Sensitive information will only be collected with your consent.
Whenever possible, we gather personal information directly from the individual to whom it pertains.
the Controller requests for you to become a Designated Representative of the Controller, for the purpose of providing or accessing data or otherwise exercising any rights of the Controller in relation to the Account (Designated Representative), and where the Controller provides us with your email address to use as your ‘user identification’ in the Account;
the Controller or a Designated Representative requests for you to become a Nominated User of the Portal and Services, and where the Controller or a Designated Representative provides us with your email address to use as your ‘user identification’ in the Account.
you are authorised to provide that information to us
you have obtained the express consent of the individual to disclose their personal information to us for its relevant use
you have informed that person about our privacy policy including who we are, how we use and disclose personal information, and that they can gain access to, and correct the information.
to set up and activate your Account with us
to consider your request for an account with us
to enable us to provide access to the Portal and Services to you
to carry out or respond to your queries or requests
to provide information to you that you have requested
to any third party suppliers of our services, including third party application owners
to our third party service providers to assist us in providing and improving our services to you, and to analyse trends and better understand your needs or to develop, improve our services to you
for regulatory reporting and compliance with our legal obligations
to monitor or improve the quality and standard of service that we provide to you
to consider any concerns or complaints you may raise against us
to our agents, successors and/or assigns
to notify you of new services that may be of interest to you
to notify you of any updates to our terms and conditions or privacy statements
to notify you of any outages or scheduled maintenance of the Portal or Services
By agreeing to our privacy policy or by providing your personal information to us, or both, you are taken to have consented to the use and disclosure of your personal information for the above purposes.
We will not use your personal information for any other purpose without your consent or where we do use your information for another purpose, it will either be for a purpose which we believe is related to the purpose for which you first provided us with the information or for a purpose which you would expect.
We may also provide your personal information to third parties as outlined in this privacy policy.
Other than as outlined in this privacy policy or in any notice provided to you at the time of collecting your personal information, we will not disclose your personal information without your consent unless disclosure is either necessary to prevent a threat to life or health, authorised or required by law, reasonably necessary to enforce the law or necessary to investigate a suspected unlawful activity.
We will not use or disclose your personal information for marketing purposes, unless you opt-in to these communications.
We deal with third party service providers who may assist us with a variety of functions including with research, security, data storage, information processing or technology services. By agreeing to accept the terms of our privacy policy or by providing your personal information to us, or both, you are taken to have consented to us disclosing your personal information to our third party service providers. Where we engage third party service providers to perform services for us, those third parties may be required to handle or deal with your personal information. Under these circumstances, those third parties must safeguard this information and must only use it for the purposes for which it was supplied and we will make all reasonable enquiries to try to ensure that this is the case.
Wherever possible, we will limit the information provided to independent third parties to that information required for those third parties to properly perform their functions. Further, our contracts with these third parties will always require the third parties to comply with the APPs (or equivalent standards).
We do not intend to send any personal information to a third party overseas.
Hub data collected through use of the Portal or use of the Services will be stored on Amazon Web Services (AWS) servers in Australia. De-identified information of users may also be stored on AWS servers in Australia and accessible only by our authorised representatives. No personal information is stored on the Portal.
We have implemented appropriate processes (including computer and network security, including firewalls and passwords) to protect personal information from loss, misuse and interference and from unauthorised access, modification or disclosure. In addition, access to your personal information is limited to those who specifically need it to conduct their responsibilities.
We and our third party service providers take all necessary steps to destroy or permanently de-identify your personal information where it is no longer required and to protect your personal information from loss, misuse and interference and from unauthorised access, modification or disclosure.
How and why we may collect your personal information
How it is used
When and how we might share it with others
How you can access and seek to correct your personal information
Version 1.0 (August 2023)
Our Privacy Policy is available at
To find out more about how we manage personal information please contact