Privacy Policy

The Energy and Water Ombudsman (SA) Limited (“the Company”) follows the Australian Privacy Principles (“APPs”) set out in the Privacy Act 1988 (“Privacy Act”)

The Company is committed to the protection of the personal information of our Members (who are energy and water service providers) and their customers. This Privacy Policy explains how
the Company collects, uses and discloses personal information that it receives in the course of conducting our business.

This Policy applies to all of our employees whether full time, part time, contractors, temporary staff or consultants, and includes any other person engaged to work on behalf of the Company.

Personal information is information or an opinion about an individual that can be used to identify that individual including any “sensitive information” but not employee records. The APPs outline how personal information should be managed by businesses to ensure that the privacy of individuals who deal with those businesses is protected.

Personal information is information or an opinion about an identified individual who is reasonably identifiable whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

Sensitive information is information or an opinion about an individual which includes:

• an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs, membership of a professional or trade association or trade union, sexual  preferences or practices, or criminal record
• health information about an individual
• generic information about an individual that is not otherwise health information
• biometric information that is to be used for the purpose of automated biometric verification, biometric identifications, or biometric templates.

The Company only collects personal information where it is necessary for us to respond to enquiries or to resolve complaints. We ask complainants lodging complaints with us to give us the following details:

• full name and address
• contact details
• details of the service the complaint is about, which may include an account number with an energy or water service provider
• name of the energy or water service provider
• Authority to Act from the account holder if a third party lodges the complaint on behalf of the account holder
• other relevant information that may help us resolve the enquiry or complaint.

Complainants have the right to contact us anonymously. However, if they do, it may be impracticable for us to help with their enquiry or complaint.

We generally do not actively collect or request any sensitive information. However, where the receipt of sensitive information may be required to assist with the resolution of the complaint,
being “Customer Vulnerability” matters such as health issues (life-support customers), domestic and family violence victim/survivor issues or consumers experiencing financial difficulties –we will accept sensitive information volunteered by the complainant.

We may also, from time to time, collect additional information for statistical reporting purposes (such as gender, age group). Such information will only be collected with the consent of the
individuals and published in a de-identified format.

Personal information may be collected directly from the complainant, or it may be obtained from their energy or water service provider.

The Company treats all complaints as confidential between the complainant, the Member (energy or water service providers) and the Company. At times, we may need to disclose a complainant’s personal information to agencies such as the Technical Regulator, the Essential Services Commission (of South Australia), the Australian Energy Regulator, or to a third party who may be able to assist in the investigation.
We will ensure that personal information will not be used or disclosed to other State institutions or authorities except if required by law.

Sensitive information will be removed from the Case Management System no more than 60 days after the relevant complaint has been resolved. The 60 days’ timeframe is to account for the possibility of a return case and to remove the need for the same sensitive information being provided again in relation to an ongoing complaint.

From time to time, we may engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information.

We will take all reasonable steps to ensure that any disclosure to overseas recipients is in compliance with the requirements of the Privacy Act by taking such steps as are reasonable in the circumstances to ensure those organisations are either subject to applicable privacy laws that, overall, provide comparable safeguards to those under the Privacy Act, or are otherwise required to protect the information in a way that, overall, provides comparable safeguards to those under the Privacy Act.

It is our Policy not to provide documents, however acquired, relating to the specific details of an investigation unless required by law.

Complainants have the right (with some exceptions) to access the personal information we hold about them and we may have collected and held.

We may require a complainant to provide us with sufficient identification before providing access to personal information. If we are required or authorised by law to do so, we may refuse access. Requests for access to and the correction of personal information may be made by submitting a completed Request for Access to Personal Information Form which can be found clicking here. More information on how to access or correct personal information is available at Guideline to access personal information.

We may charge a reasonable fee to process a request for access to an individual's personal information, but that fee will not exceed our reasonable costs of assessing a request and providing access. We will advise the amount once we have assessed the request and may require payment prior to providing access. Access to personal information may be provided in a number of ways, including by providing a hard copy of the information, or by allowing a complainant to view our records.

If a complainant believes that the personal information the Company holds about them is inaccurate, incomplete or out of date, we ask the complainant to please contact us as detailed
below. If we are satisfied that any personal information we hold about a complainant is not accurate, complete or up-to-date, we will amend our records accordingly.

The Company takes reasonable steps to protect personal information from misuse, interference, loss or unauthorised use, modification or disclosure. We hold personal information as either physical records or records on our servers and in some cases records on third party servers, which may be located overseas.

The Company uses a range of security measures to protect personal information, including locked and alarmed offices, locked files and cabinets, passwords on all our computers and a firewall on our computer network, which is monitored by virus protection software.

We will keep personal information for as long as we need it for the purposes set out in this Policy and the Company’s charter, or for as long as we are required by law to retain it (usually seven years). After this time, we will destroy or de-identify the personal information, in line with the Company’s Document Retention/Destruction Policy.

Our website can be accessed without disclosing personal information. We will only have a record of any personal information if it is provided to us. The website also contains a copy of this Privacy Policy.

Our website uses cookies. We do not use the information stored in those cookies to collect information about you. Users may configure your web browser to refuse or disable cookies. More information about how cookies are used on our website is available in our Cookie Policy. 

Our website may contain links to other websites. We are not responsible for the privacy practices or the use and protection of your personal information on those other websites. We cannot warrant the privacy or security of personal information during transmission to other websites. 

Should personal information be lost or subjected to unauthorised access, modification, use or disclosure or other misuse, the Company will, in line with our Data Breach Response Plan:

• contain the breach and make a preliminary assessment
• evaluate the risks for individuals associated with the breach
• consider breach notification to affected parties and the Office of the Australian Information Commissioner.

Any questions concerns or complaints about our management of personal information should be addressed to the Privacy Officer in writing. We will confirm receipt of a complaint and investigate the dispute or complaint and respond to the individual within a reasonable time. 

Any individual who is dissatisfied with the handling of the complaint may contact the Office of the Australian Information Commissioner. Further details are available in Making A Privacy Complaint.