Privacy

Additional privacy notices for specific vic.gov.au websites

• Architects Registration Board of Victoria

  The Architects Registration Board of Victoria (ARBV) is established by the Architects Act 1991 (Vic) (Act).

  The ARBV’s role is to administer the Act which provides for the registration of architects (including companies and partnerships) and the regulation of their professional conduct.

  Any reference to ‘we’ or ‘our’ in this Privacy Statement (Statement) is a reference to the ARBV.

  What does this Statement do?

  When you access the ARBV website, we may collect a range of personal and/or sensitive information. This Privacy Statement sets out how we handle that information. It also tells you how you can access and correct the personal and/or sensitive information that the ARBV holds about you and how to make a complaint about a privacy matter.

  This Statement does not address how we handle personal and/or sensitive information which may be obtained from other sources, for example, when you contact us in person, by telephone or email, or where information is obtained from a third party. Any personal and/or sensitive information that we collect or obtain from other sources will be handled in accordance with the ARBV’s privacy policy.

  What information does ARBV collect, use and disclose?

  We may collect, use and disclose the personal and/or sensitive information in the course of carrying out our regulatory and enforcement functions under the Act.

  The type of personal and/or sensitive information that we may collect, use and disclose includes:

  • name, address and other contact details
  • date of birth
  • qualification and employment information
  • criminal history details
  • complaint or enquiry details
  • professional indemnity insurance details

  If you do not provide all or any part of the information requested by the ARBV we may be unable to process or respond to your query, application or complaint.

  How we collect your personal and/or sensitive information

  We may collect personal and/or sensitive information when you access the ARBV website to:

  • submit an online form (registration application, complaint or enquiry form)
  • make a freedom of information request
  • apply for a job at ARBV
  • update your personal information
  • respond to a survey or sign up for newsletters/information bulletins
  • visit ARBV’s website (using automated data collection software and systems)

  In most cases, we will tell you when we collect your personal and/or sensitive information and will provide you with a collection statement identifying the ARBV and advising you about why we are collecting the information and how we intend to hold, use and disclose it.

  Sometimes we may collect or receive personal and/or sensitive information about you from a third party. For example:

  • if an online complaint is made about you, we record this information
  • if an enquiry is received, we may record the terms of the enquiry and related details

  It is not always practical for us to advise people when we receive information about them from a third party. We will only use personal and/or sensitive information received from third parties to carry out our statutory functions and will only disclose this information with the person’s consent, unless legislatively required or permitted to do otherwise.

  Why we collect your personal and/or sensitive information

  The ARBV collects personal information (that is, information identifying you) and sensitive information (such as criminal history) to enable us to:

  • process registration applications, including payments
  • respond to complaints and enquiries

  We may also use your personal and/or sensitive information:

  • to provide you with updates from the ARBV
  • to maintain the Register of Architects and the Architects Disciplinary Register (published on the ARBV’s website)
  • for law enforcement by the ARBV or other regulatory bodies
  • such other purposes required or authorised by law

  If you do not provide all or any part of the information requested by the ARBV we may be unable to process or respond to your query, application or complaint.

  How we use your personal and/or sensitive information

  We will use or disclose personal and/or sensitive information for the primary purpose for which it was collected. It may also be used for a permitted secondary purpose in specified situations. You can read more about how and when we will share your information in our Privacy Policy.

  Data quality and security

  We make every effort to ensure that the personal and/or sensitive information we collect, use or disclose is accurate, complete and up-to-date. In accordance with the Act, accurate information should be provided at all times.

  We also take reasonable steps to protect your personal and sensitive information contained in our files from outside or unauthorised access. Our information technology arrangements incorporate a range of data security measures and only staff who need to use your personal and/or sensitive information to perform their functions will have access to it.

  Personal and/or sensitive information which is collected by the ARBV is stored within Australia and our data storage system is subject to regular audits. Where your personal and/or sensitive information is transferred outside Victoria, we take steps consistent with the principles in Victoria’s privacy laws to ensure its protection from unauthorised use and disclosure.

  Where personal and/or sensitive information is disclosed or made available to a contracted service provider, we will ensure that the contract requires confidentiality, restricts the use of the information to the purposes of the contract and clarifies what happens to the personal and/or sensitive information when the contract finishes.

  As the Act does not allow for registrants (architects, partnership and/or companies) to be removed from the Architecture Register, we will hold any personal and/or sensitive information which we collect via the ARBV website (or from other sources) indefinitely. Historical records may be held by the Public Record Office Victoria, in accordance with the Public Records Act 1973 (Vic).

  You can read more about our data quality and security processes in our Privacy Policy.

  Online payments

  Our online payment services are managed in conjunction with Windcave, a third-party IT service provider. Windcave may access the personal information entered into our forms in order to process electronic transactions or to resolve a technical problem.

  If you make a payment using our website, we will process your payment with the assistance of Windcave and present you with an online receipt for your records.

  Access to your personal information

  You can view and update your personal information directly through the ARBV website. If you become aware that the personal and/or sensitive information we hold about you is not accurate, complete, or up to date, you can ask us to correct it.

  You can also request access to the personal and/or sensitive information that we hold about you. Any request to access or correct personal and/or sensitive information held by the ARBV should be addressed to:

  Email: registrar@arbv.vic.gov.au (Attention FOI Officer)

  Post:

  Attention FOI Officer
  Architects Registration Board of Victoria
  Level 10, 533 Little Lonsdale Street
  Melbourne VIC 3000

  Alternatively, a request to access or correct personal and/or sensitive information held by the ARBV can be made by completing an online enquiry form.

  Staying anonymous

  Most of the things we do require you to provide us with personal information so that we can verify your identity. However, individuals seeking general advice from the ARBV or accessing the Architects Register using our website do not have to identify themselves.

  Unique Identifiers

  We assign registrants (architects, companies and partnerships) a unique registration number upon registration. This is a publicly available number.

  We also assign individual and entities with a unique 8 digit invoice number for online payments to assist in tracking payments for fees and/or other charges prescribed by the Act or regulations.

  How do I raise concerns about my privacy?

  If you are unhappy about the way we have handled your personal and/or sensitive information, you may wish to discuss your concerns with the ARBV’s Privacy Officer. You may contact us in person, by telephone, in writing, using the following details:

  You can write to:

  Email: registrar@arbv.vic.gov.au (Attention Privacy Officer)

  Post:

  Attention Privacy Officer
  Architects Registration Board of Victoria
  Level 10, 533 Little Lonsdale Street
  Melbourne VIC 3000

  Phone: 03 9417 4444

  Alternatively, you can make a complaint by completing an online complaint form.

  You may also discuss your concerns directly with the Office of the Victorian Information Commissioner.

  Privacy policy

  We are committed to protecting your personal and sensitive information in accordance with the Information Privacy Principles set out in the Victorian Privacy and Data Protection Act 2014 (Vic).

  Our Privacy Policy provides further detail how and why the ARBV collects your personal and/or sensitive information, how you can access and seek correction of your personal and/or sensitive information held by the ARBV, and how you can make a complaint to the ARBV or Ombudsman about a breach of your privacy. The policy can be accessed on the ARBV’s Privacy page.

• The Commission for Gender Equality in the Public Sector collection notice

  This collection notice explains how the Public Sector Gender Equality Commissioner (the Commission) handles personal information which you may provide when you subscribe to our e-newsletter.

  The Commission collects this data using:

  • Mailchimp, a third party Marketing platform. View Mailchimp's privacy policy.

  The personal information that you submit to us is collected in order to provide information services to you which in turn facilitates:

  • communicating updates about the Commission and/or an event
  • the co-ordination of meetings, and advocacy and educational activities

  Servers for the third party applications are located in Australia and overseas. Mailchimp require their subcontractors to deal with such personal information in a manner that is consistent with the Australian Privacy Principles but they cannot guarantee the security of your personal information.

  Mailchimp comply with the Australian Privacy Act 1998. If you are unsatisfied with a response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help.

  You have the option of not providing certain information requested by the Commission. However, you should note that this may prevent the Commission from providing information services to you and managing its various activities and programs.

  If you need to change or update your details, you can do so by clicking the update subscription preferences link at the bottom of the e-newsletter or by contacting the Commission for Gender Equality in the Public Sector.

• COVID-19 testing privacy collection

  Privacy collection notice

  The Department of Health ('the department') is collecting your personal and health information to communicate the request from the health service taking your COVID-19 swab (which may be the department or another health provider) to a pathology service for testing, and to obtain information to assist the department in managing the COVID-19 virus pandemic. After your test, we will use your mobile number to send you an SMS, providing you with links to further information about COVID-19 on our website.

  Some of the questions you will be asked by staff at the testing site are necessary to enable a valid request to be made for COVID-19 pathology testing. Other questions are not mandatory but will assist in our understanding of COVID-19 and who is undergoing testing. We will let you know which questions are optional.

  We will disclose certain information collected about you to a pathology provider for COVID-19 testing. That pathology provider will report test results to the department, and to the health service who took your swab for testing. You will be notified of your result by the pathology provider, the health service or the department using the contact information we collect from you. We may also provide the health service that took your swab with a copy of the information you provided at the time of your test and your COVID-19 test result, so that they have this information in their health care records.

  Our public health unit and other researchers are undertaking important analysis of available COVID-19 data to improve our understanding of the virus and assist in our response. Information that we collect may be used for these purposes by the department or disclosed to other researchers where that is authorised by law.

  If your test is positive for COVID-19, the department may share your information with Health Service Providers and our Contracted Service Providers under the COVID Positive Pathways program for your support and care, including medical care, emergency accommodation, food relief, and alcohol, drug, mental health and family violence support services. We may also share your personal and health information with other government entities for occupational health and safety purposes of staff to enable the provision of services to you in a safe and efficient manner.

  The department may share your information with Victoria Police or interstate health departments to ensure that the Pandemic Orders are being complied with and to minimise the risk of spreading COVID-19 between states and territories.

  Your test result may be loaded to My Health Record unless you tell us that you do not want this to happen.

  You can apply for access to information the department holds about you. The department’s Freedom of Information Unit may be contacted on:

  Email: foi@health.vic.gov.au

  For information on the department's Privacy policy or on how the department manages privacy, please contact the Privacy unit on:

  Email: privacy@health.vic.gov.au

• COVID-19 positive rapid antigen test self-reporting form privacy collection

  The Department of Health ('the department') is committed to protecting your privacy. The department collects and handles your personal and health information in this COVID-19 Positive Rapid Antigen Self-Reporting Form for the purposes of contact tracing and outbreak management.

  Your personal and health information is protected by the legislative safeguards in the Public Health and Wellbeing Act 2008(Vic), which ensure that it may only be used to protect public health.

  In order to contact trace, we may share your personal and health information with our Local Public Health Units (‘LPHUs’), Local Governments, interstate health authorities to keep you safe and your community safe.

  In order to manage the COVID-19 outbreak, we may share your personal and health information with Health Service Providers and our Contracted Service Providers under the COVID Positive Pathways program for your support and care, including medical care, emergency accommodation, food relief, and alcohol, drug, mental health and family violence support services. We may also share your personal and health information with other government entities for occupational health and safety purposes of staff to enable the provision of services to you in a safe and efficient manner.

  Our LPHUs and other researchers are undertaking important analysis of available COVID-19 data to improve our understanding of the virus and assist in our response. Information that we collect may be used for these purposes by the department or disclosed to other researchers where that is authorised by law.

  The department may share your information with Victoria Police to ensure that the Pandemic Orders are being complied with.

  You are required by law to notify the department of a positive rapid antigen test result. Penalties of up to $10,904.40 for an individual or $54,544 for a body corporate apply for failure to notify the department of a positive rapid antigen test result, without a reasonable excuse.

  You can apply for access to information the department holds about you. The department’s Freedom of Information Unit may be contacted by email: foi@health.vic.gov.au

  For information on the department's Privacy policy or on how the department manages privacy, please contact the Privacy unit by email: privacy@health.vic.gov.au

• DataVic privacy information

  Data Vic uses CKAN to manage and publish meta data records on the data.vic.gov.au portal.

  CKAN is open source software widely used by open data publishers to manage their data assets.

  CKAN stores meta data about individual data records and presents them on a web interface so that visitors to data.vic.gov.au can browse and search this metadata in order to meet their information seeking needs.

  CKAN also offers an API so that third party applications can be built around it.

  CKAN collects site analytics data and statistical data about DataVic users including:

  • browser used
  • operating system
  • country
  • referral links
  • time on the site
  • language

  Copyright in your submitted content

  When you submit content to data.vic.gov.au, by making comments to the various feedback functions or participation in the applications showcase, you retain copyright in it. By submitting content to this site, you agree to make it available to the rest of the world under a Creative Commons Attribution 3.0 Australia Licence

  Use of site

  You must not use text or information provided via this site, including datasets or data they contain, in any of the following ways:

  • use the data in any application that pretends to be an official government service, or in any other way that suggests that the Department endorses you or your use
  • present the data in a misleading or incorrect manner, or misrepresent the data through changing it or otherwise
  • use this site for party political purposes
  • use the data or this site in or to support a criminal or illicit activity
  • use the data in any application, or in any other ways to inflame or make comments that are racist, sexist or homophobic, or which promote or incite violence and illegal activity

  Moderation policy and process

  We welcome user generated content to the data.vic.gov.au site and aim to publish most content quickly. We encourage you to share your opinions on the various blog topics and individual datasets. Also, we want to promote your applications and insights built and developed using Victorian Government data in the showcase section. To help us do this, please make sure:

  • your comments are relevant or on-topic
  • your comments are not inflammatory, unreasonable or obscene
  • you are civil and respectful of others and their opinions (including not impersonating anyone and not posting someone's personal information without their permission)
  • your behaviour is in line with relevant laws
  • The site uses a pre-moderation process to help ensure that spam or comments that breach this moderation policy are not published. This means that your comment will generally be published after being manually checked by a moderator. If a comment is edited, we will include a reference so you can tell

  The first is a human verification step to deter spam bots: when you submit a comment, you are asked to include a user name and a valid email address. You may post under a pseudonym. Your email address will not be posted on the site.

  If we make a mistake, please contact us and we will deal with it as quickly as we can.

• Department of Education

  The Department of Education (department) handles your information in accordance with this privacy notice or where otherwise authorised or permitted by law and in accordance with Victorian privacy laws and the department’s policies regarding privacy and records.

  Collection and use of data

  The department collects information about its employees from EduPay.

  The department collects information about early childhood services and providers from NQAITS.

  The department collects information about external stakeholders and other interested parties through opt-in subscription forms.

  Information collected and its intended use:

  • Name and email address: to send you updates about department operations, services and initiatives.
  • For department employees: Role, office/school; for early childhood services and providers:
    Service and provider ID, service and provider name, service status, email; for others:
    organisation, job title: to understand representation of roles and organisations that are receiving information and updates from the department and to ensure relevant stakeholders receive communications.

  Handling and storage of data

  Your personal information is stored on Vision6 (in Australia) and department systems. Access will be limited to:

  • those administering communications and those that need to know in accordance with the department’s Privacy Policy
  • those providing technical assistance from Vision6 or department’s systems.

  Further information

  For further information on this notice, or to request access and correction of personal information, email digital.comms@education.vic.gov.au.

  For more information regarding access to personal information or department’s handling of personal information, visit:

  • Education privacy policy
  • Schools’ privacy policy
  • Privacy policy (National Law)

• HomesVic privacy statement

  1. About this statement

  In this statement, “we”, "our" or “us” means the State of Victoria through the Department of Treasury and Finance as the HomesVic Program Provider and includes the Homes Vic program administrative entity.

  This statement describes our policy for how we will handle your personal information and health information in connection with the HomesVic shared equity pilot program (“HomesVic Program”). During the HomesVic Program, we may update this statement to reflect any changes to the program or to our information handling practices. The most up-to-date version of this statement is available here or you can ask us to send you a copy.

  We are committed to respecting the rights of individuals to the privacy of their personal information. We have policies and procedures in place for the appropriate management and protection of personal information, including any health information collect about them, in accordance with the Victorian Privacy and Data Protection Act 2014 and the Health Records Act 2001.

  2. What information do we collect?

  During your participation in the HomesVic Program, we may collect your personal information, including your sensitive information and health information. This includes the details of:

  • your income
  • your identity (such as your name, address, date of birth, gender and relationship status)
  • evidence of your identity (such as your driver’s licence, passport and proof of age card)
  • your tax file number
  • your residency status
  • your employment
  • your home loan and other loans you may have (including any refinancing and/or increases to your Finance debt)
  • your principal repayments of your home loan
  • our interest in the property you have acquired through the HomesVic program
  • action you take in connection with your property, including its maintenance, insurance and occupation
  • your dealings with us
  • any adults you live with
  • credit reports
  • whether you have elected to receive direct marketing from us

  Finance debt means any indebtedness, present or future, actual or contingent, in respect of money borrowed or raised or any financial accommodation whatsoever other than HELP or under, or in connection with, the Loan Agreement for your home loan with a panel financier.

