Skip Ribbon Commands
Skip to main content
Sign In

Full privacy policy

Suggested Reading Suggested Reading

30 November 2016

Contents

Summary of main points

This policy sets out how the Clean Energy Regulator (the Agency) collects, holds, uses and discloses personal information. Among other things, it sets out the kinds of personal information that the Regulator collects and holds, and how that information is likely to be used and disclosed, including in some instances to overseas recipients.

It applies to all personal information collected, held and disclosed by the Clean Energy Regulator. The Regulator, its employees and consultants must have regard to this policy in their dealings with personal information on behalf of the Agency.

In some circumstances, depending on the terms of the contractual arrangement, it also applies to third parties that are contracted to perform services on behalf of the Agency.

Privacy policy

 

1. Definitions

Term Definition
Consent

Includes any consent that is expressed or implied by an individual. There are four key elements:

  • the individual must be adequately informed of what they are consenting to before giving consent
  • it must be provided voluntarily
  • it must be current and specific, and
  • the individual must have the capacity to understand and communicate their consent.

Consent may be given orally or in writing.

Commonwealth recordMeans a record that is the property of the Commonwealth or a Commonwealth institution, or a record that is deemed to be a Commonwealth record under the Archives Act 1983.
CollectWe collect personal information only if we collect it for inclusion in a Commonwealth record or generally available publication (that is a magazine, book, article, newspaper, guidance or other publication available to members of the public).
DisclosureA release from our effective control is generally a disclosure irrespective of our reason for releasing the information. It includes proactive release, release in response to a specific request and accidental release.
HoldsWe hold personal information if we have possession or control of a record that contains the personal information.
Personal informationMeans any information or an opinion about an identified individual, or an individual who is reasonably identifiable, regardless of whether (i) the information or opinion is true or not, and (ii) recorded in a material form or not.
Privacy ActMeans the Privacy Act 1988
Sensitive information

Means:

  1. information or opinion about an individual's:
    • racial or ethnic origin
    • political opinions
    • membership of a political association
    • religious beliefs or affiliations
    • philosophical beliefs
    • membership of a professional or trade association
    • membership of a trade union
    • sexual orientation or practices, or
    • criminal record

      that is also personal information
  2. health information about an individual
  3. genetic information about an individual, that is not otherwise health information
  4. biometric information that is to be used for the purpose of automated biometric verification or biometric identification, and
  5. biometric templates.
UseWe use personal information when we handle and manage that information within the Agency's effective control. We also use personal information for the purposes of administering legislative schemes.

Top of page

Background

2. The Agency

 

The Clean Energy Regulator (the Agency) is an independent statutory authority established by the Clean Energy Regulator Act 2011. The Clean Energy Regulator is the government body responsible for administering legislation to reduce carbon emissions and increase the use of clean energy.

The Agency administers:

  • the National Greenhouse and Energy Reporting Scheme
  • the Carbon Pricing Mechanism
  • the Carbon Farming Initiative
  • the Renewable Energy Target, and
  • the Australian National Registry of Emissions Units.

These legislative schemes support Australia's transition to a low carbon economy through an informed and efficient market for carbon and investment in renewable energy.

The Agency has administrative responsibilities in relation to:

  • providing education and information on the five schemes we administer and how they work
  • monitoring, facilitating and enforcing compliance with each scheme
  • collecting, analysing, assessing and publishing data
  • allocating units, including freely allocated units, fixed price units and auctioned units
  • accrediting auditors for the Carbon Farming Initiative, the Carbon Pricing Mechanism and the National Greenhouse and Energy Reporting Scheme, and
  • administering the single national framework for the reporting and dissemination of emissions and energy information, and
  • working with other law enforcement and regulatory bodies, including the Australian Securities and Investments Commission, the Australian Competition and Consumer Commission, the Australian Transaction Reports and Analysis Centre, the Australian Federal Police and the Commonwealth Director of Public Prosecutions.
  • Top of page

Privacy obligations

 

3. The Privacy Act 1988

The Clean Energy Regulator recognises the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document is our Privacy Policy and it describes how we manage personal information.

