This organisation is responsible for the safe and reliable supply of electricity to homes and businesses throughout Sydney, the Hunter and the Central Coast. Its network is made up of more than 200 major electricity substations, 500,000 power poles and 30,000 small distribution substations that are bound together by almost 50,000 kilometres of underground and overhead powerlines.
We in this organisation are committed to protecting the privacy of our customers, our business contacts and our employees. When we collect and handle personal information, we do so in accordance with Australian privacy laws. These laws protect the privacy of personal information we hold on customers and other individuals with whom we deal.
The organisation is bound by the Australian Privacy Principles (APPs). The APPs are set out in the Privacy Act 1988 (the Privacy Act) and govern how organisations handle personal information.
1.1 Personal details
We collect and hold a range of personal information that is reasonably necessary for the purpose of supplying customers with our services and products. The kinds of personal information we collect for this purpose may include your name, contact information (including your address and telephone numbers) and your particular requirements for our services and products.
We also collect information about the nature of your premises, for example whether you are a residential or business customer. In the case of businesses acquiring our products or services, we usually also collect the name, title and contact details of a contact person in the business.
In addition, we collect and store your National Meter Identifier (NMI) and your NMI address (the meter location which may be the same as your personal address). A NMI is an identification number that helps us to identify your particular meter.
We do all that we reasonably can so that the information we hold is accurate, up-to-date, complete and relevant.
Generally, it is necessary for us to collect your personal details so that we can provide you with our services or products. However, if it is practicable and lawful for us to do so, we will give you the option of dealing with us anonymously or through the use of a pseudonym.
1.2 Metering Data
We collect (directly, or via your metering data provider/metering provider) regulated and unregulated data from the meter at your home or business premises if it is connected to our electricity network (Metering Data). For these purposes, regulated data is data that is governed by the National Electricity Rules, while unregulated data is not (but it may be subject to other laws, such as the Privacy Act).
Metering Data is collected to record your electricity use and for other network related purposes, such as trials or more formal arrangements which involve the collection, disclosure and use of Metering Data. Metering Data is handled in accordance with the National Electricity Rules, the Market Operations Rules and the Privacy Act where they apply.
1.3 Projects and customer surveys
Generally, we will not collect sensitive information about you, such as details of your race, political beliefs, religion or health. We may, however, collect some health information in certain circumstances. For instance, we may need to collect your health information if you use particular health-related appliances in your household or to assessment hardship applications.
1.4 Sensitive information
Generally, we will not collect sensitive information about you, such as details of your race, political beliefs, religion or health. We may, however, collect some health information in certain circumstances. For instance, we may need to collect your health information if you use particular health-related appliances in your household. We will only collect and use health information for these purposes where you have provided your consent.
1.5 Non-customer information
We may also collect information about other members of a household in which a customer resides, such as whether they consent to the use of particular services in the home. Sometimes, we also need to collect personal information about individuals who are not customers. This need will usually arise where we collect the name and business contact details of a person who is the contact in the company or a government agency with which we deal. Our policy is to use personal information collected from non-customers only as permitted under the Privacy Act.
1.6 Credit information
Occasionally, we also collect, use and disclose personal credit information about our customers. For more information about how we handle this information, please check here.
2.1 Direct collection of personal information
We generally collect your personal information directly from you. For example, we may collect personal information about you when you deal with us over the telephone, send us correspondence (whether by letter, fax or email), when you have contact with us in person or when you complete a form on our website. If we do not obtain the information requested, we may not be able to provide you with the products or services requested or fulfil another applicable purpose of collection.
2.2 Indirect collection of personal information
There may be occasions when we need to obtain personal information about you from a third party. For example, we collect personal information from your energy retailer regarding your energy supply arrangement. If you work for one of our service providers or business customers or other organisations with which we do business, we may need to obtain your contact details from them. In some circumstances also, we may need to obtain information relating to you from a credit reporting agency, or from a publicly maintained record. If we collect personal information about you in these ways, we will take reasonable steps to make you aware of the relevant matters set out in this policy. Finally, where a third party provides us with information we have not asked for, we will destroy or de-identify the information unless we would have been entitled to collect it under the APPs.
2.3 Website collection
When you visit our website, we may collect additional information about your use of the website, which may or may not identify you. For instance, we may collect information about which pages you visit on the website to help us determine which parts of the site you value, so that we can build and develop our website to best meet customer needs. We may also collect information about your internet browser and operating system, the address of the referring site, your internet protocol address and clickstream information. This information helps us to understand how you came to find our website.