  What is personal information?

  Personal information is any information or an opinion that is recorded in any form and whether true or not, about you, where your identity is apparent to, or can reasonably be ascertained by us, from the information or opinion.

  What is sensitive information?

  Sensitive information is a special category of your personal information. It means information or an opinion about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record.

  What is health information?

  Health information is personal information or an opinion about:

  • your physical, mental or psychological health
  • a disability you have (at any time)
  • your expressed wishes about the future provision of health services to you
  • a health service provided, or to be provided, to you

  3. How do we collect your information?

  We collect personal information about you when you deal with us in some way. This includes when you:

  • submit an application to participate in the HomesVic program
  • send us your annual certificate of compliance
  • visit this website (see part 6 below for more information regarding this website)
  • contact us (for example, to get our approval to do something or to make a complaint)

  We may collect personal information about you from other entities or people that are involved in the HomesVic Program.

  This includes:

  • your co-participants in the HomesVic Program (for example, if you applied jointly with your partner, we may collect information about you from your partner); the Department of Treasury and Finance (as the Program Provider)
  • the Program Administrative Entity; the financial institutions on the HomesVic panel (currently, Bank Australia Limited (ACN 087 651 607) and Bendigo Bank Limited (ACN 068 049 178))
  • your insurance provider
  • your conveyancer or solicitor
  • Valuer-General Victoria
  • Land Use Victoria (Land Titles Office)
  • Residential Tenancies Bonds Authority
  • other government agencies, law enforcement agencies or regulators

  If the Participant's household includes an Included Adult, the Participant must (prior to disclosing information and documents containing the income of that Included Adult to any Program Party):

  (i) provide to that Included Adult a copy of:

  (A) each Program Party’s privacy policies and privacy notices; and

  (B) the terms of this Agreement insofar as they relate to privacy and the collection, use and disclosure of Personal Information; and

  (ii) obtain written authorisation from that Included Adult to disclose the information or documents to each Program Party and provide a copy of that written authorisation to the Program Administrative Entity.

  A Program Party may take further steps to provide information to, and obtain consent from, any Included Adult who is not a Participant, and the Participant must cooperate with (and provide assistance to) that Program Party in relation to any such further steps.

  We will only collect your sensitive information or health information with your consent or where required or authorised by law.

  An Included Adult means any person aged 18 years or older who is ordinarily residing in the same household as the Participant at the relevant time or during any part of the relevant period including any adult aged 18 years or older who moves into the Property or joins the Participant's household after the date of this Agreement but excluding any person aged 18 years or older who is:

  (a) a lessee of the Property; or

  (b) a licensee of any part of the Property unless that licensee is a Related Person.

  Consequences of not providing your personal information

  If you do not provide your personal information when requested for the purposes described in Part 4 below, we will not be able to assess whether you are eligible to participate in the HomesVic Program or, if you are already participating in the HomesVic Program, whether you may be in breach of your obligations under our agreements with you. The latter may require you to exit the Program early and repay the Victorian Government’s proportional beneficial interest

  4. How do we use your information?

  We use your personal information only for the purpose for which it was collected, as explained below, or for a related purpose that you would reasonably expect that information to be used for.

  We collect, use and share your personal information to administer the HomesVic Program, which includes to:

  • confirm your identity
  • assess your eligibility to participate in the HomesVic Program;assign you a program identifier
  • manage our relationship with you, and your chosen panel financier
  • check whether you are complying with your obligations under your agreements with us and enforce them
  • allow us to perform our obligations and exercise our rights under your agreements with us
  • assist us to make decisions under your agreements with us (such as whether to approve your requests or take certain steps)
  • investigate fraud or other illegal activities
  • comply with laws and assist government or law enforcement agencies
  • evaluate the HomesVic Program
  • contact you
  • respond to any complaints you make or questions you have

  Occasionally, we may be required or authorised by law (including privacy legislation and/or other laws) to use your personal information for another purpose.

  5. Who do we share your information with?

  We may share your personal information with other entities or people that are involved in the HomesVic Program for the purposes described in Part 4 above. These people include:

  • your co-participants in the HomesVic Program
  • Department of Treasury and Finance (as the Program Provider) the Program Administrative Entity
  • the financial institutions on the HomesVic panel (currently, Bendigo Bank Limited (ACN 068 049 178) and Bank Australia Limited (ACN 087 651 607))
  • your conveyancer or solicitor
  • your insurance provider
  • Valuer-General Victoria
  • Land Use Victoria (Land Titles Office)
  • Residential Tenancies Bonds Authority
  • other government agencies, law enforcement agencies or regulators
  • our professional advisers
  • a potential assignee, novatee or transferee of our or the financial institution’s obligations under your agreements with us and their advisers and contractors

  Occasionally, we may be authorised or required by law (including privacy legislation and/or other laws) to share your personal information with other entities or people.

  We ensure that any transfer of personal information outside Victoria is in accordance with applicable privacy and health records legislation.

• Graduate program collection notice

  Victorian Public Sector Commission (VPSC) collects and stores information regarding the recruitment and selection of people to the Victorian Government graduate program to participating Victorian Government Departments and agencies (‘Departments’) across the Victorian public sector.

  This Collection Notice explains VPSC’s policy for handling personal information, sensitive information and certain health information which you may provide to VPSC when interacting with us

  VPSC collects this data using Push Apply and third party software products (‘the portal’). Encrypted data is stored and managed on Amazon Web Service (AWS) systems. The portal is administered by approved staff at vendor (‘the recruiter’) who have been appointed by the VPSC to facilitate recruitment to the Victorian Government graduate program.

  At time of making an employment offer, the recruiter will share successful applicant data will be shared with Departments.

  The recruiter will delete all collected and stored date upon completion of their contract with the VPSC, or when archived data is replaced by new data, or at any other time as directed by the VPSC.

  The VPSC is committed to protecting your privacy. Please review the statements below, which detail how the VPSC collects, holds, manages, uses, discloses or otherwise handles personal information (including sensitive information) and health information.

  The supply of certain personal information and health information to VPSC is optional, and, where possible, the VPSC will give you the option of not providing such information. However, please note that our ability to process your application may be impacted if requested information is not provided.

  Recruitment and selection of candidates

  • Victorian graduate recruitment and selection activities are undertaken by the recruiter, the VPSC and various Departments
  • this statement covers information collected by the recruiter which is stored on the portal and administered by both the recruiter and VPSC. It also covers information that is collected by the VPSC or Departments in the context of the recruitment and selection process

  What will your information be used for?

  Your personal and health information will be collected to:

  • enable recruitment, selection and appointment processes
  • enable the recruiter to contact candidates
  • enable the Departments or VPSC to contact candidates
  • enable graduate recruitment and workforce planning
  • report and provide analysis on various metrics, such as gender and other diversity measures

  What information will be collected?

  VPSC will collect the following personal and health information from you for the purposes of assessing your application to the Victorian Government graduate program:

  • contact details
  • demographic and diversity data (including information relating to gender, ethnicity and disability)
  • health information¹ in so far as it is relevant to your performance of the role, including any disability for the purposes of making reasonable adjustments
  • employment history, including your resume
  • education history, including your academic transcript
  • images, video or audio recordings associated with the application form and assessment activities

  Who will collect your information?

  Information will be collected by the VPSC and the recruiter on behalf of Departments. Departments may collect additional information upon appointment of a candidate.

  Who will access your information?

  Your personal and health information will be used by and disclosed to:

  • nominated staff in the VPSC who work on the Victorian Government graduate program
  • nominated staff in the Departments undertaking the recruitment and selection process (such as divisional Directors and/or Managers of teams where the graduate may be placed)
  • Human resources, account management and IT staff in the recruiter

  All persons with access to personal information (including any sensitive information) or any health information collected by and for the VPSC are subject to confidentiality obligations and to additional security protocols as required.

  Your personal information (including sensitive information) and any health information will be used and disclosed strictly for the purposes identified in this Collection Notice and will be de-identified where possible.

  Information will only be made available to individuals on a need to know basis in order to perform a function or activity necessary to achieve a purpose outlined in this Collection Notice.

  Your personal information (including any sensitive information) or any health information may only be used or disclosed in a manner other than as described in this Privacy Statement if you subsequently consent to the further specific use or disclosure or where disclosure is required or permitted by law.

