Privacy Policy

What information we collect

We may collect personal information about you when it’s reasonably necessary for, or directly related to, our functions or activities.

We may collect sensitive information about you:

where you consent
when the collection is authorised or required by law
when the collection is otherwise allowed under the Privacy Act.

The kinds of personal information we may collect includes all of the following.

Information about you, such as your:

name
address
gender
date of birth
contact details.

Information about your circumstances, such as your:

employment status and history
education status
financial situation
cultural and linguistic background
citizenship and visa status
passport and travel movements
health and welfare
disabilities
family circumstances.

Information about your family and other related persons, such as any:

partners
children
dependants
carers
nominees or authorised representatives.

Information about your interactions with us, such as:

applications and claims you’ve made
payments or services we provide you
feedback and complaints
any other special service arrangements.

We may also collect information about you to help us establish and verify your identity and administer records, including:

departmental reference numbers
Department of Veterans’ Affairs (DVA) file numbers
tax file numbers
healthcare identifiers
biometric information such as your Voice Biometrics voiceprint.

We may also collect information about how you use our online services and applications, such as:

pages you visit
online forms you fill in
your interactions
your chats with our virtual assistants
your language preferences
searches you make.

You can read more about the collection of personal information.

How we collect information

We collect your personal information through a variety of channels. This includes paper forms or notices, search warrants, online portals, mobile applications, correspondence, face to face or over the telephone.

We may also collect your personal information from third parties including other government agencies:

as a result of a tip-off
when undertaking data matching
through administering legislation
in the lodgement of a complaint
in the context of enforcement activities
when administering whole-of-government online services.

When your personal information is collected from a third party, we take steps to inform you. This may occur through this Privacy Policy, application forms, notices or discussions with our staff.

Social networking services

We use social networking services such as Facebook, X, YouTube, Instagram and Yammer to talk with the public and our staff. When you talk with us using these services we may collect your personal information to communicate with you and the public.

The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for these services on their websites.

Data exchanges

We exchange data with other agencies through technical pathways such as the digital gateway. We do this under relevant legislation to collect accurate and up-to-date information about customers. We can also assist other agencies to exchange data using the same pathways.

Data matching

Data matching is where we compare income information collected from you with information held by other organisations, such as the Australian Taxation Office (ATO). We do this to help deliver the payments and services you’re eligible for.

We prepare Programme Protocols for our data matching programs, in accordance with guidelines issued by the Office of the Australian Information Commissioner (OAIC). Read about Centrelink program data matching activities.

Why we collect information

We collect personal information about you where it is reasonably necessary for, or directly related to, one or more of our functions or activities.

To deliver payments and services

We may collect your personal information when it is reasonably necessary for delivering payments or services. For example, we may collect your personal information to:

confirm your identity
communicate with you, including by SMS or email
provide advice about available support
ensure correct payments are made
verify data provided in relation to claims and reviews with third parties
investigate fraud, including internal fraud and the assessment of payment eligibility
manage complaints and feedback
participate in merits and judicial review matters
manage and respond to requests for information
administer and provide online services, including myGov
act as an accredited entity, specifically the Identity Exchange Provider and as an attribute service provider within the Australian Government’s Digital ID system
act as an accredited participant, operating the Digital Identity exchange within the Australian Government’s Digital ID System.

The reasons we collect your personal information will depend on the payments and services you access or are seeking. Read why we collect your personal information for:

We may use your information with automated decision-making systems and tools to help us deliver payments and services to you. This helps us improve the efficiency and accuracy of the payments and services we provide to you. We will comply with all applicable laws when using these systems and tools. Our use of these systems and tools does not affect any rights you may have to request a review of a decision we make.

To improve our services

We may use your personal information to conduct statistical analysis and research to improve service delivery. We’ll contact you or a trusted research company will on our behalf. Our contracts with each research company contain legal binding provisions to protect your privacy.

We only give contracted research companies the details they need to contact you when they need it for their research. Your information stays confidential and is:

not used for any purpose except for the specific research activity
not given to anyone else
destroyed or returned to us when the research is over.

Read about how we use research and surveys to improve our services.

For employment and recruitment

We collect personal information to establish and maintain records for the employment and recruitment of staff. You can read about the information we collect for employment purposes.

To work better across the agency

Your personal information may be shared across our Centrelink, Child Support and Medicare service areas if you have given your consent or the sharing of your information is authorised or required by law.

To make dealing with government easier for you

We administer platforms such as myGov and Digital ID exchange to deliver more convenient, accessible and efficient services. In doing so, we work with other Australian Government agencies, state and territory agencies and third parties. Your personal information may be shared for the purposes of developing and administering these platforms if either:

you have given your consent
the sharing of your information is authorised or required by law.

We operate the following Trusted Digital ID Framework (TDIF) accredited entities within the Australian Government’s Digital ID system:

Digital ID exchange, which supports the connection of the relying parties with accredited entities.
Attribute service providers, which are myGov LinkID attributes.

There are strict rules that manage what we can do as an attribute service provider. The federated Digital ID system is underpinned by the TDIF. TDIF accredited participants must undergo a series of strict assurance evaluations. These include but aren’t limited to:

accessibility and usability
privacy protection
security and fraud control
risk management
technical integrity.

The TDIF role requirements for myGov do not replace, remove or change existing obligations followed through other policies, legislation or regulations, or by any other means. Instead, these TDIF role requirements add to existing obligations.

We manage your personal information in performing our role as an accredited Identity Exchange Provider within the Australian Government’s Digital ID system. To find out more about how we do this, read the privacy information on the Digital ID exchange website:

To understand more about how myGov manages your personal information, read the myGov privacy notice.

Only when required or authorised with third parties

We may disclose your information to Australian Government agencies, state and territory agencies and third parties, where required or authorised by law. The disclosure of your personal information will depend on the payments or services to which the information relates.

To help our community in a time of emergency or disaster

In some circumstances, we may share information to support people who have been affected by a disaster or emergency. This could include sharing information with agencies and organisations as part of the emergency response or recovery effort. We may, for example, share information to help affected individuals to access financial or other assistance from charities, as well as from Australian government agencies.

Read who we can share your personal information with.

To provide you with a more personalised experience

We may use information about your online experience to help us improve our services.

We may need to share your personal information if we’re authorised or required by law to do so.

Read our privacy notice about data analytics and service improvement.

How we store personal information

We take reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:

storing paper records securely as per Australian government security guidelines
only accessing personal information on a need-to-know basis and by authorised personnel
monitoring system access which can only be accessed by authenticated credentials
ensuring our buildings are secure
regularly updating and auditing our storage and data security systems.

When no longer required, we destroy or archive personal information in a secure manner.

Data hosted for other agencies

We gather and store personal information on behalf of other agencies including in our data lake storage repository.

We do this in a similar way to a cloud service provider. We keep the hosted data separate from our own data and protect it with strict access controls. This means we don’t have control over the hosted data.

Send requests or complaints about hosted data to the agency the personal information belongs to. If we get a request or complaint about hosted data, we’ll send it to the agency it belongs to.

Secrecy

In addition, our staff are bound by secrecy provisions that regulate information we collect for social security, family assistance, health, child support and redress law. These secrecy provisions restrict the access, use and communication of protected information, including within the agency.

How we share information outside Australia

We may disclose your personal information overseas, such as to a foreign government or agency, where:

the disclosure is required or authorised by law, or
international information sharing arrangements are in place.

This may be more likely if you, your partner or dependants, or the other party to your Child Support case, live or have lived overseas, or are travelling overseas.

Under international information sharing arrangements we can either:

collect and disclose information about you where it is requested by an overseas authority
request information about you from an overseas authority.

While these arrangements differ, overseas authorities may have agreed to only use information for the purposes of the arrangements, and in accordance with relevant privacy obligations.

Read about the countries which have international information sharing arrangements in place:

How to access and correct information about you

You have the right to both ask:

for access to personal information that we hold about you
that we correct personal information we hold about you.

If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.

We will notify you in writing, and explain our reasons if we refuse to give you access to, or correct, your personal information.

You can access and correct most of your details online using self service.

If you can’t use self service, read how to:

Updating information about you

To ensure you are only accessing payments and services you are eligible for it’s important to tell us if your circumstances change.

You can do this yourself using self service.

