The Victorian Government values and is committed to protecting your privacy.
We handle your personal information in accordance with the Privacy and Data Protection Act 2014 (Vic) (PDP Act), Public Records Act 1973 (Vic), Health Records Act 2001 (Vic) and other applicable legislation.
We may update this privacy statement from time to time. Any changes to this privacy statement will be published on this website.
What information do we collect?
There are 3 main ways that we may collect personal information from you:
1. Requests to provide information
In most circumstances, you will know if we are collecting personal information from you because you will be requested to provide it. For instance, if you submit a form to contact us through the website, we will ask you to provide your name and email address.
2. Automatic collection through the website
Some personal information is automatically collected as a result of your visit to our website. This information is collected using software techniques such as web server log file analysis, cookies and web beacons.
3. Automatic collection by third party software vendors
We use some third party software that collects information about your interaction with our website.
When you visit our website, your web browser automatically sends certain information to these software providers.
This statement covers each of these instances of personal information collection in more detail below.
Requests to provide information
We may collect personal information that you choose to give us, or which may be required to access a particular service. This includes information collected via online forms, events and training registration, or when subscribing to receive newsletters.
The information you provide by completing an online form on vic.gov.au is collected by the Drupal 8 content management system (CMS) and is stored on the Microsoft Azure infrastructure in Sydney, Australia. The Product and Editorial team within Digital, Design and Innovation have a process in place to delete this data from the CMS on a regular basis.
Automatic collection through the website
If you don't want to have cookies placed on your computer, you can disable them using your web browser. You will need to customise each web browser you use to turn off cookie tracking.
If you opt out of using cookies, you will still have access to all the information and resources provided by this website, though some features may not work as expected.
Automatic collection by third party software vendors
This website uses several online tools to measure website use, which are provided by third party software vendors. We use these tools to help us make our site better.
We use software by third parties, including:
For further information on how these third party software vendors handle your personal information, please review their privacy policies. Personal information may be provided to third parties when accessing this website. Information that may be shared to third parties includes:
- network location and IP address
- the date and time of your visit to our website
- the types of web browser (e.g. Internet Explorer, Google Chrome, Safari) and operating system (e.g. Windows 10, Mac OS X etc.) you are using
- Referring site details (such as the URL that you came through to arrive at our website)
- Page visited and the time spent on each page
- Documents downloaded and search terms used
- The forms accessed on our website
- Unique device identifier
- Cookies and data about which page you visited
- Device information, hardware model, operating system information, app version, app usage, debugging information, browser information
- Geo location information (if enabled by user)
- May assign a unique user identifier
The information we disclose to some of our third-party vendors may travel outside Victoria. We take steps to ensure that when your personal information travels, privacy protections travel with it.
Third party software vendors may alter how they collect and handle personal information at any time.
Use and disclosure
Use of web analytics data
We use web analytics data for statistical purposes, such as to analyse, measure, and report on data about our website traffic and visits. This information helps us understand general user trends at an aggregate level, and improve our website, content, and user experience.
We may also use this information for security audits to protect against threats from hackers or other security purposes.
We do not use this information to identify you or match it with any other personal information that we may collect from you, unless required to do so as part of an internal investigation or for a law enforcement-related purpose, in accordance with the PDP Act.
Your site visit data is collected under the authority of Information Privacy Principle 1.1 of the PDP Act for the purposes stated above.
Disclosure of web analytics data
Apart from the third party tools described in this Privacy Statement, we do not disclose your site visit data to any other third parties without your consent, unless we are required or authorised to do so by law. In the event of an investigation into suspected unlawful or improper activity, a law enforcement or government agency may use its legal authority to inspect our web server’s records (e.g. in relation to hacking or abusive messages).
Can I opt out of the collection of web analytics data?
You cannot opt out of the automatic collection of information that is used for analytical purposes, however you may choose to disable cookies or delete any individual cookie. If you choose to disable cookies, the website may not function fully and your ability to browse, read, and download information contained on our website may be impaired. However, you may still access our services by contacting our office via other methods such as telephone, email, or mail.
You can enable a “Do Not Track” setting on your browser to help protect your privacy. When Do Not Track is tuned on, your browser will send a Do Not Track request to the sites you visit, and to the third parties whose content is hosted on those sites. However, many websites will still collect and use your browsing data regardless of the Do Not Track Request. This depends on individual sites’ privacy practices. Sending a Do Not Track request does not guarantee privacy protection.
Instructions on how to enable the Do Not Track setting:
We use Twitter to communicate with the public about our work. We may collect any personal information that you provide us via the @VicGovAu Twitter under section 8C of the PDP Act, for the purposes of engaging and consulting with the public. Any personal information we collect via Twitter will be handled appropriately and in line with this privacy statement.
We use Sprout Social to manage the @VicGovAu Twitter account. Information collected by Twitter is also shared with Sprout Social.
We have social media sharing links on this website. These are located on the right hand side of a webpage under the heading 'Share this'. By clicking these links you are given the option to share the webpage as a post on your social media account (Twitter, Facebook or LinkedIn). These social media networks may collect your personal information for their own purposes.
This website includes links to Yammer. Yammer is an enterprise social networking service and may collect personal information you provide.
Links to non-vic.gov.au websites
This privacy statement does not apply to any external websites that are linked on the vic.gov.au website.
The icon we provide to let you know when you are leaving vic.gov.au and visiting an external website is displayed below.
We are not responsible for the privacy practices or content of external websites. When you visit other websites, we recommend you read the privacy statements or policies of these websites before providing personal information.
Security of your personal information
Under the PDP Act, we have a responsibility to protect your personal information. We take reasonable steps to make sure that your personal information is protected from misuse, loss, and unauthorised access, modification, or disclosure. Access to systems, applications, and the information that we collect is limited to authorised staff members only.
Further, any personal information that we collect and use for identifying user trends (for example, IP address) is aggregated and anonymised when generating reports.
Access and correction
You may request access to, or correction of, documents that contain your personal information which are in our possession. For information on how to make a request for access or correction, please contact us via the details below.
In some cases, requests for access or correction will be handled in accordance with the Freedom of Information Act 1982 (Vic).
Additional privacy notices for specific vic.gov.au websites
Data Vic uses CKAN to manage and publish meta data records on the data.vic.gov.au portal.
CKAN is open source software widely used by open data publishers to manage their data assets.
CKAN stores meta data about individual data records and presents them on a web interface so that visitors to data.vic.gov.au can browse and search this metadata in order to meet their information seeking needs.
CKAN also offers an API so that third party applications can be built around it.
CKAN collects site analytics data and statistical data about DataVic users including:
- Browser used
- Operating system
- Referral links
- Time on the site
Copyright in your submitted content
When you submit content to data.vic.gov.au, by making comments to the various feedback functions or participation in the applications showcase, you retain copyright in it. By submitting content to this site, you agree to make it available to the rest of the world under a
Use of site
You must not use text or information provided via this site, including datasets or data they contain, in any of the following ways:
- use the data in any application that pretends to be an official government service, or in any other way that suggests that the Department endorses you or your use
- present the data in a misleading or incorrect manner, or misrepresent the data through changing it or otherwise
- use this site for party political purposes
- use the data or this site in or to support a criminal or illicit activity
- use the data in any application, or in any other ways to inflame or make comments that are racist, sexist or homophobic, or which promote or incite violence and illegal activity
Moderation policy and process
We welcome user generated content to the data.vic.gov.au site and aim to publish most content quickly. We encourage you to share your opinions on the various blog topics and individual datasets. Also, we want to promote your applications and insights built and developed using Victorian Government data in the showcase section. To help us do this, please make sure:
- Your comments are relevant or on-topic
- Your comments are not inflammatory, unreasonable or obscene
- You are civil and respectful of others and their opinions (including not impersonating anyone and not posting someone's personal information without their permission)
- Your behaviour is in line with relevant laws
- The site uses a pre-moderation process to help ensure that spam or comments that breach this moderation policy are not published. This means that your comment will generally be published after being manually checked by a moderator. If a comment is edited, we will include a reference so you can tell
The first is a human verification step to deter spam bots: when you submit a comment, you are asked to include a user name and a valid email address. You may post under a pseudonym. Your email address will not be posted on the site.
This collection notice explains how the Public Sector Gender Equality Commissioner (the Commission) handles personal information which you may provide when you subscribe to our e-newsletter.
The Commission collects this data using:
The personal information that you submit to us is collected in order to provide information services to you which in turn facilitates:
- communicating updates about the Commission and/or an event
- the co-ordination of meetings, and advocacy and educational activities
Servers for the third party applications are located in Australia and overseas. Mailchimp require their subcontractors to deal with such personal information in a manner that is consistent with the Australian Privacy Principles but they cannot guarantee the security of your personal information.
Mailchimp comply with the Australian Privacy Act 1998. If you are unsatisfied with a response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help.
You have the option of not providing certain information requested by the Commission. However, you should note that this may prevent the Commission from providing information services to you and managing its various activities and programs.
1. About this statement
In this statement, “we”, "our" or “us” means the State of Victoria through the Department of Treasury and Finance as the HomesVic Program Provider and includes the Homes Vic program administrative entity.
This statement describes our policy for how we will handle your personal information and health information in connection with the HomesVic shared equity pilot program (“HomesVic Program”). During the HomesVic Program, we may update this statement to reflect any changes to the program or to our information handling practices. The most up-to-date version of this statement is available here or you can ask us to send you a copy.
We are committed to respecting the rights of individuals to the privacy of their personal information. We have policies and procedures in place for the appropriate management and protection of personal information, including any health information collect about them, in accordance with the Victorian Privacy and Data Protection Act 2014 and the Health Records Act 2001.
2. What information do we collect?
During your participation in the HomesVic Program, we may collect your personal information, including your sensitive information and health information. This includes the details of:
- your income
- your identity (such as your name, address, date of birth, gender and relationship status)
- evidence of your identity (such as your driver’s licence, passport and proof of age card)
- your tax file number
- your residency status
- your employment
- your home loan and other loans you may have (including any refinancing and/or increases to your Finance debt)
- your principal repayments of your home loan
- our interest in the property you have acquired through the HomesVic program
- action you take in connection with your property, including its maintenance, insurance and occupation
- your dealings with us
- any adults you live with
- credit reports
- whether you have elected to receive direct marketing from us
Finance debt means any indebtedness, present or future, actual or contingent, in respect of money borrowed or raised or any financial accommodation whatsoever other than HELP or under, or in connection with, the Loan Agreement for your home loan with a panel financier.
What is personal information?
Personal information is any information or an opinion that is recorded in any form and whether true or not, about you, where your identity is apparent to, or can reasonably be ascertained by us, from the information or opinion.
What is sensitive information?
Sensitive information is a special category of your personal information. It means information or an opinion about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record.
What is health information?
Health information is personal information or an opinion about:
- your physical, mental or psychological health
- a disability you have (at any time)
- your expressed wishes about the future provision of health services to you
- a health service provided, or to be provided, to you
3. How do we collect your information?
We collect personal information about you when you deal with us in some way. This includes when you:
- submit an application to participate in the HomesVic program
- send us your annual certificate of compliance
- visit this website (see part 6 below for more information regarding this website)
- contact us (for example, to get our approval to do something or to make a complaint)
We may collect personal information about you from other entities or people that are involved in the HomesVic Program.
- your co-participants in the HomesVic Program (for example, if you applied jointly with your partner, we may collect information about you from your partner); the Department of Treasury and Finance (as the Program Provider)
- the Program Administrative Entity; the financial institutions on the HomesVic panel (currently, Bank Australia Limited (ACN 087 651 607) and Bendigo Bank Limited (ACN 068 049 178))
- your insurance provider
- your conveyancer or solicitor
- Valuer-General Victoria
- Land Use Victoria (Land Titles Office)
- Residential Tenancies Bonds Authority
- other government agencies, law enforcement agencies or regulators
If the Participant's household includes an Included Adult, the Participant must (prior to disclosing information and documents containing the income of that Included Adult to any Program Party):
(i) provide to that Included Adult a copy of:
(A) each Program Party’s privacy policies and privacy notices; and
(B) the terms of this Agreement insofar as they relate to privacy and the collection, use and disclosure of Personal Information; and
(ii) obtain written authorisation from that Included Adult to disclose the information or documents to each Program Party and provide a copy of that written authorisation to the Program Administrative Entity.
A Program Party may take further steps to provide information to, and obtain consent from, any Included Adult who is not a Participant, and the Participant must cooperate with (and provide assistance to) that Program Party in relation to any such further steps.
We will only collect your sensitive information or health information with your consent or where required or authorised by law.
An Included Adult means any person aged 18 years or older who is ordinarily residing in the same household as the Participant at the relevant time or during any part of the relevant period including any adult aged 18 years or older who moves into the Property or joins the Participant's household after the date of this Agreement but excluding any person aged 18 years or older who is:
(a) a lessee of the Property; or
(b) a licensee of any part of the Property unless that licensee is a Related Person.
Consequences of not providing your personal information
If you do not provide your personal information when requested for the purposes described in Part 4 below, we will not be able to assess whether you are eligible to participate in the HomesVic Program or, if you are already participating in the HomesVic Program, whether you may be in breach of your obligations under our agreements with you. The latter may require you to exit the Program early and repay the Victorian Government’s proportional beneficial interest
4. How do we use your information?
We use your personal information only for the purpose for which it was collected, as explained below, or for a related purpose that you would reasonably expect that information to be used for.
We collect, use and share your personal information to administer the HomesVic Program, which includes to:
- confirm your identity
- assess your eligibility to participate in the HomesVic Program;assign you a program identifier
- manage our relationship with you, and your chosen panel financier
- check whether you are complying with your obligations under your agreements with us and enforce them
- allow us to perform our obligations and exercise our rights under your agreements with us
- assist us to make decisions under your agreements with us (such as whether to approve your requests or take certain steps)
- investigate fraud or other illegal activities
- comply with laws and assist government or law enforcement agencies
- evaluate the HomesVic Program
- contact you
- respond to any complaints you make or questions you have
Occasionally, we may be required or authorised by law (including privacy legislation and/or other laws) to use your personal information for another purpose.
5. Who do we share your information with?
We may share your personal information with other entities or people that are involved in the HomesVic Program for the purposes described in Part 4 above. These people include:
- your co-participants in the HomesVic Program
- Department of Treasury and Finance (as the Program Provider) the Program Administrative Entity
- the financial institutions on the HomesVic panel (currently, Bendigo Bank Limited (ACN 068 049 178) and Bank Australia Limited (ACN 087 651 607))
- your conveyancer or solicitor
- your insurance provider
- Valuer-General Victoria
- Land Use Victoria (Land Titles Office)
- Residential Tenancies Bonds Authority
- other government agencies, law enforcement agencies or regulators
- our professional advisers
- a potential assignee, novatee or transferee of our or the financial institution’s obligations under your agreements with us and their advisers and contractors
Occasionally, we may be authorised or required by law (including privacy legislation and/or other laws) to share your personal information with other entities or people.
We ensure that any transfer of personal information outside Victoria is in accordance with applicable privacy and health records legislation.
Victorian Public Sector Commission (VPSC) collects and stores information regarding the recruitment and selection of people to the Victorian Government graduate program to participating Victorian Government Departments and agencies (‘Departments’) across the Victorian public sector.
This Collection Notice explains VPSC’s policy for handling personal information, sensitive information and certain health information which you may provide to VPSC when interacting with us
VPSC collects this data using Push Apply and third party software products (‘the portal’). Encrypted data is stored and managed on Amazon Web Service (AWS) systems. The portal is administered by approved staff at vendor (‘the recruiter’) who have been appointed by the VPSC to facilitate recruitment to the Victorian Government graduate program.
At time of making an employment offer, the recruiter will share successful applicant data will be shared with Departments.
The recruiter will delete all collected and stored date upon completion of their contract with the VPSC, or when archived data is replaced by new data, or at any other time as directed by the VPSC.
The VPSC is committed to protecting your privacy. Please review the statements below, which detail how the VPSC collects, holds, manages, uses, discloses or otherwise handles personal information (including sensitive information) and health information.
The supply of certain personal information and health information to VPSC is optional, and, where possible, the VPSC will give you the option of not providing such information. However, please note that our ability to process your application may be impacted if requested information is not provided.
Recruitment and selection of candidates
- Victorian graduate recruitment and selection activities are undertaken by the recruiter, the VPSC and various Departments
- this statement covers information collected by the recruiter which is stored on the portal and administered by both the recruiter and VPSC. It also covers information that is collected by the VPSC or Departments in the context of the recruitment and selection process
What will your information be used for?
Your personal and health information will be collected to:
- enable recruitment, selection and appointment processes
- enable the recruiter to contact candidates
- enable the Departments or VPSC to contact candidates
- enable graduate recruitment and workforce planning
- report and provide analysis on various metrics, such as gender and other diversity measures
What information will be collected?
VPSC will collect the following personal and health information from you for the purposes of assessing your application to the Victorian Government graduate program:
- contact details
- demographic and diversity data (including information relating to gender, ethnicity and disability)
- health information in so far as it is relevant to your performance of the role, including any disability for the purposes of making reasonable adjustments
- employment history, including your resume
- education history, including your academic transcript
- images, video or audio recordings associated with the application form and assessment activities
Who will collect your information?
Information will be collected by the VPSC and the recruiter on behalf of Departments. Departments may collect additional information upon appointment of a candidate.
Who will access your information?
Your personal and health information will be used by and disclosed to:
- nominated staff in the VPSC who work on the Victorian Government graduate program
- nominated staff in the Departments undertaking the recruitment and selection process (such as divisional Directors and/or Managers of teams where the graduate may be placed)
- Human resources, account management and IT staff in the recruiter
All persons with access to personal information (including any sensitive information) or any health information collected by and for the VPSC are subject to confidentiality obligations and to additional security protocols as required.
Your personal information (including sensitive information) and any health information will be used and disclosed strictly for the purposes identified in this Collection Notice and will be de-identified where possible.
Information will only be made available to individuals on a need to know basis in order to perform a function or activity necessary to achieve a purpose outlined in this Collection Notice.
Your personal information (including any sensitive information) or any health information may only be used or disclosed in a manner other than as described in this Privacy Statement if you subsequently consent to the further specific use or disclosure or where disclosure is required or permitted by law.
By creating an account and submitting a completed application to the Victorian Government Graduate Program, you are consenting to your personal (including sensitive) and health information being collected, managed, used, disclosed and processed as described in this Collection Notice.
VPSC will ensure that the collection, management, use and disclosure of your personal (including sensitive) and health information complies with Victorian privacy law, the Information Privacy Principles, the Health Privacy Principles and the .
Information will be stored securely with access restricted to those set out in the "Who will access the data?" section of this Statement above. VPSC will take reasonable steps to protect the personal information (including any sensitive information) and any health information it holds from misuse, loss, unauthorised access, modification and disclosure. VPSC will also take reasonable steps to destroy or permanently de-identify personal information when it is no longer needed.
VPSC may also use third party service providers to provide services to it, such as data hosting providers. Some of those providers may be located outside Victoria. Accordingly, some of the data collected for the VPSC may be stored on secure servers located outside Victoria, which are subject to stringent privacy laws and regulations comparable to those in Victoria.
The Disability pathway provides support for graduates with a disability. The pathway can include support with the application process and placements. It can also include support during the graduate year.
The VPSC will collect, manage and use information provided on the Disability pathway program for the purpose of administering the program and otherwise in accordance with the Privacy and Data Protection Act 2014 and the Health Records Act 2001. We will not share information provided on the Disability pathway program with hiring Departments or line managers without your consent. You can share information as part of the application process but then choose not to share it with employers or peers.
Who to contact for access to or correction of your personal and health information
You have a right to access personal, sensitive and health information the VPSC holds about you. You may also apply to the VPSC to correct information held about you which you believe is inaccurate.
Effective date of Privacy Statement
22 February 2019
 The term ‘health information’ is a legally defined term in the Health Records Act 2001 (Vic) and in the context of the VPSC refers to the collection of information that relates to disability. The VPSC gives participants the option of not providing such information. All health information provided to the VPSC will be handled in accordance with this Collection Notice and the Health Records Act 2001 (Vic).
Collection notice for e-newsletter
This collection notice explains how the Portable Long Service Authority (PLSA) handles personal information which you may provide when subscribing to the PLSA e-newsletter.
Your name and email address will be collected for the purpose of communicating ;updates about portable long service.
This data is stored in the PIPE Networks Data Centre in Fortitude Valley, Brisbane and maintained on AWS cloudfront within their Australian operations in the Sydney region.
Vision 6 complies with the Information Privacy Act and SPAM Act and are compliant with the GDPR.
Vision 6 conducts regular penetration testing and monitoring tools to determine network, server and service vulnerabilities.
Vision 6 have documented security policies and processes in place which are regularly reviewed by senior management.
Collection notice for business and worker registration
The Authority uses this form to collect information that it requires to register workers and employers and determine eligibility for entitlements under the Act, including personal information such as name, address, date of birth, payroll data and history, and leave history.
The Authority needs this information to register you and to determine and manage your long service leave entitlements under the Act. If you do not provide the information, the Authority may not be able to make decisions about your long service leave entitlements under the Act.
The Authority will only use and disclose your personal information to register you and manage your long service leave entitlements under the Act and where it is otherwise required or permitted by law to do so.
In some circumstances, the Authority is required or authorised by law to release information to other government agencies, law enforcement bodies or to prevent serious and imminent threat to an individual's life, health, safety or welfare.
In this context, such agencies could include the Australian Taxation Office, the Labour Hire and Licensing Authority, the Fair Work Ombudsman, the Victorian Work Cover Authority, Victoria Police, or your nominated banking institution.
The Authority will seek wherever possible to ensure that the personal information it collects, uses or discloses is accurate, complete and up to date. In many instances the Authority relies upon you to provide accurate and complete information and to advise the Authority should your circumstances change over time.
The Authority seeks to protect your personal information from misuse, loss, unauthorised access, modification or disclosure and securely destroys or de-identifies personal information when it is no longer needed for any purpose. In circumstances where personal information is collected and stored by external organisations the Authority uses to deliver aspects of its functions, the Authority’s contractual obligations require compliance with the same privacy and security standards.
Note, the following terms will need to be expanded if not described elsewhere in the application form:
Act means the Long Service Benefits Portability Act 2018.
Authority means the Portable Long Service Benefits Authority.
The Portable Long Service Benefits Authority (Authority) is a statutory authority established by the Long Service Benefits Portability Act 2018 (Act). The Authority’s role is to administer a scheme for the provision of portable long service benefits to workers in covered industries. The Authority is overseen by a Governing Board which is responsible for the governance, strategic planning and risk management of the Authority. The administration of the day-to-day management of the affairs of the Authority is the responsibility of the registrar appointed under the Act.
This policy tells you how the Authority handles personal information in the course of performing its functions in compliance with the Information Privacy Principles (IPPs) set out in the Victorian Privacy and Data Protection Act 2014 (PDP Act) and other applicable laws and contractual obligations. This policy also tells you how you can access and correct the personal information that the Authority holds about you and how to make a complaint about a privacy matter.
This policy applies to the personal information (including sensitive information) of both external parties and the staff of the Authority. Any personal information collected by the Authority, or that it obtains about individuals from other sources, will be handled in accordance with this policy.
In order to perform its functions, the Authority has also entered into certain agreements with Australian government agencies, which may mean that is has also agreed to be bound by relevant Australian Privacy Principles contained in the Commonwealth Privacy Act 1988.
Personal information is recorded information about an individual whose identity is apparent or can reasonably be ascertained from that information, but does not include health information.
Health information is personal information which concerns that individual’s physical, mental or psychological health, disability or genetic makeup which is subject to the Health Records Act 2001. The Authority does not generally collect health information in performing its functions.
Sensitive information is information about an individual’s race or ethnicity, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record.
Collection of personal information
The Authority collects personal information that the Act, privacy and other laws authorise it to collect and that it needs to perform its functions in administering the portable long service benefits scheme. This includes registration of workers and employers and determining entitlements under the Act.
During the registration process, the Authority collects personal information both directly from individuals as well as from third-parties such as employers. The personal information collected may include:
- name, address and other contact details
- date of birth
- employment information including total ordinary pay
If the personal information that the Authority requests is not provided, the Authority may not be able to perform its functions as required under the Act.
How does the Authority collect personal information?
The Authority will only collect personal information by lawful and fair means and not in an unnecessarily intrusive way.
The Authority will endeavour to collect your personal information from you where it is reasonable and practicable to do so. Where this is not possible or practicable, the Authority may collect your personal information from third parties. For example, you may be requested to provide consent for the Authority to collect personal information from third parties such as CoINVEST, as required for the Authority to determine your entitlement to benefits under the Act. If you do not provide this consent, the Authority may not be able to make decisions about your entitlements under the Act.
The Authority may also collect your personal information in other situations such as:
- receiving and handling reports and requests for information from Government departments and the Minister responsible for the Authority
- receiving and processing freedom of information requests
- employment applications
- when you visit the Authority’s website
- providing e-newsletters, SMS-blasts, lodgement reminders and other stakeholder updates with your consent
Authorised officers of the Authority may collect documents which may contain personal information as part of the exercise of their powers under Part 6 of the Act in relation to monitoring compliance and investigating potential breaches. Authorised officers have express powers to inspect, make copies of or require provision of documents and information in specified situations.
Some personal information is collected about visitors to the Authority’s website. For details, please see the collection notices above.
The Authority will only collect sensitive information with your consent or as required or authorised by law.
In most cases, the Authority will tell you when it collects your personal information and will provide you with a collection statement identifying the Authority and advising you about:
- the purposes for which the personal information is being collected
- who the personal information may be disclosed to
- any law that requires the personal information to be collected
- the main consequences for you if all or part of the personal information is not provided
- how to contact the Authority and gain access to your personal information.
- use and disclosure of personal information
- the Authority will only use and disclose your personal information when it is lawful and reasonable to do so.
Personal information that is collected by the Authority will be used and disclosed to the Authority’s employees or contractors whose duties required them to use it. These employees and contractors must handle personal information in accordance with the requirements of the PDP Act. This means they will only use or disclose collected personal information for the primary purpose for which it was collected, or for a permitted secondary purpose in specified situations, such as where you have consented to the use or disclosure, or where the use or disclosure is required or authorised by or under law (for example, in response to a valid request under the Victorian Data Sharing Act 2017).
For example, if you are a worker the Authority may use your personal information to:
- process an application for registration as a worker under the Act
- determine your entitlement to long service leave benefits under the Act
The Authority may also use your personal information to:
- obtain advice from professionals such as legal advisors and accountants
- manage the long service leave benefits scheme
- conduct surveys
- provide advice to the responsible Minister
The Authority may disclose your personal information to:
- verify information to assess your entitlements under the Act
- defend a legal or equitable claim
- prescribed Victorian or Commonwealth Government entities for the purpose of the performance of a function of that entity under a law. This includes disclosure to the Fair Work Ombudsman, Victoria Police, Victorian WorkCover Authority, Victorian Labour Hire Licensing Authority and the Australian Taxation Office.
- reciprocal long service authorities for the performance of a function under the Act or a corresponding law
Authorised officers are expressly prohibited from disclosing information, directly or indirectly, obtained in performing a function under the Act, except to the extent necessary to monitor compliance with the Act and regulations. This may include disclosure to a court or tribunal in the course of a legal proceeding, in the course of the investigation or enforcement of a law of Victoria or any other State or Territory or of the Commonwealth, with your consent, or with the written authority of the registrar.
In addition, members of the Governing Board, the registrar, an authorised officers and members of staff are prohibited by the Act from improperly using any information acquired in the course of their duties, for pecuniary or other advantage for themselves or any other person.
The Authority is required to maintain a public register of registered employers under the Act. The information about identifiable employers that the Authority publishes is publicly-available information and therefore is not personal information. The PDP Act requires that public sector agencies administer public registers, so far as reasonably practicable, in a way that would not contravene handling requirements for personal information, if that information were personal information. In a number of circumstances, for example where a person conducts business from their residential address, it may be necessary for the Authority to publish personal information on the public register.
De-identified personal information derived from personal information collected may also be used in support of the Authority’s broader functions, such as for research and reporting purposes.
The Authority is an agency responsible for the performance of functions or activities directed to the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of law imposing a penalty or sanction for a breach. For this reason, the Authority has a partial exemption under section 15 of the PDP Act from complying with specified IPPs if it believes on reasonable grounds that non-compliance is necessary for the purposes of its law enforcement functions.
The Authority takes reasonable steps to ensure that the information it holds is accurate, complete and up to date. Accurate information should be provided to the Authority at all times. For example, employers are required to make a declaration that the information they have provided is true and correct. Employers must notify the Authority within 14 days if there is a change to their personal information. Generally, the Authority relies on individuals to provide up to date information and advise the Authority if the information collected has recently changed.
How long does the Authority retain personal information?
The Authority generally destroys or permanently de-identifies information when it is no longer needed for any purpose. However, information held by the Authority is subject to the provisions of the Public Records Act 1973 and must be retained and disposed of in accordance with the relevant Retention and Disposal Authorities.
The Authority is committed to protecting your personal information from misuse or loss or unauthorised access, unauthorised modification or disclosure.
The Authority has secure office premises and a security pass entry system for Authority employees and contractors to enter the premises. The Authority takes reasonable steps to protect files from outside or unauthorised access. The Authority’s information technology arrangements incorporate a range of data security measures. For example, the Authority requires staff to use passwords to enter the computer system and its databases can only be accessed using an additional password, with different levels of access granted depending on the role of the staff member concerned. Only staff who need to use your personal information to perform their functions have access to it.
To protect your privacy, you should keep your Authority password confidential: it should not be displayed, shared or written down.
Transmission security risks
You should be aware that there are risks in transmitting information across the Internet. While the Authority takes reasonable steps to protect the personal information it receives from you or from third parties, the Authority cannot guarantee the security of any information transmitted to it online. If you are concerned about conveying confidential or delicate material to the Authority over the internet you might prefer to contact the Authority on 1800 517 158 to make other arrangements.
Online services and online payments
The Authority’s online services are managed by a third-party IT service provider. Our service provider may access the personal information entered into our forms in order to process electronic transactions or to resolve a technical problem.
If you make a payment using the Authority’s website, the Authority will process your payment with the assistance of a reputable third party electronic payments service provider and present you with an online receipt for your records.
If you make an online application or another payment transaction on the Authority’s website, the Authority takes additional steps to protect the security of your personal information, such as strong SSL encryption. Before using these facilities, you should ensure that you are using a web browser that supports SSL encryption. In many web browsers, you can confirm that your session is encrypted by the appearance of a locked padlock symbol at the foot of the browser.
Access and correction
You are able to update your personal contact information directly through the employers or workers portal. You can view the information that the registrar holds about you on the employers or workers registrar by accessing the portal. A request to correct your own personal information held by the Authority on the employers or workers register can also be handled by contacting the Authority on 1800 517 158.
Any requests for access to and/or correction of other documents containing personal information held by the Authority must be handled according to the provisions of the Freedom of Information Act 1982. Requests should be accompanied by any applicable fee and should be addressed to:
Portable Long Service Authority
Level 1, 56-60 King Street, Bendigo VIC 3550
Bendigo VIC 3550
When you make a request to correct information that the registrar or Authority holds about you, the Authority may contact you in order to verify your identity. The Authority may ask you to provide evidence of the information you wish to correct, before accepting the changes.
The Authority does not assign unique identifiers to individuals unless necessary to enable it to carry out its functions efficiently.
The Authority does assign employers and workers a unique membership number upon registration to facilitate interactions with the Authority. The Authority may also request that you provide a unique identifier assigned by another organisation in order to complete its functions. For example, you may be requested to provide your Tax File Number (TFN). You do not have to provide your TFN however there may be financial implications of not doing so.
Individuals seeking general advice from the Authority or accessing the public register do not have to identify themselves. However, if you are applying for entitlements under the Act, seeking answers to a specific enquiry or making a complaint, the Authority will need to collect personal information such as your personal contact information and your Portable Long Service Authority Member Number. This is so that the Authority can verify the identity of who it is dealing with when discussing personal records about long service leave.
Transfer of personal information outside Victoria
The Authority contracts the use of cloud computing to store and manage data including personal information. Computer servers may be based interstate or overseas. The Authority takes reasonable steps to ensure the security of your information managed this way. Where the information is transferred outside Victoria we take steps consistent with the principles in Victoria’s privacy laws to ensure its protection from unauthorised use and disclosure.
How to make a privacy complaint
Portable Long Service Authority
You may also make a complaint about a breach of the PDP Act by writing to the Office of the Victorian Information Commissioner. You can find out more information about how to make a complaint here.
Changes to this policy
The Authority may amend this policy from time to time. The current version will be posted on the Authority’s website and a copy may be obtained at any time by contacting the Authority.
© Portable Long Service Benefits Authority, State Government of Victoria, 2019
Last updated 9 May 2019
- Under 'What is the Business Registration Portal?', 'businesses' is defined to include 'government organisations'.
- Under 'Collection of information', the following statement has been inserted:
- For businesses with a large number of locations, the above information may be separately collected by the Department or the Department of Health and Human Services (DHHS) for the purpose of inputting it into the Portal and creating a bulk registration for the business.
- Under 'Storage of information', the following statement has been inserted:
- Where information has been provided directly to the Department or DHHS for the purpose of creating a bulk registration, this information is stored in a secure and restricted SharePoint folder in the relevant SharePoint site.
What is the Business Registration Portal?
The Business Registration Portal (Portal) is operated by the State of Victoria acting through the Department of Premier and Cabinet (Department/we/us/our). It forms part of the Victorian Government’s Digital Visitor Registration System, which is designed to support contact tracing in the event of a COVID-19 outbreak.
Victorian businesses and government organisations (businesses) may register on the Portal to obtain a unique QR code (generated by Service Victoria) that may be displayed at their premises and scanned by visitors. This will ensure visitors’ attendance is recorded and that visitors can be contacted for tracing purposes if required in accordance with the Workplace Directions of the Chief Health Officer under the Public Health and Wellbeing Act 2008.
The Department endorses fair information handling practices and use of information in compliance with our obligations under the Privacy and Data Protection Act 2014 (Vic) (PDPA). Further information about how the Portal will handle personal information (as defined by the PDPA) is set out below.
If you have any queries about the Portal, please contact the Department as follows:
- by phone: 1300 366 356
- by post at: Digital Engagement Digital, Design and Innovation Department of Premier and Cabinet 35 Collins Street Melbourne Vic 3000
Collection of information
The Portal collects information from businesses that wish to obtain a QR code for contact tracing purposes, some of which will be personal information.
This information includes:
- Business details (name, ABN)
- Business location (address) and areas (upstairs, downstairs)
- Business contact person at each business location (including the individual’s first and last name, phone number and email address).
Use and disclosure of information
This information is collected in order to issue you with a QR code for your premises. The business contact person may be contacted by the Department in the event that a visitor tests positive to COVID-19.
If the information is not provided, you will not be issued with a QR code to use for contact tracing purposes.
We will also use the information to enable us to improve the Portal, including for:
- purposes related to research, planning, product and service development, privacy, security and testing for the Portal
- purposes connected with the operation, administration and development of the Portal
- where we suspect that fraud or unlawful activity has been, is being or may be engaged in through use of the Portal
- communications to businesses about the Portal
- any other purposes required or authorised by law.
We will share the information within the Department, with other Victorian Government departments and agencies, and with third parties, including our contracted service providers, who assist us in providing the Portal, and organisations who provide archival, auditing, professional advisory, delivery, information technology, research, privacy and security services only for those purposes.
Our contracted service providers include:
- Salesforce (SFDC Australia Pty Ltd)
- DXC Technology Australia Pty Ltd
- Amazon Web Services
We take reasonable steps to ensure that each department, agency and third party provider protect and handle your personal information in accordance with applicable privacy laws.
Some of these service providers may be located outside of Victoria, or may store or transfer your personal information outside of Victoria. We take steps to ensure that when your personal information travels, privacy protections travel with it.
Storage of information
The information collected by the Portal is stored on Salesforce servers located in Australia and the QR code poster is stored by Service Victoria on Amazon Web Services servers located in Australia.
Information on the Portal is stored in accordance with the Department’s record keeping obligations.
The Department takes reasonable steps to protect any personal information from unauthorised access once that personal information comes into its possession. We store your personal information in line with the information protection requirements described in the . Access to systems, applications, and the information that we collect is limited to authorised staff members and third party vendors only.
However, in emailing information or using the Portal you should be aware that there are inherent risks in transmitting information across the Internet.
Access to and correction of information
You may request access to any personal information that we have collected about you. Also, you may request correction of your personal information if you can establish that it is not accurate, complete or up-to-date.
To contact us about access to, and correction of, personal information collected by us or for any questions or concerns you may have arising out of this privacy statement, please contact the Department using the contact details in the ‘What is the Business Registration Portal?’ section above.
In some cases, requests for access to personal information will be handled in accordance with the Freedom of Information Act 1982 (Vic).
You may also contact the Department’s Privacy Officer using the contact details in the ‘What is the Business Registration Portal?’ section above.
Collection notices - Eventbrite and MailChimp
The personal information provided by you in subscribing to an electronic newsletter or registering to attend an Enablers event will be handled in accordance with the provisions of the Victorian Privacy and Data Protection Act 2014.
As required by the Act the following information is provided to you pursuant to Information Privacy Principle 1.3:
- the Victorian Public Sector Enablers Network is the responsible entity; you are able to gain access to, and, if necessary, request correction of, the information you have provided by contacting Enablers at
- the personal information is being collected on behalf of the Enablers Network to assist it with managing newsletter subscriptions and the registry function associated with attendance at Enablers Network events
- you will see when you are directed to the respective websites it will be mandatory to provide some personal information (i.e. it is not possible to subscribe to a newsletter or register interest in attending an event anonymously)
- the information you provide will only be used by Enablers Network office bearers and employees to facilitate newsletter subscriptions and event attendances
- the main consequences if all, or part, of the requested information is not provided is that the Enablers Network would not be in a position to consider the subscription or event attendance request
This collection notice explains how the VPS Pride Network (the Network) handles personal information which you may provide when you subscribe to our e-newsletter, sign up for an event or submit a nomination to the VPS Pride Awards (the Awards).
The Network collects this data using:
- Mailchimp, a third party Marketing platform. View .
- Google Forms, a third party online form platform. View .
- Humanitix, a third party event registration platform. View .
- Engage Victoria, the Victorian Government's Online Consultation platform provided by the State of Victoria through the Department of Premier and Cabinet and supported by Harvest Digital Planning. View .
The personal information that you submit to us is collected in order to provide information services to you which in turn facilitates:
- communicating updates about the Network and/or an event
- judging the VPS Pride Awards
- the co-ordination of meetings, and advocacy and fundraising activities
Servers for the third party applications are located in Australia and overseas. Mailchimp, Humanitix and Google require their subcontractors to deal with such personal information in a manner that is consistent with the Australian Privacy Principles but they cannot guarantee the security of your personal information.
Mailchimp, Humanitix and Google comply with the Australian Privacy Act. If you are unsatisfied with a response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help.
Engage Victoria will handle your information in accordance with the Information Privacy Principles contained in the Privacy Data and Protection Act 2014 (Vic). If you are unsatisfied with a response to a privacy matter then you may consult either an independent advisor or contact the Office of the Victorian Information Commissioner for additional help.
You have the option of not providing certain information requested by the Network. However, you should note that this may prevent the Network from providing membership information services to you and managing its various activities and Programs.
Collection notice for WoCN e-newsletter
This collection notice explains how the VPS Women of Colour Network (WoCN) handles personal information which you may provide when subscribing to the WoCN e-newsletter.
Your name and email address will be collected for the purpose of communicating updates about the WoCN.
There serves are located in the United States. All of their subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information overseas.
Mailchimp complies with the Australian Privacy Act. If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help.
Victoria Together is the Victorian Government’s platform for showing off the best of Victoria, by Victoria, to Victorians.
We use third party social media platforms, to promote content and engage with the public. Our social media channels are:
We may collect any personal information that you provide us via these channels under section 8C of the PDP Act, for the purposes of engaging and consulting with the public. Any personal information we collect via these channels will be handled appropriately and in line with this privacy statement.
We have social media sharing links on the website. These are located on the left hand side of an event webpage under the heading 'Share'. By clicking these links you are given the option to share the webpage as a post on your social media account (Twitter, Facebook or LinkedIn). These social media networks may collect your personal information for their own purposes.
User-generated content on Instagram
From time to time we will ask permission from you, via direct message, to repost your photos on our own Instagram feed and story. In granting us permission, you give us the right to copy, reproduce, publish, distribute and change your photo globally for anyone to view only through our Instagram page. We would attribute the photo to you by way of photo tag and in-description tag. You may provide similar rights to other people to copy your photo. You may also request we remove your photo and the post from our Instagram feed at any time.
We will not pay you for your photo. However, our reposting of your photo may give you greater exposure on Instagram. By having your photo reposted on our page, it would viewable by anyone at any time until such time where you request we take down the post and photo.
Social media moderation policy and process
The Victoria Together Community Guidelines aim to ensure that our channels are inclusive and inviting for all Victorians.
The Victoria Together Facebook, Instagram, YouTube and Vimeo channels will adopt a passive moderation approach. The channels will be actively monitored pre, during and post a live stream or other event. All other times the channels will be passively monitored and moderated.
During both active and passive moderation, page Administrators, Moderators and Content Contributors should:
- Allow organic flow of conversation by users (the community self manages)
- Respond to direct questions for more information only once as required (at Administrators discretion)
- Participate in light-hearted conversation as required (at Administrators discretion)
- Remind the community of the channels purpose if required (at Administrators discretion).
Content and comment moderation
Content will be monitored for discriminatory content and the channels have profanity filters in place. Any comments that are considered offensive, threatening or unlawful may be deleted by an Administrator.
Content contributions by the community may require Administrators and Moderators to edit, remove or exercise discretion regarding any content and comments from any of the channels that are deemed unacceptable.
Unacceptable content is considered:
- threatening, abusive, defamatory or obscene language
- menacing, harassing or offensive
- racist, discriminatory or socially unacceptable, inflammatory comments
- attempts to engage in overt religious debates and arguments
- infringements on the intellectual property rights of others
- incites, induces or aids violence, discrimination, harassment, victimisation or hatred towards others
- may offend, insult or humiliate others, particularly on the basis of their race, colour, descent, national origin, religion, ethnicity, gender, age, sexual orientation or any disability
- makes defamatory or libellous comments
- uses insulting, obscene, provocative or hateful language or
- encourages conduct that may constitute a criminal or civil offence or otherwise violate Australian Federal or Victorian law
- any other form of unacceptable solicitation.
Certain criticisms and negative comments, provided they are in context and polite, can be valuable to forging community and engagement.
- Be respectful and inclusive: Victoria Together welcomes considerate discussion and debate, acknowledging difference in opinion across the community. Hostile and personal attacks, trolling or personal abuse will not be tolerated. This includes attacks on community members, administrators, content contributors and moderators.
- Stick to the topic: please refrain from inflammatory, repetitive, offensive, defamatory or inappropriate comments. Post material that is relevant to the topics and issues being discussed. Do not post overtly political comments (e.g. reference to candidates, fundraisers, support for political parties)
- Do not spam: Do not post or repost anything that could be considered spam.
- Observe the law: do not post anything which breaks the law or encourages others to engage in unlawful activity, such as breach of copyright, defamation or contempt of court.
- Protect your privacy: and that of others by not including personal information about yourself or others in your comments, (such as names, email addresses, private addresses or phone numbers)
All Victorian government staff and partner contributors participating in discussion on any Victoria Together community channels will adhere to the same standards.
Privacy collection notice for COVID-19 testing
The Department of Health ('the department') is collecting your personal and health information to communicate the request from the health service taking your COVID-19 swab (which may be the department or another health provider) to a pathology service for testing, and to obtain information to assist the department in managing the COVID-19 virus pandemic. After your test, we will use your mobile number to send you an SMS, providing you with links to further information about COVID-19 on our website.
Some of the questions you will be asked by staff at the testing site are necessary to enable a valid request to be made for COVID-19 pathology testing. Other questions are not mandatory but will assist in our understanding of COVID-19 and who is undergoing testing. We will let you know which questions are optional.
We will disclose certain information collected about you to a pathology provider for COVID-19 testing. That pathology provider will report test results to the department, and to the health service who took your swab for testing. You will be notified of your result by the pathology provider, the health service or the department using the contact information we collect from you. We may also provide the health service that took your swab with a copy of the information you provided at the time of your test and your COVID-19 test result, so that they have this information in their health care records.
Our public health unit and other researchers are undertaking important analysis of available COVID-19 data to improve our understanding of the virus and assist in our response. Information that we collect may be used for these purposes by the department or disclosed to other researchers where that is authorised by law.
If your test is positive for COVID-19, the department may share your information with Victoria Police to ensure that the Chief Health Officer's Directions are being complied with.
Your test result may be loaded to My Health Record unless you tell us that you do not want this to happen.
You can apply for access to information the department holds about you. The department’s Freedom of Information Unit may be contacted on:
Reviewed 17 March 2021