Privacy Policy

Last Updated: April 2026

1. Legal Framework

WALGA handles personal information in accordance with:

• The Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs)
• The Privacy and Other Legislation Amendment Act 2024 (Cth), including the statutory tort of serious invasion of privacy and strengthened security obligations
• The Notifiable Data Breaches scheme (Part IIIC of the Privacy Act)
• The Privacy and Responsible Information Sharing Act 2024 (WA) as it applies to information shared with WALGA by WA local governments and WA public-sector entities, including the WA Information Privacy Principles (IPPs) once those provisions are in force
• Record-keeping obligations under the State Records Act 2000 (WA) and the Local Government Act 1995 (WA) as they apply to council records

2. Information We Collect

Personal Information

When you use the RAE Portal, we collect:

• Name and email address (via account registration)
• Organization/Council affiliation
• Job title or position
• IP address and browser information
• Login and access timestamps

Submission Data

The portal collects council road asset and expenditure data including:

• Federal and State grant expenditure figures
• Road works program details
• Financial reconciliation data
• Recycled materials and active transport usage statistics
• Supporting documentation and comments

Information from Third-Party Sources

To provide regional and statewide analytics, the portal also draws on reference data from:

• WA Local Government Grants Commission (WA LGGC) — population, asset preservation needs, revenue capacity, and Financial Assistance Grants allocations per council
• Bureau of Infrastructure and Transport Research Economics (BITRE) — national road network data
• Main Roads WA — road inventory and ages
• Australian Bureau of Statistics — Producer Price Index series used for inflation factors
• Subject-matter expert advisors engaged by WALGA — reviewed cost-model parameters and validation

Reference data of this kind is generally aggregate or council-level and does not normally identify individuals.

3. How We Use Your Information

We use the information collected for the following purposes:

• Service Delivery: To provide access to the RAE Portal and process submissions
• Data Analysis: To compile regional and state-wide road asset reports
• Communication: To send submission reminders, updates, and support responses
• Compliance: To meet legal and regulatory requirements for grant reporting, including obligations under the Roads to Recovery Funding Agreement and related Commonwealth and State programs
• Improvement: To improve portal functionality and user experience
• Security and Audit: To detect and prevent unauthorized access, support audits and investigations, and meet record-keeping obligations

4. Automated Processing

The portal applies validation rules, cost-model calculations, and statistical aggregations to council-level submission data to produce regional and statewide outputs. These computations operate on council financial and asset data; they do not make automated decisions about individuals that would have legal or similarly significant effects on those individuals. Where cost-model outputs are used to inform funding allocations or policy advice, the WALGA officers and stakeholders involved retain professional judgement and oversight.

5. Data Storage and Security

Storage Location

Submission data, reference data, and identity data are stored within Australia. The portal's Microsoft Fabric capacity, Microsoft Entra (Azure Active Directory) tenancy, and Azure App Service web application are all provisioned in the Australia East region. The platform uses Microsoft Azure and Microsoft Fabric for storage and processing, and Microsoft Power BI for analytics and dashboarding.

Security Measures

We apply industry-standard security practices, including:

• HTTPS/TLS encryption for all data in transit
• Encryption at rest for the underlying data stores
• Authentication and role-based access control (RBAC)
• Activity and access logging for audit purposes
• Regular security review and monitoring
• Automated backup and disaster recovery procedures
• Vendor due diligence for cloud and email service providers

6. Cross-Border Data Disclosure

Personal information and submission data are stored and processed in Australia. The portal's Fabric capacity, Entra tenancy, and web application are all provisioned in the Australia East region. Microsoft, as the cloud platform operator, is a global organisation whose support personnel may, under contractual safeguards, access systems for limited maintenance, security, or troubleshooting purposes from outside Australia. WALGA takes reasonable steps to ensure that overseas recipients of personal information do not breach the Australian Privacy Principles, consistent with APP 8.

