Privacy charter
How we use and protect your personal information.
We appreciate the importance of protecting your personal information and recognise the trust placed in us when you supply your personal information to us. We are bound by the Information Privacy Principles (“IPPs”) under the Privacy and Data Protection Act 2014 (Vic) in the way that we handle personal information (including health information). We are also bound by the Health Privacy Principles (“HPPs”) under the Health Records Act 2001 (Vic) in the way that we handle health information. To comply with the IPPs and HPPs and in recognition of your trust in us, we have implemented a privacy charter. This charter explains how we handle personal information relating to individuals, whether or not they are customers. Nothing in this charter limits any of our other obligations at law.
1. Purpose
South East Water Corporation “South East Water” is a water corporation established under the Water Act 1989 (Vic). South East Water brings you high quality water and takes away wastewater. We are responsible for managing and maintaining the water and sewerage networks.
Protecting your privacy and personal information is important to us. We recognise the trust placed in us when you supply us with your personal information.
1.1 We are bound by the Information Privacy Principles (“IPPs”) under the Privacy and Data Protection Act 2014 (Vic) (“PDP Act”) in handling your personal information. When it comes to your health information we are also bound by the Health Records Act 2001 (Vic) (Health Records Act).
1.2 This Privacy Charter explains how South East Water and its employees, directors, contractors and consultants handle personal information and health information. Where we are considering any proposal which will result in a significant change in the manner in which we manage personal or health information, we will carry out a privacy impact assessment.
1.3 All references in this Privacy Charter to “we”, “us” and “our” are to South East Water. Key terms used in this Charter are defined in section 14 below.
2. Collection
2.1 We collect personal information that we require for the purpose of our business activities and to perform our functions as a water corporation under the Water Act. These include, for example, so we can contact you for billing purposes or in relation to your water or sewerage services or account, if we detect a leak, where you make a request to us or require our assistance.
2.2 We collect personal information in a number of ways. Where possible, we collect your personal information directly from you, including when:
a) you communicate with us over the counter, by telephone, by email or via the internet;
b) you request and receive services from us; and
c) you access or register on our website.
2.3 However, in some cases we may collect personal information about you from someone else, such as:
a) other government bodies;
b) publicly available sources of information (e.g. title documents, the Australian Business Register, etc.);
c) other third parties (e.g. your real estate agent or rental provider; your authorised representative; third party data providers; etc.).
2.4 If you do not provide us with personal information we request then we may not be able to supply you the assistance, services or products requested.
2.5 The types of personal information we collect depends on the circumstances in which that information is collected. These may include:
a) identity details (i.e. your name, date of birth, driver licence details, pension card numbers, concession card details, credit information);
b) contact details (i.e. current and previous addresses, email, phone and facsimile details);
c) health or special needs information for the purposes of applying payment concessions and identifying customers who may, because of their special needs, be affected by service outages (e.g. customers who require water for the operation of a life support machine);
d) information about your employment (e.g. place of work, position, authority to transact with us, information included in a job application, information required by OH&S laws, etc.);
e) information on prior dealings with us;
f) information necessary for the purpose of minimising harm to, and protecting the health and safety of, our personnel, the public or the environment;
g) information on your personal circumstances (e.g. if you are experiencing payment difficulty or if you are affected by or experiencing family or domestic violence);
h) payment card information collected as part of a transaction;
i) telephone conversations, which we record, monitor (including real-time listening) and store for records management, auditing, training and quality assurance purposes;
j) information regarding the use of our websites, including the domains from which website users visit, IP addresses, the dates and times of visits, activities undertaken on our website, cookies and other clickstream data; and
k) close to real time water usage recorded by digital meters (which may or may not be personal information depending on the circumstances).
3. Sensitive Information
3.1 Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection than other types of personal information.
3.2 We will not collect sensitive information about you unless you have consented, the collection is permitted or required under law, the collection is necessary to lessen or prevent a serious and imminent threat to the life or health of an individual, or the collection is necessary in relation to a legal or equitable claim.
4. Website Collection & Cookies
4.1 When you use our websites we may collect personal information about you, and this personal information may be used for:
a) monitoring use of our website;
b) providing and promoting water and sewerage related services and products; and
c) research.
4.2 Information collected may include the dates and times you access our website, the domains from which you visit, your activity in our website and your Internet Protocol address. This information is sometimes called “clickstream data”. We may use this data to analyse trends and statistics in order to improve the service we provide through our website.
4.3 We may use cookie technology on our websites to provide information and services to web site visitors. Cookies are small applications that a website transfers to your computer’s hard disk for record keeping purposes and are a necessary part of facilitating online transactions. Most web browsers are set to accept cookies. Cookies are useful to estimate our number of visitors and determine overall traffic patterns through our website. You can configure your browser to notify you when you receive a cookie, providing you with the opportunity to either accept or reject it. If you do not wish to receive any cookies you may set your browser to refuse cookies. This may mean you will not be able to take full advantage of the services on our website.
5. Use and Disclosure
5.1 We will store, use and disclose personal information to conduct and improve our business activities.
5.2 We provide personal information to contractors or third parties (including account collection and credit reporting agencies) for these purposes. We will use reasonable efforts to ensure our contracted service providers comply with the IPPs when providing services to us or on our behalf. Where practicable, we do this by contractually requiring service providers to comply with the IPPs.
5.3 An example of where we may use or disclose personal information to conduct and improve our business activities is in relation to our progressive roll-out of digital water meters. Digital water meters allow us to ensure accurate meter reading, help us to detect leaks quickly and identify abnormal water usage patterns. Digital water meter information may therefore be disclosed to property owners, occupiers and contractors or third parties for these purposes (including, for example, to perform network analytics, research and other water or resource saving acitivities).
5.4 We may also use and disclose personal information to facilitate our compliance with relevant statutory and other legal obligations. This includes, for example, disclosing personal information to other statutory agencies, local government, the Victorian Government and the Commonwealth Government to facilitate our or their compliance with their statutory and legal obligations and to facilitate the enforcement of applicable laws.
5.5 The personal information we collect will not be used or disclosed for any purpose not set out in this Privacy Charter without your consent, unless permitted under the PDP Act.
6. Data Quality
6.1 We make every effort to ensure the personal information we collect, use and disclose, is complete, accurate and relevant for the purposes of our use or disclosure.
6.2 If you tell us that the personal information we hold about you is not accurate, complete or up to date we will seek to correct that information.
6.3 Because we generally collect your personal information directly from you, we rely on you to provide accurate and current information to us in the first instance and to help us to keep your information up to date by telling us when your circumstances or details change. For example, we rely on you to let us know when you vacate a property, so we can update our records and send bills and other communications to the right person.
7. Data Security
7.1 We take all reasonable steps to securely store and protect the information we hold from interference, unauthorised use, disclosure, access, modification, loss or misuse. This includes complying with the Victorian Protective Data Security Standards, implementing confidentiality requirements for employees and contractors and having in place document storage security, policies, systems and site access restrictions.
7.2 We safeguard and help prevent unauthorised access to personal information, to maintain data security and ensure we use and disclose the information we collect appropriately. This includes ID verification and authentication requirements on your account. In the event of any unauthorised access to, use or disclosure of your personal information, we will respond in accordance with our obligations under the PDP Act, relevant guidelines and our internal incident response plan.
7.3 Where we hold your personal information in conjunction with the personal information of others (e.g. where an account is a joint one), we will allow you to access to your own personal information and the joint information (e.g. account balance and transaction details and the names of other account holders) but not other personal information about other individuals on the account (e.g. information collected for ID verification purposes).
7.4 In relation to account enquiries, we will not disclose personal information relating to you or your account to other individuals without your permission. You can authorise other persons to have access to your account, or remove authorised persons, by contacting us.
7.5 To promote customer safety, we take additional steps to securely handle information about those who are affected by family violence. We recognise that this is delicate information and, to the extent that we are able to do so, we treat this information as confidential and limit access, use and disclosure. For further information, please see our Family Violence Policy
7.6 We retain records that contain personal information for the minimum periods required under the Public Records Act 1973 (Vic). We will take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose.
8. Openness
8.1 This Privacy Charter sets out the sort of personal information we hold, for what purposes, and how we collect, use and disclose that information.
9. Access and Correction
9.1 You may request access to your personal information held by us by contacting us.
9.2 If you notify us that personal information we hold is not accurate, complete or up to date then we will take reasonable steps to correct the information.
9.3 You may request access to your personal information by contacting our Privacy Officer by post:
The Privacy Officer
South East Water
PO Box 2268
Seaford VIC 3199
Or by sending an email containing your request to: foi@sew.com.au.
9.4 Please provide us with as much detail as possible about the particular information you seek to help us retrieve it. Please note we may charge for the reasonable cost of processing a request and in some instances you may need to make an application under the Freedom of Information Act 1982 (Vic).
10. Unique Identifiers
10.1 We will not assign unique identifiers to you unless the assignment of unique identifiers is necessary to enable us to carry out any of our functions efficiently. Further, we will not require an individual to provide a unique identifier (e.g. your tax file number or driver’s licence number) unless required or authorised by law or in connection with the purpose for which the unique identifier was assigned.
11. Anonymity
11.1 Wherever it is lawful and practicable, we will provide you with the option of not identifying yourselves when entering into transactions with us. For example, if you make a general enquiry, we will not collect personal information about you unless we need it to get back to you with an answer to your enquiry.
11.2 If you choose to remain anonymous, this may limit the actions we are able to take or the services and information we are able to provide. There are circumstances in which we will require you to identify yourself before transacting with us. For example, we will only allow you to make changes to your account after we have authenticated your identity.
12. Information Disclosed Overseas
12.1 We will send your personal information outside Victoria from time to time. For example, some of the personal information we have collected about you, including names, addresses and contact details, is maintained in South East Water’s Customer Relationship Management application which is a cloud-based platform with servers located in Australia and the USA.
12.2 When we transfer personal information to a recipient outside Victoria, we take reasonable steps to ensure that your privacy will be protected to substantially the same extent as required by the IPPs. Including, where practicable, by contractually requiring the recipient to comply with the IPPs and/or confirming that the recipient is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the IPPs.
12.3 We may also send your personal information outside Victoria with your consent or as otherwise provided for in PDP Act.
13. Enquiries and Complaints
13.1 You can contact South East Water’s Privacy Officer if you have questions about our Privacy Charter. The Privacy Officer can be contacted via email at foi@southeastwater.com.au.
13.2 If you are unhappy with how we have handled your personal information, please let us know as soon as possible so we can act quickly to resolve the issue. We will investigate the complaint, answer questions and do all we can to address your concerns. Usually a phone call is all that is needed to resolve most issues.
13.3 A privacy complaint can only be made by the individual whose privacy has been allegedly breached or someone acting on their behalf. If you act on someone’s behalf, you will be asked to provide documentation to that effect.
13.4 You may also complain directly to the Office of the Victorian Information Commissioner “OVIC”. OVIC can be contacted via email at enquiries@ovic.vic.gov.au. For more information see OVIC’s website ovic.vic.gov.au.
14. Key terms
14.1 Key terms used in this Charter are defined below:
a) Personal information is defined in the PDP Act as information or an opinion (including information or opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, but does not include health information of a kind to which the Health Records Act applies.
b) Health information is regulated under the Health Records Act and is information that can be linked to an identifiable individual (including a deceased person), which concerns that individual’s physical, mental or psychological health, disability or genetic make-up.
c) Sensitive information is defined in the PDP Act as personal information which is about an individual’s racial or ethnic origin, political opinions or associations, religious beliefs or affiliations, philosophical beliefs, membership of professional or trade associations or trade unions, sexual orientation or practices or criminal record.
15. Future changes
15.1 We may change this Privacy Charter at any time and will notify you by posting an updated version of the Privacy Charter on our website.
15.2 If at any point we decide to use your personal information in a manner materially different from that stated at the time it was collected, we will notify you by email or via a prominent notice on our website, and where necessary, seek your prior consent.
16. Approval
Approved by: |
South East Water Board |
Approved on: |
26 February 2024 |
Sponsor: |
General Manager, People Safety and Governance |
Implementer: |
Privacy Officer (General Counsel) |
Review date: |
26 February 2026 |