Privacy policy

Collection notice for e-newsletter

This collection notice explains how the Portable Long Service Authority (PLSA) handles personal information which you may provide when subscribing to the PLSA e-newsletter.

PLSA collects this data using Vision 6, a third party software product. View Vision 6's privacy policy.

Your name and email address will be collected for the purpose of communicating updates about portable long service.

This data is stored in the PIPE Networks Data Centre in Fortitude Valley, Brisbane and maintained on AWS cloudfront within their Australian operations in the Sydney region.

Vision 6 complies with the Information Privacy Act and SPAM Act and are compliant with the GDPR.

Vision 6 conducts regular penetration testing and monitoring tools to determine network, server and service vulnerabilities.

Vision 6 have documented security policies and processes in place which are regularly reviewed by senior management.

If you need to change or update your details, you can do so by emailing enquiries@plsa.vic.gov.au.

Collection notice for business and worker registration

The Authority uses this form to collect information that it requires to register workers and employers and determine eligibility for entitlements under the Act, including personal information such as name, address, date of birth, payroll data and history, and leave history.

The Authority needs this information to register you and to determine and manage your long service leave entitlements under the Act. If you do not provide the information, the Authority may not be able to make decisions about your long service leave entitlements under the Act.

The Authority will only use and disclose your personal information to register you and manage your long service leave entitlements under the Act and where it is otherwise required or permitted by law to do so.

In some circumstances, the Authority is required or authorised by law to release information to other government agencies, law enforcement bodies or to prevent serious and imminent threat to an individual's life, health, safety or welfare.

In this context, such agencies could include the Australian Taxation Office, the Labour Hire and Licensing Authority, the Fair Work Ombudsman, the Victorian Work Cover Authority, Victoria Police, or your nominated banking institution.

The Authority will seek wherever possible to ensure that the personal information it collects, uses or discloses is accurate, complete and up to date. In many instances the Authority relies upon you to provide accurate and complete information and to advise the Authority should your circumstances change over time.

The Authority seeks to protect your personal information from misuse, loss, unauthorised access, modification or disclosure and securely destroys or de-identifies personal information when it is no longer needed for any purpose. In circumstances where personal information is collected and stored by external organisations the Authority uses to deliver aspects of its functions, the Authority’s contractual obligations require compliance with the same privacy and security standards.

You may obtain access to your personal information held by the Authority by contacting enquiries@plsa.vic.gov.au.

For further information about how the Authority handles your personal information, please see the Authority’s privacy policy below.

Note, the following terms will need to be expanded if not described elsewhere in the application form:

Act means the Long Service Benefits Portability Act 2018.

Authority means the Portable Long Service Benefits Authority.

The Portable Long Service Benefits Authority (Authority) is a statutory authority established by the Long Service Benefits Portability Act 2018 (Act). The Authority’s role is to administer a scheme for the provision of portable long service benefits to workers in covered industries. The Authority is overseen by a Governing Board which is responsible for the governance, strategic planning and risk management of the Authority. The administration of the day-to-day management of the affairs of the Authority is the responsibility of the registrar appointed under the Act.

This policy tells you how the Authority handles personal information in the course of performing its functions in compliance with the Information Privacy Principles (IPPs) set out in the Victorian Privacy and Data Protection Act 2014 (PDP Act) and other applicable laws and contractual obligations. This policy also tells you how you can access and correct the personal information that the Authority holds about you and how to make a complaint about a privacy matter.

Scope

This policy applies to the personal information (including sensitive information) of both external parties and the staff of the Authority. Any personal information collected by the Authority, or that it obtains about individuals from other sources, will be handled in accordance with this policy.

In order to perform its functions, the Authority has also entered into certain agreements with Australian government agencies, which may mean that is has also agreed to be bound by relevant Australian Privacy Principles contained in the Commonwealth Privacy Act 1988.

Definitions

Personal information is recorded information about an individual whose identity is apparent or can reasonably be ascertained from that information, but does not include health information.

Health information is personal information which concerns that individual’s physical, mental or psychological health, disability or genetic makeup which is subject to the Health Records Act 2001. The Authority does not generally collect health information in performing its functions.

Sensitive information is information about an individual’s race or ethnicity, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record.

Collection of personal information

The Authority collects personal information that the Act, privacy and other laws authorise it to collect and that it needs to perform its functions in administering the portable long service benefits scheme. This includes registration of workers and employers and determining entitlements under the Act.

During the registration process, the Authority collects personal information both directly from individuals as well as from third-parties such as employers. The personal information collected may include:

• name, address and other contact details
• date of birth
• employment information including total ordinary pay

If the personal information that the Authority requests is not provided, the Authority may not be able to perform its functions as required under the Act.

