Our privacy and security policy

Service Victoria makes it simpler and faster to do various State Government transactions online, protects the security of your personal information, and sets a new standard in best practice for customer service in Victoria. 

Protecting your information

Service Victoria’s platform is designed to keep your information safe. We let you choose how your data is shared. 

Some people want us to store their information, to save them time for next time. Others will choose for us to simply pass the data to the relevant part of government to update their records. (For example, to tell VicRoads you’ve paid your car registration). 

Either way, the choice is yours. 

This policy explains how we protect your privacy and the information we collect, use and store.

What we do

We: 

  • Carry out transactions you choose to do
  • Verify your identity, if we need to do it
  • Process payments for your transactions
  • Send you information, when you ask us to or where the law says we must 
  • Respond to queries you make 
  • Run this site 
  • Analyse the use of this site so we can make it better and easier to use  
  • Do market research and surveys, if you agree to do them.

What you agree to

When you use Service Victoria, you agree and consent to:

The laws of this policy

We only collect, use store and give out your personal information as allowed by the:

  • Public Records Act 1973
  • Health Records Act 2001
  • Privacy and Data Protection Act 2014.

Your use of this site

It’s up to you how you use Service Victoria.

You can:

  • Choose not to use this site
  • Transact as a guest (and not store your details with us)
  • Store your details with us
  • Store your details with us AND choose to transact as a guest
  • Delete the details you’ve stored with us.

How we use your personal information

Personal information includes your name, your photo, date of birth, where you live and how we can get in touch.

We use this information to:

  • Run our site
  • Process transactions on your behalf
  • Send you updates and information
  • Reply to your queries
  • Store your details (if you agree) to avoid repeating the same steps next time
  • Verify your identity.

We won’t use your personal information for any other reason unless you agree, or we must by law.

What information we may get from you

If you use our site as a guest, then we only collect the minimum information we need to:

  • Finish your transaction
  • Help you if you need it
  • Verify your identity
  • Improve our website.

If you store your details with us, then we’ll only save and store the information you choose to give to us.

Information we collect

We only get information from you with your consent or where we need to by law.

This includes information like:

  • Personal, such as your name, your photo, date of birth, where you live and how we can get in touch.
  • How you’d like to hear from us, such as email or reminders.
  • Identity, such as the details on your identity documents.
  • Payment, such as the details of your credit card.
  • Transaction, such as a receipt number.

Information we store

As a general rule, we don’t permanently keep your transaction data. We simply pass it to the relevant government department or agency.

You’ll always know which part of government we are passing your transaction data to because their name and logo will be on our ‘Get Started’ page (before you give us any information).

For example, if you buy a fishing licence, we’ll pass the information you’ve given to the Victorian Fisheries Authority so they can update their records and know you’ve paid.

Sometimes, the law says we must keep our own records. This includes information like:

  • Identity, such as how you verified it
  • Payment, such as what, when and how you paid or stored payment methods.
  • Transaction, such as your reference number.

We’ll never share your personal information with other parts of government without your consent unless we have to by law.

 

What we collect if you store your details

If you store your details with us, then we’ll ask you to give us:

  • Your name, so we know who you are.
  • Your email, so you can login, get security codes and so we can send you things you’ve asked for.
  • Your mobile, for security codes and so we can send you things you’ve asked for.

If you want, you can also choose to save and store:

  • Your payment method, like your credit card details so you don’t have to enter them every time.
  • Your transactions, so you have a record of what you’ve done with us.

What data we get from all visitors to our site

IP address and cookies

Your IP address is a unique number your device gets when you go online. It’s like your home address in real life, but online.

A cookie is a file left on your device when you visit a website. The cookie stores sign-in information and other things. It helps us give you the best experience when you visit our site.

Your IP address and cookies help us get information about your:

  • Device, such as if you use a phone or laptop.
  • Location, such as if you’re in Melbourne or Ballarat.
  • Behaviour, such as links you chose and how long you were on each page.

You can block cookies, but this will mean some parts of our site won’t work as well.

Google Analytics

We use Google Analytics (External link) to make our site better.

You can opt out of Google Analytics (External link) at any time. 

