Skip to main content

Privacy Policy

From 1 January 2019, the Aged Care Quality and Safety Commission (the Commission) replaced the Australian Aged Care Quality Agency and the Aged Care Complaints Commission.

This privacy policy outlines how we manage personal information and safeguard privacy pursuant to the Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs).

This policy provides an easy to understand summary of:

  • Why and how we collect personal information
  • The kinds of personal information we collect
  • How we deal with unsolicited information
  • Remaining anonymous and using a pseudonym
  • How we use and disclose personal information
  • How we disclose personal information overseas
  • How we store and manage personal information
  • Secrecy obligations
  • How to access and correct personal information
  • How you can complain about a breach of the Privacy Act and how we will respond to your complaint
  • Where to find further information

In this policy, personal information and sensitive information has the meaning given to it in the Privacy Act, which is available on the Federal Register of Legislation.

Detailed information on privacy and the APPs is available on the Office of the Australian Information Commissioner’s website.

Why the Commission collects personal information

The Commission collects personal information to perform its functions as set out in the Aged Care Quality and Safety Commission Act 2018 (the Aged Care Quality and Safety Commission Act)These functions relate to:

  • protecting and enhancing the safety, heath, well-being and quality of life of aged care consumers;
  • promoting the provision of quality care and services;
  • developing and promoting best practice models for engagement between aged care service providers and their aged care consumers;
  • dealing with complaints about aged care service providers or service providers of a Commonwealth funded aged care service;
  • regulating and monitoring the provision of aged care services;
  • providing information and education about the functions of the Commissioner;
  • other functions that may be provided for by the Aged Care Quality and Safety Commission Act, the Aged Care Act 1997, or any other law of the Commonwealth.

More information about our functions will soon be available on our website.

We may also collect your personal information as part of activities we undertake that are incidental or conducive to our functions.

How we collect personal information

In most cases, the Commission will collect your personal information directly from you. However, there may be circumstances when we collect personal information about you from:

  • your representative, e.g. a legal guardian or family member
  • a third party, such as another government agency, where authorised by law or with your consent (if possible)
  • a contracted service provider that provides services on behalf of the Commission, or assists the Commission with its human resources, communications, IT or other corporate activities.

We will collect person information through a range of different channels including when we communicate with you or your representative by letter, email and through our website. We also collect personal information when you or your representative meet with us face to face or deal with us by telephone.

Kinds of personal information we collect

To perform its functions and activities, the Commission may collect the following kinds of personal and sensitive information:

  • Your name, address, gender, and contact or identity details
  • Other information about you such as your employment status and history, financial affairs, and your cultural and linguistic background
  • Information about your health and welfare, including any disabilities you may have
  • Government identifiers
  • Information about any family or other related persons such as partners, children, dependants, carers, and nominees or authorised representatives
  • Information about how you use our online services such as online forms you fill in, pages you visit, your language preferences, and other online interactions including complaints or feedback

You can read more about the collection of personal information here.

How we deal with unsolicited information

If you send us your personal information when we don’t ask for it (unsolicited personal information) we will determine whether or not the information is relevant to one or more of our functions. If the information is not relevant to what we do, we may destroy or de-identify the personal information if it is lawful and reasonable to do so.

Remaining anonymous or using a pseudonym

Where practicable, you may choose to remain anonymous or use a pseudonym when interacting with the Commission. For example, you may elect to remain anonymous when seeking general information about a program, policy or consultation process. In some cases you may also elect to remain anonymous when making a complaint.

However, in some circumstances, it may be impracticable to remain anonymous or use a pseudonym, or we may be legally required to deal with you in an identified form. For example, we may not be able to resolve a complaint that you have made without collecting your name. We will notify you at the time of collection if this is the case.

How we use and disclosure personal information

The Commission will generally use and disclose personal information for the particular purpose for which it was collected.

For example, personal information collected during a complaint process will be used to enable us to manage and resolve the complaint, or it may be disclosed to other parties as part of our feedback.

We also routinely disclose personal information to a number of other agencies and bodies as required or authorised by law. For example, the Commission may be required to disclose information to the Secretary of the Department of Health where the information is relevant to the performance of the Secretary's functions or powers.