What we do with your Tax File Number (TFN)

We adhere to the Privacy (Tax File Number) Rule 2015 for the collection, storage, use, disclosure, security and disposal of TFN information.

Specific purposes why we may request your TFN

We may request your TFN to:

administer various payments, and
comply with legislation referred to in section 8WA(1AA) of the Taxation Administration Act 1953.

You do not have to give us your TFN. However, if you don’t provide it, or authorise us to access it from the Australian Taxation Office, there may be financial consequences.

If you give us your TFN, we will only use it where you consent, or where the use is authorised or required by law.

Prohibitions and penalties for unauthorised collection and use of TFN information

Under the Privacy (Tax File Number) Rule 2015 and the Taxation Administration Act 1953 it is an offence if we either:

require, request or collect TFN information for unauthorised purposes
record, use or disclose TFN information unless permitted under taxation, personal assistance or superannuation law.

A breach of the Privacy (Tax File Number) Rule 2015 is considered an interference with privacy under the Privacy Act. Where a breach of privacy is very serious, the Australian Information Commissioner may seek a civil penalty under the Privacy Act.

A breach of the Taxation Administration Act 1953 may result in maximum penalty of a $21,000 fine (100 penalty units), 2 years imprisonment or both.

There may also be other penalties under taxation, superannuation or personal assistance laws.

If you think your TFN information has been mishandled, you can make a complaint with the Office of the Australian Information Commissioner (OAIC). The OAIC is independent to us.

Further details about the TFN rules

Read the Privacy (Tax File Number) Rule 2015 and the Taxation Administration Act 1953 on the federal register of legislation website.

The OAIC has made the following information available to you to protect your TFN information:

How to make a complaint about privacy

If you wish to complain about how we’ve handled your personal information, first try to resolve the issue with the person you’ve been dealing with. If you’re not satisfied, you can ask to speak to their supervisor.

Read how to make a complaint or give feedback.

How we deal with your complaint

We will always respond to your feedback.

We will use the information from your feedback to investigate and resolve individual issues. We will also use the information to provide feedback to staff or our business areas. Your information will be stored and used to assist us to improve the delivery of our services.

If we do not resolve your complaint to your satisfaction, you can contact OAIC. The OAIC is independent to us.

Centrelink data matching activities

Matching data is one of the key controls we use to manage the risk of fraud and non-compliance.

Child Care Personnel and Provider Digital Access (PRODA) privacy notice

This privacy notice outlines how we manage personal information for Child Care Personnel and Provider Digital Access (PRODA).

Child Care Subsidy privacy notice for customers

This privacy notice outlines how we manage personal information in relation to Child Care Subsidy.

COVID-19 and influenza (flu) immunisation history statement privacy notice

This privacy notice outlines how we manage personal information for the COVID-19 and influenza (flu) immunisation history statement.

COVID-19 Vaccine Claims Scheme privacy notice

This privacy notice outlines how we manage personal information for the COVID-19 Vaccine Claims Scheme.

Data analytics and service improvement privacy notice

Along with our privacy policy, this notice explains how we collect information about how you interact with us online.

Data matching activities for third party organisation data breaches

Matching data is one of the key controls we use to assist customers in preventing fraud and non-compliance.

Disaster Recovery Payment and Disaster Recovery Allowance privacy notice

The privacy and security of your personal information is important to us and is protected by law.

General Practice training payments consent and privacy notice

We collect and use information to support eligible Practices, Supervisors and Registrars participating in the Australian General Practice Training Program.

International COVID-19 Vaccination Certificate privacy notice

This privacy notice outlines how we collect, use and disclose your personal information for the International COVID-19 Vaccination Certificate.

Medicare Entitlement Statement consent and privacy notice

We collect, use and disclose information to process, assess and support applications for a Medicare Entitlement Statement.

National Redress Scheme privacy notice

This privacy notice outlines how we manage personal information for the National Redress Scheme.

Organisation Register privacy notice

This privacy notice outlines how we manage personal information for the Organisation Register.

Students and associated travellers privacy notice

This privacy notice outlines how we use personal information when we arrange travel for students and associated travellers.

Your right to privacy

You have a right to have your personal information kept private. We adhere to laws in social security, health, child support, redress and disability services.

on this page