Information we collect
When you visit our websites our web measurement tools and internet service providers record information including:
- your server and IP address
- the name of the top level domain (for example, .gov, .com, .edu, .au)
- the type of browser used
- the date and time you accessed the website
- how you interacted with our website
- the previous website you visited.
Why we collect it and how we use it
We use the above information to understand how our websites are being used. This helps us improve our websites and provide you with a better experience.
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. Information is identifiable if the relevant person can be identified. Examples might include your name, email or phone number.
If we ask you to provide additional personal information (for example, on a form), we will explain:
- why we need this information
- how we will use it.
If you choose not to provide the information it may affect our ability to respond and deliver services.
Sharing your personal information
The law, including the Privacy Act 1988, protects your personal information.
Your personal information will not be disclosed to any other person, body or agency unless:
- you give us permission
- it is authorised or required by law
- it meets one of the other exceptions in the Australian Privacy Principles.
If we need to share information with a third party as part of our service to you, the form you fill in will tell you about it.
We are unlikely to disclose personal information to overseas recipients.
Other information we might collect
We collect other personal or professional information for some programs and services. In some cases we collect different information from patients and healthcare professionals.
Our privacy notices for these programs explain what information we collect and how we use it.
See our privacy notices for the:
- Inborn Errors of Metabolism program – healthcare professionals
- Inborn Errors of Metabolism program – patients
- National Epidermolysis Bullosa Dressing Scheme – healthcare professionals
- National Epidermolysis Bullosa Dressing Scheme – patients
- Aged care announcements and newsletter subscription service
- COVID-19 GP update subscription service.
How we store information
We comply with Australian Government security policies such as the:
- Attorney-General Department’s Protective Security Policy Framework
- Department of Defence’s Information Security Manual.
We do not keep information that we no longer need for the purpose it was collected, unless the law requires us to do so. It is either destroyed or de-identified as required under the Archives Act 1983.
Only authorised Department of Health and Aged Care staff can access personal information stored by us. Security features protect it from unauthorised access.
We store information in different ways, including:
- our document and records management systems
- cloud storage
- browser storage
The information generated by the cookie may be transmitted to and stored by Facebook and Google, who may use this information for the purpose of compiling reports on website activity for us (or advertising agencies engaged to act on our behalf). Demographic and interest reports may be generated including characteristics such as your age, gender and location. These reports do not identify you personally. We may use them to provide targeted advertising to you and to make policy decisions. If you prefer not to receive cookies, you can adjust your browser settings. However, you may not be able to use the full functionality of the website.
We apply a range of security controls to protect our websites from unauthorised access. However, you should be aware that:
- the internet is an unsecure public network
- there is a risk that your transactions (including emails) may be seen, intercepted or modified by third parties
- downloadable files may contain computer viruses, disabling codes, worms or other devices or defects.
Accessing and correcting your information
You can request a copy of the personal information we hold about you. You can ask us to update it if it is incorrect. Please contact us to make an enquiry.
We will take reasonable steps to give you a copy of, and/or correct, your information within 30 days, unless there is lawful reason not to do so. If this happens we will, where reasonable:
- give you a written notice explaining why
- let you know how you can make a complaint
- at your request, make a note on your file detailing the information you believe to be incorrect.
If you request us to, we will alert third parties who hold your information that we have updated it.
Links to other websites
Our website contains links to other third-party websites. We are not responsible for their privacy practices, or the material on their websites.
Privacy Impact Assessments
We conduct Privacy Impact Assessments for all appropriate projects with a high privacy risk to:
- identify the impact that the activity or project might have on your privacy
- recommend how we can manage, minimise or remove that impact.
Details of Privacy Impact Assessments conducted by us since 1 July 2018 are available on our Privacy Impact Assessment Register.
If you believe that we have breached the Privacy Act, the Australian Government Agencies Privacy Code or mishandled your personal information, please contact us. Please provide as much information as possible so we can investigate and respond.
- let you know that we have received your complaint
- do our best to respond within 30 days of receiving your complaint. If we can’t respond within this timeframe we will let you know.
If you’re not happy with our response, you can contact the OAIC.