This is an HTML version of an attachment to the Freedom of Information request 'Documents relating to CER's request for ongoing access to Telecommunications Data'.


Full privacy policy
Page 1 of 11
Clean Energy Regulator > About the Clean Energy Regulator > Policies and publications > Condensed privacy policy > Full privacy policy
Full privacy policy 
30 November 2016
Corporate
Contents
• Summary of main points
• Privacy policy
◦ 1. Definitions
• Background
◦ 2. The Agency
• Privacy obligations
◦ 3. The Privacy Act 1988
◦ 4. Personal information
◦ 5. What kinds of personal information does the Agency collect and use?
◦ 6. Sensitive information
◦ 7. Dealing with us anonymously or by using a pseudonym
• Collection of personal information
◦ 8. How do we collect personal information?
◦ 9. Notification of the collection of personal information
◦ 10. Receiving unsolicited personal information
◦ 11. Purposes for collecting personal information
• Dealing with personal information
◦ 12. Protection of information under the Clean Energy Regulator Act 2011
◦ 13. Use and disclosure of personal information
◦ 14. Storage of personal information
◦ 15. Treatment of personal information that is no longer required
◦ 16. Do we disclose personal information to anyone overseas?
• Accessing and correcting personal information
◦ 17. Who has access to personal information?
◦ 18. How can an individual access and correct personal information?
• Complaint process
◦ 19. What is the process for complaining about a breach of privacy?
• Contacting us
◦ 20. Privacy Contact Officer
◦ 21. Changes to our Privacy Policy
Summary of main points
This policy sets out how the Clean Energy Regulator (the Agency) collects, holds, uses and discloses personal 
information. Among other things, it sets out the kinds of personal information that the Regulator collects and holds, 
and how that information is likely to be used and disclosed, including in some instances to overseas recipients.
It applies to all personal information collected, held and disclosed by the Clean Energy Regulator. The Regulator, its 
employees and consultants must have regard to this policy in their dealings with personal information on behalf of 
the Agency. 
In some circumstances, depending on the terms of the contractual arrangement, it also applies to third parties that 
are contracted to perform services on behalf of the Agency.
http://www.cleanenergyregulator.gov.au/About/Policies-and-publications/Condensed-... 19/04/2017

Full privacy policy
Page 2 of 11
Privacy 
policy
1. 
Definitions
Term
Definition
Includes any consent that is expressed or implied by 
an individual. There are four key elements:
• the individual must be adequately informed of what 
they are consenting to before giving consent
Consent
• it must be provided voluntarily
• it must be current and specific, and
• the individual must have the capacity to understand 
and communicate their consent.
Consent may be given orally or in writing.
Means a record that is the property of the Commonwealth or a 
Commonwealth record
Commonwealth institution, or a record that is deemed to be a 
Commonwealth record under the Archives Act 1983.
We collect personal information only if we collect it for inclusion in a 
Commonwealth record or generally available publication (that is a magazine, 
Collect
book, article, newspaper, guidance or other publication available to members 
of the public).
A release from our effective control is generally a disclosure irrespective of 
Disclosure
our reason for releasing the information. It includes proactive release, release 
in response to a specific request and accidental release.
We hold personal information if we have possession or control of a record 
Holds
that contains the personal information.
Means any information or an opinion about an identified individual, or an 
individual who is reasonably identifiable, regardless of whether (i) the 
Personal information
information or opinion is true or not, and (ii) recorded in a material form or 
not.
Privacy Act
Means the Privacy Act 1988
Means:
1. information or opinion about an individual's:
◦ racial or ethnic origin
◦ political opinions
◦ membership of a political association
◦ religious beliefs or affiliations
◦ philosophical beliefs
◦ membership of a professional or trade 
association
◦ membership of a trade union
Sensitive information
◦ sexual orientation or practices, or
◦ criminal record
that is also personal information
2. health information about an individual 
3. genetic information about an individual, that is not 
otherwise health information
4. biometric information that is to be used for the 
purpose of automated biometric verification or 
biometric identification, and
5. biometric templates.
We use personal information when we handle and manage that information 
Use
within the Agency's effective control. We also use personal information for 
the purposes of administering legislative schemes.
Top of page
2. The 
BackgroundAgency
http://www.cleanenergyregulator.gov.au/About/Policies-and-publications/Condensed-... 19/04/2017

Full privacy policy
Page 3 of 11
The Clean Energy Regulator (the Agency) is an independent statutory authority established by the Clean Energy 
Regulator Act 2011. The Clean Energy Regulator is the government body responsible for administering legislation to 
reduce carbon emissions and increase the use of clean energy.
The Agency administers:
• the National Greenhouse and Energy Reporting Scheme
• the Carbon Pricing Mechanism
• the Carbon Farming Initiative
• the Renewable Energy Target, and
• the Australian National Registry of Emissions Units.
These legislative schemes support Australia's transition to a low carbon economy through an informed and efficient 
market for carbon and investment in renewable energy.
The Agency has administrative responsibilities in relation to:
• providing education and information on the five schemes we administer and how they work
• monitoring, facilitating and enforcing compliance with each scheme
• collecting, analysing, assessing and publishing data
• allocating units, including freely allocated units, fixed price units and auctioned units
• accrediting auditors for the Carbon Farming Initiative, the Carbon Pricing Mechanism and the National Greenhouse and Energy 
Reporting Scheme, and
• administering the single national framework for the reporting and dissemination of emissions and energy information, and 
• working with other law enforcement and regulatory bodies, including the Australian Securities and Investments Commission, 
the Australian Competition and Consumer Commission, the Australian Transaction Reports and Analysis Centre, the Australian 
Federal Police and the Commonwealth Director of Public Prosecutions.
Top of page
Privacy 
obligations
3. The Privacy Act 1988
The Clean Energy Regulator recognises the importance of protecting the privacy and the rights of individuals in 
relation to their personal information. This document is our Privacy Policy and it describes how we manage personal 
information.
We respect an individual's right to privacy under the Privacy Act 1988 (the Privacy Act) and we comply with the 
Privacy Act's requirements in respect of the management of personal information.
4. Personal 
information
When used in this Privacy Policy, the term "personal information" has the meaning given to it in the Privacy Act.
In general terms, "personal information" means any information or an opinion about an identified individual, or an 
individual who is reasonably identifiable, regardless of whether (i) the information or opinion is true or not, and (ii) 
recorded in a material form or not.
5. What kinds of personal information does the Agency collect 
and use?
We collect, use, store and from time to time disclose information (including personal information) for purposes 
directly related to our statutory functions and activities, including the administration of the legislative schemes (refer 
2. The Agency). We also deal with personal information in the performance of corporate operations related to those 
functions (including recruitment, workplace health and safety, contracts and tenders and other activities).
We mainly deal with the following kinds of personal information:
http://www.cleanenergyregulator.gov.au/About/Policies-and-publications/Condensed-... 19/04/2017

Full privacy policy
Page 4 of 11
• name
• mailing or street address
• e-mail address
• telephone contact number
• age or birth date
• gender
• 'sensitive information' (see below for further details)
• profession, occupation or job title
• financial details and assets including bank and property information
• insurance details
• employment, curriculum vitae and education information
• vessel and vehicle details
• emergency details including next of kin
• diversity and cultural background information
• identity credentials including driver's licence and passport information
• photographs of people
• credit card details
• travel details
• information disclosed to us by the individual or a third party which we believe to be reasonably necessary for the conduct of our 
compliance and law enforcement related activities
• other information relating to individuals that they (or their agents) provide to us directly or indirectly through use of our 
websites
• information provided to us through our call centre, customer surveys or visits by our representatives, and /or
• information sourced from public information sources which we believe to be reasonably necessary for the conduct of our 
compliance and law enforcement related activities.
We also collect information that is not personal information because it does not identify and/or cannot be used to 
identify, any particular individual. For example, we may collect anonymous answers to surveys or aggregated 
information about how members of the public use our website. This Privacy Policy does not apply to that sort of 
information.
6. Sensitive 
information
The term 'sensitive information' refers to a particular kind of personal information. We may collect sensitive 
information about individuals including:
• information or opinion about a person's:
◦ racial or ethnic origin
◦ political opinions
◦ membership of a political association
◦ religious beliefs or affiliations
◦ philosophical beliefs
◦ membership of a professional or trade association
◦ membership of a trade union
◦ sexual orientation or practices, and/or
◦ criminal record
that is also personal information, and
• health information.
We do not usually collect genetic or biometric information about a person that is not health information.
7. Dealing with us anonymously or by using a 
pseudonym
An individual may choose to deal with us anonymously by or using a pseudonym. However, this principle does not 
apply if:
• we are required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have 
identified themselves, or
• it is impracticable for us to interact with the person, because they have not identified themselves or used a pseudonym.
If an individual chooses to deal with us anonymously or by using a pseudonym, some or all of the following may 
happen:
• we may not be able to provide the requested services to the person, either to the same standard as we might have been able to 
achieve if the person had chosen to identify themselves, or at all
• we may not be able to provide the person with information about services that they may want, or
• the person may be in breach of an Australian law requiring them to provide such information. However, in this circumstance, we 
would advise the person about our legal powers to require them to provide such information and the implications of any failure 
to do so.
http://www.cleanenergyregulator.gov.au/About/Policies-and-publications/Condensed-... 19/04/2017

Full privacy policy
Page 5 of 11
Top of page
Collection of personal 
information
8. How do we collect personal 
information?
The Clean Energy Regulator only collects personal information (other than sensitive information) where the 
information is reasonably necessary for, or directly related to one or more of the Agency's functions or activities. 
Usually we collect personal information directly from the individual(s) to whom the personal information relates 
and/or their authorised representative (an agent). In some circumstances, we collect personal information from third 
parties. We collect personal information only by lawful and fair means.
We collect solicited personal information in a number ways that include:
• when an individual provides information to us using our web-based systems (including the client portals and online forms)
• when we receive applications forms, mail or email correspondence and other documents
• telephone contact with our call centre
• when entities involved in our schemes submit reports or acquit liabilities
• when members of the public subscribe to information updates relating to our schemes, functions and activities
• when we undertake our stakeholder engagement processes and events
• when members of the public (who may be involved in our schemes) complete a survey and/or questionnaire
• when individuals and other third parties provide services or supply goods to us
• when we conduct criminal record checks
• when members of the public access our databases, and
• through other lawful processes such as the use of coercive powers where provided for under legislation.
We do not collect 'sensitive information' about an individual (as described in paragraph 6 of this Privacy Policy) 
unless the individual consents to the collection of the information and the information is reasonably necessary for, 
or directly related to one or more of the Agency's functions or activities. There are some exceptions to this general 
rule (as set out in Australian Privacy Principle 3.4), being:
• where we are required or authorised by or under an Australian law or a court/tribunal order to collect the information, or
• a 'permitted general situation' (as defined in section 16A of the Privacy Act) exists. For example, where the Agency has reason to 
suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or 
may be engaged in and we reasonably believe that the collection of sensitive information is necessary in order for us to take 
appropriate action in relation to the matter.
We collect personal information from third parties in the following circumstances:
• if an individual consents to the Agency collecting the information from someone other than the individual 
• if we are required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from 
someone other than the individual to whom the information relates or
• if it is unreasonable or impracticable for us to collect the information from the individual directly.
