About this privacy policy

This policy explains what kinds of personal information we collect and why.

The policy outlines how we handle personal information and provides guidance on how you can access and correct your personal information. It also provides advice on how to make a complaint about the handling of your personal information.

This privacy policy is reviewed and updated when our information handling practices change.

Who we are

The Clean Energy Regulator is an independent statutory authority established by the Clean Energy Regulator Act 2011. We administer schemes for measuring, managing, reducing or offsetting Australia's carbon emissions.

We sometimes need to collect, use, store or disclose personal information to do our job effectively. We do so in a way that ensures compliance with the:

Collecting your personal information

The term 'personal information' has the meaning given to it in the Privacy Act. In general terms, it is any information about you, or that can be used to identify you, whether or not the information is true or recorded in a material form.

We only collect, use, store or disclose personal information for purposes directly related to our statutory functions and activities. This includes:

  • processing and assessing applications under the schemes we administer
  • collecting statistics relating to greenhouse gas emissions, energy consumption or energy production
  • assisting our scheme participants to manage reporting obligations and acquittal of liabilities
  • conducting administrative functions such as recruitment
  • conducting enforcement-related activities
  • inviting you to participate in research or user testing to improve the systems and services we provide scheme participants.

The most common types of personal information we handle are:

  • name
  • mailing or street address
  • e-mail address
  • telephone contact number
  • age or birth date
  • gender
  • profession, occupation or job title
  • employment, curriculum vitae and education information.

Collecting sensitive information

The personal information we collect includes sensitive information. We aim to only collect sensitive information required to carry out our powers, functions, and duties in any given instance.

Sensitive information’ is a subset of personal information and includes, but is not limited to, information or an opinion about an individual’s:

  • racial or ethnic origin
  • political opinions or membership of a political association
  • religious beliefs or affiliations
  • philosophical beliefs
  • Trade or professional associations and memberships
  • Union membership
  • sexual orientation or practices
  • criminal record
  • health or genetic information
  • certain biometric information.

How we collect personal information

We collect personal information from the person that information relates to, their authorised agents, and from third parties (including other government agencies). We collect personal information only by lawful and fair means.

We collect personal information in a number of ways including when:

  • you contact our call centre
  • you provide information to us using our web-based systems
  • we conduct criminal record checks
  • we receive application forms, mail or email correspondence, and other documents.

We may collect personal information from third parties in the following circumstances:

  • you consent to us collecting the information from someone other than yourself
  • we are required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than whom the information relates to
  • it is unreasonable or impracticable for us to collect the information from you directly.

When we notify you of the collection of your personal information

We notify you at or before the time we collect your personal information. This is usually done through a notice (also known as a 'Privacy Notice' or an 'APP Notice').

Why we collect and use personal information

We usually collect and use personal information to:

  • assess eligibility to participate in one of the schemes we administer
  • determine suitability for employment with us.

We may use personal information for other purposes. We will ensure we have your consent to use the information, unless it is:

  • reasonable to expect us to use the information for a secondary purpose (for example, when performing audit and compliance functions and activities or inviting you to participate in research or user testing to improve our systems or services)
  • required by law or a court/tribunal order.

How we handle unsolicited personal information

Sometimes we receive personal information that we have not requested. This is known as 'unsolicited personal information'. When this happens, we will take reasonable steps to destroy or de-identify the information as soon as practicable. This is unless it is contained in a Commonwealth record, as defined in the Archives Act 1983 or it is unlawful or unreasonable to do so.

Dealing with us anonymously or by using a pseudonym

You can deal with us anonymously, unless:

  • we are required or authorised to know your identity by or under an Australian law, or an order of a court/tribunal
  • it is impracticable for us to deal with you when you have not identified yourself or are using a pseudonym.

What is deemed ‘impracticable’ depends on the circumstances. For example, if you apply for a scheme we will need to know your identity to pay the appropriate benefit.

How we protect your personal information

Access to personal information is audited so only staff with a need to know have access to it.

We take reasonable steps to protect your information from:

  • misuse
  • interference
  • loss
  • unauthorised access
  • modification
  • disclosure.

Personal information contained in electronic form or hard copy is secured in line with our information handling practices. These practices include the restriction, logging, and auditing of access.

Storage of electronic information is subject to extra processes to prevent loss and to ensure retention for the needed timeframe.

Privacy impact assessments

We are required to manage personal information in line with the principles in the Privacy Act 1988. This protects such information from:

  • misuse
  • interference and loss
  • unauthorised access
  • modification
  • disclosure.

View our Privacy Impact Assessments.

Who we disclose personal information to

We are required to publish information, including some personal information. This makes the information available to the general public.

We may also disclose personal information to other entities, such as:

  • other government agencies for investigating and prosecuting compliance breaches, legal actions, and insurance claims
  • law enforcement agencies
  • a Committee of the Parliament of the Commonwealth of Australia
  • applicants under the Freedom of Information Act 1982 (Cth).

Protection of information under the Clean Energy Regulator Act

We are bound by the secrecy provisions in Part 3 of the Clean Energy Regulator Act 2011 (the CER Act).

Part 3 of the CER Act prohibits us from disclosing or using information that was obtained in an official capacity as officers of the Clean Energy Regulator.

This prohibition does not apply where the disclosure or use is:

  • authorised by a provision of Part 3 of the CER Act
  • in compliance with a requirement under a law of the Commonwealth or a prescribed law of a state or a territory.

For information held by us and collected before 2 April 2012 under either the National Greenhouse Energy and Reporting Act 2007 or the Renewable Energy (Electricity) Act 2000, we are bound by the preserved secrecy provision of those Acts.

Disclosing personal information overseas

We may disclose personal information to third parties who are not located in Australia or an external territory. We take reasonable steps to ensure overseas recipients of personal information do not breach the APPs.

Dealing with data breaches

We must take reasonable steps to handle personal information in line with the APPs. This includes protecting personal information from:

  • misuse
  • unauthorised access
  • modification
  • unintentional disclosure.

If a data breach does occur, there are steps we must quickly take to identify, contain and report the incident. We will provide timely advice to affected parties to ensure they are able to manage any loss that could result from the breach.

Accessing and correcting your personal information

You or an authorised agent, such as a lawyer, may request access to your personal information. You can do this by contacting our Privacy Contact Officer. The request does not have to be in writing or through a designated form.

We aim to give you access to your personal information within 30 days of receiving the request and in the manner requested. Access may take longer depending on the manner it is requested.

We will need to verify your identity or that of the person authorised to make the request, before providing access. We will not charge you for making a request or for giving you access to personal information.

We are required to take reasonable steps to update information where appropriate. This is only done regarding the purpose for which the information is held. This includes information that is:

  • inaccurate
  • out-of-date
  • incomplete
  • irrelevant
  • misleading.

We can take these steps even if you do not make the request to update your information.

Making a complaint about the handling of your personal information

Complaints about the handling of your personal information must be in writing to the Privacy Contact Officer. This can be in the form of a letter or email.

Your complaint will be treated confidentially. We will respond within a reasonable time after receipt of the complaint (usually 30 days).

Contact our Privacy Officer

You can find out more about this privacy policy, or provide any comments, by contacting our Privacy Contact Officer:

By phone

  • Within Australia: 1300 553 542
  • Outside Australia: +61 2 6159 3100

By email

Enquiries@cer.gov.au

By post

Privacy Contact Officer 
Clean Energy Regulator 
GPO Box 621 
Canberra ACT 2601

The legislation

The Clean Energy Regulator is governed by the following legislation:

As an Australian Government agency, we must also comply with several other Acts, regulations and other legislation, including: