Privacy Statement

What personal information we collect about users and why.

Victorian Government API Gateway and Website – Privacy Policy

What is the Victorian Government API Gateway?

The Victorian Government API Gateway is an entry point for accessing a catalogue of application programming interfaces (APIs) related to Victorian Government data.

You are invited to access and use APIs available via the API Gateway.  Approved users will also be invited to contribute to the API catalogue. 

The API Gateway consists of software and hardware accessed via base path used to publish APIs. User registration, viewing the API catalogue and general information about using API Gateway services is accessed via the Website

The Website and the API Gateway are operated by the Department of Premier and Cabinet, Victoria (DPC, we, us).

If you have any queries about the API Gateway, please contact DPC as follows:

by email at: This email address is being protected from spambots. You need JavaScript enabled to view it.

by post at:

Digital Engagement
Digital, Design and Innovation
Department of Premier and Cabinet
35 Collins Street
Melbourne Vic 3000


How this Privacy Policy operates

We are subject to the Privacy and Data Protection Act 2014 (Vic) (the PDPA).  We will comply with the PDPA in the collection, use and disclosure of your Personal Information.

This Privacy Policy applies only to the API Gateway and the Website. It does not apply to any websites accessible from the Website by link.

In this Privacy Policy, ‘Personal Information’ has the meaning given to it in the PDPA.


What information do we collect?

In general, you will know if we are collecting Personal Information from you because you will be requested to provide it.  For instance, when you register for an API Gateway account we may collect the following Personal Information:

(a) your full name;
(b) your email address;
(c) your ‘Organisation Code’ which allows us to identify your employer;

We may also collect Personal Information when we contact you for feedback on the API Gateway or Website, or when you contact us to report a problem or suggest an improvement. We may collect Personal Information when you create an API access request or when you update your user profile with additional, optional information. We may use the information that you provide in an API access request or in your user profile, such as your email address or phone number, to contact you regarding your API access requests or your user profile.

The exception is where someone else provides your Personal Information. For example, if your employer supplies us with your email address when it nominates you for access to the API Gateway. You are entitled to access and correct any Personal Information about you collected by us (see ‘How to access or correct your Personal Information’ below).

The second exception is where we collect information (including your IP address, browser header information and system details) using software techniques such as web server log file analysis, cookies and web beacons. Such statistics may qualify as Personal Information. However, these statistics are not used to identify individual users of the API Gateway or the Website.

In addition to the types of Personal Information identified above, we may collect Personal Information as otherwise permitted or required by law.


How do we use and disclose the Personal Information collected?

The API Gateway and the Website collect your Personal Information for the purposes of:

(a) registering your account to allow you to access the API Gateway;
(b) in some cases, confirming your relationship with any organisation you claim to represent;
(c) responding to your feedback and comments;
(d) monitoring the effectiveness of the API Gateway and how visitors use the API Gateway and Website;
(e) any other purpose to which you have consented; and
(f) any purposes otherwise permitted or required by law.

We may also need to disclose your Personal Information to other third parties to comply with legislation or court or tribunal orders.

Personal Information that is collected by the API Gateway or the Website will be used by and disclosed to Victorian Government employees or contractors whose duties require them to use it. Such employees and contractors are required to protect and handle your Personal Information in accordance with the PDPA.

Personal Information that is collected by the API Gateway or the Website will be disclosed to our contractors and other third parties that provide goods and services to us, including our website and data hosting providers and third parties that assist us with incident or problem resolution. 

Some of these service providers may be located outside of Victoria, or may store or transfer your Personal Information outside of Victoria. If your Personal Information is stored or transferred outside of Victoria we will take reasonable steps to ensure that the recipients comply with all relevant privacy laws, including the PDPA.


How to access or correct your Personal Information

You may request access to any Personal Information that we have collected about you. Also, you may request correction of your Personal Information if you can establish that it is not accurate, complete or up-to-date. Alternatively, you can correct any Personal Information from your profile that is inaccurate, incomplete or out-of-date by navigating to “My Profile” on the Website and clicking “Edit Profile” to amend your Personal Information.

You can contact us about access to, and correction of, Personal Information collected by DPC or for any questions or concerns you may have arising out of this privacy statement using the contact details in the ‘What is the API Gateway?’ section above.

The Privacy Officer at DPC may also be contacted about access to, and correction of, Personal Information collected by the API Gateway or the Website or for any questions or concerns you may have arising out of this Privacy Policy using the contact details in the ‘What is the API Gateway?’ section above. 


How do we store your Personal Information?

DPC takes reasonable steps to protect any Personal Information from unauthorised access once that Personal Information comes into its possession.  We store your Personal Information in line with the information protection requirements described in the Victorian Protective Data Security Framework.

However, in using the API Gateway you should be aware that there are inherent risks in transmitting information across the Internet.



The API Gateway and the Website contain hyperlinks to pages contained on other government and non-government websites. Unless otherwise indicated, DPC:

(a) does not endorse or authorise the content of any other website; and
(b) assumes no responsibility or liability for the condition or content of any other website or for the operation or function of any service or facility offered on any other website.


Web Server Log Files and Web Measurement Services

The API Gateway and Website use standard web analytics software packages to analyse its web server log files to track web site usage. This analysis provides general data including number of visits, unique visits, pages viewed, browser type, how the site is navigated, search terms used, the sections of the website visited and other website usage information without identifying individual users.

The API Gateway and Website incorporates services such as Google Analytics web measurement services.  Google Analytics uses a first-party cookie and JavaScript code to collect information about visitors to the Website and anonymously tracks how our visitors interact with the Website, including where they came from, what they did on the Website, and whether they completed any transactions on the site such as account registration.

We use this information for statistical purposes, such as to analyse, measure, and report on data about the Website’s traffic and visits. This information helps us understand general user trends at an aggregate level, and improve the Website, content, and user experience.

We may also use this information for security audits to protect against threats from hackers or other security purposes.

We do not use this information to identify you or match it with any other personal information that we may collect from you, unless required to do so as part of an internal investigation or for a law enforcement-related purpose, in accordance with the PDPA.

We do not disclose your site visit data to third parties without your consent, unless we are required or authorised to do so by law. In the event of an investigation into suspected unlawful or improper activity, a law enforcement or government agency may use its legal authority to inspect our web server’s records (e.g. in relation to hacking or abusive messages).