These third parties may include:
• enforcement bodies and other Commonwealth, State, local and international government agencies
• organisations or individuals with an interest in our business and activities that may be associated with the individual in question 
(for example, emergency contacts or referees)
• public information sources (particularly where we believe the collection to be reasonably necessary for the conduct of our 
compliance and law enforcement-related activities),
• medical practitioners in relation to health assessments
• financial institutions
• legal representatives
• contracted service providers and consultants, and
• industry  groups.
Use of 
cookies
Cookies are pieces of information that a website can transfer to a computer when a person accesses information on 
that site. Cookies can make websites easier to use by storing information about a person's use and preferences on a 
particular website. This information may remain on the computer after the user closes the browser. 
We do not collect personal information about a person who only browses the Clean Energy Regulator website. 
http://www.cleanenergyregulator.gov.au/About/Policies-and-publications/Condensed-... 19/04/2017

Full privacy policy
Page 6 of 11
The Clean Energy Regulator website uses session cookies during a search query of our website. Applications 
accessed from the website also use session cookies. When a user closes their browser, the session cookie is 
destroyed and no personal information is kept which might identify the user to us in the future.
Some pages on our website may use cookies to collect anonymous traffic data. This data does not collect personally 
identifiable information.
Use of Online 
Services
The Clean Energy Regulator sometimes makes use of online services to assist us in the delivery of our services and 
activities. These commercial, online services collect, hold and provide us with access to personal information 
submitted to them by the user. These online services may hold information on overseas servers.
If a user is directed to these services from the Clean Energy Regulator webpage or from an email request, we will 
notify the user that he or she is leaving the Clean Energy Regulator web environment and providing information to 
us through a third party.
The Clean Energy Regulator encourages users of our online services to read the Privacy Policy for those services 
before entering personal information into them.
9. Notification of the collection of personal 
information
At or before the time we collect personal information (or as soon as practicable afterwards), we will usually provide 
the individual concerned with a notice (also known as a 'Privacy Notice' or an 'APP Notice') containing the following 
information:
• our identity and contact details
• if we collect personal information from someone other than the individual, or the individual may not be aware that we have 
collected the personal information—the fact that we collect, or have collected, the personal information and the circumstances 
of that collection
• details of any Australian law or court/tribunal order that requires or authorises the collection of the personal information
• the purposes for which we collect personal information
• the main consequences (if any) for an individual if all or some of the personal information is not collected
• the details of any other person or entity to whom the personal information will usually be disclosed
• the fact that our Privacy Policy contains information about how a person may access and seek to correct any personal 
information held by us
• the fact that our Privacy Policy contains information about how to complain about a possible breach of the Australian Privacy 
Principles and how we will deal with such a complaint
• whether we are likely to disclose the personal information to overseas recipients, and
• if the personal information is likely to be disclosed to overseas recipients—the countries in which those entities are located (if it 
is practicable to specify those countries in the notice or to otherwise make the individual aware of them).
10. Receiving unsolicited personal 
information
From time to time, we receive personal information that we have not requested. This is known as 'unsolicited 
personal information' and includes:
• misdirected mail received by us
• correspondence to us, our Minister and Parliamentary Secretary from members of the community, or other unsolicited 
correspondence
• a petition sent to us that contains names and addresses
• employment, internship, work experience or volunteering applications sent to us on an individual's own initiative and not in 
response to an advertised vacancy
• a promotional flyer or email containing personal information, sent to us by an individual promoting the individual's business or 
services
• court/tribunal documents for proceedings to which we are a party or may have an interest, and
• information supplied by a third party (such as a member of the public or an enforcement body) which relates to our function as 
an enforcement body.
http://www.cleanenergyregulator.gov.au/About/Policies-and-publications/Condensed-... 19/04/2017

Full privacy policy
Page 7 of 11
If we receive unsolicited personal information and we decide that we would not have been permitted to collect it 
under the Australian Privacy Principles, we will take reasonable steps to destroy or de-identify the information as 
soon as practicable, unless it is contained in a 'Commonwealth record' (as defined in the Archives Act 1983) or it is 
unlawful or unreasonable to do so. The Australian Privacy Principles set out how we should deal with the personal 
information in these circumstances.
11. Purposes for collecting personal 
information
We collect personal information so that we can perform our functions and activities.
We collect personal information for the following purposes:
• to process and assess applications under the schemes we administer and other related activities including procurement and 
tender processes
• to assist scheme participants (our clients) to manage reporting obligations and acquittal of liabilities
• to provide services to members of the public
• to send communications requested by members of the public
• to provide information and to seek feedback or advice on matters
• to answer enquiries and provide information or advice about schemes
• to conduct administrative functions including recruitment, booking of travel, accommodation and allowance payments, health 
assessments and workers compensation matters
• for the administrative, planning, service development and project purposes of the Agency, its contractors and/or service 
providers
• where we are required or authorised to collect personal information under an order of a court or tribunal or by or under 
legislation (including Clean Energy Regulator Act 2011, Clean Energy Act 2011, Renewable Energy (Electricity) Act 2000, 
National Greenhouse and Energy Reporting Act 2007, Carbon Credits (Carbon Farming) Act 2011, Australian National Registry of 
Emissions Units Act 2011).
• to update our records and keep our clients' contact details up to date
• to provide members of the public with our guidelines, publications and annual reports
• to process and respond to any complaints 
• to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-
operation with any governmental authority of another country
• to ensure that we and members of the public comply with laws administered by the Commonwealth, and
• to conduct enforcement-related activities including for the purposes of law enforcement by another agency.
The Agency will not share or disclose personal information, other than as described in this Privacy Policy. We will 
never sell or rent personal information.
Top of page
Dealing with personal 
information
12. Protection of information under the Clean Energy Regulator Act 2011
The Clean Energy Regulator is bound by the secrecy provisions in Part 3 of the Clean Energy Regulator Act 2011
(Clean Energy Regulator Act). Part 3 of the Clean Energy Regulator Act prohibits the disclosure and use of 
information that was obtained by a person in the person's capacity as an official of the Clean Energy Regulator and 
relates to the affairs of a person other than an official of the Regulator. This prohibition does not apply where:
• the disclosure or use is authorised by a provision of Part 3 of the Clean Energy Regulator Act, or
• the disclosure or use is in compliance with a requirement under a law of the Commonwealth or a prescribed law of a State or a 
Territory.
For information held by the CER and collected before 2 April 2012 under either the National Greenhouse Energy and 
Reporting Act 2007 or the Renewable Energy (Electricity) Act 2000, the CER is bound by the preserved secrecy 
provision of those Acts.
13. Use and disclosure of personal 
information
We use and disclose personal information for the primary purpose that it was collected. For example, we primarily 
use personal information when assessing eligibility to participate in one of the schemes we administer. 
http://www.cleanenergyregulator.gov.au/About/Policies-and-publications/Condensed-... 19/04/2017

Full privacy policy
Page 8 of 11
Before using personal information for any other purposes (known as 'secondary purposes'), we will ensure that the 
individual has consented to the use or disclosure of the information, or that one of the following circumstances 
applies: 
• the individual would reasonably expect us to use or disclose the information for a secondary purpose (for example, when 
performing audit and compliance functions and activities) and the secondary purpose is:
◦ if the information is sensitive information—directly related to the primary purpose, or
◦ if the information is not sensitive information—related to the primary purpose, or
• the use or disclosure is required by or authorised by or under an Australian law or a court/tribunal order
• a 'permitted general situation' (as defined in section 16A of the Privacy Act) exists. For example, where the Agency has reason to 
suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or 
may be engaged in and we reasonably believes that the use of the information is necessary in order for us to take appropriate 
action in relation to the matter, or
• we reasonably believe that the use or disclosure is reasonably necessary for one or more enforcement related activities 
conducted by or on behalf of an enforcement body. If we use or disclose personal information for this purpose, we will make a 
written note of the use or disclosure.
