Where required by law, we will provide you information (in the form of a Privacy Collection Notice or other privacy disclosure documentation) specific to the services you want to obtain from us or specific to your dealings with us.
For further information on how we collect your personal and health information, see the Revenue NSW Privacy Management Plan. This Privacy Management Plan sets out how Revenue NSW complies with the principles of the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).
Revenue NSW is governed by the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act). Revenue NSW is also subject to special secrecy and disclosure provisions in legislation administered by Revenue NSW.
“Personal information” means information or an opinion about an individual (or an individual who could be reasonably identified) whether the information is true or not, and whether the information is recorded in a material form or not, as defined in section 4 of the Privacy and Personal Information Protection Act 1998 NSW.
As an example, personal information can be information that identifies you. Personal information could include:
For examples of what is personal information, see below under ‘What personal information we collect and hold’.
“Health information” is sensitive information under the HRIP Act. This means there are added restrictions on how health service providers can handle health information compared to other types of personal information.
The personal information collected and maintained by Revenue NSW generally includes:
We collect and hold a broad range of personal information relating to:
Revenue NSW may need to collect your personal information to assist you with your transactions and provide further information about related transactions or services from government or related partner agencies. We can collect personal information:
We may ask you to provide us with information over the telephone, through our website, by filling in a paper form, or meeting with us face-to-face. We will give you a Privacy Collection Notice at the time to explain how we will use the personal information we are asking for. The notice may be written or verbal.
You might also provide your personal information to us without us directly asking for it - for example, if you engage with us on social media.
We maintain data relating to the interactions we have with customers, including the services we have provided to you.
Most of the personal information Revenue NSW collects will be used to assist customer service transactions and administer the legislation for which Revenue NSW is responsible. This may involve another Government agency. Your personal information will be used for the purpose for which it was collected or a directly related secondary purpose. It may also be used in an emergency situation to help prevent a serious and imminent threat to life or health, for law enforcement purposes, or where we are authorised or required to do so by law.
We may use your personal information for the following purposes:
The legislation that Revenue NSW administers may authorise us to use the information we have collected for one purpose to be used for another purpose. For example, we may use information collected for tax purposes to assist with other Revenue NSW functions such as fines, state debt, unclaimed money and grants, and vice versa.
We will only keep personal information about you to use for the above purposes and for retention periods determined by legislation and our partner agency obligations.
Revenue NSW will take reasonable security measures to protect personal information from loss, unauthorised access, use, modification or disclosure, or other misuse. We will ensure personal information is stored securely, not kept longer than necessary, and disposed of appropriately. How we collect and handle your personal information is subject to the PPIP Act and HRIP Act.
A data breach happens when your personal information is accessed or disclosed without authorisation or is lost. The following analysis and examples provide some guidance on the meaning of these words.
Any reporting of privacy and data breaches by Revenue NSW will be consistent with guidelines produced by the NSW Information Privacy Commissioner (IPC) and the Office of the Australian Information Commissioner (OAIC).
We will also report on breach notifications to the IPC with analysis in a monthly report to the Revenue NSW Executive. This report will include:
Contact the Revenue NSW Privacy Officer at Revenue NSW if you believe there has been a data breach.
Individuals and organisations affected by a breach will be notified as soon as practicable. Where there are no extenuating circumstances, we will notify within five working days of the breach being reported. Circumstances where it may be appropriate to delay notification include where notification would compromise an investigation into the cause of the breach or reveal a software vulnerability.
From time to time, we may use your personal information to advise you about, or offer you other, services that may be relevant and of interest to you, or to seek your feedback about the service we have provided you. Personal information you or an associated party have provided us will be held on file for marketing purposes until you opt out of receiving such information. If you do not want to receive these offers from us, please email our Privacy Officer.
We may disclose your personal information to third parties for the following purposes:
The legislation that Revenue NSW administers often contains specific powers for us to share the information we have collected with certain other entities. This includes sharing:
The personal information of our customers, staff, suppliers and other contacts may be held on our behalf outside Australia, including ‘in the cloud’, by our third-party service providers. Our third-party service providers are bound by contract to use your personal information only on our behalf, under our instructions.
Our third-party service providers include (but not exclusively):
|Supplier||Description of Goods/ Services|
|Australian Receivables Pty Ltd||Debt Partnership Program|
|National Credit Management Ltd||Debt Partnership Program|
|Recoveries Corporation Pty Ltd||Debt Partnership Program|
|Milton Graham||Debt Partnership Program|
|Computershare communication Services||Bulk Print Services|
|Converga Pty Ltd||Document Capture Services|
|Adeptra Pty Ltd||Messaging via SMS and email|
|PEXA||Electronic Lodgement Network Operator|
|SAI Global||Client Service Provider|
|Tri Search||Electronic Duties Returns Client Service Provider|
|InfoTrack||Electronic Duties Returns Client Service Provider|
|Hazlett Information Services||Electronic Duties Returns Client Service Provider|
|Global Xtranet||Electronic Duties Returns Client Service Provider|
Revenue NSW may collect, use and disclose more extensive information than stated in this Policy to deal with the following circumstances:
Revenue NSW reserves the right to make disclosures to relevant authorities where the use of the Revenue NSW site raises a suspicion that an offence is being, or has been, committed. In the event of an investigation, Revenue NSW will provide access to data to any law enforcement agency that may execute a warrant to inspect our data or system activity.
You have the right to request access to the personal information Revenue NSW holds about you and to request a correction. To find out more about your right to your information, visit the right to information page.
If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our Privacy Officer as follows:
GPO Box 4042
Sydney NSW 2001
By email: RNSWprivacy@revenue.nsw.gov.au
While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by mail or email as above. We will acknowledge your formal complaint within 10 working days.
If you believe your privacy has been breached through actions by Revenue NSW, you can apply for an internal review of the conduct that led to the breach. If you decide to lodge a request for a privacy internal review, please complete the IPC application for an internal review and lodge it with the Revenue NSW Privacy Officer (see above contact details). All internal reviews will be conducted by the Department of Customer Service’s Government Information (Public Access) Act 2009 (GIPA) and Privacy team.
If the applicant is not literate in English and/or their first language and there is no organisation making the application on their behalf, the GIPA and Privacy team will use a professional interpreter where necessary.
Your application will be acknowledged in writing and the acknowledgement will include an expected completion date.
Either an officer in the Department of Customer Service Privacy Team (if they were not involved in the conduct which is the subject of the complaint), or another person not involved in the conduct which is the subject of the complaint, who is an employee or an officer of Department of Customer Service and is qualified to deal with the subject matter of the complaint, will conduct the review.
The internal review will be completed within 60 days of receiving your application and we will inform you of the outcome of the review within 14 days of completing it. If the review is not completed within this time, you have the right to seek external review at the NSW Civil and Administrative Tribunal (NCAT). More information on external reviews is provided below.
We will follow the Privacy Commissioner’s Internal Review Checklist (available at ipc.nsw.gov.au) and consider any relevant material submitted by you and/or the Privacy Commissioner.
You will be informed of the outcome within 14 days of the internal review being decided, including:
If you believe that we have not met our privacy obligations in our handling of your personal information, you may lodge a complaint by contacting our Privacy Officer.
If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the IPC by calling 1800 472 679, making a complaint online at https://www.ipc.nsw.gov.au, or mailing to GPO Box 7011, Sydney NSW 2001.