- what personal information we collect
- how we handle that information, including how we use, disclose and store it
- how you can access your personal information or make a complaint about our handling of your personal information.
What personal information is collected
We may collect personal information about you when you interact with us. Generally, the types of personal information collected by us include:
- your name
- your contact details, including email address, postal address and telephone number.
Information you provide us and your opinion on something, for example when making a complaint, submission, general enquiry or assisting us with our inquiries or investigations, may also be your personal information.
What if I don’t want to share my personal information with you?
If you do not wish to provide us with your personal information, you may contact us anonymously, or by using a pseudonym. By remaining anonymous, or by using a pseudonym, we may be limited in our ability to respond to or make further enquiries regarding your complaint, submission or enquiry with us.
What if I want my personal information removed later?
If you provide your personal information to us, and later request us to remove your personal information from our systems, we may be limited in our ability to do so due to our legal obligations to maintain Commonwealth records.
How personal information is collected
We may only solicit and collect personal information:
- for a lawful purpose that is reasonably necessary for, or directly related to, one or more of our functions or activities
- by lawful and fair means.
From a third party
We may receive personal information about you from a third party.
The personal information provided by third parties in these circumstances is often your name and contact details, but it could also include an opinion about you.
If we receive personal information about you from a third party, and this information is relevant to our work, we will take reasonable steps in the circumstances to notify you of certain matters concerning that collection. However please note that in some circumstances, it may be reasonable for us not to notify you.
Providing us with personal information about a third party
If you choose to provide us with the personal information of a third party, please ensure you have the consent of the individual concerned before sharing it with us.
Directly from you
We may collect personal information directly from you. This could include when you:
- subscribe to our email alerts — we use a third party US-based service Mailchimp to distribute newsletters
- communicate with us via social media platforms — we use social media platforms such as Twitter, Facebook and YouTube
- complete an online form or make a submission to us
- send us an email
- call our Infocentre or any of the ACCC or AER offices
- send correspondence to any of the ACCC or AER offices
- respond to a request to participate in a survey, consultation or study
- apply for jobs with us.
How personal information is used and disclosed
We can only use or disclose personal information for the particular purpose for which it was collected, unless one of the following applies:
- we obtain the individual’s consent to use personal information for a different purpose (that is, a secondary purpose)
- the individual would reasonably expect us to use or disclose their personal information for a secondary purpose, and that purpose is related to the primary purpose of collecting (or, for sensitive information, directly related to the primary purpose) the personal information
- the secondary use or disclosure is required or authorised by or under an Australian law or a court/tribunal order
- we reasonably believe that the secondary use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body (including the ACCC or AER)
- another exception in Australian Privacy Principle 6 applies.
Use of personal information
In the context of our statutory functions and activities, if the ACCC or AER receives information in relation to a particular matter — for example, an investigation into a particular trader or an inquiry into an industry — and that information is relevant to another matter, we may use that information in the context of that other matter subject to any legal requirement to the contrary. Likewise, we may use personal information received in relation to one matter for another matter, if relevant to that other matter, subject to any legal requirements to the contrary.
More information on the ACCC and AER's Information Sharing Policy is available on the ACCC website at: ACCC/AER information policy.
The ACCC and AER may also use personal information for the purpose of preparing statistics to enable it to better understand any trends — for example, identifying demographics that may be vulnerable to certain types of scams, and allowing us to better target educational and awareness campaigns.
In some instances, we are required by law to publish submissions you make to us on a public register on our website — this means that your personal information (for example, your name) may be made public on our website in conjunction with your submission.
Please note even if you request to have your personal information removed from the public register or our records down the track, we may be limited in our ability to do so, due to our legal obligations to maintain records on the public register and to maintain Commonwealth Records.
Disclosure of personal information
We may disclose your personal information to a third party such as:
- external service providers who we engage to assist us with our functions. These could include an external lawyer, economic advisor, auditor, or third party IT service providers (for example, Mailchimp)
- another regulator (including foreign regulators) or law enforcement agency
- courts and tribunals
- other government agencies
- a business, where that business may have been used as part of a scam
- to a Royal Commission or Ministerial Inquiry
- the public, if the personal information is required to be published in a register that can be searched by the public
- ministers and parliamentary committees.
There may be circumstances where we are legally required to disclose information (and this may involve personal information). In most cases, we will endeavour to notify and consult any individuals whose personal information may be disclosed about the proposed release of the information.
Where information is disclosed to a third party we will, to the extent reasonably possible, ensure that the third party is subject to the requirements of the Privacy Act or otherwise take steps to ensure that the third party meets our obligations under the Privacy Act, such as including obligations in our contracts.
Disclosing personal information overseas
There are some circumstances where we may share your personal information overseas. For example:
- the ACCC or AER may seek to disclose information, which may include personal information, to an overseas regulator. Where appropriate, we will endeavour to notify and consult with the provider of the information and any individuals concerned, about the proposed release. Such release is generally undertaken in accordance with Australian law, international treaties, memoranda of understanding or confidentiality agreements between the ACCC or AER and the receiving overseas regulator. We will take reasonable steps (if any) in the circumstances to ensure the overseas recipient protects the personal information we provide to it in accordance with Australian Privacy Principle 8
- where we use a third party consultant or contractor to provide services to us, and that third party contractor is based overseas, for example Mailchimp as mentioned above in relation to newsletters
- where we store data in the cloud or on servers that are located outside Australia.
