Short form privacy policy

This is our short form privacy policy and provides a concise overview of how we handle your personal information. Our full privacy policy provides more detail on how we collect, use and disclose your personal information and how you can access or correct that information.

About the ACCC/AER Privacy Policy

This overview of our privacy policy provides you with a short summary of how the ACCC and AER collects and handles your personal information.

The purpose of our Privacy Policy is to provide information about:

  • what personal information the ACCC and the AER collects
  • how we handle that information, including how we use, disclose and store it
  • how you can access your personal information or make a complaint about our handling of your personal information.

This Privacy Policy should be read in conjunction with the ACCC/AER Information Policy, which sets out the ACCC and AER’s general policy on how it collects, handles, uses and discloses information.

Consumer Data Right

In relation to your privacy rights under the Consumer Data Right (CDR), the rights and obligations set out in this Privacy Policy below apply to the extent they are relevant to the CDR regime. Please also refer to the Consumer Data Right Privacy Policy.

What personal information is collected

The ACCC and AER may collect personal information about you when you interact with us. Generally, the types of personal information collected by the ACCC and AER include:

  • your name
  • your contact details, including email address, postal address and telephone number.

Information you provide to us and your opinion on something, for example when making a complaint, submission, general enquiry or assisting us with our inquiries or investigations, may also be your personal information.

What if I don’t want to share my personal information with you?

If you do not wish to provide the ACCC and AER with your personal information, you may contact us anonymously, or by using a pseudonym. By remaining anonymous, or by using a pseudonym, we may be limited in our ability to respond to or make further enquiries regarding your complaint, submission or enquiry with us.

Do you collect sensitive information?

In some instances, we will request sensitive information. We will only do this where it is relevant to our statutory functions and activities, for example if it is necessary to further an investigation we are conducting, or in administering the Consumer Data Right, we need information about you as a fit and proper person to process your accreditation application. Where we do request sensitive information, we will explain to you why we need it. We can only collect sensitive information with your consent except as otherwise permitted under the Privacy Act.

In some instances, we may ask for sensitive information but make it optional. This means that you do not need to provide it if you don’t want to. In other circumstances, you may voluntarily provide us with sensitive information.

What if I want my personal information removed later?

If you provide your personal information to us, and later request us to remove your personal information from our systems, we may be limited in our ability to do so due to our legal obligations to maintain Commonwealth records.

How personal information is collected

Your personal information may be collected through various means, either directly from you or from third parties.

We may only solicit and collect personal information:

  • for a lawful purpose that is reasonably necessary for, or directly related to, one or more of our functions or activities
  • by lawful and fair means.

In addition, we can only collect sensitive information with your consent, unless an exception applies under the Privacy Act.

From a third party

The ACCC and AER may receive personal information about you from a third party.

The personal information provided by third parties in these circumstances is often your name and contact details, but it could also include an opinion about you.

If the ACCC or AER receives personal information about you from a third party, and this information is relevant to our work, we will take reasonable steps in the circumstances to notify you of certain matters concerning that collection. However please note that in some circumstances, it may be reasonable for us not to notify you.

Providing us with personal information about a third party

If you choose to provide us with the personal information of a third party, please ensure you have the consent of the individual concerned before sharing it with us.

Directly from you

We may collect personal information directly from you. This could include when you:

  • subscribe to our email alerts — we use a third party US-based service Mailchimp to distribute newsletters
  • communicate with us via social media platforms — we use social media platforms such as Twitter, Facebook and YouTube
  • complete an online form or make a submission to us
  • send us an email
  • call our Infocentre or any of the ACCC or AER offices
  • send correspondence to any of the ACCC or AER offices
  • respond to a request to participate in a survey, consultation or study
  • apply for jobs with us.