We respect an individual's right to privacy under the Privacy Act 1988 (the Privacy Act) and we comply with the Privacy Act's requirements in respect of the management of personal information.

4. Personal information

When used in this Privacy Policy, the term "personal information" has the meaning given to it in the Privacy Act.

In general terms, "personal information" means any information or an opinion about an identified individual, or an individual who is reasonably identifiable, regardless of whether (i) the information or opinion is true or not, and (ii) recorded in a material form or not.

5. What kinds of personal information does the Agency collect and use?

We collect, use, store and from time to time disclose information (including personal information) for purposes directly related to our statutory functions and activities, including the administration of the legislative schemes (refer 2. The Agency). We also deal with personal information in the performance of corporate operations related to those functions (including recruitment, workplace health and safety, contracts and tenders and other activities).

We mainly deal with the following kinds of personal information:

  • name
  • mailing or street address
  • e-mail address
  • telephone contact number
  • age or birth date
  • gender
  • 'sensitive information' (see below for further details)
  • profession, occupation or job title
  • financial details and assets including bank and property information
  • insurance details
  • employment, curriculum vitae and education information
  • vessel and vehicle details
  • emergency details including next of kin
  • diversity and cultural background information
  • identity credentials including driver's licence and passport information
  • photographs of people
  • credit card details
  • travel details
  • information disclosed to us by the individual or a third party which we believe to be reasonably necessary for the conduct of our compliance and law enforcement related activities
  • other information relating to individuals that they (or their agents) provide to us directly or indirectly through use of our websites
  • information provided to us through our call centre, customer surveys or visits by our representatives, and /or
  • information sourced from public information sources which we believe to be reasonably necessary for the conduct of our compliance and law enforcement related activities.

We also collect information that is not personal information because it does not identify and/or cannot be used to identify, any particular individual. For example, we may collect anonymous answers to surveys or aggregated information about how members of the public use our website. This Privacy Policy does not apply to that sort of information.

6. Sensitive information

The term 'sensitive information' refers to a particular kind of personal information. We may collect sensitive information about individuals including:

  • information or opinion about a person's:
    • racial or ethnic origin
    • political opinions
    • membership of a political association
    • religious beliefs or affiliations
    • philosophical beliefs
    • membership of a professional or trade association
    • membership of a trade union
    • sexual orientation or practices, and/or
    • criminal record

that is also personal information, and

  • health information.

We do not usually collect genetic or biometric information about a person that is not health information.

7. Dealing with us anonymously or by using a pseudonym

An individual may choose to deal with us anonymously by or using a pseudonym. However, this principle does not apply if:

  • we are required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves, or
  • it is impracticable for us to interact with the person, because they have not identified themselves or used a pseudonym.

If an individual chooses to deal with us anonymously or by using a pseudonym, some or all of the following may happen:

  • we may not be able to provide the requested services to the person, either to the same standard as we might have been able to achieve if the person had chosen to identify themselves, or at all
  • we may not be able to provide the person with information about services that they may want, or
  • the person may be in breach of an Australian law requiring them to provide such information. However, in this circumstance, we would advise the person about our legal powers to require them to provide such information and the implications of any failure to do so.
  • Top of page

Collection of personal information

 

8. How do we collect personal information?

The Clean Energy Regulator only collects personal information (other than sensitive information) where the information is reasonably necessary for, or directly related to one or more of the Agency's functions or activities. Usually we collect personal information directly from the individual(s) to whom the personal information relates and/or their authorised representative (an agent). In some circumstances, we collect personal information from third parties. We collect personal information only by lawful and fair means.

