Privacy

Privacy notice for the Government Provider Management System

Find out how we manage any personal information we collect when you create an account as a Government Provider Management System user.

When this collection notice applies

This privacy notice applies when you create an account as a Government Provider Management System (GPMS) user, or when an Organisational Administrator at your organisation creates an account for you. It also applies when you use your GPMS account.

This privacy notice applies in relation to either GPMS Approved Provider Portal or GPMS Registered Provider Portal.

GPMS is used by both the Department of Health, Disability and Ageing and the Aged Care Quality and Safety Commission (Commission). Some of the information you provide in GPMS may be shared with, and used by, both organisations.

This privacy notice explains how the department uses personal information collected through GPMS. For information about how the Commission collects and uses personal information, see the Commission’s Notice of collection of personal information.

Information we collect

We will collect the following information:

  • your name
  • the organisation you work for
  • your role at the organisation
  • your phone number
  • your email address
  • your date of birth
  • your GPMS access role
  • audit logs of your GPMS activity
  • browser
  • IP address.

Why we collect this information

We collect most of the information listed above so we can operate and support GPMS, contact you, administer your GPMS user account and understand your role within your organisation (or across multiple organisations). 

The Department may collect, use and disclose your personal information under the Aged Care Act 2024 where authorised by law.

As multiple people with the same name may create accounts as GPMS users, we need your date of birth to help us uniquely identify you. 

We collect audit logs of activity within GPMS to identify inappropriate or unauthorised use or disclosure of personal information.

How we collect this information

We collect this information in 4 ways:

  • If you are setting up your own account as a GPMS user, we collect the information when you enter it while creating your account.
  • If an Organisational Administrator at your organisation creates a GPMS user account for you, we will collect the information when they enter it while creating your account.
  • When you use your GPMS account, via audit logging.
  • When your details are recorded as a contact for your organisation. 

When an Organisational Administrator creates an account for you or you are added as a point of contact, they:

  • are bound by the GPMS terms of use
  • must have your consent to provide us with your information.

Who will be able to see this information

This information will be visible to:

  • staff of the Department of Health, Disability and Ageing
  • staff of the Aged Care Quality and Safety Commission
  • Organisational Administrators at your organisation
  • authorised users within your organisation with access to the GPMS Registered Provider portal.

Disclosure of your information to our IT support vendors

We may disclose your information to our IT support vendors to help us operate and support the GPMS. Those IT support vendors may use personnel located outside of Australia, and those personnel may have access to your information. The overseas recipient of your information may not be bound by the Australian Privacy Act, but will be subject to other privacy, security and confidentiality obligations.

How we store your information

We store your personal information in one or more data centres managed by Amazon Web Services. These data centres are in Australia.

How you can access or correct your information

Any Organisational Administrator or user (including yourself) within your organisation with access to the Manage Your Organisation tool within the GPMS Registered Provider Portal, can access and correct your user profile information. Alternatively, you can contact the My Aged Care service provider and assessor helpline on 1800 836 799.

Concerns and complaints

Our privacy policy explains how you can make a complaint if you think we have breached:

  • the Australian Privacy Principles
  • the Australian Government Agencies Privacy Code.

The privacy policy also explains how we will manage your complaint.

More on privacy

To find out more see our privacy page and our full privacy policy.

Date last updated:
Tags: