Carer Gateway Website Privacy Policy

1. Introduction

Your privacy is important to us. We are bound by the Privacy Act 1988 (the Privacy Act) and the Australian Privacy Principles (APPs). The APPs regulate the handling of Personal Information by Australian government agencies and businesses under the Privacy Act.

The Department of Social Services (DSS) or “We”, “Us” or “Our” manages and maintains the Carer Gateway website and collects Personal Information in order to manage and maintain the Carer Gateway website (at https://www.carergateway.gov.au/) for the benefit of Australian carers. In addition to this Privacy Policy, DSS also has a privacy policy available on its own website which may be broader in scope than this Privacy Policy as it may also take into account other activities and services. For more information about DSS please see the DSS website.

The following Carer Gateway services have separate privacy policies:

The Carer Gateway website is provided under the DSS policy called the Integrated Carer Support Service (ICSS). More information on ICSS is available on the ICSS webpage.

1.1 Who should read this Privacy Policy?

You should read this Privacy Policy if you are an individual whose Personal Information may be given to or held by Us.

1.2 The Privacy Act

The Privacy Act 1988 (the Privacy Act) regulates how federal and ACT public sector agencies and certain private sector organisations can collect, hold, use and disclose Personal Information, and how you can access and correct information about you held by those agencies and organisations.

Personal Information’ is information in any form that can reasonably identify a living person.

The Privacy Act applies only to information about individuals, not to information about corporate entities such as businesses, firms or trusts. Detailed information on the Privacy Act can be found on the Office of the Australian Information Commissioner (‘OAIC’) website.

1.3 Carer Gateway website and privacy

This Privacy Policy sets out how We comply with the Privacy Act.

In performing Our functions We may collect, hold, use or disclose your Personal Information. We take privacy seriously and will only collect, hold, use and disclose your Personal Information in accordance with the Privacy Act.

If We do not receive Personal Information about you the Privacy Act will not apply.

1.4 Australian Government Agencies Privacy Code

We must comply with the Australian Government Agencies Privacy Code (the Code). The Code sets out the requirements and key practical steps that DSS must take to help build a consistent, high standard of Personal Information management across all Australian government agencies. For more information about how DSS meets its requirements under the Code please contact DSS using the contact details set out at section 5 of this Privacy Policy.

1.5 Remaining anonymous or using a pseudonym

Generally, members of the public will have the right to remain anonymous or adopt a pseudonym when dealing with Us. However, it is not always possible to remain anonymous or adopt a pseudonym in order for Us to interact with you effectively, and We will inform you when it is required for you to use your correct name.

1.6 Information covered under this Privacy Policy

This Privacy Policy applies to all Personal Information collected about you by Us, including any financial information you provide to Us, Personal Information collected through our social media websites and information collected through service providers who deliver services for Us under contracts.

1.7 Information held by contractors of DSS

Under the Privacy Act, DSS is required to take contractual measures to ensure contracted service providers (including sub-contractors) comply with the same privacy requirements applicable to DSS.

2. Personal Information handling practices

2.1 Collection of Personal Information

Personal Information about you may be collected by Us from you. In some circumstances a third party may provide information to Us about you. From time to time Personal Information is provided to Us by members of the public without being requested by Us. Information is usually collected directly by Us. We generally use online forms, to collect your information.

We collect and hold a range of Personal Information in records that include:

  • information that you provide on online forms;
  • complaints (including privacy complaints) and feedback provided to Us and;
  • requests made to DSS under the Freedom of Information Act 1982 (Cth).

We will not ask you for any Personal Information which We do not need. The Privacy Act requires that We only collect information for purposes that are reasonably necessary for, or directly related to, the functions or activities of the Carer Gateway website.

When We collect Personal Information, We are required under the Privacy Act to notify you of a number of matters. These include the purposes for which We collect the information, whether the collection is required or authorised by law, and any person or body to whom We usually disclose the information. We provide this notification by issuing separate privacy notices on Our paper-based forms and website areas related to particular programs and activities.

2.2 Kinds of Personal Information that We collect and hold

In providing the Carer Gateway website We may collect and hold the following kinds of Personal Information (which will vary depending on the context of the collection):

  • name, phone number, and email address;
  • complaints details that may identify you.

On occasions, sensitive information about you may also be collected or held, even if we do not request it. For instance, we cannot prevent you giving this sensitive information in your written feedback.

2.3 How We collect and hold Personal Information

We collect Personal Information through a variety of different methods including:

  • electronic forms (including online forms);
  • email communications; and
  • Carer Gateway branded social media websites and accounts.

We hold Personal Information in electronic records. Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Australian Government records management regime, including the Archives Act 1983, Records Authorities and General Disposal Authorities. This ensures your personal information is held securely.

2.4 Purposes for which Personal Information is collected, held, used and disclosed

We collect and hold Personal Information for purposes relating to the Carer Gateway functions and activities including:

  • performing DSS’ legislative and administrative functions;
  • complaints and feedback management;
  • investigations and audits; and
  • management of correspondence with the public.

We use and disclose Personal Information for the primary purposes for which it is collected. You will be given information the primary purpose of collection at the time the information is collected from you or as soon as possible afterwards.

We will only use your Personal Information for secondary purposes where it is able to do so in accordance with the Privacy Act.

