Privacy Policy

Privacy Act 1988

The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of personal information about individuals. Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.


The Privacy Act includes thirteen Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for the handling, holding, use, accessing and correction of personal information (including sensitive information). The APPs regulate how organisations can collect, hold, use and disclose personal information and how you can access and correct that information. The APPs only apply to information about individuals, not information about corporate entities such as businesses, firms or trusts. Available here.

Information covered under this privacy policy

This privacy policy has been developed in accordance with APP 1 and embodies our commitment to protecting the privacy of personal information. It covers how we collect and handle personal information, including sensitive information. ‘Sensitive information’ means personal information about you that is of a sensitive nature, including information about health, genetics, biometrics or disability; racial or ethnic origin; religious, political or philosophical beliefs; professional association or trade union memberships, sexuality; or criminal record. Special requirements apply to the collection and handling of sensitive information. This privacy policy is not intended to cover our handling of commercially sensitive information or other information that is not personal information as defined in the Privacy Act.

Collection of personal information

Personal information may be collected directly by us, or by people or organisations acting on our behalf. It may be collected directly from you, or on your behalf from a representative you have authorised. Under the APPs, we will only collect information for a lawful purpose that is reasonably necessary for, or directly related to your employment with us, or where otherwise required or authorised by law.

How we collect personal information

We primarily use forms, online portals and other electronic or paper correspondence to collect your personal information. By signing paper documents or agreeing to the terms and conditions and disclaimers for electronic documents you are consenting to the collection of any personal information you provide to us. 

We may also collect your personal information if you: 

  • communicate with us by telephone, mail, email, fax or SMS; 
  • attend a face to face meeting or event conducted by us or our contractors; 
  • use our websites; 
  • interact with us on our social media platforms. 

Storage and data security


We hold personal information in a range of paper-based and electronic records, including cloud computing.

Data security

We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse. Access to your personal information held by us is restricted to authorised persons who are departmental employees or contractors, on a need to know basis.

Data quality

We take all reasonable steps to ensure that the personal information we collect is accurate, up-to-date, complete, relevant and not misleading.

These steps include responding to requests to correct personal information when it is reasonable and appropriate to do so. Audits and quality inspections are also conducted from time to time to ensure the accuracy and integrity of information, and any systemic data quality issues are identified and resolved promptly.


Purposes for which information is collected, held, used and disclosed

We collect personal information for a variety of different purposes relating to our functions and activities including:

  • performing our employment and personnel functions in relation to our staff;
  • performing our legislative and administrative functions;
  • policy development, research and evaluation;
  • complaints handling;

We use and disclose personal information for the primary purpose for which it is collected. We will only use your personal information for secondary purposes where we are able to do so in accordance with the Privacy Act. This may include where you have consented to this secondary purpose, or where the secondary purpose is related (or if sensitive information, directly related) to the primary purpose and you would reasonably expect us to use or disclose the information for the secondary purpose, where it is required or authorised by law or where a permitted general situation exists such as to prevent a serious threat to safety.

Likely secondary purposes for which we many use or disclose your personal information include but are not limited to: quality assurance, auditing, reporting, research, evaluation and analysis, and promotional purposes.


Electronic communication

There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via our website or social media platforms. If this is of concern to you then you may use other methods of communicating with us, such as post, fax or telephone (although these also have risks associated with them).

We only record your email address when you send a message to us or subscribe to one of our mailing lists. Any personal information, including email addresses, will only be used or disclosed for the purpose for which it was provided.


Accidental or unauthorised disclosure of personal information

We will take it seriously and deal promptly with any accidental or unauthorised disclosure of personal information. Legislative or administrative sanctions may apply to unauthorised disclosures of personal information.


Accessing and Correcting Your Personal Information

How to seek access to and correction of personal information

You have a right under the Privacy Act to access personal information we hold about you. You also have a right under the Privacy Act to request corrections of any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

Our access and correction process

If you request access to or correction of your personal information, we will respond to you within 7 calendar days. While the Privacy Act requires that we give you access to your personal information upon request or an opportunity to request the correction of your personal information, it does set out circumstances in which we may refuse to give you access or decline to correct your personal information.


If we refuse to give you access or make corrections to your personal information, we will provide you with a written notice which, among other things, gives our reasons for refusing your request. Complaints or further information about our Privacy Policy should be addressed to: