About this privacy policy
This policy explains what kinds of personal information we collect and why.
The policy outlines how we handle personal information and provides guidance on how you can access and correct your personal information. It also provides advice on how to make a complaint about the handling of your personal information.
This privacy policy is reviewed and updated when our information handling practices change.
Who we are
The Clean Energy Regulator is an independent statutory authority established by the Clean Energy Regulator Act 2011. We administer schemes for measuring, managing, reducing or offsetting Australia's carbon emissions.
We sometimes need to collect, use, store or disclose personal information to do our job effectively. We do so in a way that ensures compliance with the:
Collecting your personal information
The term 'personal information' has the meaning given to it in the Privacy Act. In general terms, it is any information about you, or that can be used to identify you, whether or not the information is true or recorded in a material form.
We only collect, use, store or disclose personal information for purposes directly related to our statutory functions and activities. This includes:
- processing and assessing applications under the schemes we administer
- collecting statistics relating to greenhouse gas emissions, energy consumption or energy production
- assisting our scheme participants to manage reporting obligations and acquittal of liabilities
- conducting administrative functions such as recruitment
- conducting enforcement-related activities
- inviting you to participate in research or user testing to improve the systems and services we provide scheme participants.
The most common types of personal information we handle are:
- name
- mailing or street address
- e-mail address
- telephone contact number
- age or birth date
- gender
- profession, occupation or job title
- employment, curriculum vitae and education information.
Collecting sensitive information
The personal information we collect includes sensitive information. We aim to only collect sensitive information required to carry out our powers, functions, and duties in any given instance.
‘Sensitive information’ is a subset of personal information and includes, but is not limited to, information or an opinion about an individual’s:
- racial or ethnic origin
- political opinions or membership of a political association
- religious beliefs or affiliations
- philosophical beliefs
- Trade or professional associations and memberships
- Union membership
- sexual orientation or practices
- criminal record
- health or genetic information
- certain biometric information.
How we collect personal information
We collect personal information from the person that information relates to, their authorised agents, and from third parties (including other government agencies). We collect personal information only by lawful and fair means.
We collect personal information in a number of ways including when:
- you contact our call centre
- you provide information to us using our web-based systems
- we conduct criminal record checks
- we receive application forms, mail or email correspondence, and other documents.
We may collect personal information from third parties in the following circumstances:
- you consent to us collecting the information from someone other than yourself
- we are required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than whom the information relates to
- it is unreasonable or impracticable for us to collect the information from you directly.
When we notify you of the collection of your personal information
We notify you at or before the time we collect your personal information. This is usually done through a notice (also known as a 'Privacy Notice' or an 'APP Notice').
Why we collect and use personal information
We usually collect and use personal information to:
- assess eligibility to participate in one of the schemes we administer
- determine suitability for employment with us.
We may use personal information for other purposes. We will ensure we have your consent to use the information, unless it is:
- reasonable to expect us to use the information for a secondary purpose (for example, when performing audit and compliance functions and activities or inviting you to participate in research or user testing to improve our systems or services)
- required by law or a court/tribunal order.
How we handle unsolicited personal information
Sometimes we receive personal information that we have not requested. This is known as 'unsolicited personal information'. When this happens, we will take reasonable steps to destroy or de-identify the information as soon as practicable. This is unless it is contained in a Commonwealth record, as defined in the Archives Act 1983 or it is unlawful or unreasonable to do so.
Dealing with us anonymously or by using a pseudonym
You can deal with us anonymously, unless:
- we are required or authorised to know your identity by or under an Australian law, or an order of a court/tribunal
- it is impracticable for us to deal with you when you have not identified yourself or are using a pseudonym.
What is deemed ‘impracticable’ depends on the circumstances. For example, if you apply for a scheme we will need to know your identity to pay the appropriate benefit.
How we protect your personal information
Access to personal information is audited so only staff with a need to know have access to it.
We take reasonable steps to protect your information from:
- misuse
- interference
- loss
- unauthorised access
- modification
- disclosure.
Personal information contained in electronic form or hard copy is secured in line with our information handling practices. These practices include the restriction, logging, and auditing of access.
Storage of electronic information is subject to extra processes to prevent loss and to ensure retention for the needed timeframe.
Privacy impact assessments
We are required to manage personal information in line with the principles in the Privacy Act 1988. This protects such information from:
- misuse
- interference and loss
- unauthorised access
- modification
- disclosure.
View our Privacy Impact Assessments.
Who we disclose personal information to
We are required to publish information, including some personal information. This makes the information available to the general public.
We may also disclose personal information to other entities, such as:
- other government agencies for investigating and prosecuting compliance breaches, legal actions, and insurance claims
- law enforcement agencies
- a Committee of the Parliament of the Commonwealth of Australia
- applicants under the Freedom of Information Act 1982 (Cth).
Protection of information under the Clean Energy Regulator Act
We are bound by the secrecy provisions in Part 3 of the Clean Energy Regulator Act 2011 (the CER Act).
Part 3 of the CER Act prohibits us from disclosing or using information that was obtained in an official capacity as officers of the Clean Energy Regulator.
This prohibition does not apply where the disclosure or use is:
- authorised by a provision of Part 3 of the CER Act
- in compliance with a requirement under a law of the Commonwealth or a prescribed law of a state or a territory.
For information held by us and collected before 2 April 2012 under either the National Greenhouse Energy and Reporting Act 2007 or the Renewable Energy (Electricity) Act 2000, we are bound by the preserved secrecy provision of those Acts.
Disclosing personal information overseas
We may disclose personal information to third parties who are not located in Australia or an external territory. We take reasonable steps to ensure overseas recipients of personal information do not breach the Australian Privacy Principles.
Dealing with data breaches
We must take reasonable steps to handle personal information in line with the Australian Privacy Principles. This includes protecting personal information from:
- misuse
- unauthorised access
- modification
- unintentional disclosure.
If a data breach does occur, there are steps we must quickly take to identify, contain and report the incident. We will provide timely advice to affected parties to ensure they are able to manage any loss that could result from the breach.
Accessing and correcting your personal information
You or an authorised agent, such as a lawyer, may request access to your personal information. You can do this by contacting our Privacy Contact Officer. The request does not have to be in writing or through a designated form.
We aim to give you access to your personal information within 30 days of receiving the request and in the manner requested. Access may take longer depending on the manner it is requested.
We will need to verify your identity or that of the person authorised to make the request, before providing access. We will not charge you for making a request or for giving you access to personal information.
We are required to take reasonable steps to update information where appropriate. This is only done regarding the purpose for which the information is held. This includes information that is:
- inaccurate
- out-of-date
- incomplete
- irrelevant
- misleading.
We can take these steps even if you do not make the request to update your information.
Making a complaint about the handling of your personal information
Complaints about the handling of your personal information must be in writing to the Privacy Contact Officer. This can be in the form of a letter or email.
Your complaint will be treated confidentially. We will respond within a reasonable time after receipt of the complaint (usually 30 days).
Contact our Privacy Officer
You can find out more about this privacy policy, or provide any comments, by contacting our Privacy Contact Officer:
By phone
- Within Australia: 1300 553 542
- Outside Australia: +61 2 6159 3100
By email
By post
Privacy Contact Officer
Clean Energy Regulator
GPO Box 621
Canberra ACT 2601
The legislation
The Clean Energy Regulator is governed by the following legislation:
- National Greenhouse and Energy Reporting Scheme, under the National Greenhouse and Energy Reporting Act 2007
- Australian Carbon Credit Unit Scheme, under the Carbon Credits (Carbon Farming Initiative) Act 2011
- Renewable Energy Target, under the Renewable Energy (Electricity) Act 2000
- Nature Repair Act 2023
- Australian National Registry of Emissions Units, under the Australian National Registry of Emissions Units Act 2011.
As an Australian Government agency, we must also comply with several other Acts, regulations and other legislation, including:
- Public Governance, Performance and Accountability Act 2013
- Commonwealth Procurement Rules
- Public Service Act 1999
- Archives Act 1983
- Crimes Act 1914
- Freedom of Information Act 1982
- Freedom of Information (Charges) Regulations 2019
- Privacy Act 1988
- Privacy Regulation 2013
- Legally binding privacy guidelines and rules
- Evidence Act 1995
- Fair Work Act 2009
- Fair Work Regulations 2009
- Electronic Transactions Act 1999
- Electronic Transactions Regulation 2020.