Privacy statement

General information

We value your privacy and are committed to protecting your personal details securely, in accordance with the Privacy and Personal Information Protection Act 1998 (NSW), (PPIP Act), which regulates the collection, storage, quality, use and disclosure of personal information.

Personal information includes any information about an individual from which that person can reasonably be identified. It does not include information if the identity has been removed (anonymous data) or if it:

  • can be found in a publicly available publication (such as a newspaper or book)
  • is in a public register
  • relates to someone’s suitability for public sector employment
  • is about people who have been dead for more than 30 years
  • relates to some types of law enforcement and investigation activities

This Privacy Statement should be read together with our Privacy Management Plan, and any location-specific notices.

Providing information to us is voluntary, not required by law. But if you don’t provide your information, we may not be able to provide our services to you.

By providing information to us, you acknowledge that you are providing your own information, or you’ve been authorised to provide information by the person you’re providing information about.

What information do we collect?

The main way we collect personal information about you is when you give it to us. For example, we may collect your personal information when you engage with us through our websites, when you attend one of our events or use our services.

When you engage in transactional online activities on our websites, we will ask you to provide personal information. Some fields are optional, others are necessary if you are to make a transaction.

The personal information we collect includes, but is not limited to, your contact information, such as your name, the company you work for, your title, position, your postal address, email address and phone number. If you need to make a payment, we will also collect your payment information, for example your credit card number.

When you visit our websites we may also collect:

  • the IP (Internet Protocol) address of the machine that has accessed it
  • your top-level domain name
  • the address of your server
  • the date and time of your visit to the site
  • the pages accessed and documents downloaded
  • the previous site visited
  • the type of browser and operating system you used.

This provides us with information about how our websites are used and navigated, including the number of visits and the frequency and duration of visits. We may combine this information with information you have already provided to us to help us understand more about your preferences and interests. 

How do we use the information we collect?

We may use your personal information to:

(a) help us deliver our services, including but not limited to:

  • providing you with services you have requested
  • contacting you if we have difficulties with your transaction
  • contacting you about events for which you have registered
  • responding to requests or enquiries made by you
  • corresponding with you about a competition you have entered.

(b) compile user profiles to enable us to improve products and services

(c) conduct direct marketing by sending you special offers, news and updates (if you have not opted out from receiving this material) including, without limitation, the following:

  • sending you marketing material (including, without limitation, requests for feedback and material promoting third party products or services)
  • conducting research or surveys.

(d) undertake observations and analysis of audience choices, preferences, behaviour and characteristics both individually and in aggregate

(e) for system administration, protection and maintenance including identifying and controlling system abuse and preventing cyber attacks.

How do we store and protect your information?

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place appropriate technical, physical and managerial procedures to safeguard and protect your personal information. 

We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.

We use third-party systems to collect and store your personal information for email lists, registrations and feedback. For example, we use:

  • Freshdesk (as a customer helpdesk)
  • Salesforce (to store stakeholder information)
  • Campaign Monitor (to send emails)
  • Microsoft Azure (to collect information from forms)
  • Eventbrite (for some events)
  • Qualtrics (for surveys)
  • Shopify (paying for online learning)
  • Litmos (online learning).

Some information is stored on servers located outside Australia. The 2015 NSW Government Cloud Policy states that it is essential that any engagement with a cloud service provider guarantees the security of data and provides for notification of breaches. Legislation requires agencies to maintain control over the accessibility of their data, and cloud service providers should be able to demonstrate compliance with PPIPA, HRIPA, GIPAA, the State Records Act 1998, and any other applicable laws (e.g. the Privacy Act 1988 (Cth)).

Who do we share your personal information with?

The information we collect will only be used for the purpose for which you have provided it, or if it is directly related to the purpose for which the information was collected. We will not use it for any other purpose, nor will we disclose it, unless with your consent or in other circumstances where such use or disclosure is permitted under the Privacy and Personal Information Protection Act 1998 (NSW).

Exceptions

There are exemptions from compliance with the Information Protection Principles within the Privacy and Personal Information Protection Act 1998. They include:

  • law enforcement and related matters
  • investigative agencies
  • where lawfully authorised or required
  • when it would benefit the individual concerned
  • Minister being informed of certain matters.

What are your rights over your personal information?

You have rights in relation to the personal data that we hold about you.

Access

You have the right to access and change your personal information we hold about you.

Accuracy

We are committed to ensuring that the information we hold is accurate, complete and up to date, so we encourage you to advise us if the information you have given us has changed. If you believe our information is inaccurate, please contact us and we will correct the information. Our contact details are provided at https://energysaver.nsw.gov.au/contact.

Retention

We will retain the information you have provided for a period that is appropriate for the purpose for which it was provided. Thereafter your information will be archived and disposed of in accordance with our policies, legislative requirements and guidelines based on the State Records Act 1998 (NSW).

Right to erasure / ‘Right to be forgotten’

You can ask us to delete or remove your information in certain circumstances. Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. In cases where we are processing your personal data based on our legitimate interests, you can ask us to stop processing your data for reasons connected to your individual situation.

Right to object

In certain circumstances, you have a right to object to processing being carried out by us. Where personal data is being processed for direct marketing purposes, you have a right to opt out at any time.

Opting out

If you wish to opt out, you can do so by contacting the Department of Planning, Industry and Environment on 131 555, at hello [at] energysaver.nsw.gov.au or, if you have received a marketing email from us, by selecting the ‘Unsubscribe’ link at the bottom of the email.

What automated technologies do we use?

As you interact with our website, we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. We may also receive technical data if you visit other websites employing our cookies, including analytics providers such as Google, advertising networks and search information providers based inside or outside Australia. We consider that the collection of this information is necessary to pursue our legitimate interests in a way that might reasonably be expected (e.g. to analyse how you use our services, to develop our services and grow our business) and which does not materially impact your rights, freedom or interests. Depending on the browser you use, some of the cookies we use are necessary to enable us to provide services such as the processing of transactions.

Our websites use both ‘first party’ cookies (cookies used by Energy Saver websites only) and ‘third party’ cookies (cookies from a third-party website). We use first party cookies for storing preferences and data needed throughout your visit to our websites (e.g. managing user log-ins, personal preferences) and to provide you with customised advertising. We use third party cookies for tracking user trends and patterns with the help of third-party web statistics providers. These third-party cookies are used exclusively by Energy Saver websites and the web statistics provider and are not shared with any other third party.

In addition, third parties with which we have relationships may use cookies to provide you with advertisements that we or they consider are relevant and of interest to you. These third parties include advertisers, advertising networks and technology platforms (e.g. Google AdWords). These third parties may use cookies over which we have no control in order to provide you with customised advertising. For more information we suggest you check the third party’s privacy policy.

We also use web beacons (also known as web bugs or clear GIFs) to record the behaviour of users visiting our websites. You can find more detailed information about cookies and web beacons and how they work at All About Cookies.

When and how can you opt out of receiving marketing from us?

If you wish to opt out, you can do so by contacting the Department of Planning, Industry and Environment on 131 555, at hello [at] energysaver.nsw.gov.au or, if you have received a marketing email from us, by selecting the ‘Unsubscribe’ link at the bottom of the email.

Complaints

If you feel there has been a breach of your privacy under the PPIP Act, you have the right to make a complaint to the Department of Planning, Industry and Environment or to the NSW Privacy Commissioner.

Contact us

If you have any questions about the application of our privacy policy, please contact:

Manager, Information & Privacy

Public Access to Information & Privacy Unit

Department of Planning, Industry and Environment

GPO Box 39 Sydney New South Wales 2001

pia [at] environment.nsw.gov.au