Limiting the ACCC and AER’s use of your personal information
If you do not wish to provide the ACCC and AER with your personal information, you may contact us anonymously, or by using a pseudonym. By remaining anonymous, or by using a pseudonym, we may be limited in our ability to respond to or make further enquiries regarding your complaint, submission or enquiry with us.
If you do provide us with your personal information and you wish to limit the use and disclosure of the personal information, we recommend you expressly state those limitations when contacting us.
If you provide personal information in the course of a public review process — for example, you make a submission which may be placed on the ACCC or AER website — and you do not wish for your personal information to be disclosed, you should expressly state this and we can take steps to redact your personal information before placing your submission on the website.
If you do not state any limitations, please note that even if you request to have your personal information removed from the public register or from our records down the track, we may be limited in our ability to do so, due to our legal obligations to maintain records on the public register and to maintain Commonwealth Records.
How personal information is stored
The ACCC and AER will take reasonable steps to protect personal information they hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
For example, personal information may be subject to access restrictions. We have in place, policies and information protection procedures, including (where appropriate):
- physical secure file storage
- password protection of electronic databases
- the provision of secure rooms
- electronic information ‘firewalls’ between branches
- the provision of information to staff on a ‘need to know’ basis.
The ACCC and AER (including their staff and internal and external consultants) are subject to a number of general prohibitions on making an unauthorised disclosure of information.
How you can access or correct your personal information
Accessing your personal information
You can request access to, and correction of personal information we hold about you in accordance with Australian Privacy Principles 12 and 13.
You can request access to your personal information by:
- contacting the staff member or area of the AER that you had contact with, or
- emailing firstname.lastname@example.org, providing sufficient information to enable us to identify records held by us that contain your personal information and to verify that the information contained in your records is your personal information.
We will provide you access to your personal information except in certain circumstances where we are not required to by law.
Where access is refused, we will act in accordance with the Privacy Act and the APPs.
Correcting your personal information
You can request to correct your personal information by:
- contacting the staff member or area of the ACCC and AER that you had contact with, or
- emailing email@example.com, providing sufficient information to enable us to identify records held by us that contain your personal information and the correction you wish to make.
If we are unable to correct your personal information in the manner you request, we will act in accordance with the procedures outlined in the Privacy Act and the APPs.
How the ACCC and AER manage their obligations
The ACCC and AER’s privacy management plan sets out how the ACCC and AER comply with this policy, the Australian Privacy Principles and the Privacy (Australian Government Agencies – Governance) APP Code 2017. The ACCC and AER measure and document their performance against the privacy management plan periodically.
The ACCC and AER conduct a privacy impact assessment for all projects that have a high privacy risk. Assessments identify the impact of the project on the privacy of individuals, and how to manage, minimise or eliminate that impact.
The ACCC and AER have designated Privacy Officers who handle privacy enquiries, complaints and requests for access to and correction of personal information, and who carry out privacy impact assessments
Lodging a complaint
If you believe the ACCC or AER has breached the APPs, you can lodge a complaint with an ACCC or AER Privacy Officer by emailing firstname.lastname@example.org. We will respond to your complaint as soon as possible.
You may also wish to read our Service Charter.
Users enquiring about their rights and remedies for breaches of privacy can access detailed information at the Office of the Australian Information Commissioner.
Visiting our website
We do not collect any personal information purely from your visit to our website.
Our objective in maintaining an active and expanding Energy Made Easy website is to improve communication with the community at large, specifically to:
- make it possible to quickly provide information about our activities
- encourage feedback from you.
We operate our website using both Australian Government and commercial web hosting facilities. When visiting this website, a record of your visit is logged. We do not collect personal information purely from your visit to our website. The following clickstream data is recorded and is used by us for statistical purposes:
- your IP address
- your top level domain name (for example, .com, .gov, .au, .uk)
- the type of browser you are using
- your operating system (for example, Windows, Mac)
- the date and time of your visit to the site
- the pages accessed and the documents downloaded
- the internet address of the site from which you linked directly to our site.
Clickstream data is anonymised and no attempt will be made to identify users or their browsing activities except in the unlikely event of a data breach, or an investigation when a law enforcement agency or other government agency may exercise its legal authority to inspect our internet web server logs.
We provide a number of online forms for searches, calculators, enquiries, complaints and web feedback. Not all of our online forms provide facilities for the secure transmission of information across the internet. You should be aware that there are inherent risks transmitting information across the internet using non-secure forms. Our secure forms can be identified by the padlock symbol and an address starting with https://.
You can set your browser to notify you before you receive a cookie, giving you the chance to decide whether to accept it. You can also set your browser to turn off cookies. If you do so, some pages in the site may not work properly.
Cookies are either persistent or session based. Persistent cookies are stored on your computer, contain an expiry date, and may be used to track your browsing behaviour upon return to the issuing site. Session cookies are short-lived, are used only during a browsing session, and expire when you quit your browser.
Our website uses both kinds of cookies to provide a rich and session-based experience. The cookies are used to enable us to track users' browsing patterns in order to provide statistical information to improve the usability of the website.
This website uses Google Analytics for website analytics. We use website analytics data to help us make the website better by understanding how our website is used
Google Analytics does not identify individual users or associate your IP address with any other data held by Google.
Google Analytics transmits website traffic data to servers offshore.
You can opt out of Google Analytics cookies by installing an add-on for your web browser.
Last updated on Tuesday, May 16, 2023 at 9:13 AM