QMDC is committed to protecting your personal information and complying with the Privacy Act 1988 (Cth) (“Privacy Act”) and Australian Privacy Principles.
2013 | Updated 5 June 2014
This document describes the policies and procedures that we have in place for the management and protection of personal information that QMDC collects and holds.
The Privacy Act regulates the collection, use, disclosure, storage and security of personal information of government agencies and private organisations. The Privacy Act includes 13 binding Australian Privacy Principles (“APPs”) with which QMDC must comply in relation to its management of personal information.
QMDC is a not for profit Incorporated entity is bound by the Privacy Act 1988 (Cth).
The Privacy Act 1988 (Cth) (“Privacy Act”) regulates the collection, use, disclosure, storage and security of personal information of government agencies and private organisations. The Privacy Act includes 13 binding Australian Privacy Principles (“APPs”) with which we must comply in relation to our management of personal information.
What sorts of personal information does QMDC collect and hold?
Personal information is “information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not”.
QMDC values the privacy of its clients and stakeholders and will only collect personal information that is necessary for it to carry out its functions and services. Normally, this will include information that identifies you and allows us to make contact, correspond or make a commercial agreement with you and may include details about your property.
We collect personal information from staff, contractors, partners and from the public from a wide range of areas across QMDC. For example, we may hold personal information in the following types of records:
- Electronic metadata records (username, Geographic coordinates, address)
- Location information, which may reveal user activity patterns and habits
- Research data for projects involving human participants
- Client records
- Project files with research partners
- Personnel records
- Recruitment records
- Contractor information
- Statutory appointment information (e.g. Board members)
- Occupational Health and Safety records
- Rehabilitation case management files
- Security Files
- Freedom of Information Requests
- Subscription details (e.g. for QMDC publications)
- Legal files
- Education files
- Ministerial correspondence
- Complaint details
These types of files held by us from time to time may include personal information such as:
- name, residential address, occupation and residential email and telephone contact details;
- opinions and reactions to testing and research;
- health information; and
- credit card or other personal financial details.
The personal information on some of these files may also include sensitive information, including information about a person’s race or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information or genetic information.
In the case of volunteers and employees, we may ask you to disclose any pre-existing health conditions to us so that we can ensure your safety. The provision of this health information to us is entirely voluntary and it will only be used to ensure that only work that you are physically capable of carrying out is allocated to you, or in the case of emergency, it may be provided to emergency response personnel to assist in your treatment.
How does QMDC collect and hold personal information?
Where it is reasonably practicable to do so, we collect personal information directly from you. However, on occasions, we may need to collect personal information from other sources such as public records, parents or guardians of children under the age of 18 years and third parties. When dealing with children, we seek parental consent prior to the collection of personal information, including photographs.
We may collect personal information in various ways, including via:
- Online web/mobile applications;
- Online forms (such as subscription forms or registration forms for an event);
- Surveys (hard copy or online);
- Information associated with accessing and using QMDC websites;
- Over the telephone;
- The use of biometric technology;
- In person in a meeting or interview scenario;
- Via emails or other correspondence sent to QMDC;
- By taking photographs or videos at QMDC events;
- Third parties, for example reports from referees of prospective employees; or
- From publicly available information, such as interactions with QMDC via social media sites.
For what purposes does QMDC collect, hold and use personal information?
With QMDC’s extensive and diverse activities, we collect, hold and use personal information throughout QMDC for many different purposes and via different methods. We only collect personal information for purposes directly related to our functions or activities and only where it is necessary for or directly related to such purposes.
When we collect personal information from you for certain specific activities, where required, we will use a collection notice that deals specifically with that collection, including a description of the purposes for which we will use the personal information collected in that instance. Where relevant, our internal procedures and systems embed privacy protections to ensure we comply with our obligations under the Privacy Act.
We may use or hold personal information for the following general purposes:
- to make contact with you regarding natural resource management issues;
- to create formal service or other business agreements with you;
- to provide information to you about Natural Resource Management topics and issues;
- as content for case studies, reports or newsletters. We will seek your specific permission before publicly publishing any of your personal information;
- to provide scientific and research services to both public and private sector clients;
- to manage our employees and contractors, including to consider prospective employees;
- to undertake research and testing as part of our (such as information about individuals participating in focus group testing);
- to maintain membership or subscriber records for our publications or members (such as the Land for Wildlife); and
- to promote and market our activities.
We will only disclose your personal information to a third party if it is necessary for us to carry out the functions and services for which it was collected in the first place. This may include disclosure to contractors working for, or on behalf of QMDC. It may also include disclosure to investors in the project to which your information relates or to their contractors or representatives for the purpose of reporting, research or analysis required under our funding agreement(s) with them.
We will de-identify your personal information to the extent that it is practical to do so before disclosing it to any third party and we will ensure that after disclosure, your personal information will be managed in accordance with both the purpose for which it was collected and in accordance with the Australian Privacy Principles of the Privacy Act, 1988 (Cth) (“the Privacy Act”).
If personal information is disclosed by us to a government agency in accordance with our funding agreement with it, this information may become subject to further disclosure under freedom of information or right to information laws.
We may disclose your personal information to enforcement authorities if we are legally required to do so.
We will collect personal information from you for the purposes described in a collection notice and will only use or disclose your personal information for other purposes if:
- you have consented to the other use;
- you would reasonably expect, or have been told, that your personal information is usually passed on to other entities;
- it is required or authorised by law;
- it will prevent or lessen a serious threat to someone’s life, health or safety (including public health and safety);
- required to take appropriate action in relation to suspected unlawful activity or serious misconduct;
- required to locate a missing person; or
- required to assert a legal or equitable claim or to conduct an alternative dispute resolution process.
Set out below is some further detail of how we may use personal information collected for certain of our main activities.
Using QMDC mobile applications
When people use mobile devices:
- Privacy practices highlighted during the download / registration process
- Consent to be obtained at the point of download.
- Users told what will happen with their information in real time. ‘in-context notices’ have been attached to each record in App databases.
- Our apps won’t collect sensitive information (about political views, sexual preferences, religion and disabilities).
- Integrated location and movement sensor information relates directly to the app and will be recorded in applications.
- Apps will collect persistent identifiers as they are essential to the functioning of the app.
- Personal information won’t be associated across apps, or between apps and user’s social media accounts.
- If users no change their minds about giving QMDC access to their personal information; the app will need to be uninstalled.
- If QMDC apps experience a data breach, we will inform users – and to the OAIC, a requirement under the Privacy Act.
What do apps have access to?
- Find accounts on the device
- Add or remove accounts
- Precise location (GPS and network-based)
- Modify or delete the contents of your USB storage
- Test access to protected storage
- Full network access
- View network connections
- Create accounts and set passwords
- Control vibration.
Updates to Apps may automatically add additional capabilities within each group.
When you send an e-mail to a QMDC address (firstname.lastname@example.org), the content and your details, including your e-mail address, become part of our records. Your e-mail address, acquired in this way, will not be added to any mailing list unless specified in a collection statement or unless we obtain your consent.
Completing an online form
Should you decide to complete and submit an online form on any part of the QMDC website, we:
- may record personal details provided by you such as; e-mail address, street address, telephone number, occupation, company, areas of interest etc to the extent they are relevant to the purpose for which we are collecting them.
- will only used this information for the purpose for which it was collected.
- will not disclose this information without your consent except where QMDC may be required by law to disclose the information.
We may conduct research involving human participants and this research may involve the collection of personal information, including health information (disabilities), genetic information, or information about a person as part of social research. The collection of such information may also have ethical approval requirements.
When dealing with personal information in a research context, we will usually de-identify that information. If personal information is not de-identified, we will deal with personal information collected in the course of research in accordance with the Privacy Act.
We may also deal with personal information of research partners or clients when providing scientific research services and testing services to both public and private sector clients. This may include the following sorts of personal information:
- Name, address, occupation and residential email and telephone contact details;
- Opinions and reactions to testing and research; or
- Health information.
- Client information;
- Credit card or other personal financial details.
If we collect your personal information as part of our research activities, we will use that information for the purposes of the specific research activity and we may also add it to a database for the purpose of contacting you about future QMDC activities, but only where you would reasonably expect this or have consented.
When you contact us for general information about our activities or about science and technology generally, we will:
- Log the contact (online or otherwise) in a secure database;
- Record your name and other contact details, and information about the nature of the enquiry and response provided;
- Record phone calls for the purpose of quality assurance and coaching;
- Not add you to a mailing list, but may seek consent to contact you to provide feedback on the service provided.
- Not disclose the information collected without your consent except where QMDC may be required by law to disclose the information.
Direct communication from QMDC
We store the contact details of a wide range of clients and stakeholders, ranging from direct subscribers to periodical publications, to business, research and community contacts. This information may be used to disseminate information and to facilitate participation in events and QMDC activities. In managing this information, we will:
- hold all personal information in secure databases, both at onsite and offsite locations.
- ensure that at any time, a recipient of e-mailed mass communication may ask to “unsubscribe” from our central marketing/communication database.
- ensure that a direct link to “unsubscribe” is generally made available in mass communications from us. Alternatively, unsubscribe requests can be made directly to QMDC Enquiries.
Managing our personnel and other support services functions
QMDC will collect personal information from prospective employees for the purposes of administering a recruitment process. This may include using and disclosing personal information for:
- General management of employment;
- Performance management (misconduct, grievance, probation);
- Financial, legal, security, information technology and communications matters related to a staff member’s employment.
Engaging with the public about science
We collect personal information in the course of promoting and marketing our activities to the public, including via the following:
- Promotions / competitions;
- Photographs of individuals taken at QMDC events;
- Collecting data about the public’s opinions (e.g. feedback via social media);
- Sending marketing material to clients;
- maintaining membership or subscriber records for our publications or members (such as the Land for Wildlife);
- QMDC Education programs and publications.
QMDC as a contracted service provider to other Government agencies
We may, from time to time, engage service providers to provide services to us. Where those services involve a service provider dealing with personal information on our behalf, we will ensure that our contract with the service provider obliges the service provider to comply with the same level privacy obligations as QMDC.
How does QMDC store personal information?
Each area of QMDC that collects personal information stores that information securely on QMDC’s IT systems. These systems are password protected and where required, only certain people are authorised to access the information.
We may use third parties to store some personal information on servers in Australia or overseas, but only where steps have been taken to ensure that the third parties comply with our privacy obligations.
Disclosures of personal information overseas
QMDC utilises internet carriers to transmit and store documents, databases and other data forms that may contain personal information. In carrying out these transmission and storage functions on behalf of QMDC these providers may transmit or store personal information in overseas jurisdictions. QMDC will take reasonable steps to ensure that these providers have adequate privacy and security measures in place. Data (which may contain personal information) may be disclosed to specified parties by the service provider (in accordance with their service agreement with QMDC), if the service provider has a good faith and legitimate reason to do so (in the case of law enforcement, for example) within the terms of service that QMDC has been agreed between both parties.
We will notify you of any other specific disclosure to overseas recipients prior to the disclosure taking place.
QMDC will make all attempts to satisfy itself that the privacy policies and procedures of all service providers and sub-contractors that it engages with meet the requirements of the Australian Privacy Principles to the extent that it is practicable to do so.
Access to and amendment of personal information held by QMDC
If you wish to access your personal information or find out if QMDC holds personal information about you, you should contact the QMDC Privacy Officer (address below) in writing. We will endeavour to comply with your request, but we may refuse access if we have a legal right or requirement to do so in accordance with the Privacy Act.
If you can establish that the personal information held about you is incorrect, irrelevant, out of date, incomplete or misleading, you may request that it be corrected. This request should be in writing and be directed to the Privacy Officer (address below). We will endeavour to comply with your request to correct information. If we are unable to comply, we will notify you that we have not made the correction and the reason why it has not been made.
If you require a copy of your personal information, we reserve the right to charge an administrative fee provide the copy, regardless of the form (e.g. electronic or paper copy).
If you are unhappy about how your personal information is being managed by QMDC, or if you believe that your personal information has been treated other than in accordance with this policy, we ask that you contact us in the first instance.
Complaints should be addressed in writing to the Privacy Officer at the address provided below and should detail the nature of your concern(s). We will respond to your concerns within 30 days of it being received by us.
If you are unhappy with the response provided by QMDC, or if you do not receive a response within 30 days (of receipt), you should lodge a complaint with the Privacy Commissioner. Information on making a complaint to the Privacy Commissioner is available at http://www.oaic.gov.au/privacy/privacy-complaints, by calling 1300 363 992 or emailing email@example.com.
All privacy-related correspondence with QMDC should be in writing and be addressed to:
The Privacy Officer
Queensland Murray-Darling Committee
PO Box 6243
TOOWOOMBA WEST QLD 4350