Other information we may get

We may sometimes collect more information if we think our website is being:

  • Tampered or interfered with.
  • Intercepted for the information we get and send.
  • Compromised for security.
  • Treated in a way that breaks any law.

How you can access your information

If you think any of your personal information is wrong, you can ask us to fix it. You just need to get in touch.

Who we share your personal information with

We won’t share your information if you don’t give us consent, unless we must by law.

Third parties

A third party is anyone that isn’t Service Victoria.

We sometimes give your information to third parties to help us do our job. We make sure they keep it safe and secure, through our contracts and commercial agreements, regardless of where they are located.

We may share information we hold with third parties for:

  • Improvements
  • Auditing
  • Reporting
  • Researching
  • Fulfilling legal obligations.

Other areas of government

Privacy law sometimes requires us to disclose personal information in special circumstances. These times are rare, but we’ll outline them below just to be clear. These times include:

  • For law enforcement or to investigate unlawful activity
  • To a Commonwealth security agency
  • To lessen or prevent serious threats to health or safety
  • To protect public revenue
  • When we have to because it’s authorised or required by another law.

If we send information to another part of government, then they’re also bound by the same or similar laws we are. 

How we maintain your information

We’ll help you keep your information complete and up-to-date.

You can help by giving us correct information and telling us if it changes.

If you’ve stored your details, then you can change your details in your settings if anything’s changed. You can also delete your stored details at any time or use our site as a guest.

How we protect your information

We use lots of tools and processes to protect your data and keep your personal information secure.

We also train all staff on the need for confidentiality and maintaining privacy and security. Access to your personal information is restricted to only those workers who need it to provide services to you. We log access to accounts to identify and audit any unauthorised access. Improper use is a serious offence.

Data standards

We store, use and get rid of your personal information in-line with the Victorian Protective Data Security Standards (External link).

There are 18 high-level standards that we must meet to protect public sector data.

Payment standards

We use the Payment Card Industry Data Security Standards (PDF, 93KB) (External link).

This means we follow best practice to securely store, process and send credit card information.

Security tips

  • Never send passwords to anyone.
  • Check for a green padlock icon and ‘https://’ in your browser’s address bar.
  • Make sure your device has the latest security updates.
  • Keep your internet browser up to date.
  • Run anti-malware software on your device.
  • Don’t access our site on untrusted networks or devices, such as on public WIFI.

Scams and hoaxes

There are scammers, hoaxers and criminals who want your personal information. These scams can come via email, phone or other means.

Some scams pretend to be a government department or agency and can look very real.

You should never:

  • Send anyone your username, password or personal details. We’ll never ask for this.
  • Click links in messages that claim to be from Service Victoria (unless you’ve signed up for reminders).

We only send you messages if you consent to them.

Other ways to be safe online

If you’d like to read more, then go to these sites:

How to report a security issue

If you think you see a scam, hoax or any security issue on our site, then tell our security team.

How to contact us about this policy

Get in touch if you want to find out more about this policy.

Privacy complaints

You can make a privacy complaint if you think we’ve breached the law. Complaints should be lodged within 45 days of you becoming aware of the alleged interference with your privacy.

We’ll ask you to:

  • Tell us how you believe your privacy has been breached
  • Explain the effect the breach has had on you
  • Outline what you’d like us to do
  • Give us time to respond. (We’ll normally respond within 30 days, and we’ll keep you informed of our progress along the way).
  • Remember to retain a copy of your complaint.

We’ll keep your matter private. Only relevant staff who need access to review and respond to your complaint will have access. Our Privacy Officer will coordinate the investigation and will be your primary contact.

There are a number of outcomes:

  • We may find there was no evidence to suggest the alleged conduct occurred
  • The alleged conduct did occur, but it complied with the law
  • The alleged conduct occurred and there was a breach.

If a breach of your privacy did occur, we may offer an apology, review the wording of our website and privacy policy, change our processes, give more training to staff, or offer some kind of other remediation.

You can read about how we handle your complaints in the Service Victoria Complaints Handling Policy (PDF, 252KB)

Updates to this policy

We updated this policy in March 2018.

Read it often as we may update it.

Your continued use of our site means if we update this policy, then you accept and consent to the changes we make.