We collect solicited personal information in a number ways that include:

  • when an individual provides information to us using our web-based systems (including the client portals and online forms)
  • when we receive applications forms, mail or email correspondence and other documents
  • telephone contact with our call centre
  • when entities involved in our schemes submit reports or acquit liabilities
  • when members of the public subscribe to information updates relating to our schemes, functions and activities
  • when we undertake our stakeholder engagement processes and events
  • when members of the public (who may be involved in our schemes) complete a survey and/or questionnaire
  • when individuals and other third parties provide services or supply goods to us
  • when we conduct criminal record checks
  • when members of the public access our databases, and
  • through other lawful processes such as the use of coercive powers where provided for under legislation.

We do not collect 'sensitive information' about an individual (as described in paragraph 6 of this Privacy Policy) unless the individual consents to the collection of the information and the information is reasonably necessary for, or directly related to one or more of the Agency's functions or activities. There are some exceptions to this general rule (as set out in Australian Privacy Principle 3.4), being:

  • where we are required or authorised by or under an Australian law or a court/tribunal order to collect the information, or
  • a 'permitted general situation' (as defined in section 16A of the Privacy Act) exists. For example, where the Agency has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that the collection of sensitive information is necessary in order for us to take appropriate action in relation to the matter.

We collect personal information from third parties in the following circumstances:

  • if an individual consents to the Agency collecting the information from someone other than the individual
  • if we are required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than the individual to whom the information relates or
  • if it is unreasonable or impracticable for us to collect the information from the individual directly.

These third parties may include:

  • enforcement bodies and other Commonwealth, State, local and international government agencies
  • organisations or individuals with an interest in our business and activities that may be associated with the individual in question (for example, emergency contacts or referees)
  • public information sources (particularly where we believe the collection to be reasonably necessary for the conduct of our compliance and law enforcement-related activities),
  • medical practitioners in relation to health assessments
  • financial institutions
  • legal representatives
  • contracted service providers and consultants, and
  • industry groups.

Use of cookies

Cookies are pieces of information that a website can transfer to a computer when a person accesses information on that site. Cookies can make websites easier to use by storing information about a person's use and preferences on a particular website. This information may remain on the computer after the user closes the browser.

We do not collect personal information about a person who only browses the Clean Energy Regulator website.

The Clean Energy Regulator website uses session cookies during a search query of our website. Applications accessed from the website also use session cookies. When a user closes their browser, the session cookie is destroyed and no personal information is kept which might identify the user to us in the future.

Some pages on our website may use cookies to collect anonymous traffic data. This data does not collect personally identifiable information.

Use of Online Services

The Clean Energy Regulator sometimes makes use of online services to assist us in the delivery of our services and activities. These commercial, online services collect, hold and provide us with access to personal information submitted to them by the user. These online services may hold information on overseas servers.

If a user is directed to these services from the Clean Energy Regulator webpage or from an email request, we will notify the user that he or she is leaving the Clean Energy Regulator web environment and providing information to us through a third party.

The Clean Energy Regulator encourages users of our online services to read the Privacy Policy for those services before entering personal information into them.

9. Notification of the collection of personal information

At or before the time we collect personal information (or as soon as practicable afterwards), we will usually provide the individual concerned with a notice (also known as a 'Privacy Notice' or an 'APP Notice') containing the following information:

  • our identity and contact details
  • if we collect personal information from someone other than the individual, or the individual may not be aware that we have collected the personal information—the fact that we collect, or have collected, the personal information and the circumstances of that collection
  • details of any Australian law or court/tribunal order that requires or authorises the collection of the personal information
  • the purposes for which we collect personal information
  • the main consequences (if any) for an individual if all or some of the personal information is not collected
  • the details of any other person or entity to whom the personal information will usually be disclosed
  • the fact that our Privacy Policy contains information about how a person may access and seek to correct any personal information held by us
  • the fact that our Privacy Policy contains information about how to complain about a possible breach of the Australian Privacy Principles and how we will deal with such a complaint
  • whether we are likely to disclose the personal information to overseas recipients, and
  • if the personal information is likely to be disclosed to overseas recipients—the countries in which those entities are located (if it is practicable to specify those countries in the notice or to otherwise make the individual aware of them).

