Privacy Policy

We protect your privacy in accordance with the Australian Privacy Principles (APP) in the Privacy Act 1988. Our APP Privacy Policy sets out what personal and sensitive information we have and how we handle it.

You can ask us for more information about how we handle personal or sensitive information by:


or in writing to:

Suite 4, Level 3
13-17 Castray Esplanade
Battery Point Tasmania 7004

Information we collect

When you browse our website, we record the following information from your browser for statistical purposes only:

  • the type of browser and operating system you are using
  • your top level domain name (for example .com, .gov, .au, .uk etc.)
  • the address of the referring website (for example, the previous website that you visited)
  • your computer’s public IP address (a number which is unique to the machine or network through which you are connected to the Internet, this is usually set by your Internet service provide).

Our server also logs the following information:

  • the date and time of your visit
  • the address of the pages accessed, the documents or resources downloaded and audit details of the actions you complete while using our service.

This information is used for the purposes of statistical analysis, system administration, monitoring of our website security, customisation of our website to user needs, evaluation, research, and development.

We don’t collect your personal information if you only browse this website. We won’t try to identify you unless there’s an investigation, for example if a law enforcement agency or court provides us with a legal warrant or subpoena. Your personal Information will be disclosed to third parties only as specified in this policy or if it’s required or authorised by law.

Any information logged is stored securely, and archived for a period of at least 12 months and possibly up to seven years.

Registration/sign in

To register or sign in to our website, you must provide your name, a valid email address, company information, street or billing address and a password. These details will only be used for the purpose for which you have provided them and will not be added to any other mailing lists unless you specifically ask us to. Email mailing list addresses are stored on a separate server and can be accessed by authorised staff only. Your email address will not be disclosed without your consent, unless required by law.


VITAL Online uses similar security practices and protocols as those applied to other secure online services, such as banking and telecommunication systems. This includes the use of encryption, monitoring, auditing and intrusion detection to protect information travelling between users and the VITAL Online platform as well as information stored on our servers. The Allergen Bureau has no access to commercially sensitive information stored or created by the VITAL Online platform and only limited access to account creation and subscription management information for administrative purposes.

Each VITAL Online account is configured at creation with one account owner and this person is responsible for all access to their account by any additional users. No access can be granted to a VITAL Online account unless approved by the account owner. The account owner is provided with the functionality to manage additional users’ access levels to their account, including the ability to view those granted access, instantly remove or disable access by those additional users granted access and can also apply object level permissions to data within their account. The account owner can enable additional security features on their account such as a requirement that all users have the same domain name in their email address.


A cookie is an electronic token that is passed to your browser and your browser passes it back to the server whenever you request or load a page.

Our server may generate multiple cookies. These are used to keep track of the pages you have accessed and manage the security of any authenticated actions you take while using our server. The cookie allows you to page back and forward through our website and return to pages you have already visited. The cookies generated by our server are only active for the time you are accessing our server.

Please note that some browsers can be configured to allow cookies to be accessed by servers other than the originating server. Most browsers can also be configured to notify the user when a cookie is received, allowing you to either accept or reject it. Some of the functions of our website require cookies be enabled in your browser to function correctly.


Our Privacy Policy may change from time to time. Where we make significant changes or modifications we may also provide registered users with notification (via email or addressed mail for example). You can always view our current Privacy Policy from our website.

Website feedback

We want your feedback so we can improve the services our website provides.

If you have any comments on the technical operations or functionality of the pages of our website, please email us at

Providing your feedback is voluntary and does not in any way affect your access to this website.