Privacy statement

Any personal information we collect will only be used for the purposes for which it has been collected. We will only disclose personal information to a third party when it is required by law, other regulations or at your request.

We have implemented security measures to protect your personal information and we will regularly audit our systems to ensure they are meeting the privacy standards as stated in our privacy policy.


This policy refers to the collection and use of personal information by the Nillumbik Shire Council.

Council is committed to full compliance with its obligations under the Information Privacy Act 2000 (Vic) and the Health Records Act 2001(Vic). In particular, Council will comply with the 10 Information Privacy Principles and 11 Health Privacy Principles contained in those Acts.


Key terms used in this Policy are ‘personal information’, ‘sensitive information’ and ‘health information’.

Personal Information

‘Personal information’ is information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion (excluding health information). It may include numbers or images that can be linked to an identifiable living person.

‘Personal information’ may include:

  • name, age, weight, height;
  • income, purchases and spending habits; ·
  • race, ethnic origin and colour;
  • blood type, DNA code, fingerprints; ·
  • marital status and religion;
  • education;
  • home address and phone number.

Sensitive Information

‘Sensitive information’ means personal information about an individual’s:

  • race or ethnic origin; or
  • political opinions; or
  • membership of a political association; or
  • religious beliefs or affiliations; or
  • philosophical beliefs; or
  • membership of a professional or trade association; or
  • membership of a trade union; or
  • sexual preferences or practices; or
  • criminal record.

Health Information

‘Health Information’ means personal information or opinion about:

  • an individual's physical, mental or psychological health (at any time); or
  • an individual's disability (at any time);or
  • expressed wishes about the future provisions of health services to him or her; or
  • health services provided, or to be provided, to an individual; or
  • an individual collected to provide a health service to him or her (eg disability or aged care service, immunisation service or maternal and child health care service).

Summary of Information Privacy Principles

Principle 1 - Collection

Council will only collect personal, sensitive and health information that is necessary for specific and legitimate functions and activities. In some instances, Council is required by law to collect this information. From time to time, Council will also invite submissions from the community and will collect contact details for the purpose of responding to those submissions. Council will only collect sensitive and health information where the individual has consented or as permitted under the Act.

If it is reasonable and practicable to do so, Council will collect personal, sensitive and health information about a person directly from that individual. When doing so, it will inform the person of the matters set out in the Act, including the purpose/s for which the information is collected, and will use lawful and fair means.

Principle 2 – Use and Disclosure

Council will only use personal, sensitive or health information within Council, or disclose it outside Council, for the purpose for which it was collected or in accordance with the use and disclosure standards of the Information Privacy Act or the Health Records Act.

Use also may include publishing personal information. This especially applies to any public registers containing personal information, which are required by law to be maintained by Council and made available to the public or open to inspection.

Principle 3 – Data Quality

Council is responsible for the quality of the personal, sensitive and health information it holds. Council is required to take all reasonable steps to ensure that this information it holds is accurate and, given the purpose of the information, is relevant, up to date, complete and not misleading. It is, therefore, the responsibility of Council to ensure that the information it holds is of high quality.

Principle 4 – Data Security

Council will endeavour to maintain a secure system for storing personal, sensitive and health information. Technological and operational policies and procedures are in place to protect this information from misuse and loss and from unauthorised modification or disclosure. Council will lawfully and responsibly destroy or permanently de-identify this information where it is no longer necessary to fulfil the purposes for which the information was collected or as required by law.

Principle 5 – Openness

Council must make publicly available its policies relating to the management of personal information. In addition, Council must, on request, take reasonable steps to provide individuals with general information on the types of personal information it holds and for what purposes and how it collects, holds, uses and discloses that information.

Accordingly, this Privacy Policy will be made available to the public as well as to Councillors, Council staff and contractors.

Principle 6 – Access and Correction

Should you wish to access and/or correct your personal, sensitive or health information, please contact Council's Privacy Officer, Nillumbik Shire Council, PO Box 476, Greensborough 3088 or by telephoning 9433 3269. Access will be provided except in the circumstances outlined in the Acts, for example, where the information relates to legal proceedings or where the Freedom of Information Act 1982 applies.

If you believe that your information is inaccurate, incomplete or out of date, you may request Council to correct the information. Your request will be dealt with in accordance with the Acts.

Principle 7 – Unique Identifiers

Council must not assign, adopt, use, disclose or require unique identifiers from individuals except for the course of conducting normal Council business or if required by law. Council will only use or disclose unique identifiers assigned to individuals by other organisations if the individual consents to the use and disclosure or the conditions for use and disclosure set out in the Act are satisfied.

Principle 8 – Anonymity

Where lawful and practicable, Council will give individuals the option of not identifying themselves when supplying information or entering into transactions with Council. If you wish to make an enquiry, no personal information will be collected or recorded unless Council needs to contact you with a response to your enquiry.

Principle 9 – Trans-Border Data Flows

Council may transfer personal, sensitive or health information outside of Victoria only if that data transfer conforms to the reasons and conditions outlined in the Acts.

Principle 10 – Sensitive Information

Council must not collect sensitive information about an individual except for circumstances specified under the Act.

Principle 11 – Transfer / Closure of the Practice of a Health Service Provider

This Privacy Principle only applies where Council is providing a health service.

If Council no longer provides a particular health service, it must give notice of the transfer or closure to past service users.

Principle 12 – Making information available to another Health Service Provider

This Privacy Principle also only applies where Council is providing a health service.

As a health service provider, Council must make health information relating to an individual available to another health service provider if requested by the individual.

Collection notice

When collecting personal or health information, the Nillumbik Shire Council will take reasonable steps to advise you of what information is being sought, for what purpose, whether any law requires the collection of the information and the main consequences, if any, of not providing the information. The following notation is an example of the type of notification that should be included on forms used to capture and collect personal, sensitive or health information:

Privacy notification

The personal information requested on this form is being collected by Council for [insert functional purpose]. This information will be used solely by Council for that primary, or directly related, purposes. The applicant understands that the personal information provided is for the [insert functional purpose] and that they may apply to Council for access to and/or amendment of the information.


If you wish to make a complaint against the Nillumbik Shire Council for a breach of privacy you should put address your complaint to Council’s Privacy Officer, Nillumbik Shire Council, PO Box 476, Greensborough 3088 or by telephoning 9433 3269.

Your complaint will be investigated as soon as possible (but no later than five business days) and you will be provided with a written response.

Alternatively, you may make a complaint to the Victorian Privacy Commissioner (in respect of personal and sensitive information), or the Health Commissioner (in respect of health information), although the Commissioners may decline to hear the complaint if you have not first made a complaint to Council.

For further Information

If you require any further information about this Privacy Policy, please contact Council's Privacy Officer (telephone (03) 9433 3269).