ACCC/AER Privacy Policy

This policy sets out how the ACCC and the AER will handle personal information, including providing information on the types of personal information generally collected, and how personal information is collected, used, disclosed and stored.

Purpose and scope

The purpose of our Privacy Policy is to provide information about:

  • what personal information the ACCC and the AER collects
  • how we handle that information, including how we use, disclose and store it
  • how you can access your personal information or make a complaint about our handling of your personal information.

This Privacy Policy should be read in conjunction with the ACCC/AER Information Policy, which sets out the ACCC and AER’s general policy on how it collects, handles, uses and discloses information.

The ACCC and AER are subject to the Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs) contained in Schedule 1 of the Privacy Act. The APPs set out the manner in which agencies and organisations may collect, store, use and disclose personal information and how a person can access and/or correct records containing their personal information.

The ACCC and AER are also subject to the Privacy (Australian Government Agencies – Governance) APP Code, which came into force on 1 July 2018.

Personal information

Personal information is defined in the Privacy Act as any ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not, and
  • whether the information or opinion is recorded in a material form or not’ (s 6(1)).

Note: Information that is purely about a business and not an individual is not personal information and will not be covered by this Privacy Policy. Please refer instead to the ACCC/AER Information Policy.

Sensitive information

Sensitive information is a special subset of personal information which requires greater protection under the Privacy Act. Sensitive information is defined in the Privacy Act as:

  • information or an opinion about an individual’s:
    • racial or ethnic origin
    • political opinions
    • membership of a political association
    • religious beliefs or affiliations
    • philosophical beliefs
    • membership of a professional or trade association
    • membership of a trade union
    • sexual orientation or practices, or
    • criminal record, that is also personal information
  • health information about an individual
  • genetic information about an individual that is not otherwise health information
  • biometric information that is to be used for the purpose of automated biometric verification or biometric identification, or
  • biometric templates.

Consumer Data Right

In relation to your privacy rights under the Consumer Data Right (CDR), the rights and obligations set out in this Privacy Policy below apply to the extent they are relevant to the CDR regime. Please also refer to the Consumer Data Right Privacy Policy for details on the collection, use and handling of your personal information specific to the CDR regime.

About the ACCC and the AER

The ACCC is an independent Commonwealth statutory authority whose role is to enforce the Competition and Consumer Act 2010 (Competition and Consumer Act) and a range of additional legislation, promoting competition, fair trading, and regulating national infrastructure for the benefit of all Australians.

The AER is Australia’s national energy market regulator and has an independent board. The ACCC and the AER share staff, resources and facilities.

While specific functions vary according to the legislated responsibilities that underpin the ACCC and AER, the two bodies share many common objectives, both working to protect, strengthen and supplement competitive market processes.

More information about the ACCC and the AER is available on the ACCC website at: About the ACCC.

What personal information is collected

The ACCC and AER may collect personal information about you when you interact with us.

Generally, the types of personal information collected by the ACCC and AER include:

  • your name
  • your contact details, including email address, postal address and telephone number.

Information you provide to us and your opinion on something, for example when making a complaint, submission, general enquiry or assisting us with our inquiries or investigations, may also be your personal information.

What if I don’t want to share my personal information with you?

If you do not wish to provide the ACCC and AER with your personal information, you may contact us anonymously, or by using a pseudonym. By remaining anonymous, or by using a pseudonym, we may be limited in our ability to respond to or make further enquiries regarding your complaint, submission or enquiry with us.

Do you collect sensitive information?

In some instances, we will request sensitive information. We will only do this where it is relevant to our statutory functions and activities, for example if it is necessary to further an investigation we are conducting, or in administering the Consumer Data Right, we need information about you as a fit and proper person to process your accreditation application. Where we do request sensitive information, we will explain to you why we need it. We can only collect sensitive information with your consent except as otherwise permitted under the Privacy Act.

In some instances, we may ask for sensitive information but make it optional. This means that you do not need to provide it if you don’t want to. For example:

  • when you are applying for jobs with us we may ask whether you have a disability, in order to provide assistance to you with the application process
  • we may ask you whether you are from a culturally or linguistically diverse background, for statistical purposes and to help us better target our consumer communication strategies.

In other circumstances, you may voluntarily provide us with sensitive information. For example:

  • you may choose to disclose to us your racial or ethnic origin, political opinions or beliefs in reporting a scam to Scamwatch
  • you may choose to disclose to us your membership of a professional or trade association in making a complaint about misleading and deceptive conduct against that association.

Sensitive information may require different handling. The ACCC and AER will handle personal information that is sensitive information consistently with the Privacy Act.

What if I want my personal information removed later?

If you provide your personal information to us, and later request us to remove your personal information from our systems, we may be limited in our ability to do so due to our legal obligations to maintain Commonwealth records.

How personal information is collected

Your personal information may be collected through various means, either directly from you or from third parties.

We may only solicit and collect personal information:

  • for a lawful purpose that is reasonably necessary for, or directly related to, one or more of our functions or activities
  • by lawful and fair means.

In addition, we can only collect sensitive information with your consent, unless an exception applies under the Privacy Act.

From a third party

The ACCC and AER may receive personal information about you from a third party. For example:

  • during the course of an investigation you may be identified by a market participant as a person we may wish to contact
  • we may receive information about you from the police, a government agency, industry body or another regulator (including international regulators). This could be in the context of someone reporting a scam or an alleged-wrongdoing to us.

The personal information provided by third parties in these circumstances is often your name and contact details, but it could also include an opinion about you.

If the ACCC or AER receives personal information about you from a third party, and this information is relevant to our work, we will take reasonable steps in the circumstances to notify you of certain matters concerning that collection. However please note that in some circumstances, it may be reasonable for us not to notify you.

Providing us with personal information about a third party

If you choose to provide us with the personal information of a third party, please ensure you have the consent of the individual concerned before sharing it with us.

Directly from you

We may collect personal information directly from you. This could include when you:

  • subscribe to our email alerts
  • communicate with us via social media platforms
  • complete an online form or make a submission to us
  • send us an email
  • call our Infocentre or any of the ACCC or AER offices
  • send correspondence to any of the ACCC or AER offices
  • respond to a request to participate in a survey, consultation or study
  • apply for jobs with us.

When you subscribe to email alerts or interact with us on social media

When you subscribe to email alerts you must provide an email address to which the system can send your alerts. You are free to use an anonymous email address. We will not use your email address to send you any unsolicited information, unless you otherwise indicate that you would like to receive additional information from us.

Mailchimp

The ACCC and AER distribute newsletters using Mailchimp, which is used to create, send, and manage emails. Mailchimp may collect personal information, such as distribution lists which contain email addresses, and other information relating to those email addresses. For further information about the type of personal information Mailchimp collects, refer to the Mailchimp Privacy Policy.

The ACCC and AER will only use your personal information to:

  • create, send and manage emails relating to the work of the ACCC and AER
  • measure email campaign performance and evaluate your use of our website
  • compile reports on website activity for website operators
  • provide other services relating to website activity and internet usage.

Mailchimp is based in the United States of America (USA) and the information collected about your use of the website (including your IP address) will be transmitted to and stored by Mailchimp on servers located outside Australia. Mailchimp may collect personal information, such as distribution lists that contain email addresses, and other information relating to those email addresses.

By subscribing to any of our eNewsletters:

  • you consent to your personal information being collected, used, disclosed and stored as set out in Mailchimp’s Privacy Policy and agree to abide by Mailchimp’s Terms of Use
  • you understand and acknowledge that this service utilises a Mailchimp platform, which is located in the United States of America (USA) and relevant legislation of the USA will apply
  • you agree that Australian Privacy Principle 8.1 contained in Schedule 1 of the Privacy Act will not apply
  • you understand and acknowledge that Mailchimp is not subject to the Privacy Act and you will not be able to seek redress under the Privacy Act but will need to seek redress under the laws of the USA.

You can opt out of our mailing list by choosing the ‘unsubscribe’ service provided by Mailchimp in every email, or contact the ACCC Web team at communications@accc.gov.au.

Social media

We use social media platforms such as Twitter, Facebook and YouTube to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public.

The social media platforms will also handle your personal information for their own purposes. These services have their own privacy policies. You can access the privacy policies for Twitter, Facebook and YouTube (a Google company) on their websites.

When you contact us to make a general inquiry, complaint or submission

This applies to general enquiries, complaints or submissions in relation to an ACCC or AER investigation, or if you make a submission on regulatory changes.

We provide a number of online forms for enquiries, complaints, reports, submissions and web feedback. Our secure forms can be identified by the padlock symbol and an address starting with https://.

The personal information you provide to the ACCC or AER on our websites is voluntary.

Whispli

The ACCC uses the secure, third party anonymous reporting tool Whispli to receive complaints or tip-offs about suspected cartel conduct and certain kinds of conduct in the construction and agriculture industry. You do not need to provide any personal or identifying information in using this tool.

The ACCC may use the information it receives through Whispli to form the basis of potential investigations into the conduct reported to us. Users can access the platform via an anonymous password and all information is encrypted. The ACCC will not be able to view your IP address.

For further information on how Whispli handles the personal information you have provided, refer to the Whispli Privacy Policy and Informant Terms.

How personal information is used and disclosed

Generally, when we receive personal information it is in relation to, or provided together with, other information that is in connection with the ACCC and AER’s functions and activities. Therefore, at the broadest level, the ACCC collects personal information for the primary purpose of fulfilling its functions and activities. It may be that the primary purpose of collection is more limited — for example, that it is collected for the purpose of recording a consumer complaint against a particular trader.