  Informed consent

  By creating an account and submitting a completed application to the Victorian Government Graduate Program, you are consenting to your personal (including sensitive) and health information being collected, managed, used, disclosed and processed as described in this Collection Notice.

  Information security

  VPSC will ensure that the collection, management, use and disclosure of your personal (including sensitive) and health information complies with Victorian privacy law, the Information Privacy Principles, the Health Privacy Principles and the VPSC’s Privacy Policy.

  Information will be stored securely with access restricted to those set out in the "Who will access the data?" section of this Statement above. VPSC will take reasonable steps to protect the personal information (including any sensitive information) and any health information it holds from misuse, loss, unauthorised access, modification and disclosure. VPSC will also take reasonable steps to destroy or permanently de-identify personal information when it is no longer needed.

  VPSC may also use third party service providers to provide services to it, such as data hosting providers. Some of those providers may be located outside Victoria. Accordingly, some of the data collected for the VPSC may be stored on secure servers located outside Victoria, which are subject to stringent privacy laws and regulations comparable to those in Victoria.

  Disability pathway

  The Disability pathway provides support for graduates with a disability. The pathway can include support with the application process and placements. It can also include support during the graduate year.

  The VPSC will collect, manage and use information provided on the Disability pathway program for the purpose of administering the program and otherwise in accordance with the Privacy and Data Protection Act 2014 and the Health Records Act 2001. We will not share information provided on the Disability pathway program with hiring Departments or line managers without your consent. You can share information as part of the application process but then choose not to share it with employers or peers.

  Who to contact for access to or correction of your personal and health information

  You have a right to access personal, sensitive and health information the VPSC holds about you. You may also apply to the VPSC to correct information held about you which you believe is inaccurate.

  Please direct queries or requests to access and/or update your personal and health information to vpsgrads@vpsc.vic.gov.au or on 03 9651 1321

  If you have any complaints about VPSC’s handling of your personal information or health information, please provide your complaint in writing to the VPSC using the email address above. Any complaint will be handled in accordance with the VPSC’s Privacy Policy.

  Effective date of Privacy Statement

  22 February 2019

  1. The term ‘health information’ is a legally defined term in the Health Records Act 2001 (Vic) and in the context of the VPSC refers to the collection of information that relates to disability. The VPSC gives participants the option of not providing such information. All health information provided to the VPSC will be handled in accordance with this Collection Notice and the Health Records Act 2001 (Vic).

• Portable Long Service Authority privacy

  Collection notice for e-newsletter

  This collection notice explains how the Portable Long Service Authority (PLSA) handles personal information which you may provide when subscribing to the PLSA e-newsletter.

  PLSA collects this data using Vision 6, a third party software product. View Vision 6's privacy policy

  Your name and email address will be collected for the purpose of communicating updates about portable long service.

  This data is stored in the PIPE Networks Data Centre in Fortitude Valley, Brisbane and maintained on AWS CloudFront within their Australian operations in the Sydney region.

  Vision 6:

  • complies with the Information Privacy Act and SPAM Act and are compliant with the GDPR
  • conducts regular penetration testing and monitoring tools to determine network, server and service vulnerabilities
  • have documented security policies and processes in place which are regularly reviewed by senior management.

  If you need to change or update your details, you can do so by emailing enquiries@plsa.vic.gov.au

  Collection notice for business and worker registration

  The Authority uses this form to collect information that it requires to register workers and employers and determine eligibility for entitlements under the Act, including personal information such as name, address, date of birth, payroll data and history, and leave history.

  The Authority needs this information to register you and to determine and manage your long service leave entitlements under the Act. If you do not provide the information, the Authority may not be able to make decisions about your long service leave entitlements under the Act.

  The Authority will only use and disclose your personal information to register you and manage your long service leave entitlements under the Act and where it is otherwise required or permitted by law to do so.

  In some circumstances, the Authority is required or authorised by law to release information to other government agencies, law enforcement bodies or to prevent serious and imminent threat to an individual's life, health, safety or welfare.

  In this context, such agencies could include the Australian Taxation Office, the Labour Hire and Licensing Authority, the Fair Work Ombudsman, the Victorian Work Cover Authority, Victoria Police, or your nominated banking institution.

  The Authority will seek wherever possible to ensure that the personal information it collects, uses or discloses is accurate, complete and up to date. In many instances the Authority relies upon you to provide accurate and complete information and to advise the Authority should your circumstances change over time.

  The Authority seeks to protect your personal information from misuse, loss, unauthorised access, modification or disclosure and securely destroys or de-identifies personal information when it is no longer needed for any purpose. In circumstances where personal information is collected and stored by external organisations the Authority uses to deliver aspects of its functions, the Authority’s contractual obligations require compliance with the same privacy and security standards.

  You may obtain access to your personal information held by the Authority by contacting enquiries@plsa.vic.gov.au

  For further information about how the Authority handles your personal information, please visit the Authority’s privacy policy

  Note, the following terms will need to be expanded if not described elsewhere in the application form:

  • Act means the Long Service Benefits Portability Act 2018.
  • Authority means the Portable Long Service Benefits Authority.

  Privacy policy

  The Portable Long Service Benefits Authority (Authority) is a statutory authority established by the Long Service Benefits Portability Act 2018 (Act). The Authority’s role is to administer a scheme for the provision of portable long service benefits to workers in covered industries. The Authority is overseen by a Governing Board which is responsible for the governance, strategic planning and risk management of the Authority. The administration of the day-to-day management of the affairs of the Authority is the responsibility of the registrar appointed under the Act.

  This policy tells you how the Authority handles personal information in the course of performing its functions in compliance with the Information Privacy Principles (IPPs) set out in the Victorian Privacy and Data Protection Act 2014 (PDP Act) and other applicable laws and contractual obligations. This policy also tells you how you can access and correct the personal information that the Authority holds about you and how to make a complaint about a privacy matter.

  Scope

  This policy applies to the personal information (including sensitive information) of both external parties and the staff of the Authority. Any personal information collected by the Authority, or that it obtains about individuals from other sources, will be handled in accordance with this policy.

  In order to perform its functions, the Authority has also entered into certain agreements with Australian government agencies, which may mean that is has also agreed to be bound by relevant Australian Privacy Principles contained in the Commonwealth Privacy Act 1988.

  Definitions

  Personal information is recorded information about an individual whose identity is apparent or can reasonably be ascertained from that information, but does not include health information.

  Health information is personal information which concerns that individual’s physical, mental or psychological health, disability or genetic makeup which is subject to the Health Records Act 2001. The Authority does not generally collect health information in performing its functions.

  Sensitive information is information about an individual’s race or ethnicity, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record.

  Collection of personal information

  The Authority collects personal information that the Act, privacy and other laws authorise it to collect and that it needs to perform its functions in administering the portable long service benefits scheme. This includes registration of workers and employers and determining entitlements under the Act.

  During the registration process, the Authority collects personal information both directly from individuals as well as from third-parties such as employers. The personal information collected may include:

  • name, address and other contact details
  • date of birth
  • employment information including total ordinary pay

  If the personal information that the Authority requests is not provided, the Authority may not be able to perform its functions as required under the Act.

  How does the Authority collect personal information?

  The Authority will only collect personal information by lawful and fair means and not in an unnecessarily intrusive way.

  The Authority will endeavour to collect your personal information from you where it is reasonable and practicable to do so. Where this is not possible or practicable, the Authority may collect your personal information from third parties. For example, you may be requested to provide consent for the Authority to collect personal information from third parties such as CoINVEST, as required for the Authority to determine your entitlement to benefits under the Act. If you do not provide this consent, the Authority may not be able to make decisions about your entitlements under the Act.

  The Authority may also collect your personal information in other situations such as:

  • receiving and handling reports and requests for information from Government departments and the Minister responsible for the Authority
  • receiving and processing freedom of information requests
  • employment applications
  • when you visit the Authority’s website
  • providing e-newsletters, SMS-blasts, lodgement reminders and other stakeholder updates with your consent

  Authorised officers of the Authority may collect documents which may contain personal information as part of the exercise of their powers under Part 6 of the Act in relation to monitoring compliance and investigating potential breaches. Authorised officers have express powers to inspect, make copies of or require provision of documents and information in specified situations.

  Some personal information is collected about visitors to the Authority’s website. For details, please see the collection notices above.

  The Authority will only collect sensitive information with your consent or as required or authorised by law.

