The Be Connected website and Get Started app are produced and maintained by the eSafety Commissioner (eSafety) in partnership with the Department of Social Services (DSS).
eSafety is responsible for promoting online safety for all Australians. This policy describes how eSafety handles, manages and protects personal information.
The Privacy Act 1988 (Cth) (the Privacy Act) contains 13 Australian Privacy Principles (the APPs) that regulate how private sector organisations and government agencies collect, use, disclose, hold and de-identify or destroy personal information, and how individuals may request to access and correct their personal information.
The Privacy Act defines personal information as information or an opinion about an identified individual or an individual who is reasonably identifiable. It also defines sensitive information, which is a subset of personal information that is generally afforded a higher level of protection than personal information. This includes health information and information relating to a person’s racial or ethnic origin and sexual orientation or practices.
The eSafety Commissioner is covered by the Privacy Act.
Collection of personal information
Purposes of collection
eSafety collects personal information if it is reasonably necessary for, or directly related to, one or more of the eSafety Commissioner’s functions or activities.
Under the Enhancing Online Safety Act 2015 (the Enhancing Online Safety Act), eSafety’s functions include supporting and conducting educational, promotional and community awareness programs related to online safety.
Among other activities, eSafety is collecting your personal information for the purpose of registering your with the Be Connected service. If we don’t collect this information, you may be unable to register fully with the service.
How personal information is collected
eSafety collects personal information by lawful and fair means.
eSafety usually collects personal information directly from you, for example, when you provide us your details during website registration, updating your profile, completing feedback surveys, taking part in interviews or focus groups, attending promotional events, through an enquiry form or in relation to a complaint.
However eSafety may obtain information about you from third parties in certain circumstances, including where:
- the eSafety Commissioner is required or authorised by law, for example, obtaining information for the purposes of handling a complaint or report (from a complainant, parent, guardian or school)
- the eSafety Commissioner has your consent to do so, or
- it is not reasonably practicable to collect the information from you.
Kinds of personal information collected and held
eSafety collects personal information to enable us to carry out our regulatory functions and activities.
For the Be Connected project, this includes the information you provide us via the registration form, such as your name, date of birth and email address.
If you attend one of our Be Connected interviews, focus groups or events, this may also include photographs or videos in which you appear or audio recordings in which your voice is heard.
eSafety collects and holds personal information as part of our procurement processes. This includes the names and contact details of tenderers or contracting parties and is done to ensure we comply with the Public Governance, Performance and Accountability Act 2013 (the PGPA Act) and the Commonwealth Procurement Rules.
More information on the PGPA Act and the Commonwealth Procurement Rules is available at the Department of Finance’s PGPA associated instruments and policies page.
Public consultation and engagement
eSafety engages with the public and our stakeholders through a number of mediums, including consultations, surveys, conferences, forums, interviews, focus groups or other events.
When eSafety undertakes formal consultation through interviews, focus groups or written submissions, the documentation will make clear the purpose of the consultation and the purpose of the collection of personal information. Generally, eSafety publishes the submissions we receive, including any personal information, unless otherwise claimed as confidential.We may also use photographs, videos or audio recordings taken during a consultation or event in publications for the purposes of education, information, promotion, public relations, media engagement and related online safety purposes connected with eSafety and the Be Connected program.
If you wish to make a submission anonymously or through the use of a pseudonym, you should contact eSafety to see whether it is practicable to do so. Each confidentiality claim is assessed by eSafety on a case-by-case basis.
Use of services
eSafety collects and holds personal information used to register for a service, such as the Be Connected website, or an online safety program or newsletter subscription. This may include details such as name, organisation, contact details and communication preferences. This helps eSafety manage user access and provide the service requested.
Information about how your personal information will be handled and other terms and conditions for using a service will be provided before any personal information is collected.
Website traffic, cookies and analytics
eSafety uses a range of tools to collect and view our website traffic information. This includes cookies and analytics such as Google Analytics and Usabilla. This helps eSafety improve our website, customise our information and services, and conduct research and development.
The information collected by these tools may include the IP address of a device, the date and time a page was visited, the pages accessed and how long pages were viewed.
eSafety does not attempt to identify users or their browsing activities, unless the user has signed up to an online service or a law enforcement agency or other government agency exercises its legal authority to inspect our internet web server logs for an investigation.
