Privacy and Data Protection Act 2014 (Vic) provides a legal framework for the collection, use and disclosure of personal information. The PDP Act covers all Victorian public sector bodies, including State Library Victoria.
Cookies are small data files that a web server places on a user’s hard drive to record aspects of that user’s experience of the website.
Health information is information that can be linked to an identifiable individual, including deceased individuals, which concerns that individual's physical, mental or psychological health, disability or genetic makeup.
Information privacy principles (IPPs), unless otherwise indicated, generally refers to the 10 information privacy principles that underpin the PDP Act.
Personal information is information that identifies or could identify a person. It can be almost any information, including information about name, email address, gender, age, financial and bank account details, opinions, education, employment history and performance appraisals, and photos and videos that can be linked to an identifiable living person. It can also include date of birth and postcode.
Privacy is a fundamental human right set out in the Charter of Human Rights and Responsibilities Act 2006 (Vic). It relates to the right of individuals to have their personal details protected, to be left alone and/or to be anonymous. The PDP Act governs the collection and protection of personal information and other data held by the Victorian public sector.
Privacy statement is a tailored statement that describes the privacy implications of specific online services and information that is collected from and about users, and how that can be accessed.
Sensitive information includes personal information about racial or ethnic origin, opinions or associations that are political, religious, philosophical or professional, sexual preferences or criminal records.
Unique identifier is a code consisting of alphabet characters and/or numerals that is assigned to an individual and distinguishes them from other individuals; for example, a Library registration number. A person's name alone is not a unique identifier.
User refers to those who participate in or are impacted by the collection and management of personal information at the Library. This includes employees and volunteers, contractors, Victorian Government and its agencies, Library members and users, patrons, sponsors, donors and the public – whether in person or via Library websites and online platforms.
State Library Victoria values and protects the personal information it collects in providing services to the people of Victoria. The Library is subject to the Privacy and Data Protection Act 2014 (Vic) (PDP Act), which outlines the manner in which Victorian Government agencies manage personal information.
The purpose of this policy is to inform individuals about the Library’s obligations and privacy practices, and to outline the principles that guide the Library in relation to:
- responsible collection and management of personal information
- providing individuals with the right to access the information about them we hold
- providing individuals with the right to make corrections to information about them that the Library holds
- handling queries and complaints about privacy
- balancing the public interest in the free flow of information with the public interest in protecting the privacy of personal information.
The Library’s handling of personal information is regulated by the Office of the Commissioner for Privacy and Data Protection.
This policy covers all personal information, including sensitive information, generated or held by the Library as defined in the PDP Act and, where applicable, the Health Records Act 2001 (Vic).
This policy applies to the Library Board of Victoria, its advisory committees, and all Library employees, contractors and volunteers.
Nothing in the PDA Act, information privacy principles (IPPs) or data security standard applies to any information contained in a document that is:
- a generally available publication
- kept at the Library for the purposes of reference, study or exhibition
- a public record available for public inspection in accordance with the Public Records Act 1973
- archived within the meaning of the Copyright Act 1968 (Cth).
3.1 Collection of personal information
The Library values and protects the personal information it collects in providing services to the people of Victoria. In accordance with the Library’s commitment to privacy, as well as the requirements of the PDP Act, personal information is handled, wherever practicable, in a way that is transparent to the individual concerned.
The Library collects personal information necessary for the achievement of its organisational and strategic objectives, and for the purpose of exercising its lawful powers and performing statutory functions under the Libraries Act 1988 (Vic). This includes the collection of personal information to support and build awareness of the Library’s fundraising initiatives, membership programs, annual campaigns and donor appeals.
State Library Victoria is one of Victoria’s pre-eminent cultural institutions and the major learning and reference library in Victoria, offering a range of services, exhibitions and cultural programs. The Library collects personal information that is necessary for it to manage and administer its functions and services, which includes, but is not limited to:
- engaging employees, volunteers, contractors, partners and service providers
- dealing with user registrations, visitors or potential visitors, general inquiries, orders and Library operations
- accessing the Library’s collections, whether in person or online
- accessioning records into the State Collection
- selling tickets to paid and free events, participation in market research, competitions and surveys
- research, educational programs and tours
- contributing comments to blogs
- fundraising, memberships and related transactions and administration
- commercial management and venue hire
- permissions to record and publish still photography, video and audio
- recording and responding to online interactions between the Library and community on social media channels and other multimedia
- receiving information and subscribing to (e)newsletters and other communications about Library events, programs and activities.
Personal information relating to these functions and services may be collected in electronic form through Library communications and websites.
When collecting personal information, the Library will take practical and reasonable steps so that individuals are made aware of the following:
- reasons for collecting the information
- types of individuals or organisations to which the Library might disclose this information
- rights of individuals to access their personal information held by the Library
- whether any law requires the collection of the information
- consequences (if any) of not providing the information
- Library contact details.
Where possible, the Library only collects personal information from the individual concerned. The Library will only collect sensitive information with the consent of the relevant individual or where applicable legislation permits that collection.
3.2 Use and disclosure of personal information
The Library will only use or disclose personal information for the purpose for which it has been collected or otherwise in accordance with legislated use and disclosure standards; for example, where it has obtained consent.
The Library does not use personal information other than in accordance with the law and for the purpose for which it was collected, or for a purpose the individual would reasonably expect to be associated with Library services and functions. The Library does not disclose any information (including personal information) collected by it unless authorised by law, or with reasonable consent.
In some circumstances, personal information collected for one purpose may also be used for another purpose. This may include instances where the secondary purpose is related to the primary purpose of collection and the individual would reasonably expect the Library to use or disclose the information for the secondary purpose.
3.3 Data quality and security
The Library will take reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete and up to date.
To some extent, the Library relies on individuals to provide accurate and complete information and to advise on any changes to that information.
The Library endeavours to protect personal information from misuse, loss, unauthorised access, modification or disclosure, and takes reasonable steps to ensure that the information is kept in secure environments and adequate controls are in place. Subject to the Library’s obligations under the Public Records Act 1973, information is generally destroyed or permanently de-identified when it is no longer required.
Information may be retained for long periods of time or potentially indefinitely in Library archives, or as required under the Public Records Act 1973 (Vic). Content contributed to Library sites may be indexed by Google and other search engines. Snapshots of Library websites are captured periodically for historical purposes and are stored in and available from the National Library of Australia’s PANDORA web archive.
3.5 Access and correction
Individuals whose personal information is held by the Library have a right to access and correct that information. Simple requests that involve only easily retrievable information of a small volume may be dealt with informally. Requests that involve information about commercial activities or in some way affect the privacy of another individual, or other more complex requests for access, may need to be dealt with through the Library's Freedom of Information process.
3.6 Unique identifiers
The Library will only assign a unique identifier to individuals where it is necessary to carry out one of its functions or services efficiently; for example, a Library registration number, credit card details or payroll number.
3.7 Anonymous transactions and data use
Wherever practicable, the Library will allow individuals not to disclose their identities when entering a transaction with the Library. The Library will advise individuals of any limitations of access to its collections as a result of choosing to transact anonymously.
The Library collects individual data for statistical analysis and website usage purposes, for website administration and maintenance, and to improve and develop websites and applications to better meet user needs.
No attempt will be made to identify individuals and their browsing activities, except in the proper investigation of suspected breaches of relevant Library entry and services policies, or where the Library is required by law.
When users visit Library websites, web servers automatically capture and log data, which includes:
- IP address
- top-level domain name (for example, .com, .au, .gov)
- date and time of site visit
- pages accessed
- files downloaded
- address of last site visited
- browser type and version.
3.8 Third parties
The Library may be lawfully required to use or disclose personal information in order to meet its obligations under other legislation. This may include sharing data with other departments or agencies, such as Victoria Police.
The Library also discloses personal information to third parties such as its partners or contracted service providers for the purposes of administrative functions. It is the Library’s intention that service providers are required to comply with the IPPs and any relevant confidentiality obligations.
3.9 Transfer of information interstate or overseas
If the Library transfers the personal information it collects outside Victoria, it will take care to ensure that the transfer of information complies with the relevant legislative requirements relating to transborder data flows. The Library may, in some circumstances for the necessary performance of its functions, transfer personal information or information collected from individuals outside Victoria to the servers of third-party organisations.
3.10 Links to other sites
Library sites contain links to websites not operated by the Library. The Library is not responsible for the privacy practices of such sites and it is recommended that users familiarise themselves with those websites' privacy statements.
3.11 Health information
Any health information held by the Library will be managed in accordance with the requirements of the Health Records Act 2001 (Vic).
3.12 Complaints and queries
Individuals who have any queries about this policy should contact the Library’s Privacy Officer (Corporate Governance Advisor):
State Library Victoria
328 Swanston Street
Melbourne Vic 3000
If individuals are not satisfied with the way in which the Library has handled any complaints, they may approach the Commissioner for Privacy and Data Protection.
4. Related documents
Charter of Human Rights and Responsibilities Act 2006 (Vic)
Code of Conduct for Victorian Public Sector Employees (No.1 2007)
Freedom of Information Act 1982 (Vic)
Health Records Act 2001 (Vic)
Libraries Act 1988 (Vic)
Public Administration Act 2004 (Vic)
Public Records Act 1973 (Vic)
Privacy and Data Protection Act 2014 (Vic)
Spam Act 2003 (Cth)