Privacy Policy - Commission for Gender Equality in the Public Sector

How the Commission for Gender Equality in the Public Sector handles privacy.

We are committed to protecting your privacy. This Policy explains how we collect, use, disclose and handle personal information.

For defined entities seeking guidance on managing privacy, please see How do I maintain my employees' privacy?

1. Who we are

The Commission for Gender Equality in the Public Sector supports the Public Sector Gender Equality Commissioner (Commissioner) to oversee the implementation of the Gender Equality Act 2020 (Vic) (Act) and promote gender equality in the public sector workforce and the broader Victorian community.

The functions of the Commissioner include:

  • promoting and advancing the objects of the Act
  • supporting defined entities to comply with the Act
  • providing advice to defined entities about the Act
  • establishing and undertaking information and education programs for defined entities
  • dealing with systemic gender equality disputes arising under enterprise agreements and workplace determinations in accordance with Division 3 of Part 7 of the Act
  • undertaking research related to the operation and objectives of the Act
  • reporting to the Minister for Women
  • other functions conferred on the Commissioner under the Act.

A defined entity under the Act includes an entity with more than 50 employees that is either a public service body, a public entity, a special body, a Council, Court Services Victoria, a university, the Office of the Public Prosecution, or a prescribed entity.


2. Why we collect information

We collect, hold, use and disclose personal information to:

  • undertake our functions under the Act (see paragraph 1.1)
  • help to resolve gender inequality disputes that arise under the Act
  • communicate updates to defined entities and the general public
  • perform research and data analysis to achieve our functions under the Act
  • promote ourselves and our functions
  • obtain products and services for our organisation.

We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or for purposes:

  • which are required or authorised by or under law
  • for which you have provided your consent.

Our privacy and data management obligations

We are required to comply with the Information Privacy Principles (IPPs) in the Privacy and Data Protection Act 2014 (Vic) (PDP Act). The IPPs regulate the way personal information is handled, from collection to use and disclosure, security, accessibility and disposal. We are also required to comply with the Health Records Act 2001 (Vic) when we collect and handle health information. When dealing with a systemic gender equality dispute under the Act, the Commission is also required to comply with the secrecy provisions at clause 46-46A of the Act.

We also have obligations under the Public Records Act 1973 (PR Act) in relation to the retention and destruction of public records.


3. What we collect

3.1 Types of information we collect

The type of personal information that we collect about you depends on the type of dealings you have with us. For example, if you:

  • Submit a dispute resolution application form:
    • We will collect the information you include in your application, including the applicant(s) names, telephone number, postal address, email address, your employer, the respondent to your complaint and the details of the dispute.
  • Subscribe to our email mailing list:
  • Provide information as part of a grant application:
    • We will collect the information provided in the application, as well as your name and contact details.
  • Work for one of our suppliers:
    • We may collect details such as your name, job title, address, telephone number and email address.
  • Send us an enquiry or provide us with feedback:
    • We will collect your name, contact details, details of your enquiry or feedback and information about our response.
  • Request access to our reporting platform:
    • We will collect your name, email address and organisation details for the purpose of issuing you with an account to use the reporting platform.
  • Are employed by a defined entity:
    • Your employer may provide us with de-identified information about you as part of their workplace gender audit results (see paragraph 3.3 below).

3.2 Sensitive information

We only collect sensitive information where it is reasonably necessary for our functions or activities under the Act and either:

  • the individual has consented
  • we are required or authorised by or under law to do so (e.g. under the Act).

3.3 Workplace gender audit results

Under the Act defined entities are required to provide us with workplace gender audit results as part of their Gender Equality Action Plans. A workplace gender audit is used to assess the state and nature of gender inequality in a defined entity.

In their workplace gender audit results, defined entities provide us with data on:

  • the workplace gender equality indicators:
    • the gender composition of all levels of the workforce
    • gender composition of governing bodies
    • equal remuneration for work of equal or comparable value across all levels of the workforce, irrespective of gender
    • sexual harassment in the workplace
    • recruitment and promotion practices in the workplace
    • availability and utilisation of terms, conditions and practices relating to family violence leave, flexible working arrangements, and working arrangements supporting employees with family or caring responsibilities
    • gendered segregation in the workplace.
  • their employees’:
    • relative level to the CEO
    • gender
    • employment status and type (full time, part time, casual)
    • salary and remuneration
    • occupational category (ANZSCO)
    • governing body membership
    • disability status
    • cultural identity
    • religion
    • sexual orientation.

Information provided through workplace gender audit results will be de-identified (employees’ names and personal identifiers such as employee numbers are not included). However, depending on the size of the defined entity, it may still be possible for people with access to this information to ascertain an individual’s identity based on all the information that is collected. If this is the case, this means we may collect sensitive information and personal information about employees.

We will remove any personal information from workplace gender audit results and Gender Equality Action Plans before they are further distributed or published, in accordance with the Act.

3.4 Resolution of systemic gender equality disputes

When dealing with a systemic gender equality dispute under the Act, the Commission will collect personal information when you:

  • Submit a dispute resolution application form:
    • We will collect the information you include in your application, including the applicant(s) names, telephone number, postal address, email address, your employer, the respondent to your complaint and the details of the dispute.
    • Depending on the nature of the dispute, this may include sensitive information – such as health information, information about disabilities, racial or ethnic origin, and sexual orientation.
  • Submit documents in support of your application or response that contain personal information.
  • Submit enquiries or requests to the Commission in relation to the dispute resolution process (for example, with regards to accessibility requirements) that contain personal or sensitive information.
  • Provide any such personal information to the Commission during conciliation of the dispute, in any preparation or follow-up discussions in the course of resolving the dispute, or within any settlement agreement provided to the Commission.
  • Provide any such information to the Commission in correspondence relating to the dispute or in any feedback in relation to the dispute resolution process.

3.5 Collection of information other than personal information through our websites

Our website contains different components. In this policy, when we refer to the “main website” it means www.genderequalitycommission.vic.gov.au. Our “reporting platform” is report.genderequalitycommission.vic.gov.au and “public register” is insights.genderequalitycommission.vic.gov.au (not yet active).

When you visit our main website, the reporting platform and the public register, some of the information that is collected about your visit is not personal information, as it does not reveal your identity.

Site visit information

Our main website uses Google Analytics tracking code to understand how you are using the internet and the www.genderequalitycommission.vic.gov.au website. For example, we record your server address, the date and time of your visit, the pages you visited, any documents you downloaded, any terms you searched, the previous site you visited and the type of device, browser and operating system you used.

We use and disclose this information in anonymous, aggregated form only, for purposes including statistical analysis and to assist us to improve the functionality and usability of our website. You are not individually identified, however we reserve the right to use or disclose this information to try to locate an individual where we reasonably believe that the individual may have engaged in any unlawful or inappropriate activity in connection with our website, or where we are otherwise required or authorised by law to do so.

Cookies

A cookie is a small string of information that a website transfers to your browser for identification purposes. We use first-party cookies and JavaScript code to collect information about visitors to our main website. We use these to track how our visitors interact with our main website, including where they came from, what they did on the site and whether they completed any transactions on the site.

If you don't want to have cookies placed on your computer, you can disable them using your web browser. You will need to customise each web browser you use to turn off cookie tracking.

If you opt out of using cookies, you will still have access to all the information and resources provided by the website, though some features may not work as expected.

What if you don't provide us with your personal information?

We will provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name.

For example, you can access our main website and submit general enquiries without having to identify yourself.

In some cases however, if you don't provide us with your personal information when requested, we may not be able to provide you with the service that you are seeking. For example, you must identify yourself:

  • in order for the Commissioner to assist in any dispute resolution
  • when submitting a grant application
  • to use the reporting platform.

4. How we collect personal information

4.1 Methods of collection

We collect personal information in a number of ways, including:

  • directly from you, where it is reasonable and practicable to do so; through our main website (for example when you sign up to our mailing list, or complete a dispute resolution form), over the telephone or through written correspondence (such as letters and emails)
  • from third parties, including:
    • from your employer if they are a defined entity
    • from the Victorian Public Sector Commission where your employer has decided to utilise the People Matters Survey to comply with some of their obligations under the Act
    • from an individual submitting a dispute resolution application form where you are the respondent to their claim
    • from a representative submitting a dispute resolution application form on your behalf as the applicant.

4.2 Collection notices

Where we collect personal information about you, we will explain why we are collecting the information and how we intend to use or disclose this information. We will generally include this information in a collection notice.

Collection notices provide more specific information than this Privacy Policy and we encourage you to read them carefully.


5. How we use and disclose personal information

5.1 General

We use and provide to third parties (in particular, those listed at section 5.2 below) personal information for the purposes for which it was collected.

We may also be authorised by law to use or share personal information for other purposes, including where:

  • the other purpose is related to the purpose for which the information was collected, and you would reasonably expect us to use or disclose the information for the other purpose
  • it is necessary for research or statistical work in the public interest
  • it is required or authorised by or under law.

