Our privacy and security policy

Service Victoria makes it simpler and faster to do various State Government transactions online, protects the security of your personal information, and sets a new standard in best practice for customer service in Victoria. 

Protecting your information

Service Victoria’s platform is designed to keep your information safe. We let you choose how your data is shared. 

Some people want us to store their information, to save them time for next time. Others will choose for us to simply pass the data to the relevant part of government to update their records. (For example, to tell VicRoads you’ve paid your car registration). 

Either way, the choice is yours. 

This policy explains how we protect your privacy and the information we collect, use and store.

What we do


  • Carry out transactions you choose to do
  • Verify your identity, if we need to do it
  • Give you the choice to save your identity to make future transactions easier
  • Display digital licences and permits
  • Process payments for your transactions
  • Send you information, when you ask us to or where the law says we must 
  • Respond to queries you make 
  • Run this site 
  • Analyse the use of this site so we can make it better and easier to use  
  • Do market research and surveys, if you agree to do them.

What you agree to

When you use Service Victoria, you agree and consent to:

The laws of this policy

We only collect, use store and give out your personal information as allowed by the:

  • Public Records Act 1973
  • Health Records Act 2001
  • Privacy and Data Protection Act 2014
  • Service Victoria Act 2018

Your use of this site

It’s up to you how you use Service Victoria.

You can:

  • Choose not to use this site
  • Transact as a guest (and not store your details with us)
  • Store your details with us
  • Store your details with us AND choose to transact as a guest
  • Delete the details you’ve stored with us.

How we use your personal information

Personal information includes your name, your photo, date of birth, where you live and how we can get in touch.

We use this information to:

  • Run our site
  • Process transactions on your behalf
  • Send you updates and information
  • Reply to your queries
  • Store your details in an account (if you agree) to avoid repeating the same steps next time
  • Make it possible for you to store digital versions of licences and permits
  • Verify your identity.

We won’t use your personal information for any other reason unless you agree, or we must by law.

What information we may get from you

If you use our site as a guest, then we only collect the minimum information we need to:

  • Finish your transaction
  • Help you if you need it
  • Verify your identity
  • Improve our website.

If you store your details with us, then we’ll only save and store the personal information you choose to give to us.

Information we collect

We only get information from you with your consent or where we need to by law.

This includes information like:

  • Personal, such as your name, your photo, date of birth, where you live and how we can get in touch.
  • How you’d like to hear from us, such as email or reminders.
  • Identity, such as the details on your identity documents and your photo.
  • Payment, such as the details of your credit card.
  • Transaction, such as a receipt number, or information we need to do your transaction.

Information we store

As a general rule, we don’t permanently keep your transaction data. We simply pass it to the relevant government department or agency.

You’ll always know which part of government we are passing your transaction data to because their name and logo will be on our ‘Get Started’ page (before you give us any information).

For example, if you buy a fishing licence, we’ll pass the information you’ve given to the Victorian Fisheries Authority so they can update their records and know you’ve paid.

Sometimes, the law says we must keep our own records. This includes information like:

  • Identity, such as how you verified it or what you agreed to store and your photo if you chose to
  • Your name and email, if you create a Service Victoria account.
  • Payment, such as what, when and how you paid or stored payment methods.
  • Transaction, such as your reference number.

We’ll never share your personal information with other parts of government without your consent unless we have to by law.

What we collect if you store your details

If you store your details with us, then we’ll ask you to give us:

  • Your name, so we know who you are.
  • Your email, so you can login, get security codes and so we can send you things you’ve asked for.
  • Your mobile, for security codes and so we can send you things you’ve asked for.

If you want, you can also choose to save and store:

  • Your payment method, like your credit card details so you don’t have to enter them every time.
  • The fact you've proved who you are so you can get things done faster next time. 
  • Your transactions, so you have a record of what you’ve done with us.

Verifying your identity 

Put simply, this is your proof to the Victorian Government you are who you say you are. 

With some transactions, it doesn’t matter who does them, so we won’t ask for identity information. For example, paying the registration fee for a car.  

However, some transactions must only be done by the person who is applying. For example, applying for a Solar Homes loan and rebate, or applying for a new Working with Children Check.  

That’s why we need you to give us more information to prove who you are for some transactions. 

Confirming your identity 

We’ll check your identity when you do some transactions.  

To do this, we’ll ask you to give us details from your identity documents, such as your passport and your driver licence. 

We may ask for more than just your documents and may ask to match you to the photo on your ID. 

If you can’t give us identity documents online, then we may need to get more information from you another way. We'll let you know if this happens and what to do next. 

What we may share to verify your identity 

We’ll send your information to these places when we verify your identity: 

  • Other government agencies, including other state, territory and federal agencies to check the documents and information you provide to us. This includes the Commonwealth Government's Document Verification Service (to check with the agencies who issue your identity documents) 
  • Organisations we have a contract with to help us validate the documents, photos and information you provide to us. 

Information we may store about your identity 

When you attempt to verify your identity for a transaction on our platform, we'll keep a record of some of the information you used to support your verification, including:

  • the type of identity documents you used
  • where they were issued, and
  • the last four digits of the document number.

To protect your privacy, we don't keep copies of your actual documents. 

You'll be given the option to save a record of the fact your identity has been verified so that you can re-use this for future transactions.   

It also makes it quicker and easier for you to complete future transactions and helps protect your privacy because you won’t need to provide your personal information again for similar transactions on our platform. 

Your identity record expires after 10 years and you can apply to to renew it. 

You may cancel your stored record at any time. You just need to get in touch. We may tell partners whether or not you have an identity record if they need to know that to do your transaction. 

