Central Gippsland Region Water Corporation is committed to providing customers, employees, and other individuals with exceptional customer service. This includes protecting privacy. From 1 September 2002 Central Gippsland Region Water Corporation has been bound by the Victorian Information Privacy Act 2000. Since 1 July 2002, Central Gippsland Region Water Corporation has also been bound by the Health Records Act 2001.
The Victorian Information Privacy Act 2000 and the Health Records Act 2001 both address the concerns of people regarding the privacy of their personal information by enshrining enforceable standards in law and committing Victorian government agencies, statutory bodies, local councils and various other organisations to follow them.
This statement is an outline of certain matters relating to the collection and handling of customer and employee personal information by Central Gippsland Region Water Corporation. A further explanation of our privacy practices is set out in our Privacy Policy which is available upon request.
All references to "we", "us" and "ours" are to Central Gippsland Region Water Corporation.
What is personal information?
"Personal information" means recorded information or opinion, whether true or not, about an individual whose identity can reasonably be ascertained.
"Personal information" may include an individual's name, address, sex, age, financial details, marital status, education or employment history. Some personal information is called "sensitive information" and given special treatment. This includes data about health, ethnic origin, religious belief, political association membership, sexual practices and criminal record.
What is health information?
"Health information" includes information or opinion about the physical, mental or psychological health or disability of an individual.
Collection
We only collect personal information that is necessary to perform our functions or if it is necessary by law. The types of personal information that may be held by us includes, without limitation:
- date of birth;
- drivers licence details;
- pension card numbers;
- bank account details;
- employment history;
- credit information; and
- health information.
We may also be required to collect some personal information as required by occupational health and safety laws.
Personal information is collected in a number of ways including, without limitation:
- in person, including over the counter;
- using forms and surveys;
- correspondence;
- from third parties;
- from publicly available sources;
- telephone;
- internet; and
- in public meetings.
Use and disclosure
We recognise that any personal information is very important to our customers and employees, and our customers and employees should have a right to control the use and dissemination of that information.
We may use personal information for the purpose of providing water and sewerage related services and products, promoting such services and products, market research consulting with members of the public to hear and respond to water service needs and attend to queries or complaints. We may use personal information for the purposes specified at the time of collection. We may also use it for another purpose if:
- the purpose is related (or in the case of sensitive or health information, directly related) to the purpose specified at the time of collection and the individual would reasonably expect us to use or disclose it for this purpose; or
- the use or disclosure is required or authorised by or under law.
Otherwise, we will not use or disclose personal information that we have collected for another purpose unless we have consent from the individual about whom the information relates.
Anonymity
Where practicable and lawful, individuals are able to interact with us anonymously.
Accuracy
We will take all reasonable precautions to ensure that the personal information that we collect, use and disclose is accurate, complete and up to date. However, the accuracy of that information depends to a large extent on the information that is provided to us. If we are notified that the information that we have is not accurate, complete or up-to-date, then we will take action to correct the information.
Security
We will take reasonable steps to ensure that all information that is collected, used or disclosed is accurate, complete, up-to-date, and stored in a secure environment accessed only by authorised personnel.
Access to personal information
With limited exceptions our customers and employees have the right to access their personal information that is held by us. If a copy of personal information is requested from us there may be a charge to cover the administrative costs of providing the information.
Information Privacy Principles and Health Privacy Principles
The Privacy Policy is based on principles as stated in the Victorian Information Privacy Act 2000 and the Health Records Act 2001.
In short, this is a summary of the principles incorporating the Information Privacy Principles and the Health Privacy Principles:
1. Collection - collect only personal information that is necessary for performance of functions. Advise
individuals of the purpose of collection and that they can gain access to their personal information.
2. Use and disclosure - use and disclose personal information only for the primary purpose for which it
was collected or a secondary purpose the person would reasonably expect. The law allows some uses
without consent, such as protect safety.
3. Data quality - make sure personal information is accurate, complete and up to date.
4. Data security - take reasonable steps to protect personal information for misuse, loss, unauthorised
access, notification or disclosure.
5. Openness - document clearly expressed policies on management of personal information and
provide the policies to anyone who asks.
6. Access and correction - individuals have a right to seek access to their personal information and
make corrections. Access and correction will be handled mostly under the Victorian Freedom of
Information Act.
7. Unique identifiers - a unique identifier is usually a number assigned to an individual in order to
identify a person for the purpose of an organisation's operations. As data matching can diminish
privacy this limits adoption and sharing of unique identifiers.
8. Anonymity - give individuals the option of not identifying themselves when entering transactions
with organisations, if that would be lawful and feasible.
9. Transborder data flows - if personal information travels, privacy protection should travel with it.
Transfer of information outside Victoria is restricted. Personal information may be transferred only if
the recipient protects the privacy under similar standards to Victoria's Information Privacy Principles.
10. Sensitive information - the law restricts the collection of sensitive information like an individual's
racial or ethnic origin, political views, religious beliefs, sexual preferences, membership of groups, or
criminal records.
We acknowledge our obligations to adhere to the principles and will take all reasonable steps to comply. The privacy of personal information is protected by legislation; therefore we will be accountable under law if this commitment is not demonstrated in practice.
How to contact us
If you have any questions in relation to our privacy practices, or you wish to review or make corrections to your personal information held by us, please contact Gippsland Water on FREECALL 1800 066 401, fax to (03) 5174 0103, or email us.
All complaints will be dealt with in accordance with our complaints handling guidelines.
More information
Privacy Victoria website
Office of Health Services Commissioner website