Skip to main content
Are you a healthcare provider? Visit the healthcare Provider Portal

Privacy policy

Overview

In this Policy, when we use weus or our, we are referring to the Australian Digital Health Agency. When we use you or your we are referring to the reader as an individual.

As a Commonwealth entity, we must have a Privacy Policy outlining how we handle personal information in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Cth) (Privacy Act).

This Privacy Policy sets out how we collect, use and disclose personal information to carry out our functions under the Public Governance, Performance and Accountability (Establishing the Australian Digital Health Agency) Rule 2016 (the Agency Rule). It covers all our functions, except where there is another Privacy Policy in place for specific activities. This includes:

When we use third party services with their own policies, those policies may apply in addition to the applicable Agency Privacy Policy.

What is personal information?

Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable.

Why do we collect and handle personal information?

We collect and handle personal information (other than sensitive information) when it is directly related to, or reasonably necessary for, our functions or activities.

Whose personal information do we collect?

We may collect personal information about you:

  • when you contact us with an enquiry or complaint
  • when you use our websites
  • when you deal with us as part of a consultation. For example, as part of a reference group, a representative of the community or a stakeholder organisation
  • if we deal with you as part our managing the day-to-day business of the Agency
  • if you supply goods and services to us (including potential, current, former and potential contractors)
  • when you are a current, former or potential employee.

How do we collect personal information?

We may collect personal information about you:

  • by telephone, video conferencing or online collaboration applications, facsimile, mail or email
  • from websites we own or operate
  • from other government organisations or third parties providing services to us
  • from third party software platforms we use to conduct business activities such as Microsoft Teams, Survey Manager, Seek, APS Gazette or JobAdder
  • in person.

Wherever possible, we collect personal information directly from you. Unless it is unreasonable or impracticable to do so, we only collect personal information from a third party with your consent or where authorised under an Australian law.

What personal information do we collect?

The type of personal information that we may collect include your:

  • name and other identifying information
  • evidence of identity documents
  • job title
  • contact information such as an address, email and contact number
  • images and voices
  • resumes and other work history information provided to us
  • employee records as defined in the Privacy Act.

Do we collect sensitive personal information?

We only collect sensitive information (including health information) where it is reasonably necessary for, or directly relates to, one of our functions or activities. We will only collect sensitive information with your consent or where collection is required or authorised by law.

Where relevant, this may include your:

  • membership of a professional association, for example, where you represent a professional association in their dealings with us or include that information as part of a job application
  • sensitive information collected as part of consultation, or as part of a complaint
  • sensitive information collected as part of creating content, for example, communications campaigns for us and our activities
  • other sensitive information collected from employees and job applicants to meet our employment obligations. For example, a National Police Check or your health information relevant to the workplace
  • health information where first aid is administered to you on our premises.

How do we use and disclose personal information?

We may disclose personal information where you would reasonably expect us to do so and the information relates to the primary purpose of collection. We may also disclose personal information with your consent or where disclosure is required or authorised by law. We may use or disclose the personal information we collect in order to:

  • respond to enquiries and complaints and otherwise engage with stakeholders
  • communicate information to you about any initiative offered by or associated with us, including invitations to consultation or engagement events
  • provide marketing information about goods, services, events or initiatives which may be of interest
  • improve products and services by using information you have provided us
  • conduct business with our business associates and contractors
  • manage our employment relationships and responsibilities
  • promote our activities through communications material
  • engage and manage our workforce
  • deliver on our functions and meet our legal obligations. This may include for example, disclosing employee personal information to the Australian Government Security Vetting Service.

If you receive marketing materials from us you may opt out of further communications of this nature.

Information provided via our websites or third-party applications

We will collect your personal information if it is provided when using our websites. We will use and disclose this information for the purpose for which you provided it. We sometimes use third party applications to collect personal information from you. This includes the following:

  • Microsoft Teams to collaborate with our stakeholders. We may collect the name you provide Microsoft if you attend a meeting through Microsoft Teams. This information helps us to know who is attending and how long they attended. You can view Microsoft’s privacy policy here.
  • JobAdder to store and manage your personal information to assist with our recruitment activities for potential employees. You can access JobAdder’s privacy policy here.
  • Recruiting platforms including Seek and the APS Gazette for job advertisements and applications. You can access Seek’s privacy policy here and the APS Gazette’s privacy policy here.
  • We may use Xref to conduct reference checks with referees whose details you provide to us. Xref will collect personal information about you from your nominated referee(s) and disclose this to us to consider and facilitate your application for employment. You can access Xref’s privacy policy here.
  • Survey Manager to collect feedback about us or the services that we provide. These surveys may collect personal information if provided in an individual’s response. You can view Survey Manager’s privacy policy here.

Social networking services

We use social networking services such as Twitter, Facebook and YouTube to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will handle your personal information for its own purposes. These services have their own privacy policies which are accessible on their websites.

Website analytics and cookies

Our websites use Google Analytics to help us to continually improve the user experience.

Google Analytics is hosted by a third party. We use Google Analytics to collect data about an your interaction with our websites. The type of data that we may collect using this tool includes your device’s IP address, type of device and browser used to visit the websites, geographic location, search terms and pages visited, as well as date and time when website pages were accessed. We use this data for the purpose of improving website user experience and monitoring use of our websites.

Google Analytics collects information using cookies. Cookies are small data files transferred onto computers or devices by websites. We use cookies for record keeping purposes and to enhance the websites’ functionalities. We collect other information about user interaction through cookies associated with Google Fonts, New Relic and SolarWinds Pingdom. The sole purpose of collecting data in this way is to improve user experience our websites.

Most browsers allow an you to choose whether to accept cookies. Please find further information on how to manage or disable cookies in common browsers below:

You can block cookies by setting your browser to refuse all or some cookies. However, blocking all cookies may impede full functionality of our websites.

Access and correction

You have the right to request access and/or correct the personal information we hold about you. If you wish to request access to or a correction of your personal information, you can contact us using the details below. We may request evidence of identity before granting a request for access or correction.

Storage and security

We take steps to protect the security of the personal information we hold from both internal and external threats. We regularly assess the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of that information. For example, we use multi-factor authentication to authenticate employees before they can remotely access our systems. We also take measures to assess those risks; for example, we keep a record (audit trail) of when someone has added, changed or deleted personal information held electronically on our corporate file system.

Overseas disclosure

Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries.

When you communicate with us through a social network service such as Facebook, Twitter, LinkedIn or YouTube, the social network provider and its partners may collect and hold your personal information overseas.

Anonymity

Where possible, we will allow you to interact with us anonymously or by using a pseudonym. For example, if you contact our support centre with a general question we will not ask for a name unless this is needed to adequately handle the question.

However, for most of our functions and activities, we usually need your name and contact information and enough information about the particular matter to fairly and efficiently handle the enquiry, request, complaint or application, or to act on the report.

Enquiries and complaints

If you wish to make an enquiry or complaint relating to the handling of your personal information, please contact us using the details below. If you have a complaint, we will respond as quickly as possible and inform you of the progress of your complaint. We may collect additional personal information to investigate and resolve your complaint. If you are not satisfied with our response to your complaint, you may complain to the Office of the Australian Information Commissioner.

Contact details

Healthcare providers can contact us by calling 1300 901 001. For further information on how to contact us, visit our contact page.

Changes to policy

We may review and update this Privacy Policy to take account of new laws and technology and changes to our operations. Please visit this page periodically to check for updates.