We can refuse to verify your identity or suspend or revoke your re-usable stored identity record if we're not satisfied that you're who you say you are. We'll notify you and give you an opportunity to resolve the issue with us. We'll keep a record that your identity has not been verified, or that your stored identity has been suspended or revoked. 

We also need to use, share or store some information if the law says we must. 

To save a record of your identity at our highest level of identity proof, you must save and store a photo. This is so we can be sure you are who you say you are. 

What data we get from all visitors to our site

IP address and cookies

Your IP address is a unique number your device gets when you go online. It’s like your home address in real life, but online.

A cookie is a file left on your device when you visit a website. The cookie stores sign-in information and other things. It helps us give you the best experience when you visit our site.

Your IP address and cookies help us get information about your:

  • Device, such as if you use a phone or laptop.
  • Location, such as if you’re in Melbourne or Ballarat.
  • Behaviour, such as links you chose and how long you were on each page.
  • Recaptcha validations, for site security. 

You can block cookies, but this will mean some parts of our site won’t work as well.

Google Analytics

We use Google Analytics (External link) to make our site better.

You can opt out of Google Analytics (External link) at any time. 

Other information we may get

We may sometimes collect more information if we think our website is being:

  • Tampered or interfered with.
  • Intercepted for the information we get and send.
  • Compromised for security.
  • Treated in a way that breaks any law.

How you can access your information

If you think any of your personal information is wrong, you can ask us to fix it. You just need to get in touch. You can request your personal information at any time. 

Who we share your personal information with

We won’t share your information if you don’t give us consent, unless we must by law.

Third parties

A third party is anyone that isn’t Service Victoria.

We sometimes give your information to third parties to help us do our job. We make sure they keep it safe and secure, through our contracts and commercial agreements, regardless of where they are located.

We may share information we hold with third parties for:

  • Improvements
  • Auditing
  • Reporting
  • Researching
  • Fulfilling legal obligations.

Other areas of government

Privacy law sometimes requires us to disclose personal information in special circumstances. These times are rare, but we’ll outline them below just to be clear. These times include:

  • For law enforcement or to investigate unlawful activity
  • To a Commonwealth security agency
  • To lessen or prevent serious threats to health or safety
  • To protect public revenue
  • When we have to because it’s authorised or required by another law.

If we send information to another part of government, then they’re also bound by the same or similar laws we are.

When we check your identity documents to prove it’s really you, we’ll send details in real time to the Australian Government Document Verification Service (DVS). This matches the details on the documents against the official record to make sure they haven’t been tampered with, are fake or linked to a deceased person. 

By verifying your identity, you confirm you’re authorised to share the personal details provided and you’re OK with the info being matched with the document issuer or official record holder. 

How we maintain your information

We’ll help you keep your information complete and up-to-date.

You can help by giving us correct information and telling us if it changes.

If you’ve stored your details, then you can change your details in your settings if anything’s changed. You can also delete your stored details at any time or use our site as a guest.

How we protect your information

We use lots of tools and processes to protect your data and keep your personal information secure.

We also train all staff on the need for confidentiality and maintaining privacy and security. Access to your personal information is restricted to only those workers who need it to provide services to you. We log access to accounts to identify and audit any unauthorised access. Improper use is a serious offence.

Data standards

We store, use and get rid of your personal information in-line with the Victorian Protective Data Security Standards.

There are 18 high-level standards that we must meet to protect public sector data.

Payment standards

We use the Payment Card Industry Data Security Standards (PDF, 93KB) (External link).

This means we follow best practice to securely store, process and send credit card information.

Security tips

  • Never send passwords to anyone.
  • Check for a green padlock icon and ‘https://’ in your browser’s address bar.
  • Make sure your device has the latest security updates.
  • Keep your internet browser up to date.
  • Run anti-malware software on your device.
  • Don’t access our site on untrusted networks or devices, such as on public WIFI.

Scams and hoaxes

There are scammers, hoaxers and criminals who want your personal information. These scams can come via email, phone or other means.

Some scams pretend to be a government department or agency and can look very real.

You should never:

  • Send anyone your username, password or personal details. We’ll never ask for this.
  • Click links in messages that claim to be from Service Victoria (unless you’ve signed up for reminders).

We only send you messages if you consent to them.

Other ways to be safe online

If you’d like to read more, then go to these sites:

How to report a security issue

If you think you see a scam, hoax or any security issue on our site, then tell our security team.

How to contact us about this policy

Get in touch if you want to find out more about this policy.

Privacy complaints

You can make a privacy complaint if you think we’ve breached the law. Complaints should be lodged within 45 days of you becoming aware of the alleged interference with your privacy.

We’ll ask you to:

  • Tell us how you believe your privacy has been breached
  • Explain the effect the breach has had on you
  • Outline what you’d like us to do
  • Give us time to respond. (We’ll normally respond within 30 days, and we’ll keep you informed of our progress along the way).
  • Remember to retain a copy of your complaint.

We’ll keep your matter private. Only relevant staff who need access to review and respond to your complaint will have access. Our Privacy Officer will coordinate the investigation and will be your primary contact.

There are a number of outcomes:

  • We may find there was no evidence to suggest the alleged conduct occurred
  • The alleged conduct did occur, but it complied with the law
  • The alleged conduct occurred and there was a breach.

If a breach of your privacy did occur, we may offer an apology, review the wording of our website and privacy policy, change our processes, give more training to staff, or offer some kind of other remediation.

You can read about how we handle your complaints in the Service Victoria Complaints Handling Policy.

Updates to this policy

We updated this policy in March 2020.

Read it often as we may update it.

Your continued use of our site means if we update this policy, then you accept and consent to the changes we make.