We collect, hold, use and disclose personal information to carry out functions or activities.
These functions and activities include:
- handling privacy and freedom of information complaints and reviews
- taking other regulatory action under the Privacy Act
- providing advice on privacy and information policy issues
- consulting with stakeholders, for example, on privacy guidance
- maintaining registers, such as organisations that have opted-in to Privacy Act coverage
- responding to access to information requests
- communicating with the public, stakeholders and the media including through websites and social media
- assessing suitable candidates for career opportunities within our company
Collection of your personal information
At all times we try to only collect the information we need for the particular function or activity we are carrying out.
The main way we collect personal information about you is when you give it to us. For example, we collect personal information such as contact details and complaint, review, request, data breach notification or report details when you:
- contact us to ask for information (but only if we need it)
- make a complaint about a privacy breach to us
- make a complaint about the way an agency has handled a request
- ask for access to information the person holds about you or other information
- notify about a data breach
- report a matter for investigation
- apply for a job vacancy
We may also collect information from you when we investigate or review. If we open a file about your matter, it will often include our opinion on your matter.
We may also collect contact details and some other personal information if you are on our committees or participating in a meeting or consultation with us.
Collecting sensitive information
Sometimes we may need to collect sensitive information about you, for example, to handle a complaint. This might include information about your health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, genetic or biometric information.
Indirect collection
In the course of handling and resolving a complaint, data breach notification, review or an investigation, we may collect personal information (including sensitive information) about you indirectly from publicly available sources or from third parties such as:
- your authorised representative, if you have one
- applicants, complainants, respondents to a complaint, investigation, application or data breach notification or the third parties’ employees and witnesses.
We also collect personal information from publicly available sources to enable us to contact stakeholders who may be interested in our work or in participating in our consultations.
Anonymity
Where possible, we will allow you to interact with us anonymously or using a pseudonym. For example, if you contact our Enquiries line with a general question we will not ask for your name unless we need it to adequately handle your question.
However, for most of our functions and activities we usually need your name and contact information and enough information about the particular matter to enable us to fairly and efficiently handle your inquiry, request, complaint or application, or to act on your report.