Privacy policy statement

We manage personal and health information in accordance with the privacy principles contained in the:

  • Privacy and Data Protection Act 2014
  • Health Records Act 2001
  • other relevant laws.

Collection, use and disclosure of personal information

Personal information is any information or opinion about an identifiable individual.

The person's identity must be apparent or reasonably ascertainable from the information or opinion concerned.

Personal information is collected from a variety of means, including:

  • written application forms
  • online application forms
  • letters or other correspondence
  • email messages
  • telephone
  • face-to-face contact.

Unique identifiers

A unique identifier is an identifier (usually a number) used for the primary purpose of identifying an individual.

We only assign unique identifiers (or adopt, use or disclose a unique identifier assigned by another organisation) where it is:

  • necessary
  • authorised by law
  • with the consent of the individual.

Anonymity

Where lawful and practicable, individuals should have the option of transacting or interacting with us without identifying themselves.

Many of the things we do require you to provide us with your personal information. However, where it doesn't affect the proper performance of our functions, we won't require you to provide it.

Sensitive information

Sensitive information is a special category of personal information.

It's defined as information or an opinion about certain sensitive aspects relating to individuals, such as their:

  • criminal record
  • racial or ethnic origin
  • political opinions or membership of political association
  • religious or philosophical beliefs or affiliations
  • membership of professional or trade associations or unions
  • sexual preferences or practices.

Health information

Health information is personal information or an opinion about:

  • the physical, mental or psychological health of an individual
  • a disability (at any time) of an individual
  • an individual's expressed wishes about their future provision of health services
  • a health service provided or to be provided to an individual.

Licence applicants

Under gambling legislation, we collect personal information about:

  • applicants for various licenses, permits or other authorisations
  • associates of such applicants
  • associates of already approved licensees, permit holders or other authorised participants.

The personal information collected from or about these individuals is used or disclosed to help us:

  • advise individuals and related entities of regulatory requirements and changes
  • evaluate applications for various licences and permits or authorisations issued and administered by us pursuant to gambling legislation, including assessing the suitability of an applicant and, where required, an associate to be involved in, or licensed to work in, the gambling industry
  • investigate possible contravention of gambling legislation and for ongoing monitoring purposes
  • where applicable, assist us to enforce and, where necessary, prosecute individuals for contravention of gambling legislation.

Employees

We collect and hold personal information about individuals who:

  • are currently engaged
  • were previously engaged
  • are seeking to be engaged by us for a specific position or purpose.

This includes:

  • job applicants
  • employees
  • tenderers
  • contractors.

Some health information is collected from time to time about employees for employment related purposes, such as WorkCover.

The personal information collected from individuals is used to:

  • evaluate their capability and/or capacity to meet our requirements and/or contractual obligations
  • manage any ongoing relationship with those individuals.

In the case of employees, it's also collected for insurance-related and computer network security purposes.

Transborder data flows

If an individual’s personal information travels outside Victoria, the privacy protection should travel with it.

We only transfer personal information outside Victoria in the circumstances permitted by privacy legislation. For example, if the individual consents, or if the recipient of the personal information is subject to a law or binding scheme that is substantially similar to the Victorian privacy protections.

Collecting and using personal information

Generally, we collect personal information or health information directly from the individual.

Personal or health information may be collected from third parties, such as:

  • corporate applicants with some connection to or association with the individual
  • treating doctors.

Personal information may be obtained on an unsolicited basis either directly from individuals about themselves, or from third parties about individuals. This can include letters of complaint.

We take reasonable steps to ensure the individual knows:

  • why we collect it
  • what is done with it
  • to whom it is disclosed.

Where we don't actively collect personal information directly from the individual but acquire it from a third person, we take reasonable steps to let the individual know the other party has that information if it's to be used or acted upon.

We may be required to collect some sensitive personal information. We always obtain the consent of the individual concerned before requesting a police check, unless required under investigation or enforcement action.

Using and disclosing personal information

We use or disclose the personal information we collect only:

  • for the purpose for which it was collected
  • for a related purpose that an individual would expect their personal information to be used for in the circumstances
  • with the consent of the individual concerned, for some other agreed purpose
  • for law enforcement purposes
  • as otherwise required or authorised by law.

Storing personal information

We take reasonable steps to ensure the personal and health information we collect is:

  • accurate
  • complete
  • up-to-date.

We hold personal and health information in both electronic and paper-based forms. We have various security measures and processes in place to protect the information from:

  • misuse
  • loss
  • unauthorised access
  • modification
  • disclosure.

Processes include:

  • secure computer access levels to ensure only authorised staff have access to certain kinds of computer-stored information
  • use of computer passwords to ensure only authorised personnel have access to computer files
  • use of virus protection software
  • storage of paper-based documents containing personal information in locked cabinets or rooms or other secured areas accessible only by authorised personnel
  • providing physical security to limit access to our offices to authorised personnel only.

Your rights to access or correct personal records

You may request a copy of your personal information. You may also request to correct that information if it's found to be inaccurate. You are able to request access to and correct your personal information by contacting us directly at [email protected]

Freedom of information requests

However, there are situations where it won't be appropriate to provide direct access to information, and you'll be required to make a Freedom of Information application. A fee may apply for such an application.

If you're an existing or former employee of ours or our predecessors, you may access information relating to your employment by written request without making a formal request.

For more information, refer to Accessing data on the Office of the Victorian Information Commissioner website.

Privacy queries and complaints

You can email [email protected] if you have:

  • a query about our policies for handling personal information, including any sensitive or health information
  • a complaint about how we handle your personal information.

If your complaint isn't resolved to your satisfaction, or within a reasonable time, you can request a review by writing to the Chief Executive Officer at [email protected].

Under the Privacy and Data Protection Act 2014, you can complain to the Office of the Victorian Information Commissioner about an act or practice that may be an interference with your privacy. The Commissioner may decline to consider a complaint if you haven't made a complaint to us first.

If your complaint relates to health information held by us, and you feel we haven't adequately dealt with your complaint through our internal procedures, you can contact the Health Complaints Commissioner.

Updated

Back to top