We will not otherwise use or disclose your personal information for another purpose unless it is directly related to our functions or it is required or authorised under Australian law.

How we disclose personal information overseas

We do not ordinarily send your personal information overseas. However, in limited circumstances, we may disclose your personal information to another person if they are located outside of Australia.

If you subscribe to our email subscription service, we will provide your name and email address to MailChimp, a company based in the United States of America which we use to create, send and manage our email updates about new information posted on our website.

If we propose to disclose your personal information to an overseas recipient, we will take reasonable steps before disclosure to ensure that the overseas recipient will not breach the APPs. Otherwise, we will:

  • ensure the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting information in a way that, overall, is at least substantially similar to the way in which the APPs protect the information, or
  • obtain your express consent to the disclosure after informing you that the APP relating to overseas disclosure will not apply to the disclosure.

How we store and manage personal information

Personal information held by the Commission is stored on electronic media and on paper files. We take reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:

  • Our networks and websites have security features in place to protect the information that the Commission holds from misuse, interference and loss from unauthorised access, modification or disclosure.
  • Access to records by staff and contractors is restricted to officers on a need to know basis.
  • We restrict physical access to our office and areas housing personal information, use lockable cabinets, secure databases, permission restrictions and password protection.
  • Emails you send to us are screened by our email security systems and may be viewed by authorised information technology personnel for security purposes.

When no longer required, we destroy or archive personal information in a secure manner and as permitted by relevant legislation.


In addition, our staff are bound by secrecy provisions that regulate the information we collect to carry out the Commission's functions. These secrecy provisions restrict the access, use and communication of protected information.

How to access and correct your personal information

You have a right under the Privacy Act to access personal information that we hold about you. You also have a right to request correction of your personal information if it is inaccurate, out of date, incomplete, irrelevant or misleading.

If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to. We will notify you in writing, and explain our reasons if we refuse to give you access to, or correct, your personal information.

If you are seeking access to an approved provider's records, or records of a service provider of a Commonwealth funded aged care service, we recommend you contact that provider directly in the first instance. If you are seeking care records of someone you do not legally represent, be aware that there are restrictions in the Privacy Act and the Aged Care Quality and Safety Commission Act 2018 about disclosing this information to you.

If you wish to request access or correction of your personal information, you should contact the Commission's Privacy Officer using the following details:


Write to:

Privacy Officer
Aged Care Quality and Safety Commission
PO Box 9819
Sydney NSW 2000

Or telephone 1800 951 822 and ask for the Privacy Officer.

Privacy complaints

If you have a concern about the way we handle your personal information, you can make a complaint. In the first instance you may telephone the Commission on 1800 951 822 and can to speak with our Privacy Officer. Alternatively you can make a written complaint to: 

Privacy Officer
Aged Care Quality and Safety Commission
GPO Box 9819
Sydney NSW 2000

If you are dissatisfied with our response, you can complain to the Office of the Australian Information Commissioner who is independent of the Commission.  The Australian Information Commissioner has the power to investigate complaints about possible breaches of the Privacy Act.  Further information can be obtained directly from the Office of the Australian Information Commissioner at

Updates to this policy

We will, from time to time, review and revise this Privacy Policy. The Commission reserves the right to amend this policy at any time and any amendments will be notified by posting an updated version on our website.

Last updated: 1 January 2019

Privacy Impact Assessments

From 1 July 2018, Australian Government agencies are subject to the  Australian Government Agencies Privacy Code (the Code).

The Code requires agencies to undertake a written Privacy Impact Assessment (PIA) for all:

  • ‘high privacy risk’ projects
  • initiatives that involve new or changed ways of handling personal information.

The table below is updated with PIAs completed by the Commission since 1 July 2018:

Date of Completion Title of PIA
2018 NIL
2019 NIL

Further information

To find out more about how we manage personal information, contact the Privacy Officer by:



Privacy Officer
Aged Care Quality and Safety Commission
PO Box 9819
Sydney NSW 2000

For more general information on the Privacy Act and the APPs:

Tuesday, 15 January 2019 - 9:57am