10. Receiving unsolicited personal information

From time to time, we receive personal information that we have not requested. This is known as 'unsolicited personal information' and includes:

  • misdirected mail received by us
  • correspondence to us, our Minister and Parliamentary Secretary from members of the community, or other unsolicited correspondence
  • a petition sent to us that contains names and addresses
  • employment, internship, work experience or volunteering applications sent to us on an individual's own initiative and not in response to an advertised vacancy
  • a promotional flyer or email containing personal information, sent to us by an individual promoting the individual's business or services
  • court/tribunal documents for proceedings to which we are a party or may have an interest, and
  • information supplied by a third party (such as a member of the public or an enforcement body) which relates to our function as an enforcement body.

If we receive unsolicited personal information and we decide that we would not have been permitted to collect it under the Australian Privacy Principles, we will take reasonable steps to destroy or de-identify the information as soon as practicable, unless it is contained in a 'Commonwealth record' (as defined in the Archives Act 1983) or it is unlawful or unreasonable to do so. The Australian Privacy Principles set out how we should deal with the personal information in these circumstances.

11. Purposes for collecting personal information

We collect personal information so that we can perform our functions and activities.

We collect personal information for the following purposes:

  • to process and assess applications under the schemes we administer and other related activities including procurement and tender processes
  • to assist scheme participants (our clients) to manage reporting obligations and acquittal of liabilities
  • to provide services to members of the public
  • to send communications requested by members of the public
  • to provide information and to seek feedback or advice on matters
  • to answer enquiries and provide information or advice about schemes
  • to conduct administrative functions including recruitment, booking of travel, accommodation and allowance payments, health assessments and workers compensation matters
  • for the administrative, planning, service development and project purposes of the Agency, its contractors and/or service providers
  • where we are required or authorised to collect personal information under an order of a court or tribunal or by or under legislation (including Clean Energy Regulator Act 2011, Clean Energy Act 2011, Renewable Energy (Electricity) Act 2000, National Greenhouse and Energy Reporting Act 2007, Carbon Credits (Carbon Farming) Act 2011, Australian National Registry of Emissions Units Act 2011).
  • to update our records and keep our clients' contact details up to date
  • to provide members of the public with our guidelines, publications and annual reports
  • to process and respond to any complaints
  • to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of another country
  • to ensure that we and members of the public comply with laws administered by the Commonwealth, and
  • to conduct enforcement-related activities including for the purposes of law enforcement by another agency.

The Agency will not share or disclose personal information, other than as described in this Privacy Policy. We will never sell or rent personal information.

Top of page

Dealing with personal information

12. Protection of information under the Clean Energy Regulator Act 2011

The Clean Energy Regulator is bound by the secrecy provisions in Part 3 of the Clean Energy Regulator Act 2011 (Clean Energy Regulator Act). Part 3 of the Clean Energy Regulator Act prohibits the disclosure and use of information that was obtained by a person in the person's capacity as an official of the Clean Energy Regulator and relates to the affairs of a person other than an official of the Regulator. This prohibition does not apply where:

  • the disclosure or use is authorised by a provision of Part 3 of the Clean Energy Regulator Act, or
  • the disclosure or use is in compliance with a requirement under a law of the Commonwealth or a prescribed law of a State or a Territory.

For information held by the CER and collected before 2 April 2012 under either the National Greenhouse Energy and Reporting Act 2007 or the Renewable Energy (Electricity) Act 2000, the CER is bound by the preserved secrecy provision of those Acts.

13. Use and disclosure of personal information

We use and disclose personal information for the primary purpose that it was collected. For example, we primarily use personal information when assessing eligibility to participate in one of the schemes we administer.

