Privacy

1. Collection of Personal Information

1.1 The Council will not collect personal information unless:

(a) The personal information is collected for a lawful purpose directly related to a legislative function or power of the Council or Council business operations;

(b) Collection of the personal information is necessary for or directly related to that purpose; and

(c) Explicit permission has been given by the person whose personal information is being collected.

1.2 The personal information that may be collected will depend on the particular purpose for which it is collected, and may include but is not limited to:

  • Telephone numbers;
  • Name and addresses (postal, residential and e-mail addresses);
  • Age and/or date of birth;
  • Property ownership and/or occupier details;
  • Details of resident’s/ratepayer’s spouse or partner;
  • Development applications, including plans or specifications of buildings;
  • Pet ownership;
  • Electoral roll details;
  • Pensioner / concession information;
  • Payment history;
  • Financial, rental or income details;
  • Details of land valuation;
  • Preferred addresses and methods of contacts;
  • Details of employment; and
  • Insurance details.

1.3 All personal information that is collected by Council will be collected in a fair and lawful manner.

1.4 The Council will take reasonable steps to inform the person whose personal information it collects:

(a) Of the purpose(s) for which the personal information is being collected;

(b) If the collection of the information is authorised or required by law, that the collection is so authorised or required; and

(c) In general terms, of its usual practices with respect to the use and disclosure of personal information of the kind collected.

1.5 The Council will take reasonable steps to ensure that personal information collected by it is relevant to the purpose(s) of collection and is up to date and complete.

1.6 The Council will take reasonable steps to ensure that the collection of personal information by it does not unreasonably intrude upon an individual’s personal affairs.

1.7 The Council may collect information concerning persons from a number of private and public sector agencies, which may include, but is not limited to Transport SA, the State Electoral Office, Office of the Valuer General, SA Water, Telstra and from individual persons.

2. Collection of Sensitive Information

2.1 The Council will not collect sensitive information about an individual unless:

(a) The individual has consented;

(b) The collection is required by law;

(c) The collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any person; or

(d) The collection is necessary for the establishment, exercise or defence of a legal or equitable claim.

2.2 If the Council collects sensitive information about an individual in accordance with the provisions of this Policy, the Council will take reasonable steps to de-identify the information before the Council discloses it.

3. Maintenance and Storage of Personal information

3.1 The Council may disclose some personal information to an offshore third party cloud computing services provider. In this event, Council will take adequate and reasonable steps to assure appropriate data security.

3.2 The Council will take reasonable steps to:

(a) Protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure; and

(b) Maintain its record keeping systems to ensure that all personal information collected is up to date, accurate and complete as far as reasonably practicable; and

(c) Ensure that any person who, on behalf of the Council, uses or discloses personal information held by the Council has appropriate authorisation to do so.

3.3 In the event of a data breach involving Tax File Number (TFN) information, Council will take the following steps:

  • Contain the data breach;
  • Within 30 days of the event, assess if the data breach is an eligible data breach;
  • Take remedial action to prevent the unauthorised access or disclose of TFN information;
  • Notify the Australian Information Commissioner and affected individuals where there is an eligible data breach; and
  • Review the incident, report to other relevant bodies and take preventative action to ensure that a similar incident does not occur again.

4. Use of Personal Information

4.1 Where the Council collects personal information for a particular purpose (the primary purpose), it will not use that personal information for any other purpose (secondary purpose), unless:

(a) The Council first takes reasonable steps to obtain the consent of the individual concerned to use his or her personal information for that secondary purpose; or

(b) The individual would reasonably expect the Council to use or disclose the information for the secondary purpose and the secondary purpose is directly (for sensitive information) or indirectly related (for any other information) to the primary purpose; or

(c) The Council believes on reasonable grounds that use of the information for that secondary purpose is necessary to prevent or lessen a serious or imminent threat to the life or health of the individual concerned or another person; or

(d) Use of the information for that secondary purpose is required or authorised by law; or

(e) Use of the information for that secondary purpose is reasonably necessary for the enforcement of the criminal law or of law imposing a pecuniary penalty.

4.2 Direct Marketing:

(a) Reasonable expectation to use or disclose: If Council holds personal non-sensitive information about an individual, it must not use or disclose the information for the purpose of direct marketing except when Council has collected the information from the individual and the individual would reasonably expect Council to use or disclose the information for that purpose (except for sensitive information)

(b) No reasonable expectation to use: In the event that the individual would not reasonably expect Council to use or disclose non-sensitive information for direct marketing, the individual needs to have given consent to the use or disclosure of the information for direct marketing

(c) Council must provide a simple means by which the individual may easily request not to receive direct marketing communications from Council

(d) Council will only use or disclose sensitive information about an individual for direct marketing purposes if the individual has consented to the use or disclosure of the information for that purpose

5. Disclosure of Personal Information

5.1 The Council will not disclose personal information it holds about a person to a third party, except where:

(a) A reasonable individual is likely to have been aware that his or her personal information would be disclosed in that way;

(b) The resident or ratepayer has consented to or made a written request for personal information to be provided to a third party;

(c) The personal information is provided for the purpose of distributing materials of and on behalf of the Council (for example: the provision of address data for use by a mailing service provider to post Rates Notices or other materials);

(d) The third party has been contracted by the Council to provide advice or services for the purpose of assisting the Council in providing benefits to persons (for example: State Electoral Office, Office of the Valuer General, insurers, legal service providers);

(e) The Council is required or authorised by law to disclose the personal information to a third party or to the public at large (for example, under the Freedom of Information Act);

(f) The resident or ratepayer has been advised of the Council’s usual practice of disclosing personal information to that third party or a third party of that type for a particular purpose and the disclosure is consistent with that purpose; or

(g) A public consultation submission has been received by Council. To enable transparency in consultation processes to occur, all public consultation submissions received by Council will become public documents and may be included in a report to Council which is also available to the public.

5.2 Where personal information is provided to the Council by a person “in confidence”, the Council will not disclose such information to a third party without the person’s consent, unless such disclosure is required or authorised by law (for example, applications made under the Freedom of Information Act).

5.3 The Council will take reasonable steps to:

(a) Contract only with third party service providers that are subject to the provisions of the Privacy Act and the Australian Privacy Principles; and

(b) Where the third party service provider is not subject to the provisions of the Privacy Act and the Australian Privacy Principles, enter into a Privacy Agreement that requires the third party service provider to comply with the provisions of this Policy relating to the collection, use, storage and disclosure of personal information supplied by the Council.

5.4 The Council may supply personal information about an individual to that individual as part of a standard communication or pursuant to a request made by the individual.

5.5 The Council does not accept any responsibility for any loss or damage suffered by a person because of their reliance on any personal information provided to them by the Council or because of the Council's inability to provide persons with any requested personal information.

5.6 The Council expects that persons will, before relying on any personal information the Council provides to them, first seek confirmation from the Council about the accuracy and currency of such personal information.

6. Integrity and Alteration of Personal Information

6.1 The Council assumes that personal information provided by persons or other persons is accurate, complete and up-to-date. It is the responsibility of persons to provide the Council with details of any changes to their personal information as soon as reasonably practicable following such change.

6.2 The Council will take reasonable steps, such as making appropriate deletions, additions and corrections, to ensure that personal information held by it is accurate, relevant, complete, up to date and not misleading.

6.3 A person may apply to the Council, in a form determined by the Council, to have his or her personal information amended so that it is accurate, relevant, complete, up-to-date and not misleading. Where the Council, on reasonable grounds, decides not to amend a resident’s or ratepayer’s personal information in the manner requested in the application, the Council will inform the person of its decision and the reasons for refusing to make the requested amendments. If requested by a resident or ratepayer, the Council will take reasonable steps to attach to a record containing that person’s personal information a statement provided by that person of the correction, deletion or addition sought.

7. Access to Personal Information

7.1 A person who wishes to access personal information held by the Council must make a written application to the Freedom of Information Officer. An applicant will be required to pay an application fee as determined by the Freedom of Information Act 1991.

