Tourism Queensland is committed to protecting user privacy. We understand and appreciate that visitors and users of this website are concerned about their privacy and confidentiality and security of any information that may be provided to us.
The Queensland Government has established a privacy regime for the Queensland public sector, based on eleven Information Privacy Principles. These are contained in an Information Standard that Tourism Queensland is required to adhere to. A copy of this Standard can be accessed at www.qgcio.qld.gov.au/index.html
As part of it’s function, Tourism Queensland processes numerous requests for tour brochures or information, provides avenues for the booking of travel and holidays, provides opportunities for tourism operators to market and promote their services, conducts competitions and online auctions and collects information on the types of holidays that consumers prefer. Tourism Queensland also collects personal information for specific market research and to determine if there are any demographic trends in the way consumers use travel information and book travel products. This information is aggregated as statistical information and enables us to develop and promote the Queensland tourism industry.
Tourism Queensland collects your personal information in order to send you the free e-Newsletters that contain travel and holiday information. The provision of your personal information is voluntary. Should you not wish to provide your personal information we will be unable to send you the e-Newsletters. Any personal information that you provide to us can be deleted at any time by unsubscribing.
Some of our web pages use "cookies". Cookies are text files we place in your computer's browser to store your preferences. Cookies, by themselves do not tell us your email address or other personally identifiable information unless you choose to provide this information to us.
When you visit our sites, our internet service provider makes a record of your visit and logs the following information for statistical purposes only -
No attempt is, or will be, made to identify users or their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect our activity logs.
When you make a payment through our web site your personal and financial details are protected at all stages of the transaction. In processing your payment we will need to know your name, residential/postal address, e-mail address, and credit card details. We do NOT store your credit card details on our servers at any stage of the transaction. Once the credit card details have been sent to our financial institution, they are no longer known to the system. All transactions are secured by encryption technology, which enables information to be sent over the Internet in an encrypted form thereby ensuring protection against unauthorised access to your personal information.
This is a Queensland Government website. Email correspondence sent to this site will be treated as a public record and will be retained as required by the Libraries and Archives Act 1988 and other relevant regulations.
Your name and address details will not be added to a mailing list, nor will we disclose these details to third parties without your consent unless required by law. E-mail messages may be monitored by website support staff for system trouble shooting and maintenance purposes.
There may be times when personal information is provided to outside contractors (such as mailing houses) to assist with the distribution of tourism information. These companies are forbidden from using this information for any other purpose.
You can ask whether we are keeping personal information about you by writing to or emailing Tourism Queensland's Privacy Officer whose contact details are below. If we do have information on file, you can ask to access a copy of it. You may also wish to apply to amend the information if you believe it to be incomplete, inaccurate, irrelevant, out of date or misleading. There is no charge for an individual to seek access to or apply to amend their personal information. However, your right of access to and amendment of personal information is subject to exceptions provided in the Freedom of Information Act 1992 or any other State Law.
If you have any queries about our privacy and security practices, please contact privacy@tq.com.au or write to:
Privacy Officer
Tourism Queensland
GPO Box 328
Brisbane Qld 4001
1. Introduction
2. What is Personal Information?
3. Acts Administered by Tourism Queensland
4. Personal Information held by Tourism Queensland
Employee Personnel Records
Personnel and payroll
Recruitment
Other
Financial Management And Contractual Records
Information Systems Personal Information
Travel Arrangements Information
Consumer Research Information
Correspondence
5. List of Existing Contracts, Licences and Out-sourcing Arrangements Identified
6. Tourism Queensland Implementation Table
Privacy Implementation Plan
Strategies For Compliance
Assessment of Current Practices
Collection
Storage
Use
Disclosure
Internal Review
7. Procedure to Gain Access to Personal Information
Complaints about Tourism Queensland's handling of information privacy
8. Appendices
Summary Of Information Privacy Principles
Policy Statement
Policy Principles
Collection Of Personal Information (IPPS 1-3)
Information Privacy Principle 1
Information Privacy Principle 2
Information Privacy Principle 3
Storage And Security (IPPS 4-5)
Information Privacy Principle 4
Information Privacy Principle 5
This Privacy Plan is a plan for Tourism Queensland's compliance with the information privacy principles under the requirements of the Information Standard 42 and its relevant Information Standard Guidelines. The Information Standard and its Guidelines require each Queensland Government Agency to prepare and implement a Privacy Plan approved by the CEO of each agency by April 2002.
This plan is drafted in a way which takes account of the diverse functions of Tourism Queensland's various business units. It aims to give: -
The Information Standard 42 and its relevant Guidelines are concerned with "personal information". This is defined in the Information Standard as being: -
"Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion."
The information does not have to clearly identify a person. It need only provide sufficient information to lead to the identification of a person. It is not limited to confidential or sensitive personal details. It covers information held in paper or electronic records.
3.1. Tourism Queensland Act 1979
Due to the commonality of these classes of records amongst the various business areas of Tourism Queensland, they have been grouped here as one entry. This necessarily reduces the amount of detail provided. Current and former employees and other persons (for example, spouses and next of kin who believe that Tourism Queensland's personnel records may also contain personal information about them) can obtain details of specific record handling practices of particular business area by contacting supervisors in those business areas.
It should not be assumed that all records described are kept in a common storage facility. Separate security arrangements will typically apply, depending on the sensitivity of the information.
The purpose of these records is to maintain employment history and payroll and administrative information relating to all permanent, contract and temporary employees of Tourism Queensland.
Personnel and payroll
The records may include any one or more of the following:
(1) records relating to attendance;
(2) leave applications and approvals;
(3) medical records;
(4) payroll and commission related records, including banking details;
(5) tax file number declaration forms;
(6) declarations of pecuniary interests;
(7) personal history files;
(8) performance appraisals, etc;
(9) records relating to personal development and training;
(10) trade, skill and aptitude test records;
(11) completed questionnaires and personnel survey forms;
(12) travel documentation;
(13) records relating to personal welfare matters; and
(14) contracts and conditions of employment.
Recruitment
The records may include any one or more of the following:
(1) recruitment records including interview notes and employment applications;
(2) records relating to relocation of staff and removals of personal effects; and
(3) records relating to character checks and security clearances.
Other
The records may include any one or more of the following:
(1) records of accidents and injuries;
(2) compensation case files;
(3) rehabilitation case files;
(4) records relating to counselling and discipline matters, including disciplinary, investigation and action files, legal action files, records of criminal convictions, and any other staff and establishment records as appropriate;
(5) complaints and grievances; and
(6) recommendations for honours and awards.
Contents of personnel records may include: name, address, date of birth, occupation, employee identification number, gender, qualifications, equal employment opportunity group designation, next of kin, emergency contacts, details of pay and allowances, leave details, superannuation fund details and contributions, work reports, security clearance details and employment history. It may also include physical and mental health, disabilities, racial or ethnic origin, disciplinary investigation and action, criminal convictions, adverse performance and security assessments, tax file numbers, relationship details and personal financial information.
Personal information on personnel records relates to current and former staff members and employees including contract and temporary staff.
The following staff have access to personnel records: executive and personnel management staff, supervisors and members of selection committees (if appropriate), and the individual to whom the record relates.
Personnel records are kept for variable periods according to the applicable provisions of the Standard Retention and Disposal schedule for staff and establishment records issued by Queensland State Archives.
Information held in personnel records may be disclosed outside Tourism Queensland, as appropriate, to:
Records relate to all current and former employees of Tourism Queensland and are stored on paper and electronic media.
Location: Human Resources and individual business units
There is commonality amongst these records across various business areas of Tourism Queensland, so they are grouped here as one entry.
The purpose of the financial records is to process and account for expenditure and revenue. General content may include name, address and service or goods category. Sensitive content may include financial information including debts. The personal information relates to creditors and debtors, including outsourced service providers if they are identified personally.
Contractual Records include personal information relating to Consultants and other Contractors who provide goods and services to Tourism Queensland.
Location: Financial and Business Services and relevant business areas of Tourism Queensland.
Tourism Queensland's information technology information management systems network routinely carries, enables processing of, and stores, for varying periods, much of the core business information of Tourism Queensland on behalf of its many business areas. It encompasses both internal electronic transactions and external transactions, including telephone, e-mail, Internet and Intranet activity. The great bulk of those personal information records within that network environment are described above, or are described in the other parts of this plan that deal with the content of core business operations of business areas of Tourism Queensland.
In addition to that material, there are some personal information records specifically tailored to IT system administration, namely IT system security identifiers and usage tracking records about staff users of the IT system that are held by IT administrators and staff supervisors.
That information is not usually disclosed to persons other than staff supervisors, system administrators and the individuals concerned. Staff are routinely made aware of system usage rules and monitoring procedures concerning collection and use of the information.
Location: Technology Department and relevant business areas of Tourism Queensland.
The Commercial Division of Tourism Queensland, comprising Sunlover Holidays and the Queensland Travel Centres, has responsibility for organising travel arrangements on behalf of clients.
In finalising these arrangements, Tourism Queensland generally collects the following personal information:
This information is processed by the Tourism Queensland Reservations Management System for the purpose of arranging travel, accommodation and tour bookings.
Records relating to travel arrangements are stored on paper and electronic media.
Location: Commercial Division and relevant business areas of Tourism Queensland.
At various times, Tourism Queensland collects personal information from consumer surveys and interviews. The information relates to holiday preferences, tourism product information sources and buying influences. The information collected includes, but is not limited to the following:
Location: Marketing, Planning and Destination Development and relevant business areas of Tourism Queensland.
Correspondence that has been addressed to the Chief Executive Officer or Tourism Queensland Staff from the public or other Government agencies is referred to the relevant areas within Tourism Queensland for consideration and preparation of advice and responses.
Tourism Queensland keeps copies of the correspondence in electronic and paper form.
The correspondence includes personal information which might arise in any subject matter related to Tourism Queensland's functions. Examples are: names, addresses, personal opinions about tourism related matters, complaints and grievances and any other matter that the correspondent wishes to convey to Tourism Queensland.
Location: Chief Executive's Office and relevant areas of Tourism Queensland.
The following organisations have contracts with Tourism Queensland which allow them access to personal information:
These contracts will be reviewed and where necessary amended to ensure that they comply with Information Standard 42.
Informing staff of their privacy responsibilities will play a critical role in Tourism Queensland successfully complying with the requirements of Information Standard No. 42 and related guidelines and is a significant component of the Privacy Plan. To ensure a general awareness of the issues and the principles involved, mechanisms have been identified below which provide for ready access by staff to information regarding the Plan and the promulgation of the Information Privacy Principles which form the core of Information Standard 42. Tourism Queensland's Privacy Officer will coordinate the Plan and report progress of the Privacy Plan to Executive Management.
Tourism Queensland will further develop and review separate policies for storage of electronic and paper information.
Access and amendment rights are limited to existing rights under the Freedom of Information Act 1992.
If you want to request access to, or amendment of, your personal information records in Tourism Queensland, you need to be aware that:
Assistance is also available from Tourism Queensland's Freedom of Information Co-ordinator. The Co-ordinator's telephone contact number is: 3535 5598.
COMPLAINTS ABOUT TOURISM QUEENSLAND'S HANDLING OF INFORMATION PRIVACY
If an individual believes that their personal information has not been dealt with in accordance with an IPP, they may make a complaint to Tourism Queensland seeking an internal review of the handling of their personal information. A request for an internal review must be made in writing and must be made within six months from the date when the breach of any IPP was suspected to have occurred.
Written applications requesting internal review should be sent to the Privacy Contact Officer. The postal address is :
Privacy Contact Officer
Tourism Queensland
GPO Box 328
BRISBANE Q 4001
The Privacy Contact Officer of Tourism Queensland can provide more information about this process. The telephone contact number for the Privacy Contact Officer is 3535 5598.
Applications for review will be acknowledged in writing within 14 days from the date on which the application was received. Tourism Queensland will process each application within 60 days from the date on which the application is received. Applicants will be advised in writing of Tourism Queensland's review decision.
If an applicant does not agree with Tourism Queensland's decision, they can make a further application in writing to the Chief Executive Officer, Tourism Queensland for another internal review. The postal address for applications is:
Chief Executive Officer
Tourism Queensland
GPO Box 328
BRISBANE Q 4001
The Chief Executive Officer will arrange for the internal review to be carried out by a more senior officer than the initial review decision-maker and who has not previously been involved in the matter. This review will be completed within 45 days of receipt of the application for further review. The Chief Executive Officer will provide a response decision in writing to the individual who requested the further review.
SUMMARY OF INFORMATION PRIVACY PRINCIPLES
Policy Statement
Personal information held by Queensland agencies must be responsibly and transparently collected and managed (including any transfer or sale of personal information held by agencies to other agencies, other levels of Government or the private sector) in accordance with the requirements of the Information Privacy Principles.
Policy Principles
Agencies must comply with eleven IPPs, which govern how personal information is collected, stored, used and disclosed.
The IPPs deal with the following:
Principle 1: Manner and purpose of collection of personal information;
Principle 2: Solicitation of personal information from individual concerned;
Principle 3: Solicitation of personal information generally;
Principle 4: Storage and security of personal information;
Principle 5: Information relating to records kept by record-keeper;
Principle 6: Access to records containing personal information;
Principle 7: Alteration of records containing personal information;
Principle 8: Record-keeper to check accuracy, etc., of personal information before use;
Principle 9: Personal information to be used only for relevant purposes;
Principle 10: Limits on use of personal information;
Principle 11: Limits on disclosure of personal information.
COLLECTION OF PERSONAL INFORMATION (IPPS 1-3)
Information Privacy Principle 1
1. Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:
a. the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and
b. the collection of the information is necessary for or directly related to that purpose.
2. Personal information shall not be collected by a collector by unlawful or unfair means.
Information Privacy Principle 2
Where:
a. a collector collects personal information for inclusion in a record or in a generally available publication; and
b. the information is solicited by the collector from the individual concerned;
the collector shall take such steps (if any) as are, in the circumstances, reasonable to ensure that, before the information is collected or, if that is not practicable, as soon as practicable after the information is collected, the individual concerned is generally aware of:
Information Privacy Principle 3
Where:
a. a collector collects personal information for inclusion in a record or in a generally available publication; and
b. the information is solicited by the collector;
the collector shall take such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is collected:
Information Privacy Principle 4
A record-keeper who has possession or control of a record that contains personal information shall ensure:
a. that the record is protected, by such security safeguards as it is reasonable in the circumstances to take, against loss, against unauthorised access, use, modification or disclosure, and against other misuse; and
b. that if it is necessary for the record to be given to a person in connection with the provision of a service to the record-keeper, everything reasonably within the power of the record-keeper is done to prevent unauthorised use or disclosure of information contained in the record.
Information Privacy Principle 5
1. A record-keeper who has possession or control of records that contain personal information shall, subject to clause 2 of this Principle, take such steps as are, in the circumstances, reasonable to enable any person to ascertain:
a. whether the record-keeper has possession or control of any records that contain personal information; and
b. if the record-keeper has possession or control of a record that contains such information:
2. A record-keeper is not required under clause 1 of this Principle to give a person information if the record-keeper is required or authorised to refuse to give that information to the person under the applicable provisions of any law of the State that provides for access by persons to documents.
3. A record-keeper shall maintain a record in the form of a privacy plan setting out:
4. A record-keeper shall make the record maintained under clause 3 of this Principle available for inspection by members
