Information we collect
When you visit our websites our web measurement tools and internet service providers record information including:
- your server and IP address
- the name of the top level domain (for example, .gov, .com, .edu, .au)
- the type of browser used
- the date and time you accessed the website
- how you interacted with our website
- the previous website you visited
Why we collect it and how we use it
We use the above information to understand how our websites are being used. This helps us improve our websites and provide you with a better experience.
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. Information is identifiable if the relevant person can be identified. Examples might include your name, email or phone number.
If we ask you to provide additional personal information (for example, on a form), we will explain:
- why we need this information
- how we will use it
If you choose not to provide the information it may affect our ability to respond and deliver services.
Sharing your personal information
The law, including the Privacy Act 1988, protects your personal information.
Your personal information will not be disclosed to any other person, body or agency unless:
- you give us permission
- it is authorised or required by law
- it meets one of the other exceptions in the Australian Privacy Principles.
If we need to share information with a third party as part of our service to you, the form you fill in will tell you about it.
We are unlikely to disclose personal information to overseas recipients.
How we store information
We comply with Australian Government security policies such as the:
- Attorney-General Department’s Protective Security Policy Framework
- Department of Defence’s Information Security Manual
We do not keep information that we no longer need for the purpose it was collected, unless the law requires us to do so. It is either destroyed or de-identified as required under the Archives Act 1983.
Only authorised Health staff can access personal information stored by us. Security features protect it from unauthorised access.
We store information in different ways, including:
- our document and records management systems
- cloud storage
- browser storage
We apply a range of security controls to protect our websites from unauthorised access. However, you should be aware that:
- the internet is an unsecure public network
- there is a risk that your transactions (including emails) may be seen, intercepted or modified by third parties
- downloadable files may contain computer viruses, disabling codes, worms or other devices or defects
Accessing and correcting your information
You can request a copy of the personal information we hold about you. You can ask us to update it if it is incorrect. Please contact us to make an enquiry.
We will take reasonable steps to give you a copy of, and/or correct, your information within 30 days, unless there is lawful reason not to do so. If this happens we will, where reasonable:
- give you a written notice explaining why
- let you know how you can make a complaint
- at your request, make a note on your file detailing the information you believe to be incorrect
If you request us to, we will alert third parties who hold your information that we have updated it.
Links to other websites
Our website contains links to other third-party websites. We are not responsible for their privacy practices, or the material on their websites.
Privacy Impact Assessments
Health conducts Privacy Impact Assessments for all appropriate projects with a high privacy risk to:
- identify the impact that the activity or project might have on your privacy
- recommend how we can manage, minimise or remove that impact
Details of Privacy Impact Assessments conducted by us since 1 July 2018 are available on our Privacy Impact Assessment Register.
If you believe that we have breached the Privacy Act, the Australian Government Agencies Privacy Code or mishandled your personal information, please contact us. Please provide as much information as possible so we can investigate and respond.
- let you know that we have received your complaint
- do our best to respond within 30 days of receiving your complaint. If we can’t respond within this timeframe we will let you know
If you’re not happy with our response, you can contact the OAIC.