5.2 Who we may disclose personal information to

We may share personal information with third parties where appropriate for the purposes set out under sections 2 and 5.1 of this policy, including:

  • a third-party agency or body requesting the information in accordance with an applicable law (such as the Public Administration Act 2004)
  • a third-party agency or body to whom we are permitted to disclose that information under the PDP Act
  • an individual’s agent or authorised representative where the information was collected in the course of conducting dispute resolution under Division 3 of Part 7 of the Act, to third party individuals and organisations including:
    • named parties to the dispute (for example, we may provide your application to the respondent)
    • a court or tribunal in the course of a legal proceeding
    • other individuals and organisations in accordance with section 46A of the Act, including but not limited to, the Fair Work Commission and the Victorian Equal Opportunity and Human Rights Commission.
  • our contracted service providers, including:
    • information technology and data storage providers
    • research and statistical analysis providers
    • external business advisers (such as consultants, recruitment advisors, accountants, auditors and lawyers)

5.3 Freedom of Information (FOI)

Any document in the possession of the Commissioner may be the subject of an FOI request, and the Commissioner is required to deal with the request in accordance with the Freedom of Information Act 1982 (Vic). This includes information or documents the Commissioner receives relating to Gender Equality Action Plans that might contain personal information.


6. Data quality and security

6.1 General

We take reasonable steps to:

  • make sure that the personal information that we collect, use and disclose is accurate, complete and up to date
  • protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure
  • destroy or permanently de-identify personal information that is no longer needed for any purpose permitted by the IPPs (except where archiving is required in order to fulfil our obligations under the PR Act).

You can help us keep your information up to date by letting us know about any changes to your details, such as your organisation, role, email address or phone number.

6.2 Security

The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems (such as login and password protection), controlled access to our premises, policies on document storage and security, personnel security (including restricting access to personal information on our systems to staff who need that access to carry out their duties), staff training and workplace policies.


7. Access and Correction

7.1 General

Please contact our Privacy Officer (details under paragraph 11 below) if you would like to access or correct the personal information that we hold about you. We may require you to verify your identity before processing any access or correction requests, to make sure that the personal information we hold is properly protected.

7.2 Access

We will generally provide you with access to your personal information, subject to some exceptions permitted by the IPPs.

7.3 Correction

If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is not accurate, complete and up to date, we will take reasonable steps to correct that information.

7.4 What if we do not agree to your request for access or correction?

If we do not agree to your access or correction request, or if we do not agree to give you access in the manner you requested, we will provide you with a written notice setting out the reasons for our decision.

7.5 Timeframe for access and correction requests

We will respond to access and correction requests within 45 days (either by providing the access or correction or providing our reasons for refusing to do so.


8. Unique identifiers

We will not assign unique identifiers to you unless the assignment of unique identifiers is necessary to enable us to carry out any of our functions efficiently. Further, we will not require an individual to provide a unique identifier (e.g. your tax file number) unless required or authorised by law.


9. Transborder data flows

We may disclose personal information to third parties located outside Victoria where authorised to do so under the applicable laws. Additionally, as part of our reporting platform data storage, some information may be stored in other states outside of Victoria. We comply with the requirements of the PDP Act that apply to the transfer of personal information outside Victoria in these circumstances.


10. Complaints

If you have a complaint about how we have collected or handled your personal information, please contact us (details under paragraph 11 below).

We will endeavour in the first instance to take any steps necessary to resolve the matter within a week. If we are not able to do so, we will ask you to submit your complaint in writing.

In most cases, we expect to investigate written complaints and provide a response within 30 days of receipt. If the matter is more complex and our investigation may take longer, we will contact you and tell you when we expect to provide our response.

If you are not satisfied with our response, you can refer your complaint to the Office of the Victorian Information Commissioner.


11. Our contact details

Please contact us if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details are:

Further general information about privacy is available on the website of the Office of the Victorian Information Commissioner or by calling the OVIC's enquiry line at 1300 006 842.


12. Changes to this Policy

We may amend this Privacy Policy from time to time. The current version will be posted on our website and a copy may be obtained by contacting our Privacy Officer (details above).


Definitions

Personal information

Personal information means information or an opinion (including information or an opinion forming part of a database), recorded in any form and whether true or not, about an individual whose identity is apparent, or can be reasonably ascertained. Examples include your name, address, date of birth and email address.

Sensitive information

Sensitive information is a subset of personal information that is treated with a higher level of privacy protection. Sensitive information is information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices or criminal record.

Health information

Information that can be linked to an identifiable individual (including a deceased person), which concerns that individual’s physical, mental or psychological health, disability or genetic make-up.

Collection notices

Updated