Privacy

This policy considers the privacy of your personal information and sets out how the Department of Housing and Public Works (the department) manages your personal information when engaging with and providing services to you.

It includes how the department collects, stores, uses, discloses, protects, gives access to and allows correction of personal information, in compliance with the Information Privacy Act 2009 (Qld) (the IP Act).

Policy statement

The department is committed to managing personal information in an open and transparent manner, taking reasonable steps to implement processes and practices to give effect to the Queensland’s Privacy Principles (QPPs) of the IP Act and specifically, to enable the department address enquiries and complaints from individuals about the department’s compliance with the QPPs.

We will only collect and store personal information that is reasonably necessary for delivering on our statutory functions and services – including, but not limited to:

  • housing programs
  • procurement
  • building and construction services
  • grants administration
  • policy development
  • service delivery.

At all times, we will take reasonable steps in managing and protecting your personal information that we collect and process in order to provide you with quality services.

We understand and appreciate that our customers and visitors, as users of our services, value their privacy and the confidentiality and security of any information that may be provided.

We recognise that to operate our business effectively, we must maintain high standards about how we collect, use, store and disclose personal information. We value the trust and confidence of all users of our services and take our privacy obligations seriously.

What personal information we collect

In accordance with the IP Act, personal information means any information or an opinion about an identified individual or an individual who is reasonably identifiable from any information or an opinion:

  • whether the information or opinion is true or not
  • whether the information or opinion is recorded in a material form or not.

Personal information may also include sensitive information which includes:

  • racial or ethnic origin
  • political opinions
  • membership of a political association
  • religious or philosophical beliefs or affiliations
  • membership of a professional or trade union or association
  • sexual orientation or practices
  • criminal record
  • health information
  • genetic information that is not otherwise health information
  • biometric information.

We will not collect sensitive information about you unless:

  • you consent to the collection of the information, and the information is reasonably necessary for, or directly related to the department’s functions or activities
  • the collection of the information is required or authorised under an Australian law or a court or tribunal order
  • a permitted general situation exists in relation to the collection of the information where
    • it is unreasonable or impracticable to collect your consent and we reasonably believe the information is necessary to prevent or mitigate a serious threat to life, health or safety of an individual or to public health or safety
    • we have reason to suspect that unlawful activity, or misconduct of a serious nature, relating to our functions or activities has been, is being or may be engaged in and we reasonably believe that the collection, use or disclosure of the information is necessary for us to take appropriate action in the matter
    • we reasonably believe that the collection, use or disclosure of the information is reasonably necessary to assist to locate a person reported as missing and the collection, use or disclosure complies with the guidelines under the IP Act
    • the collection, use or disclosure of the information is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim
    • the collection, use or disclosure of the information is reasonably necessary for the purposes of a confidential alternative dispute resolution process.

We collect personal information relating to you and your use of our services only where it is necessary to collect this information.

Some of this information is collected by the department directly from you and some is collected from your interaction with third parties engaged by the department to act on the department’s behalf in delivering services for Queenslanders.

How and what information we collect about you will depend on the way that you use our services, for example, whether you are a customer, or a visitor to our websites.

We may collect personal information about you indirectly from another government agency or a third party. Indirect collection may occur:

  • through administering legislation
  • when applying for certain services or products
  • through law enforcement activities
  • when responding to a complaint or enquiry
  • when conducting referee, criminal or other required checks for employment purposes
  • when administering whole-of-government online services.

In all instances where we collect personal information from third parties or other government agencies, this information will be managed and stored in accordance with this policy.

Information we generally collect

Contact information

When you provide us with your contact information, whether through use of our services, creation of an account, or via interaction with our service support teams such as our Housing Service Centres, we collect your contact information.

This may include personal information, such as your:

  • name
  • telephone number
  • physical address
  • email address.

Usage information

We collect usage data about you whenever you interact with our services. This may include:

  • which web pages you visit
  • what information you click on
  • when you performed those actions
  • other activities.

