Privacy Policy summary

The Vision of the ACT Human Rights Commission is:

An inclusive community that respects and realises the rights of everyone

Summary

The ACT Human Rights Commission (‘the Commission’) has to have a clear and up-to-date privacy policy, which outlines how we collect, hold, use and disclose information about you under the Information Privacy Act 2014 (the Information Privacy Act).

This document is only a short summary about how we handle information about you. For more, information, please see our Privacy Policy.

Overview

We only collect, receive, hold, use and disclose information about you to help you and to carry out our responsibilities under ACT laws including:

• Information Privacy Act 2014
• Victims of Crime Act 1994
• Human Rights Commission Act 2005 (HRC Act)
• Victims of Crime (Financial Assistance) Act 2016
• Children and Young People Act 2008
• Health Records (Privacy and Access) Act 1997
• Discrimination Act 1991
• Human Rights Act 2004
• Mental Health Act 2015

We will only share your information as required or allowed by law. If we share that information with other government agencies, they also have to handle your information under the Information Privacy Act.

Who we are and what we do?

The Commission is independent from the ACT Government. Our four Commissioners promote the human rights and welfare of all people living in the ACT. Each Commissioner and their specific responsibilities are described in our Operations Protocol (on page three).

We work in a fair and accessible way to resolve complaints, including about disability and health services, discrimination, sexual harassment, victimisation and services for older people and children and young people.

We provide individual advocacy for vulnerable members of the community and protect the rights of children and young people, and of people with disability.

We also provide support, advocacy and financial assistance to victims of crime.

Collecting and receiving information about you

We only collect information about you in ways that are lawful and fair as required or allowed by law. We only collect information about you with your informed consent or where we need it for our work.

What: The information we collect depends on what services you need, request or receive. The information collection table in our Privacy Policy describes the kinds of personal information each area of the Commission collects and why.

How: We collect information from you in many ways, including through complaint forms, in letters or emails to and from you, over the telephone and by fax or in person.

From who: We usually collect information from you directly. However, we may collect your information from other people, organisations or government bodies where you agree, or the law requires or allows us to. When it is not safe or reasonable to ask you directly or we cannot find you, we can ask for information about you from others.

Social media: We can also collect information about you if we need to from social media that anyone can see.

Notice: We will usually give you notice before we collect information about you or as soon as we can after we collect it. Sometimes the law allows us not to tell you when we collect information about you.

Sensitive information: We are especially careful when we collect sensitive information about you, such as your race, your sexuality, your political opinion, your religion, your criminal record or whether you are a victim of crime.

We will not usually collect your sensitive information without telling you why we need to collect it and asking you to consent. Sometimes we can collect your sensitive information without telling you and asking for your consent if:

• an Australian law or a court or tribunal order allows us to.
• we need to because of a serious threat to life, health or safety.
• we need to help a law enforcement body such as the police.

Health information: We can only collect information about your health for a lawful purpose directly related to our work as allowed by the Health Records (Privacy and Access) Act 1997.

If we did not ask you: If we receive information about you from someone else or another organisation such as child protection, we treat it like we did collect it ourselves under our Privacy Policy and relevant laws. If we could not have collected it ourselves, we will delete it or only use it in a way which does not identify you.

Anonymous information: If you ask us, we can sometimes help you even if you do not give us your name or you use a made-up name. However, at other times, such as when you make a complaint, we will need your real name and details so we can fairly and efficiently respond.

Using and sharing information about you

How we use it: We will not usually use your information for a particular purpose unless you have allowed us to or would reasonably expect us to. However, sometimes, laws may mean that we can use your information, without asking you so that we can:

• Reply to you quickly – We use information from your previous complaints or contacts to help us reply to you quickly. We try not to ask for the same information twice.
• Let you know about our education or training activities – If we collect your contact details at trainings or events, we may use them to let you know about other activities (but only if you agreed to this when you gave us your contact details).
• Do research and improve our services – We may use information about you to help us with research or to improve our services. We will not publish this information unless you agree, or we use it in a way which does not identify you.

When we share it: We will only share your information with other people or organisations if you agree or where we must, because laws require us to, including to:

• Protect life, health or safety – to lessen or prevent a serious threat to your or someone else’s life or health.
• Help a law enforcement organisation – to prevent, investigate, or prosecute a crime.
• Respond to possible misconduct or corruption – to respond to possible misconduct or corruption affecting our work.
• Report child welfare concerns – to report information to Child and Youth Protection Services, the police or the Ombudsman if we suspect child abuse or misconduct towards children.
• Act on court or tribunal orders – to obey court or tribunal orders for us to provide information.

Who we share it with: The following people, organisations or government bodies sometimes ask us for your information:

• Support services – Services like community or legal services may ask us for information if you have contacted them for help. We will only share your information with them if you agree. We may also share your information to help them answer you quickly.
• Government agencies – We will not normally share your information with government agencies unless you agree, or we are required to do so by law or a court order.
• Media – We do not give information which identifies you to the media unless we are allowed by law and you agree. We do not share complaints information with the media.
• Online services – We use third party providers for some internet services (such as SurveyMonkey, Mailchimp, EventBrite and Google Analytics). We may share your information securely with these providers. Our providers for internet services may collect and host information about your use of their websites (such as your IP address) on their servers in the United States of America and Europe. Other than using these services, we do not routinely disclose or store your information overseas.
• Other Commissioners: When you contact one of our Commissioners or their teams, we may also share your name, address, contact details and the issues you have raised with other Commissioners or their teams to provide you with the best support we can.
• Agencies dealing with safety risks: We may share your information to identify, lessen or prevent a risk or threat to you or someone else’s life, safety, health or wellbeing.

How we hold information about you

How you can access information: You can ask us for access to any information we hold about you. We must respond within 30 days. We will try to provide your information in the form you want. We do not charge access fees unless required by law.

Refusing access: Sometimes we cannot give you access to information if a particular law does not allow us to. We do not generally allow access to information about complaints or our inquiries under the HRC Act.

We may also delete parts of information to respect someone else’s privacy.

Where we do not give access to information, we will tell you why in writing.

How we keep accurate information: We take steps to make sure that we collect, hold, use or share information about you that is accurate, up-to-date and complete. We may sometimes check your details with you and update our records if necessary.

Updates: If you find that our information about you is not correct, you can ask us to correct or update it, and to also suggest that agencies we have shared it with update it too.

Refusing changes or updates: At times we may decide not to change information about you. We will tell you why in writing within 30 days and let you know how to challenge our decision.

How we keep your information secure: The Information Privacy Act and the ACT Protective Security Policy Framework require us to take steps to make sure that your information is safe and secure. We limit data access on a need-to-know basis, use firewall and password protections, restrict access to our office and store paper files securely.

How we respond to loss or misuse of information: If your information is accidentally released, lost or accessed we will:

1. Immediately act to limit further damage;
2. Investigate what happened and assess how it could affect you;
3. Warn you (and other relevant agencies, like the police) if you are affected or in danger;
4. Take measures to prevent it happening again.

How we review and back up information: We regularly review our processes and data security so that we can prevent your information being accidentally released, lost or misused. We are also aware of the risks of natural disaster and so back up your data regularly to avoid losing it.

How long we keep it: The Territory Records Act 2002 requires us to keep records of our work and hold them for certain periods of time. If we do not need to use, share or keep information about you any longer, we will delete any information that identifies you or destroy it.

How can you complain if we get it wrong?

If you are unhappy with how we have handled information about you, you can complain to us in writing (by letter or email). If you ask, we will help you to write your complaint.

Contact details:

Our mailing address for complaints and other letters is: ACT Human Rights Commission, GPO Box 158, Canberra, ACT, 2601.
Our email is: hrc.privacy@act.gov.au
Our phone number is: (02) 6205 2222.

How we handle your complaint: We will tell you we have received your complaint as soon as we can. We then consider your complaint to work out how we can resolve it. We will usually respond in about four weeks.

If you are still unhappy: If you are still unhappy, you may be able to make a formal privacy complaint to the Office of the Australian Information Commissioner (OAIC).

The OAIC considers privacy complaints against the HRC.

The OAIC’s mailing address is GPO Box 5218 Sydney NSW 2001.

For more information about making a privacy complaint, you can contact the OAIC by email at enquiries@oaic.gov.au or consult the Office of the Australian Information Commissioner website.

Print this page