  In most cases, the Authority will tell you when it collects your personal information and will provide you with a collection statement identifying the Authority and advising you about:

  • the purposes for which the personal information is being collected
  • who the personal information may be disclosed to
  • any law that requires the personal information to be collected
  • the main consequences for you if all or part of the personal information is not provided
  • how to contact the Authority and gain access to your personal information.
  • use and disclosure of personal information
  • the Authority will only use and disclose your personal information when it is lawful and reasonable to do so.

  Personal information that is collected by the Authority will be used and disclosed to the Authority’s employees or contractors whose duties required them to use it. These employees and contractors must handle personal information in accordance with the requirements of the PDP Act. This means they will only use or disclose collected personal information for the primary purpose for which it was collected, or for a permitted secondary purpose in specified situations, such as where you have consented to the use or disclosure, or where the use or disclosure is required or authorised by or under law (for example, in response to a valid request under the Victorian Data Sharing Act 2017).

  For example, if you are a worker the Authority may use your personal information to:

  • process an application for registration as a worker under the Act
  • determine your entitlement to long service leave benefits under the Act

  The Authority may also use your personal information to:

  • obtain advice from professionals such as legal advisors and accountants
  • manage the long service leave benefits scheme
  • conduct surveys
  • provide advice to the responsible Minister

  The Authority may disclose your personal information to:

  • verify information to assess your entitlements under the Act
  • defend a legal or equitable claim
  • prescribed Victorian or Commonwealth Government entities for the purpose of the performance of a function of that entity under a law. This includes disclosure to the Fair Work Ombudsman, Victoria Police, Victorian WorkCover Authority, Victorian Labour Hire Licensing Authority and the Australian Taxation Office.
  • reciprocal long service authorities for the performance of a function under the Act or a corresponding law

  Authorised officers are expressly prohibited from disclosing information, directly or indirectly, obtained in performing a function under the Act, except to the extent necessary to monitor compliance with the Act and regulations. This may include disclosure to a court or tribunal in the course of a legal proceeding, in the course of the investigation or enforcement of a law of Victoria or any other State or Territory or of the Commonwealth, with your consent, or with the written authority of the registrar.

  In addition, members of the Governing Board, the registrar, an authorised officers and members of staff are prohibited by the Act from improperly using any information acquired in the course of their duties, for pecuniary or other advantage for themselves or any other person.

  The Authority is required to maintain a public register of registered employers under the Act. The information about identifiable employers that the Authority publishes is publicly-available information and therefore is not personal information. The PDP Act requires that public sector agencies administer public registers, so far as reasonably practicable, in a way that would not contravene handling requirements for personal information, if that information were personal information. In a number of circumstances, for example where a person conducts business from their residential address, it may be necessary for the Authority to publish personal information on the public register.

  De-identified personal information derived from personal information collected may also be used in support of the Authority’s broader functions, such as for research and reporting purposes.

  The Authority is an agency responsible for the performance of functions or activities directed to the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of law imposing a penalty or sanction for a breach. For this reason, the Authority has a partial exemption under section 15 of the PDP Act from complying with specified IPPs if it believes on reasonable grounds that non-compliance is necessary for the purposes of its law enforcement functions.

  Data quality

  The Authority takes reasonable steps to ensure that the information it holds is accurate, complete and up to date. Accurate information should be provided to the Authority at all times. For example, employers are required to make a declaration that the information they have provided is true and correct. Employers must notify the Authority within 14 days if there is a change to their personal information. Generally, the Authority relies on individuals to provide up to date information and advise the Authority if the information collected has recently changed.

  How long does the Authority retain personal information?

  The Authority generally destroys or permanently de-identifies information when it is no longer needed for any purpose. However, information held by the Authority is subject to the provisions of the Public Records Act 1973 and must be retained and disposed of in accordance with the relevant Retention and Disposal Authorities.

  Data security

  The Authority is committed to protecting your personal information from misuse or loss or unauthorised access, unauthorised modification or disclosure.

  The Authority has secure office premises and a security pass entry system for Authority employees and contractors to enter the premises. The Authority takes reasonable steps to protect files from outside or unauthorised access. The Authority’s information technology arrangements incorporate a range of data security measures. For example, the Authority requires staff to use passwords to enter the computer system and its databases can only be accessed using an additional password, with different levels of access granted depending on the role of the staff member concerned. Only staff who need to use your personal information to perform their functions have access to it.

  To protect your privacy, you should keep your Authority password confidential: it should not be displayed, shared or written down.

  Transmission security risks

  You should be aware that there are risks in transmitting information across the Internet. While the Authority takes reasonable steps to protect the personal information it receives from you or from third parties, the Authority cannot guarantee the security of any information transmitted to it online. If you are concerned about conveying confidential or delicate material to the Authority over the internet you might prefer to contact the Authority on 1800 517 158 to make other arrangements.

  Online services and online payments

  The Authority’s online services are managed by a third-party IT service provider. Our service provider may access the personal information entered into our forms in order to process electronic transactions or to resolve a technical problem.

  If you make a payment using the Authority’s website, the Authority will process your payment with the assistance of a reputable third party electronic payments service provider and present you with an online receipt for your records.

  If you make an online application or another payment transaction on the Authority’s website, the Authority takes additional steps to protect the security of your personal information, such as strong SSL encryption. Before using these facilities, you should ensure that you are using a web browser that supports SSL encryption. In many web browsers, you can confirm that your session is encrypted by the appearance of a locked padlock symbol at the foot of the browser.

  Access and correction

  You are able to update your personal contact information directly through the employers or workers portal. You can view the information that the registrar holds about you on the employers or workers registrar by accessing the portal. A request to correct your own personal information held by the Authority on the employers or workers register can also be handled by contacting the Authority on 1800 517 158.

  Any requests for access to and/or correction of other documents containing personal information held by the Authority must be handled according to the provisions of the Freedom of Information Act 1982. Requests should be accompanied by any applicable fee and should be addressed to:

  FOI Officer
  Portable Long Service Authority
  Level 1, 56-60 King Street, Bendigo VIC 3550
  Bendigo VIC 3550

  When you make a request to correct information that the registrar or Authority holds about you, the Authority may contact you in order to verify your identity. The Authority may ask you to provide evidence of the information you wish to correct, before accepting the changes.

  Unique Identifiers

  The Authority does not assign unique identifiers to individuals unless necessary to enable it to carry out its functions efficiently.

  The Authority does assign employers and workers a unique membership number upon registration to facilitate interactions with the Authority. The Authority may also request that you provide a unique identifier assigned by another organisation in order to complete its functions. For example, you may be requested to provide your Tax File Number (TFN). You do not have to provide your TFN however there may be financial implications of not doing so.

  Anonymity

  Individuals seeking general advice from the Authority or accessing the public register do not have to identify themselves. However, if you are applying for entitlements under the Act, seeking answers to a specific enquiry or making a complaint, the Authority will need to collect personal information such as your personal contact information and your Portable Long Service Authority Member Number. This is so that the Authority can verify the identity of who it is dealing with when discussing personal records about long service leave.

  Transfer of personal information outside Victoria

  The Authority contracts the use of cloud computing to store and manage data including personal information. Computer servers may be based interstate or overseas. The Authority takes reasonable steps to ensure the security of your information managed this way. Where the information is transferred outside Victoria we take steps consistent with the principles in Victoria’s privacy laws to ensure its protection from unauthorised use and disclosure.

  How to make a privacy complaint

  If you have any questions about this Privacy Policy or you wish to make a complaint about a breach of the PDP Act by the Authority, you can contact the Authority’s Privacy Officer at:

  Privacy Officer
  Portable Long Service Authority
  Level 1, 56-60 King Street
  Bendigo VIC 3550

  Phone: 1800 517 158

  Email: enquiries@plsa.vic.gov.au

  You may also make a complaint about a breach of the PDP Act by writing to the Office of the Victorian Information Commissioner. You can find out more information about how to make a complaint here.

  Changes to this policy

  The Authority may amend this policy from time to time. The current version will be posted on the Authority’s website and a copy may be obtained at any time by contacting the Authority.

  © Portable Long Service Benefits Authority, State Government of Victoria, 2019

  Last updated 9 May 2019

• QR Code Business Registration Portal privacy policy

  Important updates

  • under 'What is the Business Registration Portal?', 'businesses' is defined to include 'government organisations'.
  • under 'Collection of information', the following statement has been inserted:

    • For businesses with a large number of locations, the above information may be separately collected by the Department of Health for the purpose of inputting it into the Portal and creating a bulk registration for the business.

