Privacy Statement

What personal information we collect about users and why.

Developer.Vic Portal - Privacy Statement

What is the Developer.Vic Portal?

The Department of Premier and Cabinet, Victoria (DPC, we, usoperates the Developer.Vic Portal. The Developer.Vic Portal is this website, available at https://developer.vic.gov.au, which contains the API Catalogue, a library of APIs from across the Victorian Government. The Developer.Vic Portal provides developers with tools and resources to access the APIs in the API Catalogue and integrate with Victorian Government data.  

The Whole of Victorian Government API Gateway (Gateway) hosts and secures the Developer.Vic Portal.  

If you have any queries about the Developer.Vic Portal, WOVG API Capability Program or Platform, please contact DPC as follows: 

by email at: This email address is being protected from spambots. You need JavaScript enabled to view it.

by post at:

Digital Engagement
Digital, Design and Innovation
Department of Premier and Cabinet
35 Collins Street
Melbourne Vic 3000

 How this Privacy Statement operates

We are subject to the Privacy and Data Protection Act 2014 (Vic) (the PDPA).  We will comply with the PDPA in the collection, use and disclosure of your Personal Information.

This Privacy Policy applies only to information collected through the Developer.Vic Portal. It does not apply to any websites accessible from the Developer.Vic Portal by link.

In this Privacy Policy, ‘Personal Information’ has the meaning given to it in the PDPA.

 What information do we collect?

We collect information about you when you provide it to us, when someone else provides it to us, when you use the Developer.Vic Portal, and from third-party products. You are entitled to access and correct any Personal Information about you that we collect (see ‘How to access or correct your Personal Information’ below). 

In addition to the types of Personal Information identified in this section, we may collect Personal Information as otherwise permitted or required by law. 

Information you provide to us 

In general, you will know if we are collecting Personal Information from you because you will be requested to provide it.  

For example, when you register for an account on the Developer.Vic Portal we collect the following Personal Information: 

  • your full name 
  • your email address. 

We may also collect your email address and phone number when you request access to an API or when you update your user profile with additional, optional information. 

We may also collect Personal Information when we contact you for feedback on the Developer.Vic Portal, or when you contact us to report a problem or suggest an improvement.  

Information someone else provides to us 

We collect information about you when someone else provides your Personal Information. For example, if your employer supplies us with your email address when it nominates you for access to the Developer.Vic Portal or to a particular API or set of APIs from the API Catalogue.  

Information we collect automatically when you use the Developer.Vic Portal 

We use software techniques such as web server log file analysis, cookies and web beacons to collect information about you when you use the Developer.Vic Portal, including when you browse the website and take certain actions on the website (see ‘Web Server Log Files and Web Measurement Services’ below)This includes information about your IP address, browser header, any HTTP requests you make and your IT system details. Such statistics may qualify as Personal Information, but are not used to identify individual users of the Developer.Vic Portal. 

Information we collect through third-party products 

We collect information about you through third-party products that support the operations of the Developer.Vic Portal. These products include: 

  • Axway 
  • MuleSoft 
  • Red Hat OpenShift 
  • Datadog 
  • Dynatrace 
  • Google Analytics 
  • Atlassian Jira/Atlassian Confluence. 

Some of these products collect information about HTTP requests that you send to the Gateway, for example, when you request access to an APIIn general, these products only collect information about you when you input it into them. For example, when you send an email support request to Jira.  

How do we use and disclose the Personal Information collected?

We collect your Personal Information for the purposes of:  

  • registering your account on the Developer.Vic Portal to enable you to access the API Catalogue; 
  • in some cases, confirming your relationship with any organisation you claim to represent; 
  • responding to your feedback and comments; 
  • monitoring the effectiveness of the Developer.Vic Portal and how visitors use the Developer.Vic Portal; 
  • any other purpose to which you have consented; and 
  • any purposes otherwise permitted or required by law. 

We may use the information that you provide in an API access request or in your user profile, such as your email address or phone number, to contact you regarding your API access requests or your user profile.  

