JavaScript is required

Department of Government Services privacy policy

How Department of Government Services collects, uses, discloses or transfers personal and health information.

Overview

This Privacy Policy relates to the Department of Government Services (‘DGS’, or the ‘department’). The Victorian Government, DGS and its service providers value the privacy of every individual. Protecting your privacy and personal information is important to the department.

Scope

This policy sets out how DGS collects, uses, discloses or transfers personal and health information in accordance with the Information and Health Privacy Principles contained within the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic) (together, ‘the Legislation’) respectively. This policy does not apply to any of DGS’s portfolio agencies, entities to which the department provides administrative support or information collected through the vic.gov.au website.

The department may update this policy from time to time and any changes to this privacy statement will be published on this website.

The Department of Government Services

The department was established on 1 January 2023 to improve everyone’s experience of doing business and interacting with the Victorian government, bringing important day-to-day services together in one department to transform the way our Victorian Government works.

The department also encompasses various functions given from other departments such as consumer affairs, municipal government, oversight of the public service’s shared services and whole of Victorian Government grants management.

The department’s groups are:

  • Digital Transformation which includes Cyber Security, the Office of General Counsel and Telecommunications;
  • Customer & Regulatory Services which includes Local Government Victoria, Consumer Affairs Victoria and the Whole of Victorian Government Grants Centre;
  • Corporate Shared Services which includes Finance, Procurement and People and Governance; and
  • Establishment, Strategy & Employee Experience.

DGS supports the following two Ministers:

  • Minister for Government Services and Consumer Affairs
  • Minister for Local Government

What types of information do we collect?

  • Personal information means information or an opinion that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, but does not include information of a kind to which the Health Records Act 2001 applies.
  • Health information means information or an opinion about an individual’s physical, mental or psychological health, including any disability, a health service an individual has received or will be receiving, that is also personal information or other personal information collected to provide a health service.
  • Sensitive information means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record, that is also personal information.

In this Privacy Policy, any reference to personal information is also a reference to health information and sensitive information.

How do we collect information?

There are three main ways that the department may collect personal information from you:

  1. Requests to provide information or self-initiated interactions with the department: In most circumstances, you will know if we are collecting personal information from you because you will be requested to provide it. For instance, if you submit information to the department in a form to contact us through a website, we will ask you to provide your name and email address.
  2. Automatic collection through the website: Some personal information is automatically collected as a result of your visit to the department’s website. This information is collected using software techniques such as web server log file analysis, cookies and web beacons.
  3. Automatic collection by third party software vendors: We use some third-party software that collects information about your interaction with our website. When you visit our website, your web browser automatically sends certain information to these software providers.

Other types of collection

DGS also collects personal information for a range of statutory and administrative reasons. Typical methods and reasons for collection include:

  • correspondence from members of the public
  • job applications
  • submissions to public consultations through Engage Victoria
  • optional survey responses
  • requests under the Freedom of Information Act 1982 (Vic)
  • documents or correspondence referred to DGS by other agencies
  • data sharing arrangements between DGS and other agencies
  • complaints to or about the department
  • correspondence to our Ministers.

The department will keep your personal information confidential, except when it is necessary to disclose it in connection with the original purpose for which your information was initially collected or as otherwise permitted under Legislation and the Information and Health Privacy Principles.

Wherever possible, information is collected from you directly. We aim to collect it lawfully, fairly and without undue intrusion in accordance with the Legislation and the Charter of Human Rights and Responsibilities Act 2014 (Vic).

How do we use and disclose information?

Generally, DGS uses personal information for the primary purpose it was collected. When DGS initiates a request for personal information, such as through a job application or fulfilment of a particular project, you will be provided with a Collection Notice or Privacy Notice outlining how that information will be handled. Alternatively, where you provide your personal information to DGS separately to a specific program or policy, such as initiating contact with the department, your information will be kept confidential and handled in accordance with the Legislation, and the Information and Health Privacy Principles. Depending on the reason for collecting your information, DGS may have a separate privacy policy for a specific program area, which would be provided to you at the time of collection.