  • under 'Storage of information', the following statement has been inserted:

    • Where information has been provided directly to the Department for the purpose of creating a bulk registration, this information is stored in a secure and restricted SharePoint folder in the relevant SharePoint site.

  What is the Business Registration Portal?

  The Business Registration Portal (Portal) is operated by the State of Victoria acting through the Department of Health. It forms part of the Victorian Government’s Digital Visitor Registration System, which is designed to support contact tracing in the event of a COVID-19 outbreak.

  Victorian businesses and government organisations (businesses) may register on the Portal to obtain a unique QR code (generated by Service Victoria) that may be displayed at their premises and scanned by visitors. This will ensure visitors’ attendance is recorded and that visitors can be contacted for tracing purposes if required in accordance with the Workplace Directions of the Chief Health Officer under the Public Health and Wellbeing Act 2008.

  Businesses must accept the terms of use in order to use the Portal.

  The department endorses fair information handling practices and use of information in compliance with our obligations under the Privacy and Data Protection Act 2014 (Vic) (PDPA). Further information about how the Portal will handle personal information (as defined by the PDPA) is set out below.

  If you have any queries about the Portal, please contact Business Victoria by phone 13 22 15.

  Collection of information

  The Portal collects information from businesses that wish to obtain a QR code for contact tracing purposes, some of which will be personal information.

  This information includes:

  • business details (name, ABN)
  • business location (address) and areas (upstairs, downstairs)
  • business contact person at each business location (including the individual’s first and last name, phone number and email address).

  For businesses with a large number of locations, the above information may be separately collected by the Department of Health for the purpose of inputting it into the Portal and creating a bulk registration for the business.

  Use and disclosure of information

  This information is collected in order to issue you with a QR code for your premises. The business contact person may be contacted by the Department of Health in the event that a visitor tests positive to COVID-19.

  If the information is not provided, you will not be issued with a QR code to use for contact tracing purposes.

  We will also use the information to enable us to improve the Portal, including:

  • for purposes related to research, planning, product and service development, privacy, security and testing for the Portal
  • for purposes connected with the operation, administration and development of the Portal
  • where we suspect that fraud or unlawful activity has been, is being or may be engaged in through use of the Portal
  • for communications to businesses about the Portal
  • for any other purposes required or authorised by law.

  We will share the information within the Department of Health, with other Victorian Government departments and agencies, and with third parties, including our contracted service providers, who assist us in providing the Portal, and organisations who provide archival, auditing, professional advisory, delivery, information technology, research, privacy and security services only for those purposes.

  Our contracted service providers include:

  • Salesforce (SFDC Australia Pty Ltd)
  • DXC Technology Australia Pty Ltd
  • Amazon Web Services
  • KPMG
  • short.io.

  We take reasonable steps to ensure that each department, agency and third-party provider protect and handle your personal information in accordance with applicable privacy laws.

  Some of these service providers may be located outside of Victoria, or may store or transfer your personal information outside of Victoria. We take steps to ensure that when your personal information travels, privacy protections travel with it.

  Storage of information

  The information collected by the Portal is stored on Salesforce servers located in Australia and the QR code poster is stored by Service Victoria on Amazon Web Services servers located in Australia.

  Information on the Portal is stored in accordance with the Department of Health's record keeping obligations.

  Where information has been provided directly to the Department of Health for the purpose of creating a bulk registration, this information is stored in a secure and restricted SharePoint folder in the relevant SharePoint site.

  The Department takes reasonable steps to protect any personal information from unauthorised access once that personal information comes into its possession. We store your personal information in line with the information protection requirements described in the Victorian Protective Data Security Framework (PDF). Access to systems, applications, and the information that we collect is limited to authorised staff members and third-party vendors only.

  However, in emailing information or using the Portal you should be aware that there are inherent risks in transmitting information across the Internet.

  Access to and correction of information

  You may request access to any personal information that we have collected about you. Also, you may request correction of your personal information if you can establish that it is not accurate, complete or up-to-date.

  To contact us about access to, and correction of, personal information collected by us or for any questions or concerns you may have arising out of this privacy statement, please contact the Department using the contact details in the ‘What is the Business Registration Portal?’ section above.

  In some cases, requests for access to personal information will be handled in accordance with the Freedom of Information Act 1982 (Vic).

  Further information

  For further information on how personal information is collected via the vic.gov.au website, please refer to the Department’s privacy statement.

  For further information on how visitors’ personal information is handled, please refer to Service Victoria’s privacy policy.

  You may also contact the Department’s Privacy Officer using the contact details in the ‘What is the Business Registration Portal?’ section above.

• SafeScript privacy collection notice for prescribers and pharmacists

  About SafeScript

  The Victorian Government is taking action to reduce the growing harms, including deaths, from high-risk prescription medicines by implementing SafeScript, Victoria’s real-time prescription monitoring system.

  SafeScript is computer software that allows prescription records for certain medicines to be transmitted in real-time to a centralised database which can then be accessed by doctors, nurse practitioners and pharmacists during a consultation.

  Amendments to the Drugs, Poisons and Controlled Substances Act 1981 (Vic) have been introduced to enable SafeScript in Victoria.

  What information is being collected about a health professional and how will it be used?

  When a prescription is issued or dispensed, there are existing regulatory requirements on what information must be included on the prescription or the dispensing record. This includes the details of the patient, the medicines that are being prescribed, as well as details of the prescriber and pharmacist. This information is collected by SafeScript for certain high-risk prescription medicines.

  SafeScript provides you access to view records of all high-risk medicines that have been supplied to your patient from you and other clinicians. This enables you to make safer and more informed clinical decisions, and facilitates the co-ordination of treatment and communication between clinicians by giving you visibility of all clinicians involved in the patient's care.

  Authorised Victoria’s Department of Health (the department) staff will also access SafeScript as part of their existing regulatory role in ensuring the safe supply of medicines in the community. SafeScript will provide the same information that the department currently obtains from medical clinic and pharmacy records to undertake existing health practitioner compliance activities.

  Registering to use SafeScript

  Information about you and your practice, including your publicly available registration details with AHPRA and prescriber number, is required as part of the on-boarding process for SafeScript.

  You are asked to provide your date of birth when you register to use SafeScript which assists in verifying your identity and confirming your AHPRA registration details. Once this verification step is completed, your date of birth will not be stored in SafeScript.

  You are also asked to provide your email address (required) and phone number (optional). These details will not be made publicly available and will only be used to communicate necessary correspondence to you, such as when you request a password reset or when there are important updates about SafeScript which you need to know.

  Failure to provide this information will mean that you are unable to use SafeScript. This may be in breach of your obligations under legislation when the system becomes mandatory in April 2020.

  How is my privacy protected?

  There are specific legislative requirements to ensure people who are authorised to access information in SafeScript are doing so in an appropriate manner.

  There are offences and strict penalties under the Drugs, Poisons and Controlled Substances Act 1981 (Vic) as well as the Health Records Act 2001 (Vic) and the Privacy and Data Protection Act 2014 (Vic) for improper use or disclosure of information contained in SafeScript.

  How can I correct a record in SafeScript if I believe it is incorrect?

  Prescribers: Records about what you have prescribed are sourced from records created from your practice software and from the pharmacies where your prescriptions were dispensed, including handwritten prescriptions.

  Pharmacists: Records about what your pharmacy has dispensed are sourced from records created from your pharmacy’s dispensing software.

  SafeScript does not alter records sourced from practice or dispensing software. If you believe there is an error in a particular record in SafeScript, the record may be corrected by amending the record created in the practice or dispensing software. The corrected information will be automatically updated in SafeScript.

  Further information about SafeScript

  Email safescript@health.vic.gov.au.

• Victorian Homebuyer Fund

  1.1 About this statement

  1. In this statement, “we”, "our" or “us” means the State of Victoria through the Department of Treasury and Finance as the Scheme Provider and includes the Scheme Administrative Agent appointed by the Scheme Provider to administer the Victorian Homebuyer Fund (“Homebuyer Scheme”).
  2. This statement describes our policy for how we will handle your personal information and health information in connection with the Homebuyer Scheme. During the Homebuyer Scheme, we may update this statement to reflect any changes to the scheme or to our information handling practices. The most up-to-date version of this statement is available here or you can ask us to send you a copy.
  3. We are committed to respecting the rights of individuals to the privacy of their personal information. We have policies and procedures in place for the appropriate management and protection of personal information, including any health information collected about them, in accordance with all applicable laws, including the Victorian First Home Owner Grant and Home Buyer Schemes Act 2000, Privacy and Data Protection Act 2014 and the Health Records Act 2001.