We routinely disclose personal information to the following type of entities:
• contracted employees and other service providers for the purposes of operating of our website or performing our functions, 
fulfilling requests by members of the public, and otherwise providing information, products and services to members of the 
public including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment 
processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as 
accountants, solicitors, business advisors, consultants, travel providers, medical practitioners and real estate agents
• suppliers and other third parties with whom we have commercial relationships for business, marketing, and related purposes
• any entity (including individuals) for any authorised purpose with an individual's consent
• other Commonwealth or State/Territory government body for the purposes of investigating and prosecuting compliance 
breaches, legal actions, and insurance claims 
• enforcement bodies (such as the Australian Federal Police and Australian Securities and Investments Commission)
• our Minister and/or Parliamentary Secretary for the purposes of administering the Clean Energy Regulator Schemes and related 
functions and activities, and
• a House or Committee of the Parliament of the Commonwealth of Australia.
In addition, the Agency is required by certain laws (including Clean Energy Regulator Act 2011, Clean Energy Act 
2011, Renewable Energy (Electricity) Act 2000, National Greenhouse and Energy Reporting Act 2007, Carbon Credits 
(Carbon Farming) Act 2011, Australian National Registry of Emissions Units Act 2011) to publish certain information, 
including some personal information, on our website. This information is available to the general public.
14. Storage of personal 
information
The Agency takes such steps as are reasonable in the circumstances to protect personal information from misuse, 
interference and loss and from unauthorised access, modification or disclosure. We may hold personal information 
in either electronic or hard copy form.
Personal information that is contained in electronic form or hard copy is secured in accordance with our 
information handling practices.
However, as our website is linked to the internet, and the internet is an insecure environment, we cannot provide 
any assurance regarding the security of transmission of information communicated with us or that such information 
will not be intercepted while being transmitted over the internet.
Enforcement-related personal information is usually held in a restricted database. Appropriate security clearances 
and authorisation (i.e. a need to know) are required to access such information.
15. Treatment of personal information that is no longer 
required
We take such steps as are reasonable in the circumstances to delete or de-identify (sanitise) personal information 
that is no longer required any permitted purpose, unless the personal information is contained in a 'Commonwealth 
record' or it is unlawful to do so.
We destroy hard copy documents containing personal information (of the sort we are permitted to destroy) by 
shredding them or by disposing of them in a security classified waste bin. 
Personal information contained in undelivered emails or returned post is deleted or otherwise put beyond use.
http://www.cleanenergyregulator.gov.au/About/Policies-and-publications/Condensed-... 19/04/2017

Full privacy policy
Page 9 of 11
16. Do we disclose personal information to anyone 
overseas?
We may disclose personal information to third parties who are not located in Australia or an external territory for 
some of the purposes listed in paragraph 13 of this Policy.
We usually take such reasonable steps as are necessary in the circumstances to ensure that the overseas recipients 
of personal information do not breach the Australian Privacy Principles (other than Australian Privacy Principle 1) 
relating to personal information.
However, we are not required to take such steps in the following situations:
1. if we reasonably believe that the overseas recipient is subject to a law or binding scheme that has the effect of protecting the 
information in a way that overall is at least substantially similar to the way in which the Australian Privacy Principles protect the 
information, and there are mechanisms that the individual can use to take action to enforce that legal protection or binding 
scheme
2. the individual expressly consents to the disclosure of personal information to the overseas recipient, having first been informed 
by us that if they consent to the disclosure, the requirements for us to take reasonable steps as are reasonable in the 
circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than Australian 
Privacy Principle 1) in relation to the information will not apply to the disclosure
3. the disclosure is required or authorized by or under an Australian law or court/tribunal order
4. a 'permitted general situation' (as defined in section 16A of the Privacy Act) exists
5. the disclosure is required or authorised by or under an international agreement relating to information sharing to which 
Australia is a party, or
6. we reasonably believe that the disclosure is reasonably necessary for one or more enforcement activities conducted by or on 
behalf of an enforcement body and the recipient is a body that performs functions (or exercises powers) that are similar to 
those performed or exercised by an enforcement body.
