On this page:

Defence Housing Australia (DHA) recognises the importance of protecting the privacy of individuals in relation to their personal information. This Privacy Policy sets out how we collect, hold, use and disclose your personal information, how you may seek to access or correct your personal information and how you may make a complaint if you believe we have breached our obligation.

We are bound by the Privacy Act 1988 (Cth) (The Privacy Act), which sets out a number of principles concerning the collection, use, disclosure and security of your personal information.

What is your personal information?

When used in this Privacy Policy, the term ‘personal information’ has the meaning given to it in the Privacy Act. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. It also includes ‘sensitive information’ such as health information. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information. Where the information has been permanently de-identified, the information is no longer considered personal information.

Who should read this privacy policy?

This policy covers personal information relating to:

  • individuals whose personal information may be given to or held by us in connection with our business functions and activities (e.g. lessees and lessors);
  • an agent or representative of a person whose personal information may be given to or held by us;
  • contractors, consultants, suppliers and vendors of goods or services to DHA;
  • current or former employees or prospective employees of DHA.

What personal information do we collect?

We may collect and hold the following types of personal information about you:

  • your name;
  • contact details such as your email address, postal and/or home address and phone numbers;
  • date of birth;
  • profession, qualifications, occupation or job title, work location and rank;
  • dependant information, including gender and date of birth (if applicable);
  • special needs information relating to you and/or any of your dependants (if applicable);
  • financial institution/bank details;
  • tax file number;
  • identification documentation such as passport or driver’s licence details;
  • details of shareholdings or other financial or beneficial interests; and
  • any other personal information you include in any form or other document you provide to us.

If you are a current or former employee, we will also hold personal information relating to the management of your employment and DHA's human resources activities, such as salary and superannuation information, medical certificates, details of financial and other personal interests provided by you and your immediate family members (if relevant, for the purpose of managing conflicts of interest), and referee and emergency contact details.

How do we collect your personal information?

We will generally collect your personal information directly from you unless it is unreasonable or impracticable to do so. We will also collect your personal information from someone else with your consent, or where we are required or authorised to do so by or under an Australian law or a court/tribunal order. When collecting personal information from you, it may be:

  • through your access and use of our website;
  • during conversations between you and our employees;
  • via telephone or paper-based surveys conducted by a representative or Service provider of DHA;
  • when you enter into a contract with us (for example, to purchase a property or provide a service to us or on our behalf);
  • from any regulator;
  • from your financial adviser; and
  • when you make an enquiry or complete an application.

In the course of handling and resolving a complaint, we may collect personal information. 

We may also collect personal information from third parties such as persons who are authorised to act or provide information on your behalf (e.g. your legal representative or financial adviser), credit reporting agencies, law enforcement agencies and other government entities.

Personal information collected by us is securely held either in hard copy format on DHA paper files or stored electronically on DHA’s file servers.

Digital data collection and cookies

A cookie is a short piece of data which is sent from a web server to a web browser on the user's computer or device when the browser visits the server's website and is stored on the user's computer or device. Cookies do not collect personal information. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

We use cookies for user authentication when you access Online Services, to improve the user experience of our website, and for marketing purposes.

Online Services

User authentication in Online Services enables us to recognise your computer or device and greet you each time you visit our website without bothering you with a request to register.

Google Analytics

We use Google Analytics to collect information about visitors to our website. Google Analytics uses a first-party cookie and JavaScript code to collect information. It anonymously tracks how visitors interact with our website, including where they came from and what they did on our site. It may collect your server address, browser type, version and language, operating system, pages viewed and documents downloaded while browsing our website, page access times and referring website addresses. No attempt will be made to identify you based on this information except, in the unlikely event of an investigation by a law enforcement agency or where we are required to do so by court/tribunal order. Google Analytics does not track activity within the Online Services section of our website.

Online surveys

We use Survey Manager (an Australian third party software supplier) to administer online surveys. Survey Manager uses third party cookies. The information collected by these cookies is not capable of identifying you and is only used to ensure our surveys run smoothly. We will only use the information collected from the surveys for statistical and maintenance purposes.


We collect data about your activities when you visit our website or the websites and online services where we display advertisements (“Publishers”). The data collected is anonymised and cannot be associated with or used to identify you as an individual.

It may include the content you view, the date and time that you view this content, the products you purchase, or your location information associated with your IP address. We use the information we collect to serve you more relevant advertisements (referred to as “Retargeting”). We collect information about where you saw the ads we serve you and what ads you clicked on. You may opt out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests, by visiting the Network Advertising Initiative opt out page ( Users may opt out of Google’s use of cookies by visiting the Google advertising opt-out page (

For what purposes do we collect, hold, use and disclose your personal information?

DHA generally uses and discloses personal information for the primary purpose for which it was collected. We collect, hold, use and disclose your personal information for the following purposes:

  • to verify your identity;
  • to contact you in response to an enquiry by you about our products or services;
  • to perform our business activities and functions and to provide the best possible quality of customer service;
  • to provide you with access to any protected areas of our website;
  • to assess the performance of the website and to improve its operation;
  • for recruitment and personnel management purposes (in relation to DHA employees and potential employees);
  • for marketing (including direct marketing), planning, product or service development, quality control or research purposes for us and our related bodies corporate, contractors or service providers;
  • to provide your personal information to our related bodies corporate, contractors or service providers for the performance and administration of our business operations;
  • to respond to any communications from you or complaints made by you (including via social media); and
  • to comply with any law, regulation or binding decision of a regulator.

