Planned system maintenance: 16 to 17 May 2025

From 11:30 pm AEST Friday 16 May to 11:30 pm AEST Saturday 17 May RAM will be unavailable due to system maintenance.

Relationship Authorisation Manager privacy notice

Find out about our privacy notice for Relationship Authorisation Manager (RAM).

Last updated December 2024

On this page

About RAM and this privacy notice

RAM is a digital service administered by the Australian Taxation Office (ATO) as part of the Australian Government's Digital ID System (AGDIS). It gives Australian citizens and residents a single and secure way to access online government services.

RAM can be used to:

  • link your business to a single Digital ID
  • manage your business authorisations in one place
  • grant others authority to act on behalf of your business, when interacting with government online services.

By using RAM, you agree and provide your express consent that we may collect, hold, use and disclose your personal information, as set out in this privacy notice. Separate privacy notices apply to other government departments or agencies participating in the Digital ID program.

The ATO is subject to the Privacy Act 1988 (Privacy Act), incorporating the Australian Privacy Principles (APPs), the Australian Government Agencies Privacy Code 2017 (APP agency code registered under the Privacy Act). The RAM system is accredited under section 15 of the Digital ID Act 2024 which governs the ATO’s management of the system, in respect of personal information it collects, uses and discloses about you when you use the RAM service.

Collection of personal information

We are authorised by the Privacy Act to collect personal information about you for the purpose of operating the RAM service. The types of personal information collected by RAM include your:

  • full legal name (pre-filled from your Digital ID details)
  • email address
  • date of birth (pre-filled from your Digital ID details)
  • address
  • relationship to the business
  • associate authorisation provided for employee access.

Personal information may also include:

  • information about services you have accessed or attempted to access
  • information on the method of access
  • your internet protocol number (IP address)
  • the date and time your identity was verified.

This personal information must be collected before you can use RAM to link your Digital ID to your business. Your business must have an active Australian Business Number (ABN) on the Australia Business Register (ABR) to successfully complete a link in RAM.

RAM will create and store a record of the business, or businesses, that are successfully linked to your Digital ID.

If we don’t collect your personal information, you won’t be able to use RAM. It will also affect your ability to enable authorised users and to represent your business or businesses with any government agencies and services.

Use and disclosure of personal information

Personal information held in RAM may be used by the ATO and disclosed to other Digital ID System participants, such as:

  • the Australian Competition and Consumer Commission (ACCC) in its role as the Digital ID Regulator for AGDIS
  • the Office of the Australian Information Commissioner (OAIC) in its role as the Privacy Regulator for the AGDIS
  • Services Australia in its capacity as the System Administrator of the AGDIS 
  • Treasury in its capacity as the Data Standards Body for the AGDIS

This is for the purpose of verifying, creating and maintaining the relationship between your Digital ID and business, as well as the authorisations linked to the business to access government online services on behalf of the business.

Your personal information may be used to:

  • compile statistics and reports to enhance the RAM system and services 
  • assist to identify and respond to issues that indicate authentication integrity risks
  • analyse, prevent, detect, manage and investigate fraudulent activity and suspected system misuse of RAM, which may lead to criminal prosecution.

We won’t use or disclose your personal information for any other purpose unless you have provided your consent or we are required or authorised to do so under an Australian law or a court or tribunal order, including to an enforcement body for an enforcement related activity.

We won’t disclose personal information collected through RAM to overseas recipients. Your personal information will be stored securely in Australia.

We won’t use or disclose personal information for the purpose of direct marketing.

You can remove your authorisation and withdraw your express consent in RAM at any time; however, some personal information may be retained in accordance with the Digital ID Act 2024, Digital ID Accreditation Rules 2024 and the Archives Act 1983. By withdrawing your express consent, you will no longer be able to use RAM. It may also affect your ability to enable authorised users and to represent your business or businesses with any government agencies and services.

How we hold personal information

We take reasonable steps to protect your personal information against:

  • loss
  • interference
  • misuse, or
  • unauthorised access, unauthorised modification or unauthorised disclosure.

We use physical and technological controls to ensure only staff needing access to your personal information can access it.

To protect the personal information we hold, we apply industry-best security methods, including:

  • information technology and physical security audits
  • penetration testing and industry best practice risk management
  • system security technologies.

Personal information used to create, verify and manage your relationships and authorisations in RAM is stored separately from other records the ATO holds to protect the confidentiality of your personal information.

Further information

The RAM privacy policy contains further information about how we handle your personal information, including information about:

  • how you can access and seek correction of your personal information held by us
  • how to make a complaint if you think we have breached the Australian Privacy Principles or APP agency code, and
  • how we will deal with complaints.

For more information about RAM and your privacy, or if you believe your privacy has been breached, you can:

  • phone 1300 661 542 and ask for the Privacy Hotline
  • phone the ATO Complaints and Feedback Line on 1800 199 010
  • write to

AUSTRALIAN TAXATION OFFICE
GPO BOX 9990
[insert the name and postcode of your capital city]

For example:

AUSTRALIAN TAXATION OFFICE
GPO BOX 9990
SYDNEY  NSW  2001