You can set browsers that will notify you before you receive a cookie. This may allow you to refuse to accept it. Users can also turn off or delete cookies. You can also opt out of the Google Analytics collection by using the Google Analytics Opt-out Browser Add-on.
The eSafety website uses both Australian Government and commercial web-hosting facilities.
eSafety uses social networking services, including Twitter, Facebook, YouTube, Instagram and Snapchat, to engage with the public. eSafety may collect your personal information if you engage with us on these services, but we will only use it to help us communicate with you and the public.
These social networking services will also handle your personal information for their own purposes in accordance with their own privacy policies.
Emails and newsletters
eSafety communicates with the public through email distribution lists and newsletters. With your consent, eSafety will collect your email and, if you provide it, other contact details when you subscribe to an eSafety mailing list. eSafety only uses this to update you on its activities and to administer the lists.
eSafety collects personal information in order to fulfil the eSafety Commissioner’s statutory functions and obligations or to undertake activities consistent with a regulatory function.
Before, at the time, or soon after collecting personal information, eSafety will provide you a notice outlining certain matters, including the purposes of collection, the consequences if personal information is not collected and whether eSafety usually discloses information of this kind to another entity.
Anonymity and use of pseudonym
eSafety will provide you the option of not identifying yourself, or using a pseudonym, unless it would be impractical for eSafety to deal with a person in that way or where a law requires or authorises the eSafety Commissioner to deal with individuals who have identified themselves.
Complaints related to offensive and illegal content can always be made anonymously.
Reports relating to image-based abuse do not require a complainant to provide their name.
Use and disclosure of personal information
eSafety will use or disclose personal information only for the purpose for which it was collected. eSafety will only use or disclose personal information for another purpose in certain permitted circumstances, including when:
- you consent for eSafety to do so
- the use or disclosure is required or authorised by or under an Australian law, or
- another exception under the Privacy Act applies, including the eSafety Commissioner reasonably believes that it is reasonably necessary for one or more enforcement-related activities or a permitted general situation exists.
Part 9 of the Enhancing Online Safety Act permits the eSafety Commissioner to disclose information in certain circumstances and with certain conditions, including to an authority of a foreign country responsible for regulating matters relating to online safety for children, provided it is not prohibited by Part 13 of the Telecommunications Act 1997.
The eSafety Commissioner may also disclose information to an authority if satisfied that the information will enable or assist the authority to perform or exercise any of the authority’s functions or powers, provided the information was obtained as a result of a function or power conferred on the eSafety Commissioner under the Enhancing Online Safety Act or the Broadcasting Services Act.
We only disclose personal information in order to help us fulfil a regulatory function, with your consent or where otherwise permitted by the Privacy Act. We may disclose your personal information to other government agencies, third parties and contract service providers participating in the Be Connected project. This may include overseas recipients and bodies undertaking research or surveys that you consent to participate in.
The Enhancing Online Safety Act lets us provide your information to certain authorities without your consent, including foreign authorities.
You may also choose to engage with us through a social networking service or our website. The companies we use for these purposes may also store information overseas.
Quality and security of personal information
eSafety takes reasonable steps to ensure the quality of the personal information we collect and disclose is accurate, up-to-date and complete.
eSafety has a range of measures in place to protect the personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure.
All information collected by eSafety is secured and managed in accordance with the Australian Government’s Protective Security Policy Framework, Information Security Manual and the Archives Act. You can find further information at the National Archives of Australia’s webpage for Commonwealth Records Management).
Access to and correction of personal information
The eSafety Commissioner will consider any request you make to access, or seek the correction of, your personal information within 30 days.
eSafety will take reasonable steps to correct information we hold about you, if we consider it inaccurate, out of date, incomplete, irrelevant or misleading. You may need to demonstrate how your personal information is incorrect.
eSafety will ask you to verify your identity before it gives you access to your information or corrects it.
You also have the right under the Freedom of Information Act 1982 to request access to the documents eSafety holds.
If the information eSafety holds about you is incomplete, incorrect, out-of-date or misleading, you can ask it that it be changed or annotated.
Making a complaint
eSafety manages personal information in accordance with its obligations and responsibilities under the APPs.
If you have a complaint about how eSafety has handled your personal information, you should outline your complaint in writing and lodge it with eSafety through the details on the Contact us page.
eSafety will assess your complaint within 30 days.
If you’re unhappy with how we have handled your complaint, you may be able to complain to the Office of the Australian Information Commissioner