The Victorian Building Authority (VBA) is established by the Building Act 1993.
This policy sets out how the VBA handles personal and health information that is collected. The VBA is committed to protecting the privacy of individuals' personal and health information according to the principles set out in the Privacy and Data Protection Act 2014 and the Health Records Act 2001. As the VBA is a non-health service provider, not all of the Health Privacy Principles apply, but all of the Information Privacy Principles do. This policy relates to all of your contact with us, whether in person, over the telephone or online.
What is 'personal information'?
Personal information means information or an opinion about an identifiable individual. The sort of personal information we collect includes name, address, telephone and email contact details, complaint details and information we need to process various types of transactions, such as applications and renewals of registration and collection of building levies.
'Health information' is information able to be linked to a living or deceased person about a person's physical, mental or psychological health; such information is generally only provided to the VBA by staff members or by persons subject to disciplinary inquiries.
How we collect personal information
We collect personal information when you:
- submit a paper or online form (registration application, complaint, etc.)
- write to us
We may get personal information about you from other people or organisations. For example, when we:
- investigate a complaint
- receive a plumbing Compliance Certificate and you are named as the customer
- receive levy payments from a Building Surveyor
- obtain your contact details from another person or from a publicly available document such as a newspaper.
Whenever we collect personal information, we will take steps to ensure that you know why we are collect the information, what we intend to do with it and to whom we need to disclose it.
Where we do not collect information directly from you, we will take reasonable steps to let you know that we have the information.
Why we collect your personal information and what we do with it
We collect personal information for reasons connected with the regulation and enforcement of the Building Act 1993. This can include the bodies associated with the VBA in the course of undertaking their statutory duties and related functions. This may include any of the following:
- management of statutory building and plumbing industry-related public registers
- management of the registration of building and plumbing professionals
- management of complaints relating to building and plumbing professionals and quality of their work, appeals, hearings, disputes, investigations and prosecutions
- management of the building permit levy system
- handling enquiries, visitors, and the receipt of unsolicited information
- conducting site inspections
- managing internal staff and human resources
- enabling the VBA to perform personnel workforce management activities, including monitoring compliance with the Code of Conduct for Victorian Public Sector Employees.
Some of our work involves the 'indirect' collection of personal information – that is, where personal information is collected or received about you, but from someone else or from some other source. For example:
- If a consumer complaint is made about you, we record this information on a database.
- If a consumer enquiry is received, we may record the terms of the enquiry and related details.
- We may receive information from other State or Federal agencies such as WorkSafe or Victoria Police when we are investigating breaches of the Building Act 1993.
Some of our work requires us to collect sensitive personal information. The most common example is when we ask Victoria Police for a criminal record check to assess an application for registration or for prosecution. When taking prosecution action we do not need your permission to do this.
The VBA receives a large number of enquiries from the public seeking information about building and plumbing professionals. The VBA maintains a register of plumbing practitioners and of building practitioners (on behalf of the Building Practitioners Board). Both registers are maintained under the provisions of the Building Act 1993 and give effect to the proper oversight and supervision of the plumbing and building industries.
Part of regulating the plumbing and building profession is the confirmation of the registration and/or licensing of building and plumbing professionals and detailing any restrictions or limitations on a licensed or registered person to specific areas of practice or competencies.
The public has a right to know whether a person carrying out plumbing and building work is competent and is licensed or registered in a particular class according to law. Insurance coverage is mandatory for licensed plumbers and certain classes of registration for building professionals. The minimum insurance requirements are stipulated by Ministerial Order.
How we share your personal information
We may need to share personal information within the VBA, the Building Practitioners Board, the Building Appeals Board, Consumer Affairs Victoria and members of the public. We may also disclose your personal information to third parties acting on your behalf, for example your solicitor or interpreter.
Here are some examples of circumstances when we may need to disclose your personal information outside of the Victorian Building Authority:
- If you lodge a complaint, we will disclose where necessary to ensure procedural fairness, some details to the person that your complaint is about.
- If we hold your details in connection with registration or as a result of disciplinary matters, personal information about you may appear on the relevant public register. These registers may be accessed in limited form online and also inspected by the public in person. Limited information from some of the public registers is made available online.
- Confirmation that a plumbing or building professional is or was legally permitted to undertake regulated work at a specific period in time and details of the insurance required by law.
Data quality and data security
We make every effort to ensure that personal information we collect, use or disclose is accurate, complete and up-to-date. Most of our information is collected or received directly from the person concerned, and is used for its intended purpose without delay.
We have secure office premises and a security pass entry system. Our files are protected from outside or unauthorised access, while older files are securely archived at separate premises. Our information technology arrangements also incorporate data security measures. We require staff to use passwords to enter the computer system and our databases require an additional password, with different levels of access depending on the role of the officer concerned. Only staff who need to use your information have access to it. We have 'firewalls' to protect the integrity of the information we store electronically and we also screen routinely for viruses. Where email is used to transfer information, it is encrypted. These and other measures help protect your personal information from misuse, loss or unauthorised access, unauthorised modification or disclosure.
