You are here: Home About Us Privacy policy

    Privacy policy


    The purpose of this policy to ensure that the Australian Aged Care Quality Agency (Quality Agency) and its employees comply with the privacy provisions set out in the Privacy Act 1988 (Cth).


    The Privacy Act describes how “personal information” and “sensitive information” is to be treated. The Aged Care Act 1997, the Australian Aged Care Quality Act 2013 and associated Principles set out rules for the treatment of “protected information”.

    The Assistant Director Human Resources, supported by Executive Directors and State Directors, will coordinate and ensure compliance with the Australian Privacy Principles.


    The Quality Agency is the sole agency that providers of Government funded aged care, approved under the Aged Care Act 1997, will deal with in relation to the quality assurance of the aged care services that they deliver. Our functions are as set out in the Australian Aged Care Quality Act 2013.

    Who should read this privacy policy?

    You should read this policy if you are:

    • an individual whose personal information may be given to or held by us
    • a contractor, consultant, supplier or vendor of goods or services to us
    • a service provider funded to deliver services under a US funding agreement
    • a person seeking employment with us
    • a person who is or was employed by us (or our predecessor agencies).

    The Privacy Act 1988

    The Privacy Act 1988 (the Privacy Act) regulates how federal and ACT public sector agencies and certain private sector organisations can collect, hold, use and disclose personal information, and how you can access and correct that information.

    ‘Personal information’ is information in any form that can identify a living person. The Privacy Act applies only to information about individuals, not to information about corporate entities such as businesses, firms or trusts. Detailed information on the Privacy Act can be found on the Office of the Australian Information Commissioner (‘OAIC’) website.

    Quality Agency and privacy

    This Privacy policy sets out how we comply with the Privacy Act. In performing our functions and administering our legislation, we may collect, hold, use or disclose your personal information. We take privacy seriously and will only collect, hold, use and disclose your personal information in accordance with the Privacy Act.

    Remaining anonymous or using a pseudonym

    We understand that anonymity is an important element of privacy and some members of the public may wish to be anonymous when interacting with us.

    We also understand some members of the public may wish to use a pseudonym.

    Generally, members of the public will have the right to remain anonymous or adopt a pseudonym when dealing with us. However, it is not always possible to remain anonymous or adopt a pseudonym and we will inform you when this is the case.

    Information covered under this Privacy policy

    This Privacy policy covers how we collect, hold, use and disclose your personal information, including any financial information you provide to us (such as your credit card details). This policy applies to all personal information collected by us, including personal information collected through our social media websites.

    Information held by contractors

    Under the Privacy Act, we are required to take contractual measures to ensure contracted service providers (including sub-contractors) comply with the same privacy requirements applicable to us.


    Our personal information handling practices.

    Collection of personal information

    Personal information about you may be collected by us from you, your representative or a third party. We generally use forms, online portals and other electronic or paper correspondence to collect this information.

    Information may be collected directly by us or by people or organisations acting on our behalf (e.g. contracted service providers). We may also obtain personal information collected by other Commonwealth agencies, State or Territory government bodies, or other organisations.

    From time to time personal information is provided to us by members of the public without being requested by us.

    We collect and hold a broad range of personal information in records relating to:

    • employment and personnel matters for our staff and contractors (including security assessments);
    • the performance of our legislative and administrative functions;
    • individuals participating in funded programs and initiatives;
    • the management of contracts and funding agreements;
    • the management of fraud and compliance investigations;
    • the management of audits (both internal and external);
    • correspondence from members of the public to us and our Ministers;
    • complaints (including privacy complaints) made and feedback provided to us;
    • requests made to us under the Freedom of Information Act 1982 (Cth);
    • the provision of legal advice by internal and external lawyers.

    We will not ask you for any personal information which we do not need. The Privacy Act requires that we should collect information for a purpose that is reasonably necessary for, or directly related to, a function or activity of ours.

    When we collect personal information, we are required under the Privacy Act to notify you of a number of matters. These include the purposes for which we collect the information, whether the collection is required or authorised by law and any person or body to whom we usually disclose the information. We generally provide this notification by having Privacy Notices on our paper-based forms and online portals.

    Some personal information may be protected by other legislation

    Some personal information collected by us may be protected under secrecy provisions in our governing legislation (e.g. the Aged Care Act 1997; the Australian Aged Care Quality Act 2013 and associated Principles). These secrecy provisions contain rules for the collection, use and disclosure of information (which may include personal information) governed by the relevant legislation. These rules operate alongside the rules in the Privacy Act.

    Kinds of personal information collected and held

    In performing our functions, we collect and hold the following kinds of personal information (which will vary depending on the context of the collection):

    • name, address and contact details (e.g. phone, email and fax)
    • photographs, video recordings and audio recordings of you
    • information about your personal circumstances (e.g. age, gender, occupation)
    • information about your financial affairs (e.g. bank account details, information about business and financial interests)
    • information about your identity (e.g. date of birth, country of birth, drivers licence)
    • information about your employment (e.g. work history, referee comments, remuneration)
    • information about your background (e.g. educational qualifications, the languages you speak and your English proficiency)
    • government identifiers (e.g. Centrelink Reference Number or Tax File Number)

    On occasions, a range of sensitive information may also be collected or held about you, including information about:

    • your racial or ethnic origin;
    • your health (including information about your medical history and any disability or injury you may have) and
    • any criminal record you may have.

    How we collect and hold personal information

    We collect personal information through a variety of different methods including:

    • paper-based forms
    • electronic forms (including online forms)
    • face to face meetings
    • telephone communications
    • email communications
    • communications by fax
    • Our websites, social media and on-line platforms.

    We hold personal information in a range of paper-based and electronic records.

    Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Australian Government records management regime, including the Archives Act 1983, Records Authorities and General Disposal Authorities. This ensures your personal information is held securely.

    Purposes for which personal information is collected, held, used and disclosed

    We collect personal information for a variety of different purposes relating to our functions and activities including:

    • performing our employment and personnel functions in relation to our staff and contractors
    • performing our legislative and administrative functions
    • policy development, research and evaluation
    • complaints handling
    • program management
    • contract management and
    • management of correspondence with the public.

    We use and disclose personal information for the primary purposes for which it is collected. You will be given information about the primary purpose of collection at the time the information is collected.

    We will only use your personal information for secondary purposes where we are able to do so in accordance with the Privacy Act.

    How to seek access to and correction of personal information

    You have a right under the Privacy Act to access personal information we hold about you.

    You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

    However, the Privacy Act sets out circumstances in which we can decline access to or correction of personal information (e.g. where access is unlawful under a secrecy provision in portfolio legislation, such as the Aged Care Act 1997).

    To access or seek correction of personal information we hold about you, please contact us using the contact details set out at section 5.1 of this Policy.

    It is also possible to access and correct documents held by us under the Freedom of Information Act 1982 (the FOI Act). For information on this, please contact our FOI Coordinator (contact details are available on our website).

    Accidental or unauthorised disclosure of personal information

    We will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information.

    We follow the OAIC’s Data breach notification — A guide to handling personal information security breaches when handling accidental or unauthorised disclosures of personal information.

    Legislative or administrative sanctions may apply to unauthorised disclosures of personal information.

    Data security

    Access to personal information held by us is restricted to authorised persons who are employees or contractors.

    Electronic and paper records containing personal information are protected in accordance with Australian Government security policies.

    We regularly conduct audits to ensure we adhere to our protective and computer security policies.

    Our website

    The website is managed internally.

    We generally only collect personal information from our website where a person chooses to provide that information.

    If you visit our website to read or download information, we record a range of technical information which does not reveal your identity. This information includes your IP or server address, your general locality and the date and time of your visit to the website. This information is used for statistical and development purposes.

    No attempt is made to identify you through your browsing other than in exceptional circumstances, such as an investigation into the improper use of the website. 

    Some functionality of the AACQA website is not run by us and third parties may capture and store your personal information outside Australia. These third parties include (but are not limited to) Facebook, YouTube, MailChimp, SurveyMonkey, Twitter and Google and may not be subject to the Privacy Act. We are not responsible for the privacy practices of these third parties and we encourage you to examine each website's privacy policies and make your own decisions regarding their reliability. 

    Our website contains links to other websites. We are not responsible for the content and privacy practices of other websites and encourage you to examine each website's privacy policies and make your own decisions regarding the reliability of material and information found. 


    Cookies are used to maintain contact with a user through a website session. A cookie is a small file supplied by us, and stored by your web browser software on your computer when you access our website. Cookies allow us to recognise an individual web user, as they browse our website.

    Electronic communication

    There are inherent risks associated with the transmission of information over the Internet, including via email. You should be aware of this when sending personal information to us via email or via our website. If this is of concern to you then you may use other methods of communication, such as post, fax, or phone (although these also have risks associated with them).

    We only record email addresses when a person sends a message, subscribes to a mailing list, or uses our on-line booking platforms. Any personal information provided, including email addresses, will only be used or disclosed for the purpose for which it was provided.

    Disclosure of personal information overseas

    We will, on occasion, disclose personal information to overseas recipients. The situations in which we may transfer personal information overseas include:

    • the provision of personal information to overseas researchers or consultants (where consent has been given for this or we are otherwise legally able to provide this information)
    • the provision of personal information to recipients using a web-based email account where data is stored on an overseas server and
    • the provision of personal information to foreign governments and law enforcement agencies (in limited circumstances and where authorised by law).

    It is not practicable to list every country to which we may provide personal information as this will vary depending on the circumstances.

    However, you may contact us (using the contact details set out at section 5.1 of this Policy) to find out which countries, if any, your information has been given to.


    How to make a complaint

    If you think we may have breached your privacy rights you may contact us using the contact details set out at section 5.2 of this Policy.

    Our process for handling complaints

    We will respond to your complaint or request promptly if you provide your contact details. We are committed to quick and fair resolution of any complaints and will ensure your complaint is taken seriously. You will not be victimised or suffer negative treatment if you make a complaint.

    How to complain to the OAIC

    You also have the option of contacting the OAIC if you wish to make a privacy    complaint against US. The OAIC website contains information on how to make a privacy complaint. If you make a complaint directly to the OAIC rather than to us, the OAIC may recommend you try to resolve the complaint directly with US in the first instance.

    Privacy policy updates

    This Privacy Policy will be reviewed frequently and updated as required. 

    How to contact us

    General enquiries and requests to access or correct personal information

    If you wish to:

    • query how your personal information is collected, held, used or disclosed
    • ask questions about this Privacy Policy
    • obtain access to or seek correction of your personal information

    …contact us using the following contact details:

    Contact details for privacy complaints

    If you wish to make a complaint about a breach of your privacy, please contact us using the following contact details: sends e-mail)

    Availability of this policy

    If you wish to access this Policy in an alternative format (e.g. hard copy) please contact us using the contact details set out at section 5.1 of this policy.

    This policy will be made available free of charge.


    Processing of enquiries and approval of reasonable requests for access to information: Privacy Officer/Privacy Representatives.


    Personal Information - Personal information means information or opinion (including information or opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can be reasonably ascertained from the information or opinion.

    Sensitive information - is a subset of personal information.  It means information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health information about an individual.

    Privacy - The word we give to being able to keep certain information to ourselves.

    Anonymity – Freedom from identification.