How does the Authority collect personal information?

The Authority will only collect personal information by lawful and fair means and not in an unnecessarily intrusive way.

The Authority will endeavour to collect your personal information from you where it is reasonable and practicable to do so. Where this is not possible or practicable, the Authority may collect your personal information from third parties. For example, you may be requested to provide consent for the Authority to collect personal information from third parties such as CoINVEST, as required for the Authority to determine your entitlement to benefits under the Act. If you do not provide this consent, the Authority may not be able to make decisions about your entitlements under the Act.

The Authority may also collect your personal information in other situations such as:

• receiving and handling reports and requests for information from Government departments and the Minister responsible for the Authority
• receiving and processing freedom of information requests
• employment applications
• when you visit the Authority’s website
• providing e-newsletters, SMS-blasts, lodgement reminders and other stakeholder updates with your consent

Authorised officers of the Authority may collect documents which may contain personal information as part of the exercise of their powers under Part 6 of the Act in relation to monitoring compliance and investigating potential breaches. Authorised officers have express powers to inspect, make copies of or require provision of documents and information in specified situations.

Some personal information is collected about visitors to the Authority’s website. For details, please see the collection notices above.

The Authority will only collect sensitive information with your consent or as required or authorised by law.

In most cases, the Authority will tell you when it collects your personal information and will provide you with a collection statement identifying the Authority and advising you about:

• the purposes for which the personal information is being collected
• who the personal information may be disclosed to
• any law that requires the personal information to be collected
• the main consequences for you if all or part of the personal information is not provided
• how to contact the Authority and gain access to your personal information
• use and disclosure of personal information
• the Authority will only use and disclose your personal information when it is lawful and reasonable to do so

Personal information that is collected by the Authority will be used and disclosed to the Authority’s employees or contractors whose duties required them to use it. These employees and contractors must handle personal information in accordance with the requirements of the PDP Act. This means they will only use or disclose collected personal information for the primary purpose for which it was collected, or for a permitted secondary purpose in specified situations, such as where you have consented to the use or disclosure, or where the use or disclosure is required or authorised by or under law (for example, in response to a valid request under the Victorian Data Sharing Act 2017).

For example, if you are a worker the Authority may use your personal information to:

• process an application for registration as a worker under the Act
• determine your entitlement to long service leave benefits under the Act

The Authority may also use your personal information to:

• obtain advice from professionals such as legal advisors and accountants
• manage the long service leave benefits scheme
• conduct surveys
• provide advice to the responsible Minister

The Authority may disclose your personal information to:

• verify information to assess your entitlements under the Act
• defend a legal or equitable claim
• prescribed Victorian or Commonwealth Government entities for the purpose of the performance of a function of that entity under a law. This includes disclosure to the Fair Work Ombudsman, Victoria Police, Victorian WorkCover Authority, Victorian Labour Hire Licensing Authority and the Australian Taxation Office.
• reciprocal long service authorities for the performance of a function under the Act or a corresponding law

Authorised officers are expressly prohibited from disclosing information, directly or indirectly, obtained in performing a function under the Act, except to the extent necessary to monitor compliance with the Act and regulations. This may include disclosure to a court or tribunal in the course of a legal proceeding, in the course of the investigation or enforcement of a law of Victoria or any other State or Territory or of the Commonwealth, with your consent, or with the written authority of the registrar.

In addition, members of the Governing Board, the registrar, an authorised officer and members of staff are prohibited by the Act from improperly using any information acquired in the course of their duties, for pecuniary or other advantage for themselves or any other person.

The Authority is required to maintain a public register of registered employers under the Act. The information about identifiable employers that the Authority publishes is publicly-available information and therefore is not personal information. The PDP Act requires that public sector agencies administer public registers, so far as reasonably practicable, in a way that would not contravene handling requirements for personal information, if that information were personal information. In a number of circumstances, for example where a person conducts business from their residential address, it may be necessary for the Authority to publish personal information on the public register.

De-identified personal information derived from personal information collected may also be used in support of the Authority’s broader functions, such as for research and reporting purposes.

The Authority is an agency responsible for the performance of functions or activities directed to the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of law imposing a penalty or sanction for a breach. For this reason, the Authority has a partial exemption under section 15 of the PDP Act from complying with specified IPPs if it believes on reasonable grounds that non-compliance is necessary for the purposes of its law enforcement functions.

Data quality

The Authority takes reasonable steps to ensure that the information it holds is accurate, complete and up to date. Accurate information should be provided to the Authority at all times. For example, employers are required to make a declaration that the information they have provided is true and correct. Employers must notify the Authority within 14 days if there is a change to their personal information. Generally, the Authority relies on individuals to provide up to date information and advise the Authority if the information collected has recently changed.

