Web privacy statement
The Victorian Labour Hire Licensing Authority (Authority) is a statutory authority established under the Labour Hire Licensing Act 2018 (the Act). The objects of this Act are:
- To protect workers from being exploited by providers of labour hire services and hosts; and
- To improve the transparency and integrity of the labour hire industry.
All personal information collected by the Authority is handled in accordance with the Victorian Privacy and Data Protection Act 2014 (PDP Act), including the Information Privacy Principles and protective data security requirements, together with the Privacy Act 1988 and other law as applicable.
This website can link you to other websites to obtain information. The Authority is not responsible for the privacy practices or content of external websites. If you go to those websites you should also review their current privacy statements and notices.
Collection of site visit data
When you visit the Authority website, the web server collects a small amount of information to facilitate its operation. The information collected about your site visit includes:
- the Internet Protocol (IP) address (e.g. 184.108.40.206) and network domain name (e.g. .com, .au, .gov) of the internet connection you are using
- the type of device you are using
- the date and the time of your visit to the site
- the country you are located in
- the web browser (e.g. Explorer, Safari, Firefox) and operating system you are using (e.g. Windows XP, Mac OS X)
- the Authority pages or services you accessed and downloaded
- if you use the advanced search tool, the search term used
- the referring site (if any) through which you clicked through to this site.
Cookies are small files containing pieces of information that a website creates when you visit the site. A cookie can track how and when you use a site, which site you visited immediately before, and it can store that information about your computer. Cookies cannot be used to run programs or deliver viruses to your computer. There are two types of cookies, sessional cookies and persistent cookies. The Authority website may use sessional cookies which are stored in temporary memory and are not retained after you close the browser session.
You cannot opt out of the site visit information that is collected by the Authority for analytics purposes. If you choose to disable cookies in your browser this may impair your ability to browse, read and download information contained on the Authority website.
Use of site visit data
The Authority website collects site visit data as described above to understand user trends at an aggregate level and improve website content, web performance, web services and website maintenance. To the extent that site visit data could make you visible, we will not attempt to do so. The Authority may also use site visit information for security audits to protect against threats from hackers, and for other lawful law enforcement and security purposes.
Disclosure of site visit data
The Authority will not disclose the personal information collected as part of your site visit to a third party without your consent, unless we are required or authorised to do so by law or other regulation. In the event of an investigation into suspected unlawful or improper activity, a law enforcement agency or government agency may exercise its legal authority to inspect the web server’s records (for example, in relation to hacking or abusive messages).
Security of your personal information
The Authority and all employees have a statutory duty under the PDP Act to protect your personal information by taking reasonable security steps against such risks as misuse and loss of information and from unauthorised access, modification or disclosure. Specifically, access to systems, applications and the collected data is restricted to authorised personnel only. In addition, any personal information collected and used for identifying user trends (for example, IP address) is aggregated and made anonymous when reports are generated.
Authority to collect personal information
The Authority collects your site visit data under the authority of Information Privacy Principle 1.1 in the PDP Act for the purposes stated above.
Access to your information
You have the right to request access to information held about you by the Authority, and to have it corrected if inaccurate. You should seek access under the Freedom of Information Act 1982. Your request should be addressed to the FOI officer c/o The Labour Hire Licensing Authority at firstname.lastname@example.org
If you have concerns about privacy issues in relation to this website, please contact the Labour Hire Licensing Authority at email@example.com
© Labour Hire Licensing Authority, State Government of Victoria, 2018
Current at 5 April 2019
The Victorian Labour Hire Licensing Authority (Authority) was established by the Labour Hire Licensing Act 2018 (the Act). The Act introduced a licensing scheme for labour hire service providers in order to improve the transparency and integrity of the labour hire industry, to hold providers of labour hire services accountable for their conduct, and protect vulnerable workers from being exploited.
This policy applies to the personal information of both external parties and the staff of the Authority. Any personal information collected by the Authority, or that it obtains about individuals from other sources, will be handled in accordance with this policy.
The Authority generally manages personal information in accordance with the Information Privacy Principles (IPPs) set out in the Victorian Privacy and Data Protection Act 2014 (PDP Act). Personal information is information or an opinion that is recorded in any form, about an individual whose identity is apparent or can reasonably be ascertained from that information, but not health information. Health information is information which concerns that individual’s physical, mental or psychological health, disability or genetic makeup. The Authority is also bound by the Privacy Act 1988 in some circumstances.
The Authority is an agency responsible for the performance of functions or activities directed to the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of a law imposing a penalty or sanction for a breach. For this reason, the Authority has a partial exemption under s 15 of the PDP Act from complying with the specified IPPs if it believes on reasonable grounds that non-compliance is necessary for the purposes of its law enforcement functions.
In order to perform its functions, the Authority has also entered into certain agreements with Australian government agencies, which may mean that it has also agreed to be bound by relevant Australian Privacy Principles contained in the Commonwealth Privacy Act 1988.
The Authority collects personal information that the Act, privacy and other laws authorise it to collect and that it needs in order to perform its licensing, registration and enforcement functions. This includes contact details provided by stakeholders so that the Authority can provide them with e-newsletters and other stakeholder updates. It also includes personal information required as part of licence applications, to update and verify licence applicants' and licensees' details and to maintain the public Register of Licensed Labour Hire Providers.
For a licence application or renewal, generally the Authority collects personal information directly from individuals with their consent, but information about third-party individuals (‘relevant persons’) is also collected in this context with their knowledge and consent. The purposes of this third-party collection include probity checks in relation to performance of the Authority’s core regulatory functions. These probity checks include nationally coordinated criminal history checks by the Australian Criminal Intelligence Commission (ACIC).
Other third-party entities from which information including personal information and possibly health information may be collected include:
- the Australian Business Register (ABR)
- the Australian Criminal Intelligence Commission (ASIC)
- the (Australian) Department of Home Affairs
- Office of Industrial Relations, Queensland
- the Fair Work Ombudsman (FWO)
- the Victorian Registration & Qualifications Authority (VRQA)
- WorkSafe Victoria.
Information including personal information will also be collected from industry participants such as hosts and workers in the course of checking licence application details, and investigations into compliance with the Act.
Part 5 of the Act provides for the powers of inspectors to monitor compliance and investigate potential contraventions of the Act. Subject at times to their obtaining relevant Magistrates' Court orders or warrants, inspectors have express powers to enter premises, inspect or require provision of documents and information in specified situations. These documents and information may include personal information.
Sometimes the Authority will also be provided with personal information in connection with objections and complaints that it must consider or investigate, such as an objection by an interested person to an application for a licence, or a complaint about an inspector’s conduct. The Authority also accepts information from the public via its website ‘Report a problem’ facility and by phone and email.
For details of information collected about visitors to the Authority’s website, please see the Privacy Statement for the Authority’s website at https://www.labourhireauthority.vic.gov.au/privacy
You can access the information the Authority has collected about you, and request that it amends or removes incorrect or misleading information about you. For more details see the Access and Correction section below.
Use and disclosure
Personal information that is collected by the Authority will be used by and disclosed to the Authority’s staff or contractors whose duties require them to use it. These employees and contractors must handle personal information in accordance with the requirements of the PDP Act. This means they will only use or disclose collected personal information for the primary purpose for which it was collected, or for a permitted secondary purpose in specified situations, such as where the individual has consented to the use or disclosure, or where the use or disclosure is required or authorised by or under law (for example, in response to a valid request made under the Victorian Data Sharing Act 2017). These specified situations also include provision for disclosure to law enforcement agencies such as the Australian Security Intelligence Organisation or the Australian Secret Intelligence Service, in defined circumstances.
In addition, the Act contains a secrecy provision that further protects information concerning the affairs of any person acquired under or for the purposes of the Act. Exceptions to this secrecy requirement include disclosure to the Victorian Civil and Administrative Tribunal, and to police officers and other regulators in specified circumstances. Where lawful the Authority will share information with other regulators such as WorkSafe Victoria and the VRQA to assist in the performance of their functions.
Inspectors are also subject to a confidentiality provision in the Act – it is an offence for an Inspector to provide such information to any other person unless authorised.