Where personal information is disclosed or made available to contractors (for instance, to manage a major project or do a large mail-out), we ensure that the contract requires confidentiality, restricts the use of the information to the purposes of the contract and clarifies what happens to personal information when the contract finishes. Wherever possible, arrangements are also made to enable us to monitor the contractor's compliance. Where contractors are involved in the delivery of core services, we ask them to comply with the Information Privacy Principles.
Information security risks
We have implemented technology and security policies, rules and measures to protect the personal information that we have under our control. However, you should be aware that there are risks in transmitting information across the internet. So while we strive to protect such information, we cannot ensure or warrant the security of any information transmitted to us online and individuals do so at their own risk. Once any personal information comes into our possession, we will take reasonable steps to protect that information from misuse and loss and from unauthorised access, modification and disclosure.
If you are concerned about conveying sensitive material to us over the internet, you might prefer to contact us by telephone or mail. We will remove personal information from our system where it is no longer required (except where archiving is required by law).
Access to your information
You can request access to the personal information we hold about you at any time. We will try to give you access with as little formality as possible and without charging a fee. However, where your request is difficult or time consuming to answer, or where it involves personal information about other people, we may have to use freedom of information procedures to process the request.
If you become aware that personal information we hold about you is not accurate, complete or up to date, you can ask us to correct it.
Most of the things we do require you to provide us with personal information. However, where it does not affect the proper performance of our functions, we will not require you to provide it. For instance, if you make an enquiry about a consumer protection law, we can help you over the telephone or by email without the need for you to give us any of your personal details. If you need a copy of one of our publications, you can download it from our website.
How do I raise concerns about my privacy?
If you are unhappy about the way we have handled the privacy of your personal information, you may wish to discuss your concerns with the VBA's Privacy Officer. You may complain in person, by telephone or in writing. You can also use the 'contact us' function on our website, but you should note that your complaint may then need to be allocated within the VBA. You can also discuss your concerns directly with Privacy Victoria, which is an independent and impartial dispute resolution service.
You can write to:
The Chief Executive Officer
Victorian Building Authority
PO Box 536
Melbourne VIC 3001
You can access the VBA's website home page and browse our website without disclosing your personal information. We do not collect personal information when you visit or browse. Where you submit an email automatically generated from the website, or complete and submit a form online, your personal information will be managed in accordance with the policy set out in this policy. Email addresses are not added to mailing lists without your consent.
Web statistics and data collection
Pages on the site may be coded with Google Analytics software. This software stores a cookie in your browser, which contains a unique identifier, and sends information to Google. This enables Google to track the number of unique visitors to the site. In no way does this unique identifier identify a user personally. We do not and will not marry any data collected by Google with any personal information.
While you can browse this website anonymously, without disclosing your personal information, we may not be able to provide the full range of services through this website if we are not provided with the information outlined above.
The default settings of browsers like Internet Explorer may allow some or all cookies, but users can easily take steps to erase cookies from their hard-drive, block all cookies, or receive a warning before a cookie is stored. However, some parts of sites may not function fully for users that disallow cookies.
This website uses web beacons, also known as web bugs, pixel tags or clear GIFs, as some pages on the site are coded with Google Analytics (see further information above under Web statistics and data collection).
Used in combination with cookies, a web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, which is placed on a site or in an email that is used to monitor the behaviour of the user visiting the site or receiving the email.
When the HTML code for the web beacon points to a site to retrieve the image, at the same time it can pass along information such as:
- the IP address of the computer that retrieved the image
- the time the web beacon was viewed and for how long
- the type of browser that retrieved the image
- previously set cookie values.
Web beacons are typically used by a third party to monitor the activity of a site. If you have concerns about web beacons, turning off the browser's cookies will prevent web beacons from tracking your activity. The web beacon will still account for an anonymous visit, but your unique information will not be recorded.
This website's web server automatically records non-personal clickstream data. To the extent that any clickstream data could make you identifiable, we will not attempt to identify you from clickstream data unless required by law or to investigate suspected improper activity in relation to the website or to assist in law enforcement.
The following clickstream data are automatically recorded by this website's web server for statistical and system administration purposes only:
- your server address
- your top level domain name (e.g. com.au.gov)
- the date and the time of your visit to the site
- the pages you accessed and downloaded
- the address of the last site you visited
- your operating system
- the type of browser you are using.
Email subscription service
The personal information we collect via the email subscription system is your email address.
In addition to using the information for the purpose of providing our email subscription service you have requested, we may also use or disclose the personal information that we collect about you for the following purposes:
- the compilation or analysis of statistics
- those in the public interest, or
- any other purposes required or authorised by law – other than by publication of the information in a form that identifies an individual, it is impracticable to get that individual's consent before the use or disclosure and in the case of disclosure the VBA believes the recipient of any of the information will not disclose it.
Links to external websites
This website privacy statement does not extend beyond this website. When following links to other sites from this website, we recommend that you read the privacy statement of that site to familiarise yourself with its privacy practices.
If you make a payment using this website, we may process your payment via a third party electronic payments service provider. We take reasonable steps to protect the security of your personal information. Before using these facilities, you should ensure that you are using a web browser that supports 128-bit encryption. In many web browsers, you can confirm that your session is encrypted by the appearance of a locked padlock symbol at the foot of your browser.