2.4 Storage of personal information
We take reasonable steps so that personal information held by us is secure from such risks as loss and interference, or unauthorised access, destruction, use, modification or disclosure. Our IT systems are password protected and we use firewalls and encryption (security measures for the internet). We also maintain physical security over our paper files, data stores and premises, including locks and security systems. Access to personal information is restricted to our authorised personnel, who need to access those records as part of their job.
We may engage third party data storage providers to store and secure our data, including personal information of our customers on the basis that the information is properly secured and protected.
2.5 Retention and destruction of personal information
3 For what purposes do we collect, hold, use and disclose personal information?
As mentioned at paragraph 1.1 above, we collect, hold, use and disclose personal information for the purpose of providing you with services and products, or with other information you have requested, and for purposes related or ancillary to this. To carry out those purposes, we may need to use and disclose personal information to establish and maintain any necessary accounts or records, credit checks, invoicing and billing systems, debt recovery and market research, and to develop new and better services. We will use your personal information only for the purpose for which it was collected, unless we have your consent or the different use is permitted under the APPs.
3.1 Direct marketing
We may also collect, hold, use and disclose personal information for the purpose of telling you from time to time about our services, products or promotions. If at any time you no longer wish to be told about our new services, products or promotions, please contact us via email email@example.com.
3.2 Will we give your personal information to anyone else?
We do not sell personal information to third parties. However, in the circumstances described below, we may disclose your personal information to other people or entities. We may make additional disclosures where you provide consent or where such disclosures are otherwise permitted under the Privacy Act.
(a) Outsourcing and adviceWe may disclose personal information that we collect to third parties to which we contract out specialised functions, such as mailing houses, printing companies, data storage companies, information technology providers and legal and accounting services. If we do disclose personal information to third party contractors or advisers under outsourcing or contracting arrangements, we do all we reasonably can to maintain tight control over their use of such information, and we prohibit disclosure of the information by them so that those contractors:
(b) Research and surveys
We may disclose personal information to third parties (such as government agencies and research partners) for reporting purposes in connection with the projects and trials we conduct from time to time. Our general policy is to de-identify the information we disclose to third parties for research purposes. However, where personally-identifying information is provided to third parties, we will take reasonable steps to make the relevant individuals aware that information about them is being disclosed, and obtain their consent to do so where necessary.
(c) Disclosures required by law
For legal reasons, and in special circumstances, we may need to make disclosures of your personal information. This may occur where we are directed to do so under arrangements in place to make sure that you continue to receive electricity supply in the event of retailer failure. We may also be required to disclose your personal information to law enforcement agencies, government agencies, courts or external advisors. For example, we may be asked to disclose certain personal information about an individual to assist the police with an investigation into criminal activities. Our policy is to make such disclosures only in accordance with the Privacy Act.
We may also be required to disclose certain information under the energy industry laws and rules. We may also be required to disclose certain information under other legislative requirements such the Government Information (Public Access) Act 2009 (NSW) (GIPA Act) or energy industry laws and rules.
Under the Privacy Act, you have a right to seek access to personal information which we hold about you. You also have the right to ask us to correct information about you which is inaccurate, incomplete, out of date, irrelevant or misleading.
If you wish to access the personal information that we hold about you, please contact our Privacy Officer via email firstname.lastname@example.org so we can explain how we will handle your access request. Once we have verified your identity, we would generally provide you with a summary of the information held about you. We would assume (unless you told us otherwise) that your request related to our current records about you. Those current records would include personal information about you which was included in our databases and in paper files, and which might be used by us on a day to day basis.
To provide you with access to this personal information, we would ordinarily provide you with a print- out of the relevant personal information from our databases, or with photocopies of records which were held only on paper files. Ordinarily, we would not charge you for the cost of providing this type of access to these records.
For legal and administrative reasons, we may also store records containing personal information in our archives. You may seek access to our non-current records, but if you do so, we may charge you for the cost of providing the access.
If you believe that personal information about you is inaccurate, incomplete, out of date, irrelevant or misleading, please provide us with your request for correction (contact details are set out in Section 7). Our policy is to consider any requests for correction in a timely way. If we refused to provide you with access to the information, we would provide you with reasons for the refusal and inform you of any exceptions relied upon under the Privacy Act (unless it is not reasonable in the circumstances for us to do so).
If you wish to complain about our handling of your personal information, in the first instance please email our Privacy Officer email@example.com. We will make every effort to investigate and respond to your complaint in a timely way (generally within 30 days of our receipt of the complaint).
If you are dissatisfied with the outcome of our investigation, you may take your privacy-related complaint to the Office of the Australian Information Commissioner (OAIC). For information on making a complaint to the OAIC, please visit the OAIC’s website http://www.oaic.gov.au/privacy/making-a-privacy-complaint, or phone 1300 363 992.