The Authority is required by the Act to publish certain information on its website upon receiving applications for licences or licence renewals, and to maintain a public register. The information about identifiable individuals that it publishes is publicly-available information and therefore not personal information. The PDP Act requires that public sector agencies administer public registers, so far as is reasonably practicable, in a way that would not contravene handling requirements for personal information, if that information were personal information. In a number of circumstances, for example where a person conducts business from their residential address, it may be necessary for the Authority to publish personal information on the Register.
Note that the Act contains an express permission for the Authority to publish on its website information concerning licensing outcomes, such as the name and business name of an applicant for a licence, if the application is refused or withdrawn, suspended or cancelled, or if the Authority has refused to renew a licence.
De-identified personal information derived from the personal information collected may also be used in support of the Authority’s broader functions, such as for research and reporting purposes.
The Authority takes reasonable steps to ensure that the information it holds is accurate, complete and up to date. Accurate information should be provided to the Authority at all times. Licence applicants are required to make a declaration that the information they have provided is true and correct, and licence holders must notify the Authority of any changes in the information provided to the Authority within 30 days of the change.
The Authority is committed to protecting your personal information from misuse, loss or unauthorised access, unauthorised modification or disclosure.
The Authority has secure office premises and a security pass entry system for Government employees and contractors to enter the premises. The Authority takes reasonable steps to protect files from outside or unauthorised access. The Authority’s information technology arrangements incorporate a range of data security measures. For example, the Authority requires staff to use passwords to enter the computer system and its databases can only be accessed using an additional password, with different levels of access granted depending on the role of the staff member concerned. Only staff who need to use your information to perform their functions have access to it.
To protect your privacy, you should keep your Labour Hire Licensing Online Authority password confidential: it must not be displayed, shared or written down.
Transmission security risks
You should be aware that there are risks in transmitting information across the Internet. So, while the Authority takes reasonable steps to protect the personal information we receive from you or from third parties, the Authority cannot guarantee the security of any information transmitted to it online. If you are concerned about conveying confidential or delicate material to the Authority over the Internet, you might prefer to contact us at firstname.lastname@example.org to make other arrangements.
Online Services and Online payments
The Authority’s online services are managed by a third-party IT service provider. Our service provider may access the personal information entered into our forms in order to process electronic transactions or to resolve a technical problem.
If you make a payment using the Authority’s website, the Authority will process your payment with the assistance of a reputable third party electronic payments service provider and present you with an online receipt for your records.
If you make an online application or another payment transaction via the Authority’s website, the Authority takes additional steps to protect the security of your personal information, such as strong SSL encryption. Before using these facilities, you should ensure that you are using a web browser that supports SSL encryption. In many web browsers, you can confirm that your session is encrypted by the appearance of a locked padlock symbol at the top of the browser.
The Authority generally destroys or permanently de-identifies information when it is no longer needed for any purpose. However, information held by the Authority is subject to the provisions of the Public Records Act 1973 and must be retained or disposed of in accordance with relevant Retention and Disposal Authorities.
Access and Correction
Requests for access to and/or correction of documents containing personal information held by the Authority will be handled according to the provisions of the Freedom of Information Act 1982. Requests should be addressed to the FOI officer c/o The Labour Hire Licensing Authority, email@example.com and should be accompanied by any applicable fee.
The Authority does not assign or adopt the unique identifiers that other organisations may have assigned to individuals. However, if the Authority decides to grant a licence, it must allocate a unique licence number to the licence. That licence number must be stated on the licence.
Individuals seeking general advice from the Authority or accessing the public register do not have to identify themselves. However, the Authority will need to collect personal information if you are seeking answers to a specific enquiry, or making a complaint. You cannot apply anonymously for a licence under the Act.
Transfer of Information Outside Victoria
Generally the Authority will not send personal information outside Victoria without individuals’ prior consent. In some cases that consent may be implied, as where individuals have consented to criminal history checks being carried out. In any case the Authority will not transfer personal information about an individual to others outside Victoria unless it reasonably believes that the recipient will handle the information in a substantially similar fashion to that required under the Information Privacy Principles.
During the licence application process the Authority collects some sensitive information. This includes place of birth information that could indicate racial or ethnic origin, and criminal record information. The Authority does this as part of its process to ensure that only fit and proper people who may validly apply under the terms of the Act are granted a licence.
© Labour Hire Licensing Authority, State Government of Victoria, 2018
Last updated 5 April 2019