7. Data Sharing and Disclosure

We may share your information with:

• Government Agencies: Federal and State departments — including the Department of Infrastructure, Transport, Regional Development, Communications and the Arts; the WA Department of Transport; and the WA LGGC — for grant compliance, policy, and funding reporting
• Member Councils: Aggregated regional and statewide outputs, and council-specific outputs returned to that council
• Subject-matter advisors engaged by WALGA: Reviewed model outputs and validation, under confidentiality arrangements
• Service Providers: Microsoft (Azure, Fabric, Power BI) for hosting and analytics; email delivery providers [Review: name email service — e.g. Office 365 / SendGrid]
• Legal Requirements: When required by law, court order, or to protect rights and safety

We will NOT:

• Sell personal information to third parties
• Share council-specific data publicly without permission, except where required by law
• Use your data for marketing purposes without consent

8. Freedom of Information and Public Release

Council submissions made through the portal form part of the council's records and may be subject to release under the Freedom of Information Act 1992 (WA) at the council level. Aggregated and statewide outputs produced by WALGA are routinely published or shared with government as part of WALGA's reporting role. WALGA will not voluntarily release identifiable council-level data publicly without the council's permission, except where compelled by law or required by a funding program.

9. Your Rights

Under the Australian Privacy Principles you have the right to:

• Access (APP 12): Request access to the personal information we hold about you
• Correction (APP 13): Request correction of personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading
• Complain: Make a privacy complaint to WALGA, and to the Office of the Australian Information Commissioner (OAIC) and, where applicable, the WA Information Commissioner

The Privacy Act does not give a general right to erasure or data portability of the kind found in some overseas privacy regimes. WALGA will, however, consider deletion or de-identification requests on a case-by-case basis, balanced against record-keeping obligations under the Roads to Recovery Funding Agreement, the State Records Act 2000 (WA), and other applicable laws. Submission data forming part of statutory reporting cannot generally be deleted on request.

To exercise these rights, contact: infrastructure@walga.asn.au.

10. Data Retention

We retain information for the following periods [Review: confirm retention periods match actual implementation in Fabric and audit logging]:

• Submission Data: 7 years (to meet government record-keeping requirements)
• User Accounts: Duration of active employment + 2 years
• Access Logs: 2 years

11. Cookies and Tracking

The RAE Portal uses:

• Session Cookies: To maintain your login session (essential)
• Functional Cookies: To remember your preferences

We do not use third-party advertising or analytics cookies.

12. Notifiable Data Breaches

WALGA participates in the Commonwealth Notifiable Data Breaches scheme. If we become aware of an actual or suspected data breach involving personal information held in the RAE Portal, we will:

• Promptly assess whether the breach is likely to result in serious harm to any affected individual
• Take reasonable steps to contain the breach and remediate the cause
• Where the breach is an "eligible data breach" under the Privacy Act, notify affected individuals and the OAIC as soon as practicable, and in any event within the period required by the Act
• Where the breach engages the Privacy and Responsible Information Sharing Act 2024 (WA) once in force, also notify the WA Information Commissioner and any affected WA public-sector body

13. Accessibility

WALGA aims for the RAE Portal to conform with the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA, consistent with WALGA's obligations under the Disability Discrimination Act 1992 (Cth) and the Equal Opportunity Act 1984 (WA). If you experience an accessibility barrier in the portal, please contact us and we will work with you to provide the information you need in an accessible form.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes via email or portal notification. The "Last Updated" date at the top indicates the most recent revision.

15. Contact Us

16. Complaints

If you believe your privacy has been breached, please contact our Privacy Officer first. If you're not satisfied with our response, you may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)
GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Website: www.oaic.gov.au

Where the matter relates to information shared by a WA public-sector body and falls within the scope of the Privacy and Responsible Information Sharing Act 2024 (WA), complaints may also be made to the:

WA Information Commissioner [Review: confirm contact details once the office under the WA PRIS Act is operational]