Privacy statement

On this page:

• Our approach to privacy
• Meaning of ‘personal information’
• How we collect personal information
• Collection of personal information and what we do with it
• Website privacy
• Web statistics and data collection
• Cookies
• Web beacons
• Clickstream data
• Email subscription service
• Links to external websites
• Disclosure of personal information
• Data quality and data security
• Information security risks
• Online payments
• Access to your information
• Staying anonymous
• Privacy complaints

Our approach to privacy

Consumer Affairs Victoria is committed to responsible and fair handling of your personal information, consistent with the Information Privacy Principles set out in the Privacy and Data Protection Act 2014 (Vic).

This Privacy Statement tells you how we manage your personal information. It applies to all your contact with us, whether in person, over the telephone or online.

Meaning of 'personal information'

Personal information means information or an opinion about an identifiable individual. The sort of personal information we collect includes name, address, telephone and email contact details, complaint details and information we need to process various types of transactions, such as fundraising registrations.

How we collect personal information

We collect personal information when you:

• submit a paper or online form
• write to us
• email
• telephone.

We may get personal information about you from other people or organisations. For example, when we:

• investigate a complaint
• obtain your contact details from another person or a public database such as the white pages.

Whenever we collect personal information, we will ensure that you know why we collect it, what we do with it and who we disclose it to. Where we do not collect information directly from you, we will take reasonable steps to let you know that we have the information.

Collection of personal information and what we do with it

We collect personal information for all sorts of reasons. Most of the information we collect will come directly from you.

For example, if you:

• make a consumer complaint, we use the details you provide to investigate it
• apply to register incorporate an association or register as a fundraiser, we use the information to process the application
• respond to one of our surveys, we use the information to help us provide better services and plan for the future
• ask us to conciliate a dispute, we use the information to assist in that process
• write to us or to your local Member of Parliament or to the Minister for Consumer Affairs, we will keep a copy to help us reply

Some of our work involves the 'indirect' collection of personal information - that is, where personal information is collected or received about you, but from someone else or from some other source. For example, if:

• a consumer complaint is made about you, we record this information on a database
• a consumer enquiry is received, we may record the name of the respondent and related details
• we are carrying out an investigation or enforcement, we may collect personal information about you from the Business Licensing Authority or other state or federal agencies
• we need to publicise a new law or seek feedback on a new initiative, we may get your details from a publicly available database
• you have been selected for an official committee or nominated for a statutory appointment, we will have resume information supplied by you but we may collect or receive additional information from other sources

We may need to use your personal information for a purpose that is different from the reason we originally collected it. For example, where we:

• undertake investigation or enforcement action or
• carry out research or statistics.

Some of our work requires us to collect sensitive personal information. The most common example is when we ask Victoria Police for a criminal record check. We always get your consent before we do this, unless we are taking investigation or enforcement action.

Website privacy

You can access the Consumer Affairs Victoria home page and browse our website without disclosing your personal information. We do not collect personal information when you visit or browse. Where you submit an email automatically generated from the website, or complete and submit a form online, your personal information will be managed in accordance with the policy set out in this Statement. Email addresses are not added to mailing lists without your consent.

Credit card details you supply to us are not stored on our website or on any Consumer Affairs Victoria database. They are transferred securely by our service provider to the bank. Consumer Affairs Victoria only retains a transaction number, which cannot be linked to your credit card details.

Web statistics and data collection

Pages on the site may be coded with Google Analytics software. This software stores a cookie in your browser, which contains a unique identifier, and sends information to Google. This enables Google to track the number of unique visitors to the site. In no way does this unique identifier identify a user personally. We do not and will not marry any data collected by Google with any personal information.

While you can browse this website anonymously, without disclosing your personal information, we may not be able to provide the full range of services through this website if we are not provided with the information outlined above.

When you provide us with personal information about other individuals, reasonable steps must be taken to ensure this fact is brought to the other individuals’ attention. We rely on you to make them aware:

• that such information will or may be provided to Consumer Affairs Victoria or the Department of Government Services
• of the types of third parties we may provide it to
• of the relevant purposes that we and such third parties will use it for
• how they can access it
• of any law that required the information to be collected and
• the consequences for the informant if any of the information is not provided.

Consumer Affairs Victoria will also, in appropriate circumstances, take reasonable steps to ensure that an individual is or individuals are made aware that it holds information in respect to them.

Cookies

Like many sites, this website may use cookies from time to time.

Cookies are small data files that a website is able to place on a user's hard drive to record aspects of that user's experience of the website. For example, we may use cookies to record that a user visited a particular section of the website, that their browsing software was a particular version or to ensure that online applications and transactions do not require you to re-input information when moving between web pages. In this way, cookies can improve the operation of the website, and make the experience more efficient, more enjoyable or more personalised. Importantly, in depositing information on a user's computer and referring to it later in the same session (sessional) or on a subsequent visit (persistent), cookies do not need to identify the user or record any personal information.

The default settings of browsers like Internet Explorer may allow some or all cookies, but users can easily take steps to erase cookies from their hard-drive, block all cookies, or receive a warning before a cookie is stored. However, some parts of sites may not function fully for users that disallow cookies.

Web beacons

This website uses web beacons, also known as web bugs, pixel tags or clear GIFs, as some pages on the site are coded with Google Analytics (see further information above under Web statistics data collection).

Used in combination with cookies, a web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, which is placed on a site or in an email that is used to monitor the behaviour of the user visiting the site or receiving the email.

When the HTML code for the web beacon points to a site to retrieve the image, at the same time it can pass along information such as:

• the IP address of the computer that retrieved the image
• the time the web beacon was viewed and for how long
• the type of browser that retrieved the image and
• previously set cookie values.

Web beacons are typically used by a third party to monitor the activity of a site. If you have concerns about web beacons, turning off the browser's cookies will prevent web beacons from tracking your activity. The Web beacon will still account for an anonymous visit, but your unique information will not be recorded.

Clickstream data

This website's web server automatically records non-personal clickstream data. To the extent that any clickstream data could make you identifiable, we will not attempt to identify you from clickstream data unless required by law or to investigate suspected improper activity in relation to the website or to assist in law enforcement.

The following clickstream data are automatically recorded by this website's web server for statistical and system administration purposes only:

• your server address
• your top level domain name (e.g. .com, .au, .gov)
• the date and the time of your visit to the site
• the pages you accessed and downloaded
• the address of the last site you visited
• your operating system
• the type of browser you are using.

Email subscription service

The personal information we collect via the email subscription system is your email address.

In addition to using the information for the purpose of providing our email subscription service you have requested, we may also use or disclose the personal information that we collect about you for the following purposes:

• research
• the compilation or analysis of statistics
• those in the public interest or
• any other purposes required or authorised by law - other than by publication of the information in a form that identifies an individual, it is impracticable to get that individual’s consent before the use or disclosure and in the case of disclosure Consumer Affairs Victoria believes the recipient of any of the information will not disclose it.

We may preserve the content of any electronic message that we receive. Any personal information contained in that message will only be used or disclosed in ways set out in this Privacy Statement. We will not use that information to add you to a mailing list without your consent.

Links to external websites

This website privacy statement does not extend beyond this website. When following links to other sites from this website, we recommend that you read the privacy statement of that site to familiarise yourself with its privacy practices.

Disclosure of personal information

We may share personal information within Consumer Affairs Victoria, the Department of Government Services and with third parties. The types of third parties to whom we may disclose that personal information includes our service providers who assist us in providing this website and our products and services such as organisations who provide archival, auditing, professional advisory, banking, mailhouse, delivery, recruitment, call centre, technology, research, utility and security services. We may also disclose your personal information to third parties acting on your behalf, for example your solicitor or interpreter.