How long does the Authority retain personal information?

The Authority generally destroys or permanently de-identifies information when it is no longer needed for any purpose. However, information held by the Authority is subject to the provisions of the Public Records Act 1973 and must be retained and disposed of in accordance with the relevant Retention and Disposal Authorities.

Data security

The Authority is committed to protecting your personal information from misuse or loss or unauthorised access, unauthorised modification or disclosure.

The Authority has secure office premises and a security pass entry system for Authority employees and contractors to enter the premises. The Authority takes reasonable steps to protect files from outside or unauthorised access. The Authority’s information technology arrangements incorporate a range of data security measures. For example, the Authority requires staff to use passwords to enter the computer system and its databases can only be accessed using an additional password, with different levels of access granted depending on the role of the staff member concerned. Only staff who need to use your personal information to perform their functions have access to it.

To protect your privacy, you should keep your Authority password confidential: it should not be displayed, shared or written down.

Transmission security risks

You should be aware that there are risks in transmitting information across the Internet. While the Authority takes reasonable steps to protect the personal information it receives from you or from third parties, the Authority cannot guarantee the security of any information transmitted to it online. If you are concerned about conveying confidential or delicate material to the Authority over the internet you might prefer to contact the Authority on 1800 517 158 to make other arrangements.

Online services and online payments

The Authority’s online services are managed by a third party IT service provider. Our service provider may access the personal information entered into our forms in order to process electronic transactions or to resolve a technical problem.

If you make a payment using the Authority’s website, the Authority will process your payment with the assistance of a reputable third party electronic payments service provider and present you with an online receipt for your records.

If you make an online application or another payment transaction on the Authority’s website, the Authority takes additional steps to protect the security of your personal information, such as strong SSL encryption. Before using these facilities, you should ensure that you are using a web browser that supports SSL encryption. In many web browsers, you can confirm that your session is encrypted by the appearance of a locked padlock symbol at the foot of the browser.

Access and correction

You are able to update your personal contact information directly through the employers or workers portal. You can view the information that the registrar holds about you on the employers or workers registrar by accessing the portal. A request to correct your own personal information held by the Authority on the employers or workers register can also be handled by contacting the Authority on 1800 517 158.

Any requests for access to and/or correction of other documents containing personal information held by the Authority must be handled according to the provisions of the Freedom of Information Act 1982. Requests should be accompanied by any applicable fee and should be addressed to:

FOI Officer
Portable Long Service Authority
PO Box 443, Bendigo VIC 3552

When you make a request to correct information that the registrar or Authority holds about you, the Authority may contact you in order to verify your identity. The Authority may ask you to provide evidence of the information you wish to correct, before accepting the changes.

Unique identifiers

The Authority does not assign unique identifiers to individuals unless necessary to enable it to carry out its functions efficiently.

The Authority does assign employers and workers a unique membership number upon registration to facilitate interactions with the Authority. The Authority may also request that you provide a unique identifier assigned by another organisation in order to complete its functions. For example, you may be requested to provide your Tax File Number (TFN). You do not have to provide your TFN however there may be financial implications of not doing so.

Anonymity

Individuals seeking general advice from the Authority or accessing the public register do not have to identify themselves. However, if you are applying for entitlements under the Act, seeking answers to a specific enquiry or making a complaint, the Authority will need to collect personal information such as your personal contact information and your Portable Long Service Authority Member Number. This is so that the Authority can verify the identity of who it is dealing with when discussing personal records about long service leave.

Transfer of personal information outside Victoria

The Authority contracts the use of cloud computing to store and manage data including personal information. Computer servers may be based interstate or overseas. The Authority takes reasonable steps to ensure the security of your information managed this way. Where the information is transferred outside Victoria we take steps consistent with the principles in Victoria’s privacy laws to ensure its protection from unauthorised use and disclosure.

How to make a privacy complaint

If you have any questions about this Privacy Policy or you wish to make a complaint about a breach of the PDP Act by the Authority, you can contact the Authority’s Privacy Officer at:

Privacy Officer

Portable Long Service Authority

Address: PO Box 443, Bendigo VIC 3552
Phone: 1800 517 158

Email: enquiries@plsa.vic.gov.au

You may also make a complaint about a breach of the PDP Act by writing to the Office of the Victorian Information Commissioner. You can find out more information about how to make a complaint online.

Changes to this policy

The Authority may amend this policy from time to time. The current version will be posted on the Authority’s website and a copy may be obtained at any time by contacting the Authority.

© Portable Long Service Benefits Authority, State Government of Victoria, 2019

Last updated 9 May 2019