What is this policy about?
State Library Victoria (the Library) values and protects the personal information we collect when providing services to the people of Victoria.
This policy tells you about how we protect your personal information and respect your privacy in compliance with the Privacy and Data Protection Act 2014 (Vic), including:
- responsible collection and management of personal information
- your right to access information we hold about you
- your right to make corrections to information we hold about you
- how we handle queries and complaints about privacy
- balancing the public interest in the free flow of information with protection of personal information.
You can read about Victoria’s Information Privacy Principles and your rights on the Office of the Victorian Information Commissioner’s website.
This policy covers all personal information including sensitive information, created or stored by the Library.
Personal information is anything that identifies or could identify a person. This can include a person’s name, email address, gender, age, financial and bank account details, opinions, education, employment history and performance appraisals. It also includes photos and videos that can be linked to an identifiable living person.
Sensitive information is personal information about racial or ethnic origin, political, religious, philosophical or professional opinions or associations, and information about sexual preferences or activity or criminal records.
The policy applies to the actions of all Library staff, including the Board and its committees, employees, contractors and volunteers.
This policy doesn’t apply to information that is:
- in a generally available publication
- kept at the Library for the purposes of reference, study or exhibition (that is, our collections, including preservation and cataloguing functions)
- a public record available for public inspection in accordance with the Public Records Act 1973 (Vic)
- archived within the meaning of the Copyright Act 1968 (Cth)
If you have a question about personal information from our collections that may be available online, please refer to our Takedown Position Statement.
How we protect your privacy
Collecting personal information
Personal information is handled transparently wherever possible, so you know how we are treating your information.
We collect information to deliver functions and services to the public, manage our staff, volunteers and contractors, and to support us to achieve our organisational goals. We may collect your information for the following purposes:
- to register you as a Library user so that you can access our collections in person and/or online
- to manage enquiries and orders
- to gather data about our users, visitors and potential visitors so that we can provide relevant services
- to register attendees for paid and free events and programs
- to run competitions
- to identify contributors to blog comments
- to seek your consent to record and publish still photography, video and audio you appear in
- for website administration and management
- to record and respond to the community on social media channels and other multimedia
- so that you can subscribe to e-newsletters and other communications about the Library’s events, programs and activities
- to engage employees, volunteers, contractors, partners, funding recipients and service providers
- when acquiring and accessioning records into the State Collection
- to manage fundraising, memberships and related transactions
- for commercial management and venue hire
- for safety and security purposes, such as via CCTV or for incident management.
Personal information relating to these functions and services may be collected in electronic form through the Library’s websites, email and web meeting platforms, and the Library’s CRM system.
Email addresses will not be added to an electronic mailing list without your knowledge or consent.
When collecting personal information, we take reasonable steps to tell you:
- why we are collecting your information
- who we might share your information with
- how you can access the information we hold about you
- whether any law requires the collection of the information
- if there are any consequences if you don’t provide your information (such as not being able to use a service or attend an event)
- how to contact us.
When we collect personal information, we provide a Collection Notice that explains these points.
Wherever possible, the Library only collects personal information from you directly, and not from another person or organisation.
The Library will only collect sensitive information with your consent or when we are legally allowed to collect sensitive information.
How we use and share your information
We only use and share your personal information for the reason it was collected, or for a purpose that an individual would reasonably expect it to be used for. We only use and share information where we are legally allowed to do so or with your consent.
In some circumstances, personal information collected for one purpose may also be used for another purpose. This usually happens where the second purpose is related to the main reason we collected the information, and an individual would reasonably expect us to use or disclose the information for the second purpose.
Collecting correct and up-to-date information
We always try to make sure that the personal information we collect, use or share is accurate, complete and up to date. To an extent, we rely on you to provide accurate and complete information and to advise of any changes to that information.
How we keep your information safe
We aim to protect your personal information from being misused, lost, accessed by unauthorised people, or changed without your knowledge. We take reasonable steps to keep your information safe and secure.
How we store your information Information
is generally destroyed or permanently de-identified when it is no longer required. However, information may be retained for long periods of time or indefinitely in the Library’s archives (or as required under the Public Records Act 1973 (Vic)).
Some personal information you enter on the Library website may appear elsewhere, for example:
- content publicly contributed to the Library’s websites may be stored by Google and other search engines, for example if you leave a comment on a blog post
- snapshots of the Library’s websites are captured periodically for historical purposes and are stored in and available from the National Library of Australia’s Trove website.
Accessing and updating your information
You have a right to access information the Library holds about you. Simple requests to access or update information may be dealt with informally such as via email, over the phone or in person at the Library.
Requests for information about commercial activities or that affect another person’s privacy, or other more complex requests, may need to follow our Freedom of Information procedures.
Assigning unique identifiers
We only assign a unique identifier to your information where it is necessary to deliver efficient functions or services. Unique identifiers may include a Library registration number, credit card details or payroll number.
Choosing not to share personal information
Wherever possible, we won’t ask you to share personal information when interacting with us. We will let you know if there are limits to accessing the collection, attending events, or interacting with us in other ways if you choose not to share personal information with us.
Privacy when using our website
We collect information about how our website is used. When we collect information about our website usage, it’s anonymous. If you are logged in with your Library membership, however, some data we collect may be associated with your account. We may need to identify a person if we need to investigate a suspected breach of our Entry and Service Policies, or where we are required to identify a person by law (such as in the investigation of a crime).
When you visit Library websites, web servers automatically capture and log some data. Some data may also be captured by sites such as Google Analytics. This may include the date and time of your visit and pages accessed.
Sharing information with other organisations
We may be required by law to use or share personal information to meet legal obligations or exemptions. This may include sharing data with other departments or agencies, such as Victoria Police.
We may also share personal information with our partners or contracted service providers for administrative or service-improvement purposes. Service providers are required to comply with this policy, the Information Privacy Principles and any relevant confidentiality obligations.
Transfer of information interstate or overseas
If we need to transfer information outside Victoria, we will take reasonable steps to make sure that this complies with Victorian privacy principles about transborder data flows. To deliver our functions and services, we may sometimes need to transfer personal information or information collected from individuals outside Victoria to the servers of third-party organisations located outside Victoria.
Links to other sites
Our websites contain links to other websites that we do not operate. We are not responsible for the privacy practices of other websites and we recommend that you familiarise yourself with those websites’ privacy statements.
Collecting and using health information
Health Information is information that can be linked to an identifiable individual, including deceased individuals, which concerns that person’s physical, mental or psychological health, disability or genetic makeup. Usually, we only collect health information about our staff, prospective employees and contractors. We may collect health information about visitors and users to support them to access our services. Any health information we hold will be managed in accordance with the requirements of the Health Records Act 2001 (Vic).
Complaints and queries
If you have any questions about this policy, or want to make a complaint about how your personal information has been handled by the Library, please contact our Privacy Officer at email@example.com.
If you are not satisfied with how we handle privacy complaints, you may contact the Office of the Victorian Information Commissioner.
- Public Administration Act 2004 (Vic)
- Charter of Human Rights and Responsibilities Act 2006 (Vic)
- Code of Conduct for Victorian Public Sector Employees (2015)
- Freedom of Information Act 1982 (Vic)
- Health Records Act 2001 (Vic)
- Libraries Act 1988 (Vic) Public Records Act 1973 (Vic)
- Privacy and Data Protection Act 2014 (Vic)
- Spam Act 2003 (Cth)
- Surveillance Devices Act 1999 (Vic)including any related guidelines
- Register of Delegations (internal)
- Privacy Handbook, Privacy Impact Assessments, Recording Consent Form (internal)
- ICT Security Policy Employee Terms & Conditions of Use
- Staff induction, awareness and compliance training procedures