The Shared Service Provider (SSP), a part of the Department of Treasury and Finance (DTF), is committed to respecting the rights of individuals’ to the privacy of their personal information.

DTF privacy policy

DTF, of which SSP sits within, has policies and procedures in place for the appropriate management of personal information in accordance with the Victorian Privacy and Data Protection Act 2014.  The same policy applies to SSP.

View DTF Privacy policy.

Types of data that the SSP website uses

SSP website analytics

SSP website uses non-identifying data to record a user's activity on the internet, including:

  • every page of this website that the user visits
  • how long the user was on a page or site
  • in what order the pages were visited

The SSP website uses software to monitor user activity. When an individual visits the site to read or download information, the software records only their server address, domain name, the date and time of their visit, as well as the duration of their visit and the information downloaded. This information is non-identifying and is used for statistical and web-development purposes only.

This website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses 'cookies' (please see below) to help the website analyse how users use the site. 

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

For further information, please visit the Google Privacy Center.

Use of "cookies"

Cookies are the text files placed on your computer. Apart from Google Analytics, 'cookies' are used to gather other statistical information that assists in understanding what users find interesting and useful on our website. These cookies are known as your 'Unique Visitor Cookie', a small piece of data, identifying you only by a random number (e.g. #12489).

No personal information is collected about the user through cookies. This numerical data is sent to the user’s browser from a Web server and then stored onto the user’s computer hard drive. Through modification of browser preferences, a user can elect to accept all cookies, receive a notification when a cookie is set, or decline all cookies.

Personal information 

What is personal information?

Personal information is any information or an opinion (including information or an opinion forming part of a database) that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

What is sensitive information?

Sensitive information is a special category of personal information. It is defined as information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record.

What is health information?

Health information is information or an opinion about:

  • the physical, mental or psychological health of an individual
  • a disability (at any time) of an individual
  • an individual’s expressed wishes about the future provision of health services to him or her
  • a health service provided, or to be provided, to an individual

Collecting personal information

SSP collects a variety of personal information. SSP collects and holds personal information about individuals, who are either currently engaged or are seeking to be engaged, by SSP for a specific purpose. These include individuals who are job applicants, employees, submitters of tenders, contractors, Board appointees, purchasers, landlords and tenants of government land, and accommodation, carpool and library users.

The personal information collected from these individuals is used to evaluate their capability and/or financial capacity to meet SSP requirements and/or contractual obligations and to manage an ongoing relationship with the individual.

SSP also collects personal information from other sources such as drivers and purchasers of vehicles (to manage the SSP carpool), training course participants (to manage training programs), VGLS registered users to provide library services, owners of, and applicants for, unclaimed moneys (as required by law) and authors of letters from the public (to investigate their enquiries and respond).

In the majority of cases, SSP collects personal information directly from the individual. Personal information is also collected from third parties, such as outsourced service providers, recruitment agencies, former employers and/or referees.

Generally, SSP will only collect sensitive information or health information with your consent or where required by law. 

Consequences of not providing personal information

If individuals do not provide their personal information for the purposes described, SSP may not be able to accurately assess the individuals’ capability and/or financial capacity to undertake the activities SSP requires, or for SSP to effectively provide the required service to those individuals.

Using and disclosing personal information

SSP uses personal information only for the purpose for which it was collected, or a related purpose that an individual would reasonably expect their personal information to be used for. SSP only assigns or adopts a unique identifier for an individual (for example, an employee number) if it is necessary, authorised by law or with consent.

Occasionally, SSP may be authorised by law (including privacy legislation and/or other laws) to use personal information for another purpose.  In those cases, an individual’s consent may be sought to use the personal information.

SSP may disclose personal information to outsourced service providers for the performance of their services, to nominated referees of job applicants and submitters of tenders, to other public sector entities (where necessary to enable SSP to perform its functions), or to an organisation where the law requires such disclosure. Outsourced service providers engaged by SSP are required to comply with the requirements of the Victorian Privacy and Data Protection Act 2014.

SSP ensures that any transfer of personal information outside Victoria is in accordance with privacy legislation.

Keeping personal information up to date

SSP will take reasonable steps to ensure that the personal information it collects is accurate, complete and up-to-date before using it.

Storing personal information

Individuals can access and browse the SSP website without disclosing personal information. The points on the site where personal information is collected are the feedback form, complaints form, and booking systems (car booking, library service and facility management requests) that are password protected.

Any personal information collected via the SSP website is used, disclosed and stored in accordance with this Privacy Statement.

This Privacy Statement applies only to the SSP website ( and booking systems. When linking to other sites from this website, we recommend that users familiarise themselves with each site's privacy policy.

Keeping personal information secure

SSP holds personal information in both electronic and paper-based form. SSP has security processes in place to protect this information from misuse and loss, and from unauthorised access, modification or disclosure. These processes include:

  • storage of paper-based documents containing personal information in locked cabinets or in secure areas which are accessible only to authorised personnel
  • use of computer passwords, automated password reset prompts and time-out screen savers to ensure only authorised personnel have access to computer files
  • use of virus protection software
  • providing physical security for SSP buildings to limit access to authorised personnel only

The stored information is also archived in accordance with the Public Records Act 1973, which determines when it is appropriate to retain or dispose of it.

Please note that there are always risks when information is transmitted electronically (ie via the internet and including any requests via the online feedback form). If you are concerned that the information that you are sending is sensitive or confidential, then you might prefer to discuss this prior to sending.

Gaining access to personal information

Should an individual wish to gain access to, or correction of, their personal information held by SSP, the individual may contact the person within SSP who holds the information, or, if that person is not known, they should contact the Privacy Officer.

Privacy queries and complaints

SSP/DTF undertake to resolve queries and complaints in a timely, fair and reasoned way.

For general queries or complaints regarding personal privacy, please contact DTF’s Information Privacy Contact Officer at:

Reviewed 14 August 2019

Was this page helpful?