Effective Date: 5th of June, 2025

1. Introduction

The National Information and Communications Technology Authority (NICTA) is committed to protecting your privacy and ensuring the security of your personal information collected through the Type Approval Platform (“TA Online” or “Platform”). This Privacy Policy explains how we collect, use, share, and protect your data in accordance with the National Information and Communications Technology Act 2009 (NICT Act 2009), relevant international standards such as the International Telecommunication Union (ITU-R) recommendations, and best practices inspired by the General Data Protection Regulation (GDPR) principles.

By using the Platform, you consent to the practices described in this Policy. If you do not agree, please do not use the Platform.

2. Information We Collect

2.1 Personal Information

When you register and interact with the Platform, we collect:

• Full name, organization name, and contact details (email, phone, postal address)
• Identity documents and certifications (for verification and compliance)
• Professional or entity details (e.g. business registration information)
• Position or role within your organization

2.2 Product and Equipment Information

When you submit type approval applications:

• Manufacturer details
• Technical specifications
• Supported technologies and certifications
• Product model numbers and descriptions

2.3 Import Information

When you submit import permit applications:

• Quantities per model
• Import purposes
• Shipping, flight and logistics information

2.4 Technical Information

We automatically collect:

• IP address and device type
• Browser type and version
• Usage logs, session information, and cookies

2.5 Payment Information

For processing fees on Forms B and C:

• Transaction details (via our authorized payment gateway)
• Confirmation of successful payments

Note: We do not store complete credit card details; payments are processed through secure third-party providers.

3. Legal Basis for Data Processing

We collect and process your data on the following legal bases:

• NICT Act 2009: To administer ICT equipment approvals, compliance, and enforcement.
• Contractual Necessity: To fulfill obligations between you and NICTA related to the type approval and import permit processes.
• Legitimate Interest: To maintain the security, integrity, and functionality of the Platform.
• Legal Obligations: To comply with PNG laws and international agreements on ICT regulation and market surveillance.

4. How We Use Your Information

We use your data to:

• Process and review Form A (client registration), Form B (type approval), and Form C (import permit) submissions.
• Communicate with you regarding application status, approvals, and required actions.
• Issue official documentation (e.g. Type Approval Certificate, Import Permit) in PDF format.
• Manage client categories, fees, and import limitations.
• Facilitate PNG Customs enforcement at ports of entry.
• Ensure regulatory compliance, market integrity, and national security.
• Improve Platform usability, functionality, and security through analytics and performance monitoring.

5. Data Sharing and Disclosure

Your information may be shared with:

• NICTA Staff and Authorized Personnel: For application review and decision-making.
• PNG Customs Service: For verifying and enforcing import permits and regulatory compliance at ports of entry.
• Authorized Third-Party Service Providers: For secure payment processing, Platform maintenance, and technical support (bound by strict confidentiality agreements).
• Law Enforcement or Judicial Authorities: When required by applicable laws or court orders.
• International Regulatory Bodies: When necessary to align with ITU-R best practices and cross-border ICT equipment standards.

We do not sell your personal information to third parties.

6. Data Security

NICTA implements industry-standard technical and organizational measures to protect your data, including:

• Secure encryption of data in transit and at rest.
• Strict access controls with role-based permissions.
• Regular security audits, vulnerability assessments, and monitoring.
• Incident response procedures aligned with national and international best practices.

Despite our best efforts, users acknowledge that no online system is completely risk-free.

7. Data Retention

We retain your data only as long as necessary to:

• Fulfill the purposes outlined in this Policy.
• Meet legal and regulatory obligations under the NICT Act 2009 and relevant PNG regulations.
• Support potential audit, enforcement, and compliance activities.

Typical retention periods:

• Application records: At least 3 years.
• Technical logs and usage data: 6 months before anonymization or deletion.

8. Your Rights

You have the right to:

• Access your personal data held by us.
• Request corrections or updates to inaccurate information.
• Request deletion of your data (subject to legal retention requirements).
• Object to certain types of data processing (e.g. direct marketing).
• Request a copy of your data in a portable format.

To exercise these rights, please contact us using the details in Section 12.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Enhance Platform functionality and security.
• Collect usage statistics to improve user experience.
• Manage user sessions and logins.

You can manage or disable cookies through your browser settings; however, some features of the Platform may not function properly without cookies.

10. International Data Transfers

While the Platform is primarily hosted in Papua New Guinea, certain data may be transferred internationally for:

• Secure cloud hosting
• ITU-R regulatory coordination
• Support and maintenance by authorized third-party providers

We ensure that adequate safeguards (e.g. contractual agreements, secure protocols) are in place to protect your data during such transfers.

11. Children’s Privacy

The Platform is intended for use by adult professionals and businesses. We do not knowingly collect or process data from children under the age of 18. If we become aware of such data being collected, we will promptly delete it.

12. Contact Information

For inquiries, assistance, or to exercise your privacy rights, please contact:

National Information and Communications Technology Authority (NICTA)
Type Approval Support
P.O. Box 8444, Boroko, NCD, Papua New Guinea
Phone: +675 3033 200
Email: typeapprovals@nicta.gov.pg
https://www.nicta.gov.pg

13. Changes to This Privacy Policy

NICTA reserves the right to update this Privacy Policy to reflect changes in our practices, technology, or legal obligations. We will notify users of material changes by posting the updated Policy on the Platform and updating the “Effective Date” at the top.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy.