Privacy
1. Introduction
The Department of Social Services (‘DSS’) has responsibility for a broad range of policy areas including:
- families and children
- housing
- seniors
- communities and vulnerable people
- disability and carers
- mental health
- settlement and multicultural affairs
- income support
- disability employment services
- the non-profit sector and volunteering.
For more information about DSS please see the Department of Social Services website.
1.1 Who should read this Privacy Policy?
You should read this policy if you are:
- an individual whose personal information may be given to or held by DSS
- a contractor, consultant, supplier or vendor of goods or services to DSS
- a service provider funded to deliver services under a DSS funding agreement
- a person seeking employment with DSS
- a person who is or was employed by DSS (or its predecessor agencies).
1.2 The Privacy Act 1988
The Privacy Act 1988 (the Privacy Act) regulates how federal and ACT public sector agencies and certain private sector organisations can collect, hold, use and disclose personal information, and how you can access and correct that information.
- ‘Personal information’ is information in any form that can identify a living person.
The Privacy Act applies only to information about individuals, not to information about corporate entities such as businesses, firms or trusts. Detailed information on the Privacy Act can be found on the Office of the Australian Information Commissioner (‘OAIC’) website.
1.3 DSS and privacy
This Privacy Policy sets out how DSS complies with the Privacy Act.
In performing its functions and administering its legislation, DSS may collect, hold, use or disclose your personal information. DSS takes privacy seriously and will only collect, hold, use and disclose your personal information in accordance with the Privacy Act.
If DSS does not receive personal information about you the Privacy Act will not apply.
1.4 Remaining anonymous or using a pseudonym
DSS understands that anonymity is an important element of privacy and some members of the public may wish to be anonymous when interacting with DSS.
DSS also understands some members of the public may wish to use a pseudonym.
Generally, members of the public will have the right to remain anonymous or adopt a pseudonym when dealing with DSS. However, it is not always possible to remain anonymous or adopt a pseudonym and DSS will inform you when this is the case.
1.5 Information covered under this Privacy Policy
This Privacy Policy covers how DSS collects, holds, uses and discloses your personal information, including any financial information you provide to DSS (such as your credit card details). This Policy applies to all personal information collected by DSS, including personal information collected through our social media websites.
1.6 Information held by contractors
Under the Privacy Act, DSS is required to take contractual measures to ensure contracted service providers (including sub-contractors) comply with the same privacy requirements applicable to DSS.
2. DSS’s personal information handling practices
2.1 Collection of personal information
Personal information about you may be collected by DSS from you, your representative or a third party. We generally use forms, online portals and other electronic or paper correspondence to collect this information.
Information may be collected directly by DSS or by people or organisations acting on behalf of DSS (e.g. contracted service providers). DSS may also obtain personal information collected by other Commonwealth agencies, State or Territory government bodies, or other organisations.
From time to time personal information is provided to DSS by members of the public without being requested by DSS.
DSS collects and holds a broad range of personal information in records relating to:
- employment and personnel matters for DSS staff and contractors (including security assessments)
- the performance of its legislative and administrative functions;
- individuals participating in DSS funded programs and initiatives
- the management of contracts and funding agreements
- the management of fraud and compliance investigations
- the management of audits (both internal and external)
- correspondence from members of the public to DSS and our Ministers and Parliamentary Secretaries
- complaints (including privacy complaints) made and feedback provided to DSS
- requests made to DSS under the Freedom of Information Act 1982 (Cth)
- the provision of legal advice by internal and external lawyers.
DSS will not ask you for any personal information which we do not need. The Privacy Act requires that we should collect information for a purpose that is reasonably necessary for, or directly related to, a function or activity of DSS.
When we collect personal information, we are required under the Privacy Act to notify you of a number of matters. These include the purposes for which we collect the information, whether the collection is required or authorised by law and any person or body to whom we usually disclose the information. DSS generally provides this notification by having Privacy Notices on our paper-based forms and online portals.
2.2 Some personal information may be protected by other legislation
Some personal information collected by DSS may be protected under secrecy provisions in its portfolio legislation (e.g. the Aged Care Act 1997; the social security law; the family assistance law). These secrecy provisions contain rules for the collection, use and disclosure of information (which may include personal information) governed by the relevant legislation. These rules operate alongside the rules in the Privacy Act. A full list of DSS’s portfolio legislation can be found in the current Administrative Arrangements Order available from the Department of Prime Minister and Cabinet website.
2.3 Kinds of personal information collected and held
In performing its functions, DSS collects and holds the following kinds of personal information (which will vary depending on the context of the collection):
- name, address and contact details (e.g. phone, email and fax)
- photographs, video recordings and audio recordings of you
- information about your personal circumstances (e.g. marital status, age, gender, occupation, accommodation and relevant information about your partner or children)
- information about your financial affairs (e.g. payment details, bank account details and information about business and financial interests)
- information about your identity (e.g. date of birth, country of birth, passport details, visa details, drivers licence, birth certificates, ATM cards)
- information about your employment (e.g. work history, referee comments, remuneration)
- information about your background (e.g. educational qualifications, the languages you speak and your English proficiency)
- government identifiers (e.g. Centrelink Reference Number or Tax File Number)
- information about assistance provided to you under DSS funding arrangements and
- information about entitlements under DSS portfolio legislation.
On occasions, a range of sensitive information may also be collected or held about you, including information about:
- your racial or ethnic origin;
- your health (including information about your medical history and any disability or injury you may have) and
- any criminal record you may have.
2.4 How DSS collects and holds personal information
DSS collects personal information through a variety of different methods including:
- paper-based forms
- electronic forms (including online forms)
- face to face meetings
- telephone communications
- email communications
- communications by fax
- DSS websites and
- DSS social media websites and accounts.
DSS holds personal information in a range of paper-based and electronic records.
Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Australian Government records management regime, including the Archives Act 1983, Records Authorities and General Disposal Authorities. This ensures your personal information is held securely.
2.5 Purposes for which personal information is collected, held, used and disclosed
DSS collects personal information for a variety of different purposes relating to its functions and activities including:
- performing its employment and personnel functions in relation to DSS staff and contractors
- performing its legislative and administrative functions
- policy development, research and evaluation
- complaints handling
- program management
- contract management and
- management of correspondence with the public.
DSS uses and discloses personal information for the primary purposes for which it is collected. You will be given information about the primary purpose of collection at the time the information is collected.
DSS will only use your personal information for secondary purposes where it is able to do so in accordance with the Privacy Act.
2.6 How to seek access to and correction of personal information
You have a right under the Privacy Act to access personal information we hold about you.
You also have a right under the Privacy Act to request corrections to any personal information that DSS holds about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
However, the Privacy Act sets out circumstances in which DSS can decline access to or correction of personal information (e.g. where access is unlawful under a secrecy provision in portfolio legislation, such as the Aged Care Act 1997).
To access or seek correction of personal information we hold about you, please contact DSS using the contact details set out at section 5.1 of this Policy.
It is also possible to access and correct documents held by DSS under the Freedom of Information Act 1982 (the FOI Act). For information on this, please contact our FOI Coordinator (contact details are available on the DSS website).
2.7 Accidental or unauthorised disclosure of personal information
DSS will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information.
DSS follows the OAIC’s Data breach notification — A guide to handling personal information security breaches when handling accidental or unauthorised disclosures of personal information.
Legislative or administrative sanctions may apply to unauthorised disclosures of personal information.
2.8 Data security
Access to personal information held within DSS is restricted to authorised persons who are DSS employees or contractors.
Electronic and paper records containing personal information are protected in accordance with Australian Government security policies.
DSS regularly conducts audits to ensure we adhere to our protective and computer security policies.
2.9 Our website
The DSS website is managed internally by the Department.
Generally DSS only collects personal information from its website where a person chooses to provide that information.
If you visit our website to read or download information, DSS records a range of technical information which does not reveal your identity. This information includes your IP or server address, your general locality and the date and time of your visit to the website. This information is used for statistical and development purposes.
No attempt is made to identify you through your browsing other than in exceptional circumstances, such as an investigation into the improper use of the website.
Some functionality of the DSS website is not run by DSS and third parties may capture and store your personal information outside Australia. These third parties include (but are not limited to) Facebook, YouTube, MailChimp, SurveyMonkey, Twitter and Google and may not be subject to the Privacy Act. DSS is not responsible for the privacy practices of these third parties and encourages you to examine each website's privacy policies and make your own decisions regarding their reliability.
The DSS website contains links to other websites. DSS is not responsible for the content and privacy practices of other websites and encourages you to examine each website's privacy policies and make your own decisions regarding the reliability of material and information found.
2.10 Cookies
Cookies are used to maintain contact with a user through a website session. A cookie is a small file supplied by DSS, and stored by your web browser software on your computer when you access the DSS website. Cookies allow DSS to recognise an individual web user, as they browse the DSS website.
2.11 Electronic communication
There are inherent risks associated with the transmission of information over the Internet, including via email. You should be aware of this when sending personal information to us via email or via a DSS website. If this is of concern to you then you may use other methods of communication with DSS, such as post, fax, or phone (although these also have risks associated with them).
DSS only records email addresses when a person sends a message or subscribes to a mailing list. Any personal information provided, including email addresses, will only be used or disclosed for the purpose for which it was provided.
2.12 MailChimp and privacy consent – subscription services
To provide our news we use MailChimp, which provides online platforms that can be used to create, send, and manage emails. In providing this service, MailChimp may collect personal information, such as distribution lists which contain email addresses that Members have sent, or intend to send, emails to, and all information relating to those email addresses. The types of information MailChimp collects include:
- Information provided to MailChimp;
- List and email information;
- Information from Use of the Service (including IP addresses and related data);
- Cookies;
- Web Beacons; and
- Information from Other Sources.
For further information please refer to the MailChimp Privacy Policy.
The Department of Social Services (DSS) will only use information subscribers have provided for the purpose of creating, sending and managing emails relating to the work of DSS, in accordance with the preferences chosen by subscribers. DSS will also use this information to measure Email Campaign performance and to improve the features for specific segments of customers, evaluate your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
MailChimp may transfer this information to third parties where required to do so by law, or where such third parties process the information on MailChimps's behalf. MailChimp uses cookies, Web Beacons and Flash player code to collect information about when you visit the website, when you use the services, your browser type and version, your operating system, and other similar information.
As MailChimp is based in the United States of America (USA) and the information generated by cookies about your use of the website (including your IP address) will be transmitted to and stored by MailChimp on servers located outside Australia, we are required to inform you that by subscribing to our eNewsletter:
- you consent to your personal information being collected, used, disclosed and stored as set out in Mail Chimp’s Privacy Policy and agree to abide by Mail Chimp’s Terms of Use; you understand and acknowledge that this service utilises a MailChimp platform, which is located in the USA and relevant legislation of the USA will apply. Accordingly, Australian Privacy Principle 8.1 contained in Schedule 1 of the Privacy Act will not apply; and
- you understand and acknowledge that you will not be able to seek redress under the Privacy Act 1988 (Cth) but will need to seek redress under the laws of the USA.
Principle 8.1 requires the Department to take steps as are reasonable in the circumstances to ensure that MailChimp does not breach the Australian Privacy Principles in relation to the information given by the subscriber. This would no longer apply if you sign up to a subscription service of the Department in which MailChimp is used.
You can opt out of our mailing list if you chose the ‘unsubscribe’ service provided by MailChimp in every email, or contact DSS. You can also disable or refuse cookies or disable Flash player; however, you may not be able to use the services provided by MailChimp if cookies are disabled. Should you wish to contact MailChimp, you can find contact details on Contact MailChimp page.
MailChimp has the endorsement of TRUSTe's Privacy Seal, which means this privacy policy has been reviewed by TRUSTe for compliance with their program requirements including transparency, accountability, and choice related to the collection and use of your Personal Information. TRUSTe is an independent third party that operates a globally-recognised privacy trustmark.
2.13 Disclosure of personal information overseas
DSS will, on occasion, disclose personal information to overseas recipients. The situations in which DSS may transfer personal information overseas include:
- the provision of personal information to overseas researchers or consultants (where consent has been given for this or DSS is otherwise legally able to provide this information)
- the provision of personal information to recipients using a web-based email account where data is stored on an overseas server and
- the provision of personal information to foreign governments and law enforcement agencies (in limited circumstances and where authorised by law).
It is not practicable to list every country to which DSS may provide personal information as this will vary depending on the circumstances.
However, you may contact DSS (using the contact details set out at section 5.1 of this Policy) to find out which countries, if any, your information has been given to.
3. Complaints
3.1 How to make a complaint
If you think DSS may have breached your privacy rights you may contact us using the contact details set out at section 5.2 of this Policy.
3.2 DSS’s process for handling complaints
We will respond to your complaint or request promptly if you provide your contact details. We are committed to quick and fair resolution of any complaints and will ensure your complaint is taken seriously. You will not be victimised or suffer negative treatment if you make a complaint.
3.3 How to complain to the OAIC
You also have the option of contacting the OAIC if you wish to make a privacy complaint against DSS.
The OAIC website contains information on how to make a privacy complaint.
If you make a complaint directly to the OAIC rather than to DSS, the OAIC may recommend you try to resolve the complaint directly with DSS in the first instance.
4. Privacy Policy updates
This Privacy Policy will be reviewed frequently and updated as required.
5. How to contact us
5.1 General enquiries and requests to access or correct personal information
If you wish to:
- query how your personal information is collected, held, used or disclosed
- ask questions about this Privacy Policy
- obtain access to or seek correction of your personal information
please contact the DSS Compliments and Enquiries area using the following contact details:
- email: complaints@dss.gov.au
- post: DSS Feedback, GPO Box 9820, Canberra, ACT, 2600.
5.2 Contact details for privacy complaints
If you wish to make a complaint about a breach of your privacy, please contact the DSS Feedback and Coordination team using the following contact details:
- telephone: 1800 634 035
- fax: (02) 6133 8442
- email: complaints@dss.gov.au
- post: DSS Feedback, GPO Box 9820, Canberra, ACT, 2601
5.3 Availability of this Policy
If you wish to access this Policy in an alternative format (e.g. hard copy) please contact DSS using the contact details set out at section 5.1 of this Policy.
This Policy will be made available free of charge.
Last updated: