Guide Dogs Queensland (GDQ or the Association) is a registered charity, which engages in a number of activities including: fundraising, marketing and service delivery to Queenslanders who are blind or vision impaired.
The purpose of this policy is to:
- Ensure personal information is managed in an open and transparent way;
- Protect the privacy of personal information, including health information, of clients and staff;
- Provide for the fair collection and handling of personal information;
- Ensure that personal information we collect is used and disclosed for relevant purposes only;
- Regulate the access to and correction of personal information; and
- Ensure the confidentiality of personal information through appropriate storage and security.
Personal information is defined as information we hold about you from which your identity is either apparent or can be reasonably determined.
Personal information can be subcategorised as sensitive information or health information.
1. Sensitive information includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, biometric information, biometric templates.
2. Health information is:
- Information or an opinion about:
o The health or a disability (at any time) of an individual; or
o An individual’s expressed wishes about the future provision of health services to him or her; or
o A health service provided, or to be provided, to an individual that is also Personal Information; or
- Other Personal Information collected to provide, or in providing, a health service;
- Genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
Version Nº: 3.0 Document Authoriser: Chief Executive Officer
Issue Date: April 2018 Organisational
Next Review: April 2020 Page 2 of 8 Guide Dogs Queensland
3. Unsolicited Information is all Personal Information received from an individual that we did not actively seek to collect.
This policy supports GDQ’s need to collect and handle personal information and the right of the individual to privacy. It ensures that GDQ can collect personal and sensitive information necessary for its services and functions, while recognising the right of individuals to have their information handled in ways that they would reasonably expect and in ways that protect the privacy of their personal information.
If you would like to access any GDQ services anonymously or using a pseudonym, please inform us. If it is possible and lawful, we will take all responsible steps to comply with your request. However, we may not be able to provide the supports or services in question if we are not provided with the personal information requested.
GDQ observes policies on the management of client information that meet the requirements of both Commonwealth and State Legislation, including Disability Service Standards. GDQ aims to ensure integrity, security and controlled access to client records. We recognise and respect each client’s right to privacy, dignity and confidentiality in all aspects of his or her life.
Some of our clients may have unique government related identifiers which become known to us as part of our services and programs that you may be involved in. GDQ will not adopt Commonwealth identifiers, such as DVA numbers or service identification numbers etc., for its own identification systems (i.e. client records). We will also not disclose government related identifiers about you unless required or permitted by law.
In some circumstances, GDQ may share information about you with another party where we are required to share information by law, or to exercise our duty of care in relation to your wellbeing and safety. In such circumstances it may not be possible to obtain client consent.
GDQ collects personal and sensitive information from clients/beneficiaries, donors, business partners, members, online users and its people (volunteers, employees, delegates and candidates for volunteer work and prospective employees) in order to deliver the services it provides.
We collect information relevant and necessary to our relationship with you.
The information we collect may include your name, contact details, date of birth, financial information to allow us to process transactions, relevant health or medical information that is pertinent to the services we provide to you, other personal information from you to ascertain your suitability for our services and programs, and information about your use of our services.
For prospective employees and volunteers, we may collect personal information and opinions from referees, pre-employment health information and conduct Criminal History Checks. Information relating to unsuccessful candidates for employment or volunteer work will be stored securely for reference as required to provide feedback to the applicant or, with the applicant’s consent, for consideration of other opportunities within GDQ. This information will otherwise be destroyed after 18 months.
a. Collection of information
We will collect personal information from you by lawful and fair means. We may collect personal information from you when you:
- Complete a GDQ Form;
- Deal with us over the phone;
- Email us;
- Ask us to contact you after visiting our website or other online platform such as Facebook;
- Have contact with us in person; or
- Apply for a position.
We may also collect information about you from other persons/organisations for relevant business purposes, where you have consented to the collection and provision of this information, for example such as:
- Medical records from health professional/government/agency;
- Records from another Guide Dog School; or
- Funding records from government/agency.
If we collect details about you from someone else, we will, whenever reasonably possible, make you aware that we have done this and why.
We do not collect any private or sensitive information, such as racial or ethnic origin, health, political opinions or membership, religious or philosophical beliefs, trade association or union membership, sexual preferences or criminal record), unless:
- The individual has consented (e.g. Police background checks on potential persons who will be working with clients and/or children, or details required to provide effective service to clients), or
- The collection is required by law, or
- The collection is necessary to prevent a serious and imminent threat to the health and safety of a person, or
Version Nº: 3.0 Document Authoriser: Chief Executive Officer
Issue Date: April 2018 Organisational
Next Review: April 2020 Page 4 of 8 Guide Dogs Queensland
- The collection is necessary for the establishment, exercise or defence of a legal claim.
Should we ever receive unsolicited personal information about you which we did not ask you for, we will assess it in the following manner:
i. If we could not have collected the information from you by reasonable means; and
ii. The information does not form part of Commonwealth record, then
We will de-identify or destroy the information accordingly.
When we are required to collect personal information from children under the age of 18, we will seek consent from the parents/guardians for the collection of this information.
Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory data or any other information we require in order for us to provide our products/programs/services to you, we may be unable to effectively provide them to you.
When you engage in certain activities, such as purchasing a product, entering a contest or promotion, filling out a survey or sending us feedback, we may ask you to provide certain information. It is completely optional for you to engage in these activities.
We employ a number of technical, administrative and physical procedures to protect your information from unauthorised access, disclosure, loss, misuse or alteration.
GDQ has procedures in place to limit access to your personal information to only those employees with a business reason for knowing such information. Examples of these security procedures include the use of computer passwords; firewalls; secure payment gateways; network security; locked filing cabinets; restricted access to electronic and hard copy records; shredding and secure document destruction.
