We collect, hold, use and disclose personal information to carry out functions or activities under the Australian Information Commissioner Act 2010 (AIC Act), the Privacy Act 1988 (Privacy Act) and the Freedom of Information Act 1982 (FOI Act).
These functions and activities include:
- handling privacy and freedom of information (FOI) complaints and FOI reviews
- taking other regulatory action under the Privacy and FOI Act
- providing advice on privacy, FOI, and information policy issues
- consulting with stakeholders, for example, on privacy or FOI guidance
- maintaining registers, such as organisations that have opted-in to Privacy Act coverage
- responding to access to information requests
- communicating with the public, stakeholders and the media including through websites and social media
Collection of your personal information
At all times we try to only collect the information we need for the particular function or activity we are carrying out.
The main way we collect personal information about you is when you give it to us. For example, we collect personal information such as contact details and complaint, review, request, data breach notification or report details when you:
- contact us to ask for information (but only if we need it)
- make a complaint about a privacy breach to us
- make a complaint about the way an agency has handled an FOI request or seek a review of an FOI decision
- report a matter for investigation
We may also collect information from you when we investigate or review a privacy or FOI matter. If we open a file about your matter, it will often include our opinion on your matter.
We may also collect contact details and some other personal information if you are on our committees or participating in a meeting or consultation with us.
Collecting sensitive information
Sometimes we may need to collect sensitive information about you, for example, to handle a complaint. This might include information about your health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, genetic or biometric information.
In the course of handling and resolving a complaint, data breach notification, review or an investigation, we may collect personal information (including sensitive information) about you indirectly from publicly available sources or from third parties such as:
- your authorised representative, if you have one
- applicants, complainants, respondents to a complaint, investigation, application or data breach notification or the third parties’ employees and witnesses.
We also collect personal information from publicly available sources to enable us to contact stakeholders who may be interested in our work or in participating in our consultations.
Where possible, we will allow you to interact with us anonymously or using a pseudonym. For example, if you contact our Enquiries line with a general question we will not ask for your name unless we need it to adequately handle your question.
However, for most of our functions and activities we usually need your name and contact information and enough information about the particular matter to enable us to fairly and efficiently handle your inquiry, request, complaint or application, or to act on your report.
Collecting through our websites
We use Google Analytics and Piwik to collect data about your interaction with our website. We host Piwik ourselves, while Google Analytics is hosted by a third party. The sole purpose of collecting your data in this way is to improve your experience when using our site. The types of data we collect with these tools include:
- your device’s IP address (collected and stored in an anonymized format)
- device screen size
- device type, operating system and browser information
- geographic location (country only)
- referring domain and out link if applicable
- search terms and pages visited
- date and time when website pages were accessed
Cookies are small data files transferred onto computers or devices by websites for record-keeping purposes and to enhance functionality on the website.
Our website generally sets the following cookies:
- _ga: Google Analytics cookie
- _pk_id.3.7ced and _pk_ses.3.7ced: Piwik cookies
- bb2_screener_: security cookie (anti-spam)
Most browsers allow you to choose whether to accept cookies or not. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing our website.
We also utilise the services of Hotjar to collect voluntary feedback on your experience with our website. You can view Hotjar’s privacy and data collection policies here.