DGS will not disclose your personal information other than for the purpose it was initially collected, or, where appropriate, a secondary purpose that is permitted by the Legislation or the Information and Health Privacy Principles. Generally, this means information will be disclosed only where it is reasonable, and with your permission to the extent that it is required.
In the context of e-Services or other types of contracts, DGS may disclose your information to third parties. The department may also disclose personal information to outsourced service providers for the performance of their services, to nominated referees of job applicants and submitters of tenders, or to other public sector entities (where necessary to enable DGS to perform its functions).

Generally, third parties will be bound by the Legislation and the Information and Health Privacy Principles, and your data will be managed accordingly. Disclosure and information-sharing in this context is generally only permitted to achieve a particular purpose, such as secure data-storage or another administrative requirement.

In some circumstances, DGS is required or authorised by law to release information to other government agencies, including law enforcement bodies. For example, disclosure may be permitted to lessen or prevent a serious threat to an individual’s life, health, safety or welfare, or to lessen or prevent a serious threat to public health, public safety or public welfare.

Data quality

DGS takes reasonable steps to ensure the information it holds is accurate, complete and up to date. In accordance with the department’s Record Retention and Disposal Policy and the Public Records Act 1973 (Vic), your personal information will be deleted after the requisite period of time has elapsed, or where it is no longer required for any purpose. This prevents the holding of information that may be out of date or incorrect.

Data security

All personal information is stored securely. DGS has a range of information security controls in place, including but not limited to:

  • firewalls
  • Security Incident Event Management
  • web and email filters
  • Security Operations Centre
  • antivirus software
  • protective markings
  • Privileged Identity Management

Once any personal information comes into our possession, we will take reasonable steps to protect that information from misuse, loss and unauthorised access, modification and disclosure. Access to systems, applications, and the information that we collect is limited to authorised personnel only.

Access, correction and complaints

You may request access to, or correction of, documents that contain your personal information which are in the possession of DGS.

In some cases, requests for access or correction will be handled in accordance with the Freedom of Information Act 1982 (Vic).

Should you wish to gain access to or correct the personal information of yours that we hold, or make a privacy complaint, please contact:

Title: FOI and Privacy Officer, DGS
Contact details: privacy@dgs.vic.gov.au

You may also make a privacy complaint to:

  • the Office of the Victorian Information Commissioner for a complaint relating to personal information or sensitive information: 1300 006 842 or by email to privacy@ovic.vic.gov.au
  • the Health Complaints Commissioner for a complaint relating to health information: 1300 582 113 or via the Health Complaints Commissioner website.

Can I remain anonymous?

When you contact the department directly, you do not have to identify yourself. However, if you would like a response, we will need to be provided with some means to contact you, such as an email or postal address.

When you provide your personal information in connection with the delivery of a particular project or policy initiative, the Collection Notice provided to you will detail if you have the option to remain anonymous.

Consequences of not providing personal information

If individuals do not provide their personal information for the purposes described, DGS may not be able to accurately assess the individuals’ capability and/or financial capacity to undertake the activities DGS requires, or for DTF to effectively provide the required service to those individuals.

Does my information leave Victoria?

Generally, DGS will not transfer your personal information outside Victoria. Any transfers of information outside Victoria will be made in accordance with the provisions of the Legislation and the Information and Health Privacy Principles.

DGS will only transfer personal or health information outside of Victoria where allowed by law, including but not limited to circumstances where:

  • the individual consents to the transfer;
  • the department reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which is substantially similar to the Information and Health Privacy Principles; or
  • reasonable steps have been taken to ensure that the transferred information will not be held, used or disclosed inconsistently with the Information and Health Privacy Principles; or
  • the transfer is for the individual’s benefit and it is impracticable to obtain the individual’s consent (which would likely have been given).

Updated