All GDQ staff members are obliged to respect the confidentiality of any personal or sensitive information held by the Association and we keep personal information only for as long as it is required for business purposes or as required by the law.
Should we ever provide personal information to companies who perform business services for us, such as specialist information technology companies, mail houses, debt collection companies; we require those companies to protect your personal information as diligently as we do. Stringent contractual and other quality assurance measures are used to ensure your personal information is protected.
Donor/Customer/Client information will not be released to any other organisation, person or body without the consent of the individual.
When we no longer need your personal information and are not required to keep it, we will take reasonable steps to de-identity and destroy it.
We will only use or disclose your personal information for the primary purposes for which it was collected or as consented to and/or as set out below.
Personal Information provided to GDQ will be used for the following primary purposes:
- To verify your identity where required;
- To provide customer service functions, including handling enquiries and complaints;
- To fulfil obligations under any sale and purchase contract/arrangement and/or any other contract between the individual and GDQ;
- To engage with you/or provide any of our goods or services to you (as applicable), including but not limited to mobility, counselling, support services, volunteering and fundraising;
- To provide information to you about programs, products, services and/or special offers;
- To obtain your opinion or comments about any program, products and/or services; which allows us to improve, develop and maintain services, products, programs, business systems and infrastructure;
- For marketing, events, and promotional activities by GDQ (including contact by direct mail, telemarketing, email, SMS and MMS messages);
- Fundraising, including the processing of donations and grants;
- Your employment (or potential employment) with us; and
- Our compliance with applicable laws.
You have the right to access your personal information, subject to certain exceptions provided by law.
For security reasons, you will be required to put your request in writing and provide proof of your identity before accessing your personal information. We also ask that you identify, as clearly as possible, the type/s of information requested. GDQ will deal with your request to provide access to your personal information in a reasonable time – usually within 30 days of receipt of your request.
If we are unable to provide you with access to your personal information for any reason, we will write to you to confirm such reasons for this decision and provide you with alternate options regarding our complaints handling process.
Updating your personal information
It is inevitable that some personal information which we hold will become out of date. We will take reasonable steps to ensure that the personal information which we hold remains accurate and, if you advise us of a change of details, we will amend our records accordingly.
You can correct your information, for example, when you change your address etc. through a number of methods such as contacting GDQ via email, web contact, in writing, completion of forms or by telephone request.
GDQ will never charge you a fee to update the information.
Should you have a complaint about the way your personal information is collected, used or disclosed, stored or administered by GDQ, you may lodge a complaint to:
The Privacy Officer
Guide Dogs Queensland
Po Box 5301, Brendale Dc, QLD, 4500
All complaints will be treated seriously and dealt with promptly.
For our supporters: personal information is collected to process donations, issue tax receipts and to send you updates. For these purposes, your information may be shared with trusted third parties and our service providers (and their directors, servants and agents), either in Australia or overseas. Occasionally we allow like-minded organisations to contact you with information that may be of interest to you, including some organisations located outside Australia. Those organisations allow us to do the same and this way we can reach more people with vital information.
For our clients: If you need us to send information to another country we will do so with your consent and we will do so in compliance with Australian data protection and privacy laws.
We may collect non-personal information from you such as browser type, operating system, and web pages visited to help us manage our web site.
Our internet server logs the following information which is provided by your browser for statistical purposes only:
- The type of browser and operating system you are using
- The address of any referring web site (for example the previous website you visited)
- Your computer’s IP (internet Protocol) address ( a number which is unique to the machine through which you are connected to the internet)
All of this information is used by GDQ for analyses or systems administration purposes only. No attempt will be made to identify users or their browsing activities, except if required by law.
A “cookie” is a packet of information that allows GDQ’s computer server (the computer that houses our web site) to identify and interact more effectively with your computer.
When you access our web site, we send you a temporary “session cookie” that gives you a unique identification number. A different identification number is sent each time you use our website. Cookies do not identify individual users, although they do identify a user’s internet browser type and your Internet Service Provider. Shortly after you end your interaction with our web site, the cookie expires or “crumbles”. This means it no longer exists on your computer and therefore cannot be used for further identification or access to your computer.
Without cookies certain services cannot be provided to users of our website, and accordingly you may not be able to take full advantage of all of GDQ’s website features if cookies have been disabled.
As GDQ receives minimal government funding, we depend on financial support from the community to continue providing our services to blind and vision impaired Queenslanders. This means it is necessary for the Association to undertake a range of fundraising and marketing activities.
Where we use your personal information to send you marketing information by post, e-mail, SMS, or other electronic means we may do so with your express or implied consent. You may give us your express consent by, for example, ticking a box on an electronic or paper form where we seek your permission to send you information from GDQ. Consent may be implied from our existing business relationship we have with you.
When you receive such communications from us, at all times we will ensure that you are provided with an opportunity to reply to/or tick an “opt out” box to ensure you do not receive future such communications. By not choosing a clearly displayed “opt out” option, we will assume we have your implied consent to receive similar marketing communications in the future. We will always ensure that our “opt out” notices are clear, conspicuous and easy to take up and you may change your preferences for receiving our information at any time.
If a data breach occurs, Guide Dogs Queensland has a designated team who will promptly act to ensure your privacy information is not affected. In order to comply with the Notifiable Data Breach Scheme, Guide Dogs Queensland will contact you if any of your data is compromised and if a high risk is present. If GDQ is unable to contact you, a statement will be available in our website.
If you require a copy of the policy in a different format, please make a request to:
The Privacy Officer
Guide Dogs Queensland
Po Box 50, Bald Hills 4036 QLD
- Data Breach Response Procedure
- Data Breach Response Form
- GDQ Terms of Agreement
- Privacy Act 1988
- Notifiable Data Breach Scheme