Chapter 9.2 – Privacy Policy

Home 9 Policy 9 Chapter 9.2 – Privacy Policy
Back to Policies & Procedures
[ivory-search id="40" title="AJAX Search Form"]

This policy applies to all employees, contractors and volunteers of our company.

This policy covers personal information that is collected, retained, stored and used by our company where it is necessary for one or more of our company’s functions or activities.

Purpose

The purpose of this policy is to detail our company’s legislative obligations and approach to managing, handling and protecting the personal information of internal and external customers.

Related Documents

Primary:

  • Nil

Secondary:

  • Information Privacy Act 2009
  • Local Government Act 2009
  • Right to Information Act 2009
  • Complaints Management Policy
  • Creating Privacy Collection Notices Guideline
  • Information Privacy Personal Information Amendment Application
  • Information Privacy Principles
  • Information Security Policy
  • Personal Information Holdings Document
  • Privacy Complaint Form
  • Privacy Deed
  • Right to Information and Information Privacy Access Application
  • Right to Information Policy

Policy Statement

Our company is committed to upholding the right to privacy of all customers who have business dealings with our company. Our company takes the necessary steps to ensure personal information customers share with them remains confidential.

This policy also serves to regulate and consolidate Company procedures in relation to the handling of personal information.

This policy should be read in conjunction with Company’s Right to Information Policy.

Personal Information

Personal information is defined in the Act as information or an opinion, including information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can be reasonably be ascertained, from the information or opinion.

‘Apparent’ means the individual can be identified solely from the information.

‘Reasonably ascertained’ allows reference to be had to other information that would lead to the individual being identified.

It is therefore, any information which can be used to identify an individual.

Personal Information Holdings

Our company maintains, on an ongoing basis, a Personal Information Holdings document that explains the various types of personal information collected and held, what the information is used for and the third parties to whom the information is normally disclosed. Where applicable, the document also details where company is authorised to collect, use or disclose information under legislation relevant to company policies, programs and services. A copy of the Personal Information Holdings document can be obtained from the Right to Information and Privacy section on Company’s website.

Roles and Responsibilities

Principal Officer

As defined in Schedule 5 of the Act, the CEO is the Principal Officer, and as such, is responsible for Company’s obligations under the Act.

RTI Coordinator

The Records Supervisor is appointed as the Coordinator and is responsible for coordinating information privacy requests within Company and administering the key provisions under the Act.

Decision Makers

Decision makers are employees sub-delegated powers by the CEO under the Act to deal with right to information and information privacy applications.

Workforce Relations and Ethics Unit

The Workforce Relations and Ethics Unit is responsible for managing privacy complaints received from individuals.

The Collection of Personal Information

Personal information is only collected if it is necessary for one or more of Company’s functions or activities.

Certain information is collected in order to comply with laws and regulations.

Our company only uses personal information for the purposes for which it was collected and for any other use authorised or required by law, including law enforcement and compliance activities.

Whenever our company collects personal information, the information and the reasons for collection is shared with customers via a Collection Notice.

Collection Notices must be displayed and/or verbally stated:

  1. In all physical locations where personal information is collected;
  2. In telecommunication messaging and on-hold systems; and
  3. On all our company websites, forms, lease and contract documents.

Use and Disclosure of Personal Information

Personal information is not divulged to third parties outside of our company for their independent use unless the person to which the information relates has authorised, in writing, for our company to do so, or the disclosure is required or allowed by law.

Personal information is not made available in the public forum without the express written permission of the customer and other individuals detailed in any correspondence or collected in any way.

Personal information must not be sold, traded or made available to others unless allowed by law. Information provided by customers for a specific purpose is only shared with other business units within our company as and when necessary to fulfil its lawful business and in accordance with the exceptions listed in Information Privacy Principle.

Where Company out-sources functions that involve the collection, utilisation and/or holding of personal information, contractual measures are taken to ensure contractors and subcontractors do not act in a way that would amount to a breach of the Information Privacy Principles. Our company requires these contractors to sign a Privacy Deed to acknowledge the need to maintain the confidentiality of this information and abide by all applicable laws. Our company does not permit third parties to sell or use the information for their own purposes.

Contracts with third parties include clear provisions about the purposes for which the contractor is to use the information and other provisions necessary to ensure the contractor does not make unauthorised disclosures. Contracts also contain provisions about how the contractor is to keep the information secure, and what the contractor must do with the information when works have been completed under the contract.

Privacy Complaints

Privacy complaints are to be made using Company’s Privacy Complaint Form (available on our company’s website). The investigation of privacy complaints is managed by the Workforce Relations and Ethics Unit in accordance with the Complaints Management Policy and related procedures.

The individual may refer their complaint to the Office of the Information Commissioner if at least 45 business days has lapsed since making their complaint and they have not received a response or the individual considers the received response as an inadequate response.

Accessing and Amending Personal Information

Applications to access and amend personal information are to be made via the following Queensland State Government forms:

  1. Right to Information and Information Privacy Access Application (available on our company’s website) for an individual to apply to access their personal information;
  2. Information Privacy Personal Information Amendment Application (available on Queensland Government website) – for an individual to apply to amend their personal information.

All applications are coordinated by the RTI Coordinator, who nominates the appropriate decision maker to deal with the application in accordance with the Act.