Before using personal information for any other purposes (known as 'secondary purposes'), we will ensure that the individual has consented to the use or disclosure of the information, or that one of the following circumstances applies:

  • the individual would reasonably expect us to use or disclose the information for a secondary purpose (for example, when performing audit and compliance functions and activities) and the secondary purpose is:
    • if the information is sensitive information—directly related to the primary purpose, or
    • if the information is not sensitive information—related to the primary purpose, or
  • the use or disclosure is required by or authorised by or under an Australian law or a court/tribunal order
  • a 'permitted general situation' (as defined in section 16A of the Privacy Act) exists. For example, where the Agency has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believes that the use of the information is necessary in order for us to take appropriate action in relation to the matter, or
  • we reasonably believe that the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by or on behalf of an enforcement body. If we use or disclose personal information for this purpose, we will make a written note of the use or disclosure.

We routinely disclose personal information to the following type of entities:

  • contracted employees and other service providers for the purposes of operating of our website or performing our functions, fulfilling requests by members of the public, and otherwise providing information, products and services to members of the public including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors, consultants, travel providers, medical practitioners and real estate agents
  • suppliers and other third parties with whom we have commercial relationships for business, marketing, and related purposes
  • any entity (including individuals) for any authorised purpose with an individual's consent
  • other Commonwealth or State/Territory government body for the purposes of investigating and prosecuting compliance breaches, legal actions, and insurance claims
  • enforcement bodies (such as the Australian Federal Police and Australian Securities and Investments Commission)
  • our Minister and/or Parliamentary Secretary for the purposes of administering the Clean Energy Regulator Schemes and related functions and activities, and
  • a House or Committee of the Parliament of the Commonwealth of Australia.

In addition, the Agency is required by certain laws (including Clean Energy Regulator Act 2011, Clean Energy Act 2011, Renewable Energy (Electricity) Act 2000, National Greenhouse and Energy Reporting Act 2007, Carbon Credits (Carbon Farming) Act 2011, Australian National Registry of Emissions Units Act 2011) to publish certain information, including some personal information, on our website. This information is available to the general public.

14. Storage of personal information

The Agency takes such steps as are reasonable in the circumstances to protect personal information from misuse, interference and loss and from unauthorised access, modification or disclosure. We may hold personal information in either electronic or hard copy form.

Personal information that is contained in electronic form or hard copy is secured in accordance with our information handling practices.

However, as our website is linked to the internet, and the internet is an insecure environment, we cannot provide any assurance regarding the security of transmission of information communicated with us or that such information will not be intercepted while being transmitted over the internet.

Enforcement-related personal information is usually held in a restricted database. Appropriate security clearances and authorisation (i.e. a need to know) are required to access such information.

15. Treatment of personal information that is no longer required

We take such steps as are reasonable in the circumstances to delete or de-identify (sanitise) personal information that is no longer required any permitted purpose, unless the personal information is contained in a 'Commonwealth record' or it is unlawful to do so.

We destroy hard copy documents containing personal information (of the sort we are permitted to destroy) by shredding them or by disposing of them in a security classified waste bin.

Personal information contained in undelivered emails or returned post is deleted or otherwise put beyond use.

16. Do we disclose personal information to anyone overseas?

We may disclose personal information to third parties who are not located in Australia or an external territory for some of the purposes listed in paragraph 13 of this Policy.

We usually take such reasonable steps as are necessary in the circumstances to ensure that the overseas recipients of personal information do not breach the Australian Privacy Principles (other than Australian Privacy Principle 1) relating to personal information.

However, we are not required to take such steps in the following situations:

  1. if we reasonably believe that the overseas recipient is subject to a law or binding scheme that has the effect of protecting the information in a way that overall is at least substantially similar to the way in which the Australian Privacy Principles protect the information, and there are mechanisms that the individual can use to take action to enforce that legal protection or binding scheme
  2. the individual expressly consents to the disclosure of personal information to the overseas recipient, having first been informed by us that if they consent to the disclosure, the requirements for us to take reasonable steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than Australian Privacy Principle 1) in relation to the information will not apply to the disclosure
  3. the disclosure is required or authorized by or under an Australian law or court/tribunal order
  4. a 'permitted general situation' (as defined in section 16A of the Privacy Act) exists
  5. the disclosure is required or authorised by or under an international agreement relating to information sharing to which Australia is a party, or
  6. we reasonably believe that the disclosure is reasonably necessary for one or more enforcement activities conducted by or on behalf of an enforcement body and the recipient is a body that performs functions (or exercises powers) that are similar to those performed or exercised by an enforcement body.
  7. Top of page

Accessing and correcting personal information

17. Who has access to personal information?

We take reasonable steps to ensure that access to personal information both within the Agency and by third parties is permitted only for legitimate purposes and on a 'need to know' basis.

18. How can an individual access and correct personal information?

An individual (or an authorised representative, such as a lawyer or person exercising a power of attorney) may request access to any personal information by contacting the Agency's Privacy Contact Officer (refer 20. Privacy Contact Officer for details). The request does not have to be made in writing or by using a designated form.

Generally speaking, we will give access to personal information within 30 days of receiving the request and in the manner requested (if it is reasonable and practicable to provide it that way). We will need to verify the person's identify (or that of another person authorised to make the request) before providing access. We will not charge for making the request of for giving access to the personal information.

In some circumstances it may be more appropriate for a person to make a formal request for access to the personal information under the Freedom of Information Act 1982. For example, where a document is likely to contain personal or business information about a person other than the requestor.

In any event, there may be instances where we must refuse to give access to the personal information. For example, we may be required or authorised to refuse access by or under the Freedom of Information Act 1982 or another Act of the Commonwealth that provides for access by persons to documents. In this case, we will give the requestor a written notice setting out the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so, within 30 days of receipt of the request. We will also provide information about how to complain about the refusal, should the requestor wish to do so.

If an individual believes that the personal information we hold is incorrect, incomplete or inaccurate, the individual may ask us to correct the information. However, if we decide not to correct the information, we will give the individual a written notice setting out the reasons for the refusal except to the extent it would be unreasonable to do so, within 30 days of receipt of the request, to correct the information. We will also provide information about how to complain about the refusal to correct the information, should the requestor wish to do so.

Even if an individual does not ask us to correct personal information, we are required to take such steps (if any) as are reasonable in the circumstances to correct personal information if we are satisfied that, having regard to the purpose for which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

Top of page

Complaint process

 

19. What is the process for complaining about a breach of privacy?

Complaints about the treatment of personal information (including a possible breach of privacy) by the Agency must be made in writing (a letter or email), addressed to the Privacy Contact Officer. We will treat complaints confidentially. We will respond within a reasonable time after receipt of the complaint (usually 30 days).

If an individual is not satisfied with our response, they may make a further complaint to the Australian Information Commissioner. Details of how to make a complaint are available on the Office of the Australian Information Commissioner website.

Top of page

Contacting us

20. Privacy Contact Officer

Individuals can obtain further information in relation to this privacy policy, or provide any comments, by contacting our Privacy Contact Officer as follows:

Privacy Contact Officer
Clean Energy Regulator
GPO Box 621
CANBERRA ACT 2601

Phone: 02 6159 3556

Email: CER-Privacy@cleanenergyregulator.gov.au

21. Changes to our Privacy Policy

We may change this Privacy Policy from time to time. Any updated versions of this Privacy Policy will be posted here.

This Privacy Policy was last updated on 12 March 2014.

Top of page


Documents on this page Documents on this page

Was this page useful?

LEAVE FEEDBACK
 
 
preload-image-only preload-image-only preload-image-only preload-image-only preload-image-only preload-image-only preload-image-only preload-image-only preload-image-only