Relationship Authorisation Manager privacy notice

Relationship Authorisation Manager (RAM) is a digital service administered by the Australian Taxation Office (ATO) as part of the Commonwealth Governments’ digital identity program, giving Australian citizens and permanent residents a single and secure way to access online government services.

RAM can be used to link your business to a single digital identity (such as the Commonwealth digital identity, myGovID), manage your business authorisations in one place and grant others authority to act on behalf of your business when interacting with government online services.

This privacy notice explains how the ATO collects, holds, uses and discloses personal information in relation to RAM.  Separate privacy notices apply to myGovID and to the collection, storage, use and disclosure of personal information by other Government Departments or Agencies participating in the digital identity program.

The ATO is subject to the Privacy Act 1988, incorporating the Australian Privacy Principles (APPs), and the Trusted Digital Identity Framework in respect of personal information it collects and holds about you when you use the RAM service.  More information about privacy rights and responsibilities is available from the Office of the Australian Information Commissioner.

By using RAM, you agree that the ATO may collect, use and disclose your personal information as set out in this privacy notice.

Collection of personal information

The ATO collects personal information about you for the purpose of operating the RAM service. The types of personal information collected by RAM include your:

  • first and last name
  • email address
  • date of birth
  • address
  • myGovID digital identity details.

If this personal information is not collected, you will not be able to use RAM to link your digital identity to a business. Your business must have an active Australian Business Number (ABN) on the Australia Business Register (ABR) to successfully complete a link in RAM.

RAM will create and store a record of the business, or businesses, that are successfully linked to your digital identity.

Use and disclosure of personal information

Personal information held in RAM will be used by the ATO, and disclosed to other State and Commonwealth Government entities. This is for the purpose of verifying, creating and maintaining the relationship between your digital identity and business, as well as creating and maintaining the authorisations for it.

We will not use or disclose your personal information for any other purpose unless you have consented or we are required or authorised to do so under an Australian Law or a court/ tribunal order.
The ATO is not likely to disclose personal information collected through RAM to overseas recipients. Your personal information will be stored securely in Australia.
We will not use or disclose personal information for the purpose of direct marketing.

How we hold personal information

We protect your personal information against:

  • loss
  • unauthorised access use
  • modification
  • disclosure
  • other misuse.

We use a range of physical and technological controls to ensure only staff needing access to your personal information are able to access it.
To protect the personal information we hold, we apply industry-best security methods, including:

  • information technology and physical security audits
  • penetration testing and industry best practice risk management
  • system security technologies.

Personal information used to create, verify and manage your relationships and authorisations in RAM are stored separately from other records the ATO holds to protect the confidentiality of your personal information.

Further information

The ATO privacy policy contains further information about how the ATO manages your personal information, including information about how you can both:

  • access personal information held by the ATO and seek the correction of that information
  • complain about a breach of the Australian Privacy Principles, and how the ATO will deal with such a complaint.

 You have a right to request access to, or correction of, your personal information. Information about how you may access or request a correction to your personal information is set out in the ATO's Privacy Policy.