  1.2 What information do we collect?

  1. During the application process for and your participation in the Homebuyer Scheme, we may collect your personal information, including your sensitive information and health information (these terms are defined below). This includes the details of:
     1. your income
     2. your identity (such as your name, address, date of birth, gender and relationship status)
     3. evidence of your identity (such as your driver’s licence, passport and proof of age card)
     4. your tax records
     5. your residency status
     6. your employment
     7. your home loan (including any refinancing)
     8. your principal repayments of your home loan
     9. our interest in the property you have acquired through the Homebuyer Scheme
     10. action you take in connection with your property, including its maintenance, insurance and occupation
     11. your dealings with us
     12. credit reports
  2. What is personal information?
     Personal information is any information or an opinion that is recorded in any form and whether true or not, about you, where your identity is apparent to, or can reasonably be ascertained, from the information or opinion.
  3. What is sensitive information?
     Sensitive information is a special category of your personal information. It means information or an opinion about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record that is also your personal information.
  4. What is health information?
     Health information includes the following information or an opinion about you that is also personal information:
     1. your physical, mental or psychological health (at any time)
     2. a disability you have (at any time)
     3. your expressed wishes about the future provision of health services to you
     4. a health service provided, or to be provided, to you

  1.3 How do we collect your information?

  1. We collect personal information about you when you deal with us in some way. This includes when you:
     1. submit an application to participate in the Homebuyer Scheme
     2. send us your annual review information
     3. visit this website (see part 6 below for more information regarding this website)
     4. contact us (for example, to get our approval to do something or to make a complaint)
  2. We may collect personal information about you from other entities or people that are involved in the Homebuyer Scheme.
  3. This includes:
     1. your co-participant(s) in the Homebuyer Scheme, if any (for example, if you applied jointly with your partner, we may collect information about you from your partner)
     2. the Department of Treasury and Finance (as the Scheme Provider)
     3. the Scheme Administrative Agent (currently the Commissioner of State Revenue supported by the State Revue Office)
     4. the financial institutions on the Homebuyer panel (currently, Bendigo Bank Adelaide and Bank Australia)
     5. your insurance provider
     6. your conveyancer or solicitor
     7. Valuer-General Victoria
     8. Land Use Victoria (Land Titles Office)
     9. Residential Tenancies Bonds Authority
     10. Community Group Provider if you identify as Aboriginal or Torres Strait Islander
     11. other government agencies, law enforcement agencies or regulators
  4. If you do not provide your personal information when requested for the purposes described in Part 1.4 below, we will not be able to assess whether you are eligible to participate in the Homebuyer Scheme or, if you are already participating in the Homebuyer Scheme, whether you are meeting the continuing eligibility criteria or may be in breach of your obligations under our agreements with you. The latter may require you to exit the Scheme early and repay the Victorian Government’s proportional interest amount.

  1.4 How do we use your information?

  1. We use or share your personal information only for the purpose for which it was collected, as explained below, or for a related purpose that you would reasonably expect us to use or share that information.
  2. We collect, use and share your personal information to administer the Homebuyer Scheme, which includes to:
     1. confirm your identity
     2. assess your initial eligibility, and continuing eligibility, to participate in the Homebuyer Scheme
     3. assign you a scheme identifier
     4. manage our relationship with you, and your chosen panel financier
     5. check whether you are complying with your obligations under your agreements with us and enforce them
     6. allow us to perform our obligations and exercise our rights under your agreements with us
     7. assist us to make decisions under your agreements with us (such as whether to approve your requests or take certain steps)
     8. investigate fraud or other illegal activities
     9. comply with laws and assist government or law enforcement agencies
     10. evaluate the Homebuyer Scheme
     11. contact you
     12. respond to any complaints you make or questions you have
  3. Occasionally, we may be required or authorised by law (including privacy legislation and/or other laws) to use your personal information for another purpose.

  1.5 Who do we share your information with?

  1. We may share your personal information with other entities or people that are involved in the Homebuyer Scheme for the purposes described in Part 4 above. These people include:
     1. your co-participants in the Homebuyer Scheme
     2. Department of Treasury and Finance (as the Scheme Provider)
     3. the Scheme Administrative Agent (currently the Commissioner of State Revenue supported by the State Revue Office)
     4. the financial institutions on the Homebuyer panel (currently, Bendigo Bank Adelaide and Bank Australia)
     5. your conveyancer or solicitor
     6. your insurance provider
     7. Valuer-General Victoria
     8. Land Use Victoria (Land Titles Office)
     9. Residential Tenancies Bonds Authority
     10. Community Group Provider if you identify as Aboriginal or Torres Strait Islander
     11. other government agencies, law enforcement agencies or regulators
     12. our professional advisers
     13. (xiii) a potential assignee, novatee or transferee of our or the financial institution’s obligations under your agreements with us and their advisers and contractors
  2. Occasionally, we may be authorised or required by law (including privacy legislation and/or other laws) to share your personal information with other entities or people.
  3. We ensure that any transfer of personal information outside Victoria is in accordance with applicable privacy and health records legislation.

• VPS Enablers Network collection notice

  Collection notices - Eventbrite and MailChimp

  The personal information provided by you in subscribing to an electronic newsletter or registering to attend an Enablers event will be handled in accordance with the provisions of the Victorian Privacy and Data Protection Act 2014.

  As required by the Act the following information is provided to you pursuant to Information Privacy Principle 1.3:

  • the Victorian Public Sector Enablers Network is the responsible entity; you are able to gain access to, and, if necessary, request correction of, the information you have provided by contacting Enablers at vps.enablersnetwork@dpc.vic.gov.au
  • the personal information is being collected on behalf of the Enablers Network to assist it with managing newsletter subscriptions and the registry function associated with attendance at Enablers Network events
  • you will see when you are directed to the respective websites it will be mandatory to provide some personal information (i.e. it is not possible to subscribe to a newsletter or register interest in attending an event anonymously)
  • the information you provide will only be used by Enablers Network office bearers and employees to facilitate newsletter subscriptions and event attendances
  • the main consequences if all, or part, of the requested information is not provided is that the Enablers Network would not be in a position to consider the subscription or event attendance request

• VPS Pride Network collection notice

  This collection notice explains how the VPS Pride Network (the Network) handles personal information which you may provide when you subscribe to our e-newsletter, sign up for an event or submit a nomination to the VPS Pride Awards (the Awards).

  The Network collects this data using:

  • Mailchimp, a third party Marketing platform. View Mailchimp's privacy policy.
  • Google Forms, a third party online form platform. View Google’s privacy policy.
  • Humanitix, a third party event registration platform. View Humanitix’s privacy policy.
  • Engage Victoria, the Victorian Government's Online Consultation platform provided by the State of Victoria through the Department of Government Services and supported by Harvest Digital Planning. View Engage Victoria’s Privacy Policy.

  The personal information that you submit to us is collected in order to provide information services to you which in turn facilitates:

  • communicating updates about the Network and/or an event
  • judging the VPS Pride Awards
  • the co-ordination of meetings, and advocacy and fundraising activities.

  Servers for the third party applications are located in Australia and overseas. Mailchimp, Humanitix and Google require their subcontractors to deal with such personal information in a manner that is consistent with the Australian Privacy Principles but they cannot guarantee the security of your personal information.

  Mailchimp, Humanitix and Google comply with the Australian Privacy Act. If you are unsatisfied with a response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help.

  Engage Victoria will handle your information in accordance with the Information Privacy Principles contained in the Privacy Data and Protection Act 2014 (Vic). If you are unsatisfied with a response to a privacy matter then you may consult either an independent advisor or contact the Office of the Victorian Information Commissioner for additional help.

  You have the option of not providing certain information requested by the Network. However, you should note that this may prevent the Network from providing membership information services to you and managing its various activities and Programs.

  If you need to change or update your details, you can do so by clicking the update subscription preferences link at the bottom of the e-newsletter or by contacting the VPS Pride Network.

• VPS Women of Colour network collection notice

  Collection notice for WoCN e-newsletter

  This collection notice explains how the VPS Women of Colour Network (WoCN) handles personal information which you may provide when subscribing to the WoCN e-newsletter.

  WoCN collects this data using Mailchimp, a third party Marketing platform. View Mailchimp's privacy policy.

  Your name and email address will be collected for the purpose of communicating updates about the WoCN.

  There serves are located in the United States. All of their subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information overseas.

  Mailchimp complies with the Australian Privacy Act. If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help.

  If you need to change or update your details, you can do so by emailing vpswoc@gmail.com

• Wage Inspectorate Victoria privacy notice

  The Wage Inspectorate Victoria is an independent statutory body established by the Wage Theft Act 2020.

  In addition to the Wage Theft Act, we also have responsibility for administrating the following Acts:

  • Child Employment Act 2003
  • Long Service Leave Act 2018
  • Owner Driver and Forestry Contractors Act 2005.

  We are a ‘law enforcement agency’ for the purposes of the Privacy and Data Protection Act.

  What does this privacy notice do?

  When you access the Wage Inspectorate’s website, we may collect a range of personal and/or sensitive information. Personal information is recorded information about an individual whose identity is apparent and can be reasonably be ascertained from that information. Sensitive information is information about an individual’s race or ethnicity, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record.

  This privacy notice tells you what information we collect and why, how we use and disclose the personal information we hold and how we protect and maintain the quality and security of that information. This notice also explains how you can correct and access the personal and/or sensitive information we hold about you and how to make a complaint about a privacy matter.

  What information do we collect and why?

  We collect information to enable us to perform our functions and to fulfil our responsibilities under the Wage Theft Act 2020, Child Employment Act 2003, Long Service Leave Act 2018 and Owner Driver and Forestry Contractors Act 2005, as well as any other applicable laws.

  You can also read the following pages which provide further information about our functions:

  • Child Employment Act
  • Long Service Leave Act
  • Owner Driver and Forestry Contractors Act
  • Wage Theft Act

  Personal information may be provided to us by complainants, government agencies, members of the public, employees and other third parties.

  The types of personal information we may collect include a person’s name, address, contact details, details of a person’s employment and information about a person’s personal circumstances. Providing sensitive information to us is always optional.

  Sometimes, we will receive information inadvertently, for example if it is included in a complaint from a member of the public, or in employment documents that have been provided as information relating to an alleged offence. We will not use or disclose sensitive or health information, except as permitted or required by law.

  Personal information is collected by us in a variety of ways, including but not limited to:

  • from a member of the public via our website or an email or phone call to us
  • in documents or written or oral statements obtained by us for the purposes of investigating or prosecuting possible offences under the laws that it is responsible for, where oral statements may be recorded
  • managing the employment of staff or recruitment purposes
  • information shared between law enforcement agencies as authorised by law.

  Where possible, we will collect personal information directly from the individual that it relates to. However, we are likely to collect information about an individual from other individuals and may collect information about an individual from other agencies, publicly available sources or third parties (including through its social media platforms) where it is necessary to perform our functions.

  Individuals have the option of remaining anonymous when interacting with us where their identity is not necessary for us to perform the relevant functions or activities.

  When collecting personal information from an individual, we will take reasonable steps to advise that individual of:

  • what information is being sought and why
  • whether and to whom we usually disclose that kind of information
  • whether any law requires the collection of the information
  • how the individual can contact us or the Office of the Victorian Information Commissioner (OVIC) (the regulator with oversight of information access, privacy and data protection) with any questions or concerns about how the information is being handled
  • the main consequences, if any, of not providing the information.

  Use and disclosures of personal information

  We will only use or disclose personal information where it is necessary to carry out our functions.

  We will only use or disclose personal information about an individual for the purpose that it was collected, except in the circumstances permitted in by the Privacy Legislation. The main situations in which this may occur are where:

  • the purpose is related to the initial purpose of collection and the individual would reasonably expect us to use or disclose the information for that purpose
  • the individual has consented to the use or disclosure for that purpose
  • we have reason to suspect that unlawful activity has been or is being engaged in and the use or disclosure is necessary for its investigation of the matter or to report the matter to the relevant authority
  • the use or disclosure is required or authorised by or under law.

  When we disclose information that contains personal information to another individual or body (third party), we will take reasonable steps to preserve the privacy of the relevant individuals, for example by redacting personal information that is not relevant or required for the purposes of providing the information or by ensuring that the other individual or body is required to protect the privacy of that information.

  The main third parties that we may disclose information that is likely to contain personal information are:

  • the Victorian Inspectorate, where we are required to provide written reports following the exercise of certain powers under the Wage Theft Act
  • Victoria Police, or other law enforcement agencies to assist in its investigations or for other law enforcement purposes
  • the Office of Public Prosecutions, to assist with advice sought or the conduct of a criminal prosecution
  • the Magistrates’ Court of Victoria, for the purposes of applying for a search warrant or in relation to prosecutions under the Wage Theft Act.

  Where necessary and appropriate, we will take steps to ensure that any recipient of personal information provided by us is aware of and complies with the Privacy Legislation and any other applicable privacy and confidentiality obligations.

  Social media

  The Wage Inspectorate uses third party social media platforms to promote content and engage with the public. Our social media channels include:

  • Facebook
  • LinkedIn
  • Twitter

  We use Sprout Social to manage our social media accounts. Information collected by our social media accounts is also shared with Sprout Social.

  We have social media sharing links on our website. These are located on the right-hand side of our webpages under the heading 'Share this page'. By clicking these links, you are given the option to share the webpage as a post on your social media account (Twitter, Facebook or LinkedIn). These social media networks may collect your personal information for their own purposes.

  If you choose to engage with the Wage Inspectorate via social media, you should be aware of the following:

  • If you engage with the Wage Inspectorate on a social media channel, we may contact you via a direct message to ask for contact information so that an officer can contact you to provide assistance. If you provide contact details, this information will be collected in the Wage Inspectorate’s customer management system to enable an officer to contact you.
  • We use a social media archiving tool called Brolly to capture the Wage Inspectorate’s interactions on social media and archive them in accordance with the Government’s record keeping obligations under the Public Records Act 1973. Brolly captures and stores social media records for us, including each status update, tweet, post, private message, and comment on the Wage Inspectorate’s social media pages. This information is stored on Australian servers in compliance with Australian privacy laws. You can access Brolly’s Privacy Policy.
  • We may delete a public comment or post on a Wage Inspectorate platform in accordance with our Social Media Moderation Guidelines. The Wage Inspectorate will take a screenshot of the interaction to keep a record of the decision to delete it. Any personal information contained in the screenshot will not be used or disclosed by the Wage Inspectorate, except to the extent that it is necessary to review the decision or for the purposes of an investigation conducted by the Wage Inspectorate.
  • Any information you post on social media is potentially accessible to anyone else engaging on that platform – we strongly recommend you regularly check and configure your privacy settings to make sure you know what information you are making available.

  Information security

  Under the Privacy Legislation, we have a responsibility to protect the personal and health information we have retained, as well as general obligations to protect the data we hold. We take reasonable steps to protect any personal information that we hold from misuse and loss, and from unauthorised access, modification or disclosure.

  We have secure office premises and a security pass entry system for employees and contractors to enter the premises. We take reasonable steps to protect our files from outside or unauthorised access.

  Access to systems, applications, and the information that we collect is limited to authorised staff members only. Our information technology arrangements incorporate a range of data security measures.

  Our staff receive training on their responsibilities and obligations under Privacy Legislation and the Privacy Statement. If we become aware that an individual’s personal information has not been handled in accordance with the Privacy Legislation, we will take reasonable steps to inform the relevant individual(s) and take appropriate action to ensure that it does not happen again.

  Information quality

  We rely on people providing accurate information and notifying us when they become aware that information is incorrect or out of date. However, we will take reasonable steps to ensure that the information that we collect, use or disclose is accurate, complete and up to date.

  If an individual is aware that we hold personal information about them that is not accurate, complete and up to date, they can notify us to correct that information. If an individual can provide proof of the correct information, we will take steps to correct the personal information.

  We will archive or destroy all personal information retained by it in accordance with the Public Records Act 1973 and the applicable Retention and Disposal Authority, or any other applicable law.

  Access to information

  If you want to access information that we hold about you, you can contact us and submit a written request. We may contact you to establish your identity before releasing the information.

  You may also make a request under the Freedom of Information Act 1982. Depending on the nature of the request, fees may apply.

  Visit our website for more information on how to Make a Freedom of Information Request.

  How to make a privacy complaint

  If you are not happy with how we have handled your personal information, please let us know. We aim to resolve all complaints quickly and fairly.

  You can make a privacy complaint about how we have handled your personal information by contacting our Privacy Officer.

  • Post: Wage Inspectorate Victoria, GPO Box 4912, Melbourne, VIC, 3001
  • Email: privacy@wageinspectorate.vic.gov.au