We undertake written Privacy Impact Assessments for all high privacy risk projects that involve new or changed ways of handling Personal Information.

2.5 Data security and integrity

Access to Personal Information held within Our organisations is restricted to authorised people who are Our employees or contractors. We take all reasonable steps, including through contractual measures, to protect the Personal Information We hold and against loss, unauthorised access, use, modification, or disclosure.

Electronic and paper records containing Personal Information are protected in accordance with Australian Government security policies, including the Australian Government Information Security Manual.

We regularly conducts audits to ensure We adhere to our protective and computer security policies.

We take all reasonable steps to ensure that the Personal Information it holds is accurate, up-to-date, complete, relevant, and not misleading.

2.6 Access and correct Personal Information

You have a right under the Privacy Act to access Personal Information We hold about you.

You also have a right under the Privacy Act to request corrections to any Personal Information that We hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

However, the Privacy Act sets out circumstances in which We, can decline access to or correction of Personal Information (e.g. where access is unlawful under a secrecy provision in portfolio legislation, where your information is integrated with information about other people, or where the Personal Information held is an opinion about you and not an objective fact).To access or seek correction of Personal Information We hold about you, Us using the contact details set out at section 5 of this Privacy Policy.

It is also possible to access and correct documents held by Us under the Freedom of Information Act 1982 (the FOI Act). For information on this, please contact the DSS FOI Coordinator (contact details are available on the DSS Freedom of Information webpage).

2.7 Accidental or unauthorised disclosure of Personal Information

We will take seriously and deal promptly with any accidental or unauthorised disclosure of Personal Information.

We are subject to the Notifiable Data Breaches Scheme under the Privacy Act, and We will act in accordance with the requirements of the Scheme and the guidance of the OAIC in assessing and responding to suspected notifiable data breaches. Where a breach of Personal Information occurs that is likely to cause serious harm to individuals, We will notify the OAIC and affected individuals as required.

2.8 Website analytics

If you use the Carer Gateway website to read or download information, We record a range of technical information which does not reveal your identity. This information includes your IP or server address, your general locality and the date and time of your visit to the website. This information is used for service improvement and policy evaluation purposes. No attempt is made to identify you through your browsing other than in exceptional circumstances, such as an investigation into the improper use of the Carer Gateway website.

2.9 Supplementary online services

Some functionality associated with the Carer Gateway website is not run by Us, and third parties may capture and store your Personal Information outside Australia. These third parties include (but are not limited to) Facebook, YouTube, MailChimp, SurveyMonkey, Twitter and Google, and they may not be subject to the Privacy Act at all or in the same way as Us. We are not responsible for the privacy practices of these third parties and encourages you to examine each website's privacy policies and make your own decisions regarding their reliability.

2.10 Cookies

Cookies are used to maintain contact with a user through a website session. A cookie is a small file supplied by Us, and stored by your web browser software on your computer when you access the Carer Gateway website. Cookies allow Us to recognise an individual user, as they us the Carer Gateway website. Cookies do not store any Personal Information. You may disable cookies by adjusting the settings on your web browser, but if you do this you may not be able to use the full functionality of the Carer Gateway website.

2.11 Links

The Carer Gateway website contain links to other websites. We are not responsible for the content and privacy practices of other websites and encourage you to examine each website's privacy policies and make your own decisions regarding the reliability of material and information found.

2.12 Electronic communication

There are inherent risks associated with the transmission of information over the Internet, including via email. You should be aware of this when sending Personal Information to Us via email or via the Carer Gateway website. If this is of concern to you then you may use other methods of communication with Us, such as post or phone (although these also have other risks associated with them).

2.13 Disclosure of Personal Information overseas

We may (in limited circumstances and where authorised by law) disclose Personal Information to foreign governments and law enforcement agencies. However, you may contact Us (using the contact details set out at section 5 of this Privacy Policy) to find out which countries, if any, your information has been given to.

3. Complaints

3.1 How to make a complaint

If you think that We may have breached your privacy rights you may contact Us using the contact details set out at section 5 of this Privacy Policy.

3.2 Process for handling complaints

We will respond to your complaint or request promptly if you provide your contact details. We are committed to quick and fair resolution of any complaints and will ensure your complaint is taken seriously. You will not be victimised or suffer negative treatment if you make a complaint.

3.3 How to complain to the OAIC

You also have the option of contacting the OAIC if you wish to make a privacy complaint against Us and if you are not satisfied with how We have handled your complaint in the first instance. The OAIC website contains information on how to make a privacy complaint.

If you make a complaint directly to the OAIC rather than to Us , the OAIC may recommend you try to resolve the complaint directly with Us in the first instance.

4. Privacy Policy updates

This Privacy Policy will be reviewed regularly and updated as required.

5. Contact us

Please use the details below if you wish to:

  • query how your Personal Information is collected, held, used or disclosed;
  • ask questions about this Privacy Policy;
  • obtain access to or seek correction of your Personal Information; or
  • make a complaint about a breach of your privacy.

Email: complaints@dss.gov.au
Telephone: 1800 634 035
Post: DSS Feedback, GPO Box 9280, Canberra, ACT 2601.

6. Availability of this Privacy Policy

If you wish to access this Privacy Policy in an alternative format (e.g. printed copy) free of charge you may contact Us using the contact details set out above at section 5 of this Privacy Policy.