Privacy Policy
Policy statement
The Energy and Water Ombudsman (SA) Limited (“the Company”) follows the Australian Privacy Principles (“APPs”) set out in the Privacy Act 1988.
Policy intent
The Company is committed to the protection of the personal information of our members (who are energy and water service providers) and their customers. This Privacy Policy explains how we collect, use and disclose personal information that we receive in the course of our business.
Application
This Policy applies to all of our workers whether full time, part time, contractors, temporary staff or consultants, and includes any other person engaged to work on behalf of the Company.
Requests for access to and the correction of personal information may be made by submitting a completed Access to Personal Information form. Please click here for a copy of this form. More information on how to access or correct personal information is accessible at Guideline to access personal information.
Personal information
Personal information is information or an opinion about an individual that can be used to identify that individual including any “sensitive information” but not employee records. The APPs outline how personal information should be managed by businesses to ensure that the privacy of individuals who deal with those businesses is protected.
Definitions
Personal information is information or an opinion about an identified individual who is reasonably identifiable whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
Sensitive information is information or an opinion which includes:
- an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, or criminal record
- health information about an individual
- generic information about an individual that is not otherwise health information
- biometric information that is to be used for the purpose of automated biometric verification or biometric identifications, or
- biometric templates.
Collection of personal information
The Company only collects personal information where it is necessary for us to respond to enquiries or to resolve complaints. We ask complainants lodging complaints with us to give us the following details:
- full name and address
- contact details
- details of the service the complaint is about, which may include an account number with an energy or water service provider
- name of the energy or water service provider
- Authority to Act from the account holder if a third party lodges the complaint on behalf of the account holder
- other relevant information that may help us resolve the enquiry or complaint.
Complainants have the right to contact us anonymously. However, if they do, it may be impracticable for us to help with their enquiry or complaint.
We do not collect any sensitive information except that we may from time to time collect additional information for statistical reporting purposes (such as gender, age group). Such information will only be collected with the consent of the individuals and published in a de-identified format.
Use and disclosure of personal information
Personal information may be collected directly from the complainant, or it may be obtained from their energy or water service provider.
The Company treats all complaints as confidential between the complainant, the members (energy or water service providers) and the Company. At times, we may need to disclose complainants’ personal information to agencies such as the Technical Regulator, the Essential Services Commission (of South Australia), the Australian Energy Regulator, or to a third party who may be able to assist in the investigation.
We will ensure that personal information will not be used or disclosed to other State institutions or authorities except if required by law.
Cross-border disclosure
From time to time we may engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information.
We will take all reasonable steps to ensure that any disclosure to overseas recipients is in compliance with the requirements of the Privacy Act by taking such steps as are reasonable in the circumstances to ensure those organisations are either subject to applicable privacy laws that, overall, provide comparable safeguards to those under the Privacy Act, or are otherwise required to protect the information in a way that, overall, provides comparable safeguards to those under the Privacy Act.
Access to personal information
It is our Policy not to provide documents, however acquired, relating to the specific details of an investigation unless required by law.
Complainants have the right (with some exceptions) to access the personal information we hold about them and we may have collected and held.
We may require a complainant to provide us with sufficient identification before providing access to personal information. If we are required or authorised by law to do so, we may refuse access. Requests for access to and the correction of personal information may be made by submitting a completed Request for Access to Personal Information Form which can be found clicking here. More information on how to access or correct personal information is available at Guideline to access personal information.
We may charge a reasonable fee to process a request for access to an individual's personal information, but that fee will not exceed our reasonable costs of assessing a request and providing access. We will advise the amount once we have assessed the request and may require payment prior to providing access. Access to personal information may be provided in a number of ways, including by providing a hard copy of the information, or by allowing a complainant to view our records.
If a complainant believes the personal information the Company holds is inaccurate, incomplete or out of date, correction of personal information may be made by submitting a completed Request for Access to Personal Information Form which can be found clicking here. If we are satisfied that any personal information we hold about a complainant is not accurate, complete or up-to-date, we will amend our records accordingly.
Security of personal information
The Company takes reasonable steps to protect personal information from misuse, interference, loss or unauthorised use, modification or disclosure. We hold personal information as either physical records or records on our servers and in some cases records on third party servers, which may be located overseas.
The Company uses a range of security measures to protect personal information, including locked and alarmed offices, locked files and cabinets, passwords on all our computers and a firewall on our computer network, which is monitored by virus protection software.
We will keep personal information as long as we need it for the purposes set out in this Policy, or as long as we are required by law to retain it, after which time we will destroy it or de-identify the personal information.
Managing a data breach
Should personal information be lost or subjected to unauthorised access, modification, use or disclosure or other misuse, the Company will:
- contain the breach and make a preliminary assessment
- evaluate the risks for individuals associated with the breach
- consider breach notification.
Privacy complaints
Any questions concerns or complaints about our management of personal information should be addressed to the Privacy Officer in writing. We will confirm receipt of a complaint and investigate the dispute or complaint and respond to the individual within a reasonable time. Any individual who is dissatisfied with the handling of the complaint may contact the Office of the Australian Information Commissioner. Further details are available in Making A Privacy Complaint.
Amendments to Policy
This Policy is current as at September 2020.
We reserve the right to amend this Policy at any time, without notice, to ensure that we maintain the highest standards.