Here are some examples of circumstances when we may need to disclose your personal information outside of Consumer Affairs Victoria:

• If you lodge a consumer complaint, we will disclose the details to the person or organisation that your complaint is about.
• If we hold your details in connection with a fundraising appeal, an incorporated association or a co-operative, personal information about you may appear on the relevant public register. These registers may be inspected by the public and extracts can be purchased. Consumer Affairs Victoria will make some of the public registers available online.
• If we use a contractor to help us mail out educational or promotional material, we will need to provide them with your name and address details.
• If you are involved in a committee, expert panel or reference group, we may need to give the Minister relevant background about you.

Data quality and data security

We make every effort to ensure that personal information we collect, use or disclose is accurate, complete and up-to-date. Most of our information is collected or received directly from the person concerned, and is used for its intended purpose without delay.

We have secure office premises and a security pass entry system. Our files are protected from outside or unauthorised access, while older files are securely archived at separate premises. Our information technology arrangements also incorporate data security measures. We require staff to use passwords to enter the computer system and our databases require an additional password, with different levels of access depending on the role of the officer concerned. Only staff who need to use your information have access to it. We have 'firewalls' to protect the integrity of the information we store electronically and we also screen routinely for viruses. Where email is used to transfer information, it is encrypted. These and other measures help protect your personal information from misuse, loss or unauthorised access, unauthorised modification or disclosure.

Where personal information is disclosed or made available to contractors (for instance, to manage a major project or do a large mail-out), we ensure that the contract requires confidentiality, restricts the use of the information to the purposes of the contract and clarifies what happens to personal information when the contract finishes. Wherever possible, arrangements are also made to enable us to monitor the contractor's compliance. Where contractors are involved in the delivery of core services, we ask them to comply with the Information Privacy Principles.

Information security risks

We have implemented technology and security policies, rules and measures to protect the personal information that we have under our control. However, you should be aware that there are risks in transmitting information across the Internet. So while we strive to protect such information, we cannot ensure or warrant the security of any information transmitted to us online and individuals do so at their own risk. Once any personal information comes into our possession, we will take reasonable steps to protect that information from misuse and loss and from unauthorised access, modification and disclosure.

If you are concerned about conveying sensitive material to us over the Internet, you might prefer to contact us by telephone or mail. We will remove personal information from our system where it is no longer required (except where archiving is required).

Online payments

If you make a payment using this website, we may process your payment with the assistance of a reputable third party electronic payments service provider and present you with an online receipt for your records.

If you make an online application or another payment transaction using this website, or via the Department of Government Services online transaction website, we take additional steps to protect the security of your personal information, such as strong 128-bit SSL encryption. Before using these facilities, you should ensure that you are using a web browser that supports 128-bit encryption. In many web browsers, you can confirm that your session is encrypted by the appearance of a locked padlock symbol at the foot of the browser.

Access to your information

You can request access to the personal information we hold about you at any time. We will try to give you access with as little formality as possible and without charging a fee. However, where your request is difficult or time consuming to answer, or where it involves personal information about other people, we may have to use freedom of information procedures to process the request.

If you become aware that personal information we hold about you is not accurate, complete or up to date, you can ask us to correct it.

Staying anonymous

Most of the things we do require you to provide us with personal information. However, where it does not affect the proper performance of our functions, we will not require you to provide it. For instance, if you make an enquiry about a consumer protection law, we can help you over the telephone or by email without the need for you to give us any of your personal details. If you need a copy of one of our publications, view our Forms and publications page.

Privacy complaints

If you are unhappy about the way we have handled the privacy of your personal information, you may complain in person, by telephone or in writing. Oral complaints that are judged to need more than five days to respond must be put into writing.

To make a complaint privacy complaint, see Provide feedback about Consumer Affairs Victoria.

Our Privacy Coordinator will handle the investigation of a privacy complaint. Consumer Affairs Victoria will acknowledge oral and written complaints within 5 working days, and will provide a full response within 20 working days.

If you are not satisfied with the outcome, you are entitled to complain directly to the Office of the Victorian Information Commissioner (OVIC). OVIC is an independent body that investigates complaints about possible privacy breaches by public sector organisations and local government. For more information, visit the OVIC website or call 1300 006 842.

Contact details

View Contact us.