Top of page
Accessing and correcting personal 
17. Who has access to personal 
information
information?
We take reasonable steps to ensure that access to personal information both within the Agency and by third parties 
is permitted only for legitimate purposes and on a 'need to know' basis.
18. How can an individual access and correct personal 
information?
An individual (or an authorised representative, such as a lawyer or person exercising a power of attorney) may 
request access to any personal information by contacting the Agency's Privacy Contact Officer (refer 20. Privacy 
Contact Officer for details). The request does not have to be made in writing or by using a designated form.
Generally speaking, we will give access to personal information within 30 days of receiving the request and in the 
manner requested (if it is reasonable and practicable to provide it that way). We will need to verify the person's 
identify (or that of another person authorised to make the request) before providing access. We will not charge for 
making the request of for giving access to the personal information.
In some circumstances it may be more appropriate for a person to make a formal request for access to the personal 
information under the Freedom of Information Act 1982. For example, where a document is likely to contain 
personal or business information about a person other than the requestor.
In any event, there may be instances where we must refuse to give access to the personal information. For example, 
we may be required or authorised to refuse access by or under the Freedom of Information Act 1982 or another Act 
of the Commonwealth that provides for access by persons to documents. In this case, we will give the requestor a 
written notice setting out the reasons for the refusal except to the extent that, having regard to the grounds for the 
refusal, it would be unreasonable to do so, within 30 days of receipt of the request. We will also provide information 
about how to complain about the refusal, should the requestor wish to do so.
http://www.cleanenergyregulator.gov.au/About/Policies-and-publications/Condensed-... 19/04/2017

Full privacy policy
Page 10 of 11
If an individual believes that the personal information we hold is incorrect, incomplete or inaccurate, the individual 
may ask us to correct the information. However, if we decide not to correct the information, we will give the 
individual a written notice setting out the reasons for the refusal except to the extent it would be unreasonable to do 
so, within 30 days of receipt of the request, to correct the information. We will also provide information about how 
to complain about the refusal to correct the information, should the requestor wish to do so.
Even if an individual does not ask us to correct personal information, we are required to take such steps (if any) as 
are reasonable in the circumstances to correct personal information if we are satisfied that, having regard to the 
purpose for which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or 
misleading.
Top of page
Complaint 
process
19. What is the process for complaining about a breach of 
privacy?
Complaints about the treatment of personal information (including a possible breach of privacy) by the Agency must 
be made in writing (a letter or email), addressed to the Privacy Contact Officer. We will treat complaints 
confidentially. We will respond within a reasonable time after receipt of the complaint (usually 30 days). 
If an individual is not satisfied with our response, they may make a further complaint to the Australian Information 
Commissioner. Details of how to make a complaint are available on the Office of the Australian Information 
Commissioner website.
Top of page
Contacting 20. Privacy Contact 
us
Officer
Individuals can obtain further information in relation to this privacy policy, or provide any comments, by contacting 
our Privacy Contact Officer as follows:
Privacy Contact Officer
Clean Energy Regulator
GPO Box 621 
CANBERRA ACT 2601
Phone: 02 6159 3556
Email: [email address]
21. Changes to our Privacy 
Policy
We may change this Privacy Policy from time to time. Any updated versions of this Privacy Policy will be posted here.
This Privacy Policy was last updated on 12 March 2014.
Top of page
http://www.cleanenergyregulator.gov.au/About/Policies-and-publications/Condensed-... 19/04/2017

Full privacy policy
Page 11 of 11
http://www.cleanenergyregulator.gov.au/About/Policies-and-publications/Condensed-... 19/04/2017