In certain circumstances, DHA may use or disclose your information for a different purpose (the secondary purpose), such as where you have consented or would reasonably expect DHA to use or disclose the information for a secondary purpose, and the secondary purpose is:

  • related to the primary purpose for which the information was collected (or in the case of sensitive information, directly related to the primary purpose); or
  • required or authorised under Australian law or has been ordered by a court or tribunal; or
  • reasonably necessary for enforcement related activities.

Direct marketing materials

We may send you direct marketing communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth) and may be sent via a representative, or service provider of DHA.

If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time, you may opt-out of receiving marketing materials from us by contacting us (see the details on the right under 'contacting us') or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list. We do not provide your personal information to other organisations for the purposes of their direct marketing.

Social networking services

We use social networking services such as Twitter, Facebook, YouTube, LinkedIn and Instagram to communicate with the public. When you communicate with us using these services we may collect your personal information. However, we only use it to communicate with you on these public forums, or directly if we need to specifically respond to a question or statement you posed. The social networking services will also collect your personal information for its own purposes. These sites have their own privacy policies.

To whom may we disclose your personal information?

We may disclose your personal information:

Use of contractors and outsourced service providers

DHA uses contractors, sub-contractors and outsourced service providers to undertake certain business functions and activities on our behalf, for example IT services and maintenance, marketing and data analysis/research activities. This may involve disclosing your personal information to those providers for the purposes of performing the relevant services.

Personal information about you may be provided to a contractor or service provider when necessary via DHA’s Online Services. DHA’s practice is to generally retain effective control of any personal information accessed via DHA’s online services.

Sometimes DHA engages recognised professional or expert advisors from outside DHA, including legal advisers.

To protect the personal information we provide to third party contractors, we take contractual measures to ensure the contractor and its employees comply with the Privacy Act and the Australian Privacy Principles, and only handle the personal information for the purposes of the contract.

Overseas disclosure

DHA may disclose your personal information to third party maintenance providers, who may operate an overseas contact centre to manage appointments. DHA takes reasonable steps to ensure that maintenance contractors who may utilise overseas contact centers, as recipients of your personal information do not breach the privacy obligations relating to your personal information.

Your personal information will not be shared or disclosed other than as described in this privacy policy, without your consent.

Accessing and correcting your personal information

You have a right to access your personal information unless we are entitled to refuse access on grounds permitted under the Privacy Act. Those grounds are that access may be refused where such refusal is required or authorised by the Freedom of Information Act 1982 (Cth) (FOI Act) or another Commonwealth Act providing for access to documents or information. If you would like to access the personal information we hold about you, please let us know by contacting us via our contact details on the right. We will ask you to verify your identity before we give you access to your information or correct it.

You may also request us to correct any personal information that you believe is not accurate, up to date, complete or relevant or is misleading. We will take reasonable steps to make that correction.

We will not charge you for making a request to access or giving access to your personal information and we will not charge a fee for correcting your personal information. 

If we do not give you access to your personal information or decide that we will not correct your personal information, we will provide you with written reasons for our decision within 30 days after the request is made.

The FOI Act also provides mechanisms for seeking access to, and the correction of, personal information. For further information about making an FOI request to DHA please go to Freedom of Information. Further information about the relevant operation of privacy and FOI laws in this context is available from our Privacy Team.


We take reasonable steps to ensure your personal information is protected from misuse, interference, and loss and from unauthorised access, modification or disclosure. 

DHA regularly assesses the risk of misuse, interference, loss and unauthorised access, modification or disclosure of information.  To address these risks, DHA keeps a record (audit trail) of when someone has added, changed or deleted personal information held in our electronic databases and check when required, that staff only access those records when they need to.

You should be aware that there may be inherent risks associated with the transmission of information over the internet. If you are submitting personal details or other information over the internet which you wish to remain private, please note that, while all attempts are made to secure information transmitted to this website, there is a possibility that information you submit could be observed by a third party while in transit.

Links to external websites

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.


If you believe that we have breached our obligations under the Privacy Act in respect of your personal information, you may contact us via our contact details on the right.

On receiving your complaint, we will investigate your complaint within a reasonable time. We will deal with your complaint confidentially. As part of that investigation, we may ask you for further information and may also ask you to provide us with details of your complaint in writing so that we can better understand the precise nature of your complaint.

Our Privacy Team will assist you with your complaint. In most cases, a member of our Privacy Team will respond to you in writing (by letter or by email). If you believe that the Privacy Officer’s decision or response is not correct in some respect, you may provide details of the claimed deficiency and ask the Privacy Officer to further consider the issue. After the Privacy Officer further responds, and if you remain unsatisfied, you may escalate the matter to DHA’s General Manager, Governance.

Under the Privacy Act, the Australian Information Commissioner has the authority to investigate complaints, or acts or practices that may be a breach of privacy even if there is no complaint. If you make a complaint to DHA about a DHA practice which you think amounts to an arbitrary or unreasonable interference with your privacy and you do not believe that the matter has been resolved satisfactorily, you should write to the Office of the Australian Information Commissioner (OAIC), preferably using the online Privacy Complaint form available on the OAIC website (see link in 'Further reading').

Contacting us

If you have any questions about your personal information or this privacy policy, please contact our Privacy team using the details set out below.

By post:
Privacy Team, Governance Division
Defence Housing Australia
26 Brisbane Ave
Barton ACT 2600

By telephone:
13 93 42

By email:

Changes to our privacy policy

We may change this privacy policy from time to time.  Any updated versions of this privacy policy will be posted on our website.

This privacy policy was last updated on July 2018.

Further reading

Privacy Impact Assessment (PIA) Register

In accordance with the Privacy (Australian Government Agencies - Governance) APP Code 2017 (the Privacy Code), DHA publishes a summary of all Privacy Impact Assessments (PIAs) undertaken from 1 July 2018 on its PIA Register.