How personal information is used and disclosed

The ACCC or AER can only use or disclose personal information for the particular purpose for which it was collected, unless one of the following applies:

  • we obtain the individual’s consent to use personal information for a different purpose (that is, a secondary purpose)
  • the individual would reasonably expect us to use or disclose their personal information for a secondary purpose, and that purpose is related to the primary purpose of collecting (or, for sensitive information, directly related to the primary purpose) the personal information
  • the secondary use or disclosure is required or authorised by or under an Australian law or a court/tribunal order
  • the ACCC or AER reasonably believes that the secondary use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body (including the ACCC or AER)
  • another exception in Australian Privacy Principle 6 applies.

Use of personal information

In the context of our statutory functions and activities, if the ACCC or AER receives information in relation to a particular matter — for example, an investigation into a particular trader or an inquiry into an industry — and that information is relevant to another matter, we may use that information in the context of that other matter subject to any legal requirement to the contrary. Likewise, we may use personal information received in relation to one matter for another matter, if relevant to that other matter, subject to any legal requirements to the contrary.

More information on the ACCC and AER's Information Sharing Policy is available on the ACCC website at: ACCC/AER information policy.

The ACCC and AER may also use personal information for the purpose of preparing statistics to enable it to better understand any trends — for example, identifying demographics that may be vulnerable to certain types of scams, and allowing us to better target educational and awareness campaigns.

In some instances, we are required by law to publish submissions you make to us on a public register on our website — this means that your personal information (for example, your name) may be made public on our website in conjunction with your submission.

Please note even if you request to have your personal information removed from the public register or our records down the track, we may be limited in our ability to do so, due to our legal obligations to maintain records on the public register and to maintain Commonwealth Records.

Disclosure of personal information

We may disclose your personal information to a third party such as:

  • external service providers who we engage to assist us with our functions. These could include an external lawyer, economic advisor, auditor, or third party IT service providers (for example, Mailchimp)
  • another regulator (including foreign regulators) or law enforcement agency
  • courts and tribunals
  • other government agencies
  • a business, where that business may have been used as part of a scam
  • to a Royal Commission or Ministerial Inquiry
  • the public, if the personal information is required to be published in a register that can be searched by the public
  • ministers and parliamentary committees.

There may be circumstances where the ACCC or AER is legally required to disclose information (and this may involve personal information). In most cases, we will endeavour to notify and consult any individuals whose personal information may be disclosed about the proposed release of the information.

Where information is disclosed to a third party we will, to the extent reasonably possible, ensure that the third party is subject to the requirements of the Privacy Act or otherwise take steps to ensure that the third party meets our obligations under the Privacy Act, such as including obligations in our contracts.

Disclosing personal information overseas

There are some circumstances where we may share your personal information overseas. For example:

  • the ACCC or AER may seek to disclose information, which may include personal information, to an overseas regulator. Where appropriate, we will endeavour to notify and consult with the provider of the information and any individuals concerned, about the proposed release. Such release is generally undertaken in accordance with Australian law, international treaties, memoranda of understanding or confidentiality agreements between the ACCC or AER and the receiving overseas regulator. We will take reasonable steps (if any) in the circumstances to ensure the overseas recipient protects the personal information we provide to it in accordance with Australian Privacy Principle 8
  • where we use a third party consultant or contractor to provide services to us, and that third party contractor is based overseas, for example Mailchimp as mentioned above in relation to newsletters, or SamKnows (based in London) in relation to Measuring Broadband Australia
  • where we store data in the cloud or on servers that are located outside Australia.

When you apply for jobs with us

By submitting a job application to the ACCC and AER, you consent to us using and disclosing any personal information you have supplied:

  • for the purposes including verifying that information and undertaking further assessment
  • to technical teams from Thomson Reuters and other service providers we use to facilitate assessment tasks to assist with problem resolution in the online recruitment system
  • to external professional services firms when the ACCC and AER seeks their assistance with assessing your application.

By submitting your application to the ACCC and AER, you consent to us collecting additional personal information about you to assist in assessing your suitability for the role you are applying for, and for employment in the APS. We may collect personal information about you from an array of sources, including but not limited to:

  • interviews and online tests
  • comments from people you nominate as referees and other people that can attest to your work performance including previous supervisors, and publicly available information including via social media.

You also consent to us conducting a criminal history check (where applicable), which could involve collection of information from various sources including the Australian Criminal Intelligence Commission.

We currently use a third party service provider, Thomson Reuters (BigRedSky), to provide eRecruitment technology services for us. Your personal information is shared and stored securely with Thomson Reuters on servers in Australia.

Limiting the ACCC and AER’s use of your personal information

If you do not wish to provide the ACCC and AER with your personal information, you may contact us anonymously, or by using a pseudonym. By remaining anonymous, or by using a pseudonym, we may be limited in our ability to respond to or make further enquiries regarding your complaint, submission or enquiry with us.

If you do provide us with your personal information and you wish to limit the use and disclosure of the personal information, we recommend you expressly state those limitations when contacting us.

If you provide personal information in the course of a public review process — for example, you make a submission which may be placed on the ACCC or AER website — and you do not wish for your personal information to be disclosed, you should expressly state this and we can take steps to redact your personal information before placing your submission on the website.

If you do not state any limitations, please note that even if you request to have your personal information removed from the public register or from our records down the track, we may be limited in our ability to do so, due to our legal obligations to maintain records on the public register and to maintain Commonwealth Records.

How personal information is stored

The ACCC and AER will take reasonable steps to protect personal information they hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure.

For example, personal information may be subject to access restrictions. We have in place, policies and information protection procedures, including (where appropriate):

  • physical secure file storage
  • password protection of electronic databases
  • the provision of secure rooms
  • electronic information ‘firewalls’ between branches
  • the provision of information to staff on a ‘need to know’ basis.

The ACCC and AER (including their staff and internal and external consultants) are subject to a number of general prohibitions on making an unauthorised disclosure of information.

How you can access or correct your personal information

Accessing your personal information

You can request access to, and correction of personal information we hold about you in accordance with Australian Privacy Principles 12 and 13.

To request access to your personal information, please complete the enquiry webform. When making your request, please provide sufficient information to enable us to identify records held by us that contain your personal information and to verify that the information contained in the records is your personal information.

We will provide you access to your personal information except in certain circumstances where we are not required to by law.

Where access is refused, the ACCC and AER will act in accordance with the Privacy Act and the APPs.

Correcting your personal information

You can request to correct your personal information by:

  • contacting the staff member or area of the ACCC and AER that you had contact with, or
  • completing the enquiry webform, providing sufficient information to enable us to identify records held by us that contain your personal information and the correction you wish to make.

If we are unable to correct your personal information in the manner you request, we will act in accordance with the procedures outlined in the Privacy Act and the APPs.

How the ACCC and AER manage their obligations

The ACCC and AER’s privacy management plan sets out how the ACCC and AER comply with this policy, the Australian Privacy Principles and the Privacy (Australian Government Agencies – Governance) APP Code 2017. The ACCC and AER measure and document their performance against the privacy management plan periodically.

The ACCC and AER conduct a privacy impact assessment for all projects that have a high privacy risk. Assessments identify the impact of the project on the privacy of individuals, and how to manage, minimise or eliminate that impact.

Privacy Impact Assessments conducted by the ACCC/AER since 1 July 2018 are available on our Privacy Impact Assessment Register.

The ACCC and AER have designated Privacy Officers who handle privacy enquiries, complaints and requests for access to and correction of personal information, and who carry out privacy impact assessments.

Lodging a complaint

If you believe the ACCC or AER has breached the APPs, you can lodge a complaint with an ACCC or AER Privacy Officer by completing the enquiry webform. We will respond to your complaint as soon as possible.

You may also wish to read the Service Charter.

Users enquiring about their rights and remedies for breaches of privacy can access detailed information at the Office of the Australian Information Commissioner.

Visiting our website

We do not collect any personal information purely from your visit to our website. Find out more about the information collected when you visit our website or interact with us online, such as through cookies and website analytics.