We may also need to disclose your Personal Information to other third parties to comply with legislation or court or tribunal orders. 

Personal Information that the Developer.Vic Portal collects will be used by and disclosed to Victorian Government employees or contractors whose duties require them to use it. Such employees and contractors are required to protect and handle your Personal Information in accordance with the PDPA. 

Personal Information that is collected by the Developer.Vic Portal will be disclosed to our contractors and other third parties that provide goods and services to us, including our website and data hosting providers and third parties that assist us with incident or problem resolution. These service providers include Deloitte Consulting Pty LtdAxway Pty Ltd and Cenitex.  

Some of these service providers may be located outside of Victoria, or may store or transfer your Personal Information outside of Victoria. If your Personal Information is stored or transferred outside of Victoria we will take reasonable steps to ensure that the recipients comply with all relevant privacy laws, including the PDPA 

How to access or correct your Personal Information

You may request access to any Personal Information that we have collected about you. Also, you may request correction of your Personal Information if you can establish that it is not accurate, complete or up-to-date. Alternatively, you can correct any Personal Information from your profile that is inaccurate, incomplete or out-of-date by navigating to “My Profile” on the Developer.Vic Portal and clicking “Edit Profile” to amend your Personal Information.  

You can contact us about access to, and correction of, Personal Information collected by DPC or for any questions or concerns you may have arising out of this privacy statement using the contact details in the ‘What is the Developer.Vic Portal?’ section above. In some cases, requests for access to Personal Information will be handled in accordance with the Freedom of Information Act 1982 (Vic). 

The Privacy Officer at DPC may also be contacted about access to, and correction of, Personal Information collected by the Developer.Vic Portal or for any questions or concerns you may have arising out of this Privacy Statement using the contact details in the ‘What is the Developer.Vic Portal?’ section above. 

How do we store your Personal Information?

DPC takes reasonable steps to protect any Personal Information from unauthorised access once that Personal Information comes into its possession.  We store your Personal Information in line with the information protection requirements described in the Victorian Protective Data Security FrameworkAccess to systems, applications, and the information that we collect is limited to authorised staff members and third party vendors only.

However, in using the Developer.Vic Portal you should be aware that there are inherent risks in transmitting information across the Internet.

Linking

The Developer.Vic Portal contains hyperlinks to pages contained on other government and non-government websites. Unless otherwise indicated, DPC:

(a) does not endorse or authorise the content of any other website; and
(b) assumes no responsibility or liability for the condition or content of any other website or for the operation or function of any service or facility offered on any other website.

Web Server Log Files and Web Measurement Services

The Developer.Vic Portal uses standard web analytics software packages to analyse its web server log files to track web site usage. This analysis provides general data including number of visits, unique visits, pages viewed, browser type, how the site is navigated, search terms used, the sections of the website visited and other website usage information without identifying individual users.

The Developer.Vic Portal incorporates services such as Google Analytics web measurement services. Google Analytics uses a first-party cookie and JavaScript code to collect information about visitors to the Developer.Vic Portal and anonymously tracks how our visitors interact with the Developer.Vic Portal, including where they came from, what they did on the Developer.Vic Portal, and whether they completed any transactions on the site such as account registration.

We use this information for statistical purposes, such as to analyse, measure, and report on data about the Developer.Vic Portal’s traffic and visits. This information helps us understand general user trends at an aggregate level, and improve the Developer.Vic Portal, content, and user experience.

We may also use this information for security audits to protect against threats from hackers or other security purposes.

We do not use this information to identify you or match it with any other personal information that we may collect from you, unless required to do so as part of an internal investigation or for a law enforcement-related purpose, in accordance with the PDPA.

We do not disclose your site visit data to third parties without your consent, unless we are required or authorised to do so by law. In the event of an investigation into suspected unlawful or improper activity, a law enforcement or government agency may use its legal authority to inspect our web server’s records (e.g. in relation to hacking or abusive messages).