7.2 Subject to the provisions of this legislation, the Council may grant or refuse access to personal information as it deems fit.

7.3 The Council recognises that there are certain documents, which may contain personal information, that the Council is legislatively required to make available for access by members of the public.

7.4 An application to access personal information will be dealt with within 30 days of receipt of the request. In certain circumstances, an applicant may be required to satisfy Council staff as to his or her identity.

8. Suppression of Personal Information

8.1 A person’s name or address may be suppressed from the Council’s Assessment Record and Voters Roll where the Chief Executive Officer is satisfied that inclusion of the name or address on the Assessment Record and/or Voters Roll would place at risk the personal safety of that person, a member of that person’s family, or any other person.

8.2 Enquiries regarding suppression of personal information should be directed to Customer Services staff at the Customer Service Centre in the first instance.

9. City of Adelaide Chatbot

If you are using the City of Adelaide chatbot (built by Hopstay) on Facebook Messenger or using the website chatbot plugin, this policy applies to you. From the first moment someone interacts with CoA chatbot, CoA are collecting data along with Hopstay as our authorized agent.

9.1 Chatbot does not collect any sensitive data (such as racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offences or alleged offences) except when we have your specific consent.

9.2 The CoA is intended for use only by those who are 16 years of age or over.

9.3 By using Chatbot you have given clear consent for CoA to process your personal data for a specific purpose.

9.4 If you have not previously given consent to CoA processing your data, you can freely withdraw such consent at any time. You can do this by emailing [email protected]

9.5 The personal data Chatbot collects is processed at Hopstay’s (the creator of chatbot) offices in Paris, France; CoA offices in Adelaide, Australia and any data processing facilities operated by authorized third parties.

9.6 Technology businesses like Hopstay often use third parties to help them host their application, communicate with customers, power their emails etc. Data will be shared with these services in accordance with this Policy.

10. Freedom of Information

Personal information may be released to others if requested under the Freedom of Information Act, however, in accordance with this Act, a person will be consulted to obtain their opinion on release of the information. Should it be determined the information will be released against the view of the person, they have the right to request a review of the decision, on payment of the prescribed fee, prior to the information being released.

11. Complaints

11.1 A person who has any concerns regarding how the Council handles personal information or requires further information can contact the Customer Services staff at the Customer Service Centre in the first instance.

11.2 If the person’s concerns cannot be satisfied, the person may lodge a formal complaint, under the Corporate Complaint Handling Guideline.

GLOSSARY

Throughout this document, the below terms have been used and are defined as:

Access means providing to an individual, information about himself or herself that is held by the Council. This may include allowing that individual to inspect personal information or to obtain a copy.

Collection means gathering, acquiring or obtaining personal information from any source and by any means, including information that the Council has come across by accident or has not asked for.

Consent means voluntary agreement to some act, practice or purpose.

Disclosure means the release of information to persons or organisations outside the Council. It does not include giving individuals information about themselves.

Eligible Data Breach An eligible data breach for Council is when the unauthorised access, disclosure or loss of TFN information is likey to result in serious harm to one or more individuals.

Notifiable Data Breach Scheme (NDB) Councils are subject to the NDB Scheme under the Privacy Act 1988 to the extent that TFN information is involved in an eligible data breach.

Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about a natural living person whose identity is apparent, or can reasonably be ascertained, from the information or opinion, including a photograph or other pictorial representation of a person, but does not include information that is in:

  • Generally available publications;
  • Material kept in public records and archives such as the Commonwealth or State archives; or
  • Anything kept in a library, art gallery or museum for the purpose of reference, study or exhibition.

Sensitive information means information or an opinion about an individual’s:

  • Racial or ethnic origin;
  • Political opinions;
  • Membership of a political association, a professional or trade association or a trade union;
  • Religious beliefs or affirmations;
  • Philosophical beliefs;
  • Sexual preferences or practices;
  • Criminal record; or
  • Health.

For more information

If you have any questions please contact the People and Governance Team:

City of Adelaide
25 Pirie St, Adelaide, SA
GPO Box 2252 ADELAIDE SA 5001

+61 8 8203 7203