Privacy Policy summary

The Privacy Policy summary is also available in PDF (342KB).

The Information Privacy Act 2014 (see Territory Privacy Principle 1.3) requires the ACT Human Rights Commission (‘the Commission’) have a clearly expressed and up-to-date privacy policy, which outlines how we collect, hold, use and disclose information about you.

This document is a short summary about how we handle information about you. It provides key points but not a full description. For more, information, please see our Privacy Policy.

Overview

We only collect, receive, hold, use and disclose information about you to assist you and to carry out our responsibilities under law. We have a range of roles under ACT laws:

We will only share your information as required or authorised by law. If we share that information with other government agencies, those other agencies are also required to handle your information in a way that is consistent with the Information Privacy Act.

Who we are and what we do

The Commission is an independent agency established in 2006 under the HRC Act. Our four Commissioners promote the human rights and welfare of all people living in the ACT and are responsible for overseeing our responsibilities under ACT law. Each Commissioner and their specific responsibilities are described in our Operations Protocol.

The Commission provides an independent, fair and accessible process for the resolution of complaints, including about disability and health services, discrimination, sexual harassment, victimisation and services for older people and children and young people. The Commission provides individual advocacy for vulnerable members of the community and protects the rights of children and young people, and of people with disability (including those with mental health concerns). The Commission also provides support, advocacy and assistance (including financial assistance) to victims of crime.

Collecting and receiving information about you

We only collect information about you in ways that are lawful and fair. We only collect information about you with your informed consent or where we need it for, or it is directly related to, our work.

What

The information we collect depends on what services you need, request or receive. The information collection table in our Privacy Policy describes the kinds of personal information each area of the Commission collects and why.

How

We collect information from you in a variety of ways, including through complaint forms, in letters or emails to and from you, over the telephone and by fax or in person.

From who

We normally collect information from you directly. However, we may collect your information from other people, organisations or government bodies where you agree or we exercise legislative powers. This includes situations when it is not safe or reasonable to ask you directly (e.g. doing so would endanger you or we cannot locate you).

Social media

We also collect information about you from publicly available sources (e.g. publicly visible social media) if reasonably necessary for, or directly related to, our functions.

Notice

We will normally provide you with notice before we collect information about you or as soon as we can afterwards unless we are required or permitted by law not to tell you.

Sensitive information

We treat your sensitive information with greater caution. We will not collect your sensitive information without telling you why we need to collect it and asking for your permission except:

  • where required or permitted by an Australian law or a court or tribunal order
  • where necessary to lessen or prevent a serious threat to life, health or safety or public health or safety
  • where we have good reason to think collecting the information is necessary to assist a law enforcement body in performing their role.

Health information

We can only collect information about your health for a lawful purpose that is directly related to our functions, per the Health Records (Privacy and Access Act) 1997.

If we did not seek it

If we decide (in a reasonable timeframe) that information we have received about you relates to our work and that we could have collected it, we treat it like we had collected it ourselves per our Privacy Policy and relevant laws (like the Territory Records Act 2002). If not, we de-identify or otherwise delete it in a reasonable timeframe.

Anonymity

We will assist you to interact with us without giving your name or by using a made-up name, if asked. However there are times when we will need verified information about you so we can fairly and efficiently respond (e.g. for individual complaints).

Using and sharing information about you

How we use it

We will not normally use your information for a particular purpose unless you have allowed us or would reasonably expect us to. However, at times, laws or court orders may require or allow us to otherwise use your information, without asking you.

Service delivery

We use information from your previous complaints or contacts to help us reply to you quickly and conveniently. We avoid asking for the same information twice.

Education or training

If we collect your contact details at training sessions or events, we may use them to update you about our activities (but only if you opt-in).

Research

Information about you may help us undertake general research or improve our services, however we will not publish this unless you agree or we de-identify it.

When we share it

We will only share or disclose your information with bodies outside the Commission if you agree or where a law requires or allows us to.
Examples include:

  • Threats to life, health or safety: If we reasonably believe it necessary to lessen or prevent a serious threat to your or someone else’s life or health or to public safety or health.
  • Law enforcement: If we reasonably believe sharing with a law enforcement body (e.g. ACT Policing) is necessary to prevent, detect, investigate, prosecute or punish a crime.
  • Misconduct or corruption: If we suspect unlawful activity or serious misconduct affecting our work and believe sharing your information is necessary to respond appropriately.
  • Child welfare concerns: If we reasonably suspect child abuse or other reportable conduct that we must report to child protection and oversight agencies.
  • Court or tribunal orders: If we need to comply with subpoenas or other court orders.

Who we share it with

Third parties may, on occasion, request or require your information from the Commission. Examples of who we may provide information to are listed below:

  • Service providers: We may suggest you contact service providers, like community or legal services if we think they can assist you. We will only share your information with providers if you agree. We may also share your information to help providers answer you promptly.
  • Courts and tribunals: We may need to share your information if a court or tribunal asks us.
  • Government agencies: We will not normally share your information with government agencies unless you agree or we are required to do so by law or a court order.
  • Online services: We use third party providers for some web-based services (e.g. SurveyMonkey, Mailchimp, EventBrite and Google Analytics). Your information may be shared securely with these providers per our Online Services Privacy Statement.
  • Media: We do not give identifiable information about you to the media unless we are allowed by law and you agree. We do not share complaints information with the media.
  • Internally: We may share your name, address, contact details and the issues you have raised within the Commission to provide you with the best support we can.
  • Safety risks: We may share your information to identify, lessen or prevent a risk or threat to you or someone else’s life, safety, health or wellbeing but only where the law allows us.
  • Sharing info overseas: Our providers for web-based services may collect and host information about your use of their websites (e.g. your IP address) on their servers in the United States of America and Europe. Each provider’s privacy policy is linked above. Other than using these services, we do not routinely disclose or store your information overseas.

How we hold information about you

Your right of access

You can ask us for access to any information we hold about you. We must respond within 30 days. If it is reasonable and workable, we must allow you to access to your information in an appropriate way. We do not charge access fees unless required by law.

Refusing access

At times we may refuse to let you access information we hold about you, like if a particular law requires us not to disclose it. For this reason we do not generally allow access to information about complaints or our inquiries under the HRC Act. We may also redact parts of information you have asked for to respect someone else’s
privacy. Where we refuse access to information, we will give you written reasons why.

Accuracy of information

We take reasonable steps to ensure we collect, hold, use or share information about you that is accurate, up-to-date and complete. We may check your details with you when appropriate and will update our records where they do not match.

Updates

If you find that our information about you is factually incorrect, you can ask us to correct or update it, and to also suggest that agencies we have shared it with update it too.

Refusing updates

At times we may decline to change factual information about you. We will give you written reasons why within 30 days and guidance on how to challenge our decision.

Security

The Information Privacy Act 2014 and ACT Protective Security Policy Framework require us to take reasonable steps to ensure your information is safe and secure with us.
Examples include limiting data access on a need-to-know basis, firewall and password protections, restricted access to premises and secure storage of paper files.

Loss or misuse

If your information is accidentally released, lost or accessed without authorisation (e.g. hacked) we will: first, immediately act to limit further damage; second, investigate the breach and assess how it could affect you; third, warn you if you are affected or in danger (and other relevant agencies, like the police); and, fourth, take measures to prevent similar breaches in future.

Review and back up

We regularly review our processes and data security to minimise the likelihood of your information being accidentally released, lost or misused. We are also aware of the risks of natural disaster and so back up your data regularly to avoid losing it.

How long we keep it

The Territory Records Act 2002 requires us to keep records of our work and governs how long we hold information about you depending on its purpose. If we do not need to use, share or keep particular information about you any longer, we will take reasonable steps to remove any identifying features from the information or else destroy it.

How can you complain if we get it wrong?

If you are unhappy with how we have handled information about you, you can complain to us in writing (by letter or email). If you ask, we will help you to lodge your complaint with us.

Location

We are at Level 2, 11 Moore Street, Canberra ACT and are open Monday to Friday, between 9.00am-5.00pm, except on public holidays.

Contact details

Our mailing address for complaints and other letters is: ACT Human Rights Commission, GPO Box 158, Canberra, ACT, 2601.
Our email is: human.rights@act.gov.au
Our phone number is (02) 6205 2222.

How we handle your complaint

We promptly tell you we have received your complaint when we receive it. We then consider your complaint to work out how we can appropriately resolve your issue. We will normally respond within about four weeks.

If you are unsatisfied with how we handle your complaint

If you are not satisfied with our response, you may be able to make a formal privacy complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC provides services as the ACT Information Privacy Commissioner and is responsible for considering complaints against ACT public sector agencies.

The OAIC’s mailing address is GPO Box 5218 Sydney NSW 2001.

For more information about making a privacy complaint, you can contact the OAIC by email at enquiries@oaic.gov.au or consult the OAIC website