View a PDF version of this policy.
About this policy
This policy is written in simple language. The specific legal obligations of the EPSDD when collecting, holding, using and disclosing personal information and individual's rights in relation to their personal information are outlined in the Information Privacy Act 2014 and in particular in the Territory Privacy Principles found in that Act.
"Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not."
It does not include personal health information about an individual which is covered by the Health Records (Privacy and Access) Act 1997.
EPSDD collects, holds, uses and discloses personal information to carry out functions, activities and duties. The Public Sector Management Act 1994, Information Privacy Act 2014, Territory Records Act 2002, Health Records (Privacy and Access) Act 1997 as well as a range of Directorate specific legislation have provisions for the collection and management of personal information.
These functions and activities include, for example:
- administering relevant Territory legislation
- providing advice on land, planning, environment and sustainability
- consulting with stakeholders, for example, on variations to the Territory Plan or Master Planning documents
- maintaining registersabout occupational license holders
- responding to access to information requests including through legal compulsion, such as subpoenas
- communicating with the public, stakeholders and the media including through websites and social media
- managing privacy and freedom of information (FOI) requests and FOI reviews
More specific detail in regard to what information we collect, how it is held, what it is used for, and who it is disclosed to, is detailed in the Information Privacy Annex included with this Policy.
- the kinds of personal information that EPSDD collects and holds
- how EPSDD collects and holds personal information
- the purposes for which EPSDD collects, holds, uses and discloses personal information
- how an individual may access personal information about themselves that is held by EPSDD and seek correction of that information
- how an individual may complain about a breach of the Territory Privacy Principles, any Territory Privacy Principle code that binds EPSDD , and how EPSDD will deal with the complaint
- whether EPSDD is likely to disclose personal information to overseas recipients, and if so, the countries in which the recipients are located
Generally when you deal with EPSDD (for example when calling on the phone to make an enquiry) you have the option of remaining anonymous or using a pseudonym (a made up name).
However, in some situations EPSDD will need you to provide your name in order to provide services or assistance to you (particularly if you require a formal response), or if we are authorised or required by law to deal with an identified individual.
If it is impracticable or unlawful for us to deal with you without you providing identifying information we will let you know why we need your personal information and what it will mean for you if the information is not collected.
Kinds of information we collect and hold
The Information Privacy Annex provides more detail in regard to the information the EPSDD collects relating to its specific functions, activities and duties.
It is important to note that EPSDD tries to only collect the minimum information that the Directorate needs to perform, or is directly related to the performance of, its functions, activities. The personal information we collect and hold will vary depending on what we are required to perform and our responsibilities.
It may include:
- information about your identity (e.g. date of birth, country of birth, passport details,visa details and drivers license)
- your name, address and contact details (eg phone,email and fax)
- information about your personal circumstances (e.g. age, gender, marital status and occupation)
- information about your financial affairs (e.g. payment details, bank account details, and information about business and financial interests)
- information about your employment (e.g. applications for employment, work history, referee comments and remuneration)
- information about assistance provided to you under our assistance arrangements
Sensitive information is handled with additional protections under the Information Privacy Act 2014. Sensitive information is information that is about an individual's:
- racial or ethnic origin
- political opinions
- membership of a political association
- religious beliefs or affiliations
- philosophical beliefs
- membership of a professional or trade
- membership of a trade union
- sexual orientation or practices
- criminal record
- biometric information (including photographs, voice or video recordings of you)
Normally EPSDD will not collect sensitive information without your consent. However, sometimes we may collect sensitive personal information without your consent, such as when it is required or authorised by a law, a court or tribunal order, or is necessary to prevent a threat to the life, health or safety of one or more individuals, or to public health or safety.
EPSDD will not collect personal information about you if we do not need to.
How do we collect personal information
EPSDD will only collect information by lawful and fair means. The main way EPSDD collects personal information about you is when you provide it to EPSDD.
Your personal information may be collected in a variety of ways, including through paper or online forms, in correspondence to and from you as well as email, over the telephone and by fax.
EPSDD collects personal information such as contact details and complaint,review, request or report details when:
- we are required or authorised by law or a Court or tribunal order to collect the information
- you participate in community consultations, forums or make submissions to us, and you consent to our collection of your personal information
- you contact us to ask for information (but only if we need it)
- you make a complaint about the way we have handled an FOI request or seek a review of an FOI decision
- you ask for access to information that EPSDD holds about you or other information about the operations of EPSDD
We may also collect contact details and some other personal information if you are on our committees or participating in a meeting or consultation with us.
Normally we collect information directly from you unless it is unreasonable or impracticable to do so. In certain circumstances, for example where it is required by law, we may also obtain personal information collected by other Australian, state and territory government bodies or other organisations.
We also collect personal information from publicly available sources where that may enable us to perform our functions effectively.
Notice of collection
When EPSDD needs to collect personal information from you we will notify you about:
- who we are and how you can contact us
- the circumstances in which we may or have collected personal information
- the name of the law that requires us to collect this information (if any)
- the purposes for which we collect the information
- how you may be affected if we cannot collect the information we need
- the details of any agencies or types of agencies which we normally share personal information with, including whether those recipients are overseas, and which countries those recipients are located in
- The notice will be included on paper or electronic forms and on the EPSDD website if it collects any personal information.
Collecting through our websites
View the web privacy statement.
Social Networking Services
EPSDD utilises social media for engaging with the community. As a general principle the Directorate does not collect personal information via social media platforms. If a community member provides personal information via social media, EPSDD's moderators will request that the community member take the discussion 'offline' by providing the personal information via another source, such as via email, or by contacting the Access Canberra Contact Centre on 13 22 81.
Personal information is collected for mailing lists for the purposes of communicating with individuals or groups who are interested in receiving news and details of consultation about planning. The personal information on these records relates to customers and stakeholders of the agency.
Information collected includes names, contact details such as email addresses and organisational information.
This information is not disclosed outside of the Directorate or used for purposes other than the stated purpose.
Use and disclosure
EPSDD will not use your personal information for a secondary purpose or share your personal information with other government agencies, private sector organisations or anyone else without your consent, unless an exception applies.
Exceptions are available a number of circumstances including when -
- you would reasonably expect us to use the information for the secondary purpose that is related (or directly related - in the case of sensitive information) to the original purpose for which the information was collected
- the use or sharing of information is legally required or authorised by an Australian law, or court or tribunal order
- the collection is reasonably necessary for an law enforcement-related activity such as the prevention, detection, investigation prosecution or punishment of criminal offences or breaches of the law; intelligence gathering, surveillance, conduct of protective or custodial services we reasonably believe that collection is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
- we have reason to suspect unlawful activity, or misconduct of a serious nature, that relates to our functions and we reasonably believe that collection of the information is necessary in order for us to take appropriate action
- we reasonably believe that the collection is reasonably necessary to help locate a person who has been reported as missing.
If EPSDD has this information it is allowed to provide your biometric information (such as your fingerprints or photograph) or your biometric templates (digital representations of your distinct characteristics) to an enforcement body (like the Australian Federal Police, Department of Immigration) if we comply with any guidelines made by the Information Privacy Commissioner.
EPSDD may also disclose personal information to Commonwealth intelligence agencies where that disclosure is authorised by the head of the intelligence agency and the agency certifies that the collection of the personal information from the EPSDD is necessary for its functions.
More information in regard to disclosures can be found in the Information Privacy Annex included with this policy.
Sharing information with service providers
EPSDD contracts with service providers to support the Directorate to carry out specific activities and functions of the Directorate.
In some circumstances it may be necessary for EPSDD to share personal information with these service providers to enable them to perform their functions efficiently and effectively.
In these situations we protect personal information by only entering into contracts with service providers who agree to comply with Territory requirements for the protection of personal information.
Storage and security of personal information
EPSDD is required to take reasonable steps to ensure that personal information it holds is safe and secure.
We strive to protect your personal information from misuse, interference or loss and from unauthorised access, use, modification or disclosure in accordance with the Information Privacy Act 2014.
The Territory Records Act 2002 establishes frameworks for the management of your personal information if it is held within the files or data systems of EPSDD.
Our IT systems employ comprehensive protections to guard against unauthorised access. Paper- based files are stored securely.
As a part of our general practice personal information is only available to staff who need to have access in order to perform their roles.
Accessing your personal information
In accordance with the Information Privacy Act 2014 (Territory Privacy Principles 12 and 13) you have the right to ask for access to personal information that EPSDD holds about you. You are also entitled to request that we correct that personal information, if you believe it is no longer accurate or up-to-date.
If you contact us to request access to your personal information we must provide you with access to your information in an appropriate manner, if it is reasonable and practicable to do so.
If it is not reasonable or practicable we must respond to your request in writing within 30 days telling you why we are unable to provide you with access to that information.
We will not charge you any fees for making the request or providing you with access.
You also have the right under the Freedom of Information Act 2016 to request access to documents that we hold and ask for information that we hold about you to be changed or annotated if it is incomplete, incorrect, out-of-date or misleading.
Individuals can obtain information regarding access to their personal information by contacting the Information Manager via email to EPDCorporate@act.gov.au or by contacting the Access Canberra Contact Centre on 13 22 81.
Correcting your personal information
If you ask EPSDD to correct your personal information, we must take reasonable steps to correct the information if we are satisfied that it is incorrect, inaccurate, incomplete irrelevant, out-of-date or misleading.
If we agree to correct information and that information has previously been shared with another agency, you may request that we notify the other agency of the possible need for them to correct that information.
There may be reasons why we refuse to correct that information, for example if we are required or authorised by law not to correct the information.
If we refuse to correct the information we must give you written notice of why we have refused to correct your information and how you may complain about our decision, within 30 days.
If we refuse to correct your personal information, you can ask us to attach or link a statement that you believe the information is incorrect and why to the information.
We will not charge you any fees for making the request for correction, correcting the information or attaching a statement to the personal information.
In some circumstances and if it is appropriate, we can assist you to correct your personal information held by us if it is no longer accurate, up-to-date and complete.
How to make a complaint
Complaints about how EPSDD has managed your personal information need to be made in writing to the contact details below. We are also able to assist you to lodge your complaint if required.
We will consider your complaint and make every effort to work with you resolve your issues satisfactorily.
We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days.
If you are not satisfied with our response you may ask for a review by a more senior officer or you can make a formal privacy complaint to the Australian Privacy Commission under section 34 of the Information Privacy Act 2014.
The Australian Privacy Commission is an independent body that will assess your complaint and can make a determination that our actions are an interference with your privacy. If your complaint is upheld by the Commissioner you may be able seek a remedy in the Magistrates Court.
How to contact us
Phone: 13 22 81
In person: 480 Northbourne Ave, Dickson
Disclosure of personal information overseas
In some circumstances EPSDD may need to share or store information with overseas recipients.
If this disclosure is necessary we will take reasonable steps before disclosing the information to ensure that the recipient treats the personal information with the similar standard of care as is required by the Information Privacy Act 2014.
In some cases, the information will already be sufficiently protected under the law governing the overseas recipient, and you can access mechanisms to enforce those protections.
If it is practical and reasonable to do so we will obtain your consent to overseas disclosure.However, there may be situations where we are unable,for example, where we share information as part of a law enforcement activity Quality of personal information
EPSDD is required to take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, and complete.
Personal information we use or disclose must also be relevant for the purpose for which we use or disclose it.