VicHealth is committed to protecting personal and health information. VicHealth has adopted the Information and Health Privacy Principles in the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic) as minimum standards when dealing with personal and health information.
When collecting personal or health information, VicHealth takes reasonable steps to advise individuals of what information is sought, for what purpose, whether any law requires the collection of the information and the main consequences, if any, of not providing the information.
Collection of Personal and Health Information – general principles
Where it is necessary, VicHealth collects personal and health information about individuals for the purposes of carrying out the following functions or activities:
- Research and surveys
- Stakeholder consultations, events and capacity building activities
- Campaigns and health promotion programs, and evaluation of these
- Dissemination of email newsletters and publications of interest
- Management of general operations, such as supplier management
- Personnel Management
VicHealth is open and transparent about how it collects, holds, manages, uses, discloses and transfers personal and health information. The organisation adopts tools such as collection notices, terms and conditions and consent forms to inform individuals and ensure they are able to give informed consent.
Use of Social Profiles
When you sign up for mailing lists, VicHealth may use your email profile as the basis to collect publicly available information about you, from Facebook, LinkedIn and Twitter. This information may include your interests, location, age and gender. What information we collect will depend on the social media privacy settings you have used. The information will help us build a profile of your interests so we can tailor our messages to you.
Use and Disclosure of Personal and Health Information
At the time of personal and health information collection, VicHealth must provide notice of how the information will be used, and who it will be disclosed to. VicHealth may disclose personal and/or health information to:
- VicHealth advisers
- parties providing products and/or services to VicHealth (including, without limitation, IT systems suppliers, superannuation, benefits and payroll administrators)
- Australian Government Departments
- regulatory and statutory authorities (including, without limitation, Australian Taxation Office and the police)
- Public sector entities.
- VicHealth funded organisations
- Other third parties where the use or disclosure is required, permitted or authorised by law.
Maintaining the quality of Personal and Health Information
VicHealth takes reasonable steps to ensure Personal and Health Information is accurate, complete and up-to-date, and will endeavour to make appropriate corrections if informed that personal or health information is incorrect.
VicHealth destroys or permanently de-identifies personal and health information once it is no longer required, unless it is necessary to retain this information longer because it is a public record subject to a Public Record Office Victoria retention and disposal authority, or because of other legislative or legal requirements.
Security of Personal and Health Information
VicHealth takes reasonable steps to ensure the security of personal and health information from such risks as loss or unauthorised access, destruction, use, modification or disclosure. VicHealth’s IT systems are password protected and comply with VicHealth security standards, and if personal information is held on paper files, it is stored in locked files. VicHealth only permits personal information to be accessed by authorised personnel. The Victorian Protective Data Security Standard and Records Storage Standard provide additional guidance on information security and storage.
Access to information and making corrections
Individuals have the right by law to access the personal and health information VicHealth holds about them and to update and/or correct it, subject to certain exceptions. If an individual wishes to access or correct their personal Information they should contact the Privacy Officer or the person within VicHealth who holds the personal information.
Unique identifiers in the form of an employee number are assigned to VicHealth staff. Unique identifiers are also assigned to the primary contact persons of VicHealth funded organisations in VicHealth’s grants management system. Both instances are used for internal purposes, and not shared externally. Unique identifiers created by other organisations will not be requested or subsequently disclosed unless required by law.
Transfer of Information outside Victoria
VicHealth primarily stores personal and health information onsite or in Victorian-based systems and storage facilities. For any data storage that is not Victorian based VicHealth endeavours wherever possible to ensure data is in a jurisdiction with equivalent Privacy laws
Sensitive information relating to individuals is not routinely collected. VicHealth will only collect sensitive information with consent or where required by law.
You can configure your browser to notify you when you receive a cookie, providing you with the opportunity to either accept or reject it. You can also refuse all cookies by turning them off in your browser or deleting all cookies from your computer.
VicHealth uses Google Analytics to collect data to track how our visitors interact with this Website. This data includes the number of visits to the Website, the time and date of visits to the Website and its pages, where the user came from, what the user did on the site and whether the user has completed any transactions on the site such as newsletter registration, demographics and interest reporting (such as where the user is from, age group, gender and interest area).
This information is anonymous and is used for statistical purposes to ensure that our Website is providing information relevant to our users.
Enquiries or complaints
Any enquiries or complaints should be directed to the VicHealth Privacy Officer, either via email at firstname.lastname@example.org, or via telephone at (03) 9667 1333. If a complaint cannot be resolved, the Privacy Officer will refer the complaint to the Commissioner for Privacy and Data Protection or the Health Services Commissioner (for health information).