The ACCC or AER can only use or disclose personal information for the particular purpose for which it was collected, unless one of the following applies:

  • we obtain the individual’s consent to use personal information for a different purpose (that is, a secondary purpose)
  • the individual would reasonably expect us to use or disclose their personal information for a secondary purpose, and that purpose is related to the primary purpose of collecting (or, for sensitive information, directly related to the primary purpose) the personal information
  • the secondary use or disclosure is required or authorised by or under an Australian law or a court/tribunal order
  • the ACCC or AER reasonably believes that the secondary use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body (including the ACCC or AER)
  • another exception in Australian Privacy Principle 6 applies.

In many cases, personal information is provided together with other confidential information that is in connection with the ACCC and AER’s functions and activities. We are required to handle such confidential information in accordance with our obligations under the Competition and Consumer Act (for example, s. 155AAA) and other similar legislation that limits the use and disclosure of confidential information.

Much of the information we handle is confidential information, or ‘protected information’, and we have systems and procedures in place to protect confidentiality, and only use protected information in accordance with our statutory obligations.

Use of personal information

In the context of our statutory functions and activities, if the ACCC or AER receives information in relation to a particular matter — for example, an investigation into a particular trader or an inquiry into an industry — and that information is relevant to another matter, we may use that information in the context of that other matter subject to any legal requirement to the contrary. Likewise, we may use personal information received in relation to one matter for another matter, if relevant to that other matter, subject to any legal requirements to the contrary.

More information on the ACCC and AER’s Information Sharing Policy is available on the ACCC website at: ACCC/AER information policy.

The ACCC and AER may also use personal information for the purpose of preparing statistics to enable it to better understand any trends — for example, identifying demographics that may be vulnerable to certain types of scams, and allowing us to better target educational and awareness campaigns.

Disclosure of personal information

We may disclose your personal information to a third party such as:

  • external service providers who we engage to assist us with our functions. These could include an external lawyer, economic advisor, auditor, or third party IT service providers (for example, Mailchimp)
  • another regulator (including foreign regulators) or law enforcement agency
  • courts and tribunals
  • other government agencies
  • a business, where that business may have been used as part of a scam
  • to a Royal Commission or Ministerial Inquiry
  • the public, if the personal information is required to be published in a register that can be searched by the public
  • ministers and parliamentary committees.

There may be circumstances where the ACCC or AER is legally required or permitted to disclose information (and this may involve personal information). Examples of when we may be legally required to disclose information include in response to requests under the Freedom of Information Act (where the request meets the requirements in the Act) or in response to court/tribunal orders.

In most cases, we will endeavour to notify and consult any individuals whose personal information may be disclosed about the proposed release of the information. However, in some instances we are not legally required to notify the individual prior to disclosing or sharing the information.

Where information is disclosed to a third party we will, to the extent reasonably possible, ensure that the third party is subject to the requirements of the Privacy Act or otherwise take steps to ensure that the third party meets our obligations under the Privacy Act, such as including obligations in our contracts.

In some instances, we are required by law to publish submissions you make to us on a public register on our website — this means that your personal information (for example, your name) may be made public on our website in conjunction with your submission.

  • For example, in relation to our authorisation and notification processes, we are required to keep a public register of documents including records of submissions made in relation to the application or notification. Where this is the case, you will be clearly notified of this prior to making a submission and/or we will consult you before publication of the submission.
  • Please note even if you request to have your personal information removed from the public register or our records down the track, we may be limited in our ability to do so, due to our legal obligations to maintain records on the public register and to maintain Commonwealth Records.

Disclosing personal information overseas

There are some circumstances where we may share your personal information overseas. For example:

  • the ACCC or AER may seek to disclose information, which may include personal information, to an overseas regulator. The specific country we will disclose to will depend on the particular matter. Where appropriate, we will endeavour to notify and consult with the provider of the information and any individuals concerned, about the proposed release. Such release is generally undertaken in accordance with Australian law, international treaties, memoranda of understanding or confidentiality agreements between the ACCC or AER and the receiving overseas regulator. We will take reasonable steps (if any) in the circumstances to ensure the overseas recipient protects the personal information we provide to it in accordance with Australian Privacy Principle 8
  • where we use a third party consultant or contractor to provide services to us, and that third party contractor is based overseas — for example, Mailchimp as mentioned above in relation to newsletters, or SamKnows (based in London) in relation to Measuring Broadband Australia
  • where we store data in the cloud or on servers that are located outside Australia.

When you apply for jobs with us

By submitting a job application to the ACCC and AER, you consent to us using and disclosing any personal information you have supplied:

  • for the purposes including verifying that information and undertaking further assessment
  • to technical teams from ThomsonReuters and other service providers we use to facilitate assessment tasks to assist with problem resolution in the online recruitment system
  • to external professional services firms when the ACCC and AER seeks their assistance with assessing your application.

By submitting your application to the ACCC and AER, you consent to us collecting additional personal information about you to assist in assessing your suitability for the role you are applying for, and for employment in the APS. We may collect personal information about you from an array of sources, including but not limited to:

  • interviews and online tests
  • comments from people you nominate as referees and other people that can attest to your work performance, including previous supervisors, and publicly available information, including via social media.

You also consent to us conducting a criminal history check (where applicable), which could involve collection of information from various sources including the Australian Criminal Intelligence Commission.

We currently use a third party service provider, ThomsonReuters (BigRedSky), to provide eRecruitment technology services for us. Your personal information is shared and stored securely with ThomsonReuters on servers in Australia.

Limiting the ACCC and AER’s use of your personal information

If you do not wish to provide the ACCC and AER with your personal information, you may contact us anonymously, or by using a pseudonym. By remaining anonymous, or by using a pseudonym, we may be limited in our ability to respond to or make further enquiries regarding your complaint, submission or enquiry with us.

If you do provide us with your personal information and you wish to limit the use and disclosure of the personal information, we recommend you expressly state those limitations when contacting us.

If you provide personal information in the course of a public review process — for example, you make a submission which may be placed on the ACCC or AER website — and you do not wish for your personal information to be disclosed, you should expressly state this and we can take steps to redact your personal information before placing your submission on the website.

If you do not state any limitations, please note that even if you request to have your personal information removed from the public register or from our records down the track, we may be limited in our ability to do so, due to our legal obligations to maintain records on the public register and to maintain Commonwealth Records.

How personal information is stored

The ACCC and AER will take reasonable steps to protect personal information they hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure.

Personal information will generally be contained in a Commonwealth record. The ACCC and AER have a number of systems for storing and managing their Commonwealth records and protecting personal information.

For example, personal information may be subject to access restrictions. We have in place policies and information protection procedures, including (where appropriate):

  • physical secure file storage
  • password protection of electronic databases
  • the provision of secure rooms
  • electronic information ‘firewalls’ between branches
  • the provision of information to staff on a ‘need to know’ basis.

The ACCC and AER (including their staff and internal and external consultants) are subject to a number of general prohibitions on making an unauthorised disclosure of information.

Storage of personal information (and the disposal of documents when no longer required) is managed in accordance with the Australian Government records management regime, including the Archives Act 1983 (Archives Act), Records Authorities and General Disposal Authorities.

How you can access or correct your personal information

Accessing your personal information

You can request access to, and correction of personal information we hold about you in accordance with Australian Privacy Principles 12 and 13.

To request access to your personal information, please complete the enquiry webform. When making your request, please provide sufficient information to enable us to identify records held by us that contain your personal information and to verify that the information contained in the records is your personal information.

We will provide you access to your personal information except in certain circumstances where we are not required to by law.

Where access is refused, the ACCC and AER will act in accordance with the Privacy Act and the APPs.

Correcting your personal information

You can request to correct your personal information by:

  • contacting the staff member or area of the ACCC and AER that you had contact with, or
  • completing the the enquiry webform, providing sufficient information to enable us to identify records held by us that contain your personal information and the correction you wish to make.

If we are unable to correct your personal information in the manner you request, we will act in accordance with the procedures outlined in the Privacy Act and the APPs.

How the ACCC and AER manage their obligations

The ACCC and AER’s privacy management plan sets out how the ACCC and AER comply with this policy, the Australian Privacy Principles and the Privacy (Australian Government Agencies – Governance) APP Code 2017. The ACCC and AER measure and document their performance against the privacy management plan periodically.

The ACCC and AER conduct a privacy impact assessment for all projects that have a high privacy risk. Assessments identify the impact of the project on the privacy of individuals, and how to manage, minimise or eliminate that impact.

Privacy Impact Assessments conducted by the ACCC/AER since 1 July 2018 are available on our Privacy Impact Assessment Register.

The ACCC and AER have designated Privacy Officers who handle privacy enquiries, complaints and requests for access to and correction of personal information, and who carry out privacy impact assessments.

Lodging a complaint

If you believe the ACCC or AER has breached the APPs, you can lodge a complaint with an ACCC or AER Privacy Officer by completing the the enquiry webform. We will respond to your complaint as soon as possible.

You may also wish to read our Service Charter.

Users enquiring about their rights and remedies for breaches of privacy can access detailed information at the Office of the Australian Information Commissioner.

Visiting our website

We do not collect any personal information purely from your visit to our website. Find out more about the information collected when you visit our website or interact with us online, such as through cookies and website analytics.