Device and browser data

We collect data from the device you use to access our services, such as your:

  • IP address
  • operating system
  • browser details
  • time of visit.

This information may also tell us your location.

Log data

We keep log files that record data each time a device accesses our servers. The log files contain data about the nature of each access, including the originating IP address.

We may combine this automatically collected log information with other information we collect about you.

We do this for system analytics, as well as to:

  • maintain an audit trail of activity
  • improve our services
  • improve our marketing activities
  • monitor or improve functionality.

Other data you submit

We may collect your personal information if you submit it to us in other contexts, for example by:

  • registering your contact details with service providers that support the department
  • registering your details to attending an event we host.

We may also collect personal information at other points throughout our provision of services or certain points within our website (where you will be notified that personal information is being collected).

Interacting with us on social media

We may collect personal information about you when you interact with us using social media; for example, if you post material to our Facebook page or engage with us on X.

Third parties

We may collect your personal information from third parties if you give permission to those third parties to share your personal information with us, or where you have made that information publicly available online.

Mobile devices

If you connect to our services using a service provider that uniquely identifies your mobile device, we may receive this identification information, in order to provide the services to you.

Why we collect your personal information

The department provides social and affordable housing and homelessness services and support for all Queenslanders. Our objective is to build a sustainable housing system for future generations.

We therefore collect personal information to deliver routine services and as is necessary to fulfil our various functions and activities which include, but are not limited to:

  • the provision of safe, secure and affordable housing
  • development of housing and homelessness policies and strategies through data collection and analysis, research-informed advice, and stakeholder insights
  • the development and delivery of housing programs and major projects
  • be an effective and proactive regulator and steward of regulated accommodation industries
  • planning, funding, reviewing and monitoring the delivery of our services and functions
  • the development and ongoing improvement of channels of communicating with Queenslanders, including our digital and online services
  • conducting research that allows us to improve our products and services to better suit your needs.

The department is also responsible for providing expert advisory, enabling and support services to agencies, suppliers and the community in the achievement of procurement outcomes.

We therefore collect personal information to deliver services and as is necessary to fulfil our various procurement function and activities which include:

  • development of Queensland Government’s procurement policy and related frameworks
  • administering, managing and supporting procurement systems used by Queensland Government and other eligible entities
  • establishing, reviewing, and managing common-use supply arrangements that are accessed and utilised by the Queensland Government and other eligible entities.

Anonymity and pseudonymity

You may engage with the department anonymously or pseudonymously unless identification is required by law or it is impracticable to do so in delivering a service to you.

Therefore, where appropriate, we will guide and provide you with the option of not identifying yourself or of using a pseudonym, when dealing with us in relation to a particular matter.

Dealing with unsolicited personal information

Where we receive your personal information and we did not solicit the information, we will, within a reasonable period after receiving the information, make reasonable enquiries to determine whether we have lawfully collected the information.

This may include use or disclosure of the information to relevant service providers for the purposes of determining the necessity of collecting and storing the information.

Where we conclude that we could not otherwise have lawfully collected the personal information and the information is not contained in a public record, we will, as soon as practicable but only if it is lawful and reasonable to do so, securely delete or destroy the information or ensure that the information is de-identified, in accordance with the IP Act.

How we notify you when we collect your personal information

When collecting your personal information, we will advise you of this policy and inform you of the:

  • purpose of collection
  • consequences of not providing the information
  • recipients (including, where relevant, third parties and other government agencies) of the information
  • likelihood of this information being disclosed to service providers located overseas and, where practicable, the name/s of the countries, where the service provider is located and/or where the information has been disclosed to.

How we use or share your personal information

We may use your personal information to provide you with a public service in relation to the following activities:

  • to provide you with a department’s service or product that you have requested, or which has been requested on your behalf with your consent
  • to provide technical, emergency or other support to you
  • to answer your enquiry about our services or functions, or to respond to a complaint
  • where relevant, to manage our employment or business contractual relationship with you
  • to promote our social programs, products or services which may be of interest to you (unless you have opted out from such communications)
  • to comply with legal and regulatory obligations
  • where otherwise permitted or required by law
  • for other purposes with your consent.

In providing you with these services, it may be necessary to share your personal information with third parties (including contracted service providers (CSPs) engaged by the department to provide a product or service capability) to enable us to provide you with a complete service.

We ensure that all CSPs are screened as part of a due diligence process to ensure they can comply with the department’s policies and processes.

We ensure that all CSPs are legally bound to contractual terms and conditions to collect, protect, store and use your personal information solely for the purpose of providing a contracted service or product.

When we ask for your personal information we will inform you – through our privacy collection notices – about any third parties to whom the information may be routinely disclosed.

Quality, access and correction of your personal information

The department takes reasonable steps to ensure personal information is accurate, complete, current and relevant for use or disclosure.

Prior to using your personal information, we may check with you that your information is correct and up to date. You have the right to request access to, and correction of, your personal information held by us.

You may apply online to access or amend your personal information or complete the Right to Information application form. There is no fee for personal access requests.

If the requested information cannot be released or corrected administratively, a formal access application can be submitted through the online application form available at Queensland Government’s Right to Information (RTI).

Storing and securing your personal information

The department has implemented protocols to ensure the security of your personal information. These include:

  • corporate policies and processes for protecting personal information through encryption
  • physical and system access controls
  • secure servers
  • compliant record keeping
  • training and governance structures.

Once no longer required and not a public record, personal information is securely destroyed or de identified.

Your personal information is stored in accordance with the department’s General Retention and Disposal Schedule (GDRS), as approved by Queensland State Archives.

We take reasonable steps to ensure personal information is stored securely, not kept longer than necessary, and disposed of appropriately.

Disclosing your personal information outside Australia

We may disclose your personal information outside of Australia where:

  • it is necessary to provide the service or product you have requested
  • it is permitted or required by law
  • information sharing arrangements or contracts are in place
  • for other purposes with your consent.

Appropriate contractual arrangements are implemented with entities outside Australia to ensure that your personal information is processed with, at a minimum, equivalent rigour and governance as it would in Australia.

Using our online systems

When you visit a departmental website, our server makes a record of your visit and logs certain information for statistical purposes only.

No attempt is or will be made to identify users or their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise a power to inspect activity logs.

Website analytics

We are committed to providing a useful and effective service via our websites. To that end, we employ tools to gather information about how the department's website is accessed and used.

We use this data to analyse the pages that are visited, to improve your experience and make sure our website is useful. No attempt will be made to identify you and your browsing activities, unless we are lawfully required to do so for investigation or law enforcement purposes.

Cookies

A cookie is a mini dataset which is sent from a web server to a web browser on the user's machine when the browser visits the server's site.

The cookie is stored on the user's machine as an historical identifier. It is not however, an executable program and cannot do anything to your machine.

A server cannot find out a name or e-mail address, or anything about a user's computer by using cookies and cookie information is not stored or collected by the department.

However, we use cookies to collect anonymous statistical information, including:

  • your browser, computer platform and screen resolution
  • your traffic patterns through our site, such as
    • the date and time of your visit
    • the pages and documents accessed
    • the website you visited before ours
    • your server address.

The information generated by the cookie about your use of the website may be transmitted to and stored on servers located outside of Australia. No personally identifying information is recorded or provided.

The information gathered by the cookies will be used by the department to optimise the department's site(s) to improve access and useability, and to compile statistical data for reporting purposes, for example to include in the department’s annual reports.

We do not identify users or any browser activity outside this website, except in the unlikely event of an investigation, where a law enforcement agency may have a warrant to inspect activity logs.

Personal and financial information provided when you use an online service is protected at all stages of the transaction.

External website links

Some of the department's websites contain links to other sites that are external.

The department takes care in linking websites but has no direct control over the content of the linked websites, or to the changes that may occur to the content on those sites.

It is the responsibility of the user to make their own decisions about the accuracy, currency, reliability and correctness of information contained in linked external websites.

Email usage

This is a Queensland Government website. Email correspondence sent to this site is subject to the Right to Information Act 2009 (Qld) and will be treated as a public record and retained as required by the Public Records Act 2023 (Qld) and other relevant Acts and regulations.

Your name and address details will not be added to a mailing list, nor will we disclose these details to third parties without your consent unless required by law.

Email messages may be monitored by our website support staff for system trouble shooting and maintenance purposes.

Payments

When you pay an account or purchase something through the department on websites, your personal and financial details are protected at all stages of the transaction.

In order to process any payment, we need to know your:

  • name
  • address details
  • email address
  • credit card details.

Your credit card details are not stored on servers at any stage of the transaction. Once the credit card details have been sent to our financial institution, they are no longer known to our system.

Opting out of receiving communication from us

From time to time, the department may contact you with information about our programs, services, events, consultations or initiatives that may be relevant to you.

You have the right to opt-out of receiving these communications at any time by:

  • clicking the 'unsubscribe' link included in the promotional emails we send
  • updating your communication preferences through an online account (where applicable).

Opting out of one form of communication (e.g. email newsletters) does not automatically opt you out of all others.

You will continue to receive essential or legally required communications from the department such as notices about:

  • housing eligibility
  • tenancy matters
  • service-related updates where required by law or necessary for the delivery of a service you receive from us.

Protecting your information from data breaches

The department operates under the mandatory data breach notification scheme of the IP Act where we are required to notify affected individuals of eligible data breaches.

Affected individuals are persons the personal information relates to and who are likely to suffer serious harm as a result of the data breach.

An eligible data breach occurs when an unauthorised access, disclosure or loss of personal information is likely to result in serious harm to the person to whom the information relates. In such an instance, the department must:

  • notify the Office of the Information Commissioner (OIC) and affected individuals as soon as practicable
  • publish details of the breach on the department’s website if immediate individual notice is impracticable
  • keep a privacy data breach register and maintain a published privacy data breach policy.

You may refer to the department’s Privacy data breach policy on our website for further information on the department’s data breach management protocols.

Making a privacy complaint

If you believe that we have not dealt with your personal information in a way that is consistent with our legal obligations, you may submit to us a written privacy complaint detailing the nature of the complaint that requires attention.

Privacy complaints can be made by an individual or their authorised representative. We will acknowledge your formal privacy complaint within 3 business days of receiving the complaint in writing.

Under the IP Act, we have 45 business days to provide a response in relation to a privacy complaint.

Where we need a longer timeframe to investigate or respond to a privacy complaint, we will contact you to advise you of the estimated delivery date for our response and keep you up to date with how your complaint progresses.

We will communicate our decision in writing, including any recommended actions that are considered appropriate to resolve the complaint.

Privacy complaints may be marked Private and Confidential and mailed to:

  • Right to Information and Privacy unit
    Legal Services
    Department of Housing and Public Works
    GPO Box 2457
    Brisbane QLD 4001

You can also email your complaint to rti-privacy@housing.qld.gov.au.

Complaints may be made anonymously, however, where a complaint is received that requires investigation of a customer record or requires a response containing personal information, evidence of the complainant’s identity must be provided for sighting.

The role of the Office of the Information Commissioner (OIC)

The OIC is an independent statutory body established under the Right to Information Act 2009 and the Information Privacy Act 2009 with the aim of promoting access to government held information and protecting personal information held by the public sector.

If you are not satisfied with the outcome or action, we have taken to address your privacy complaint you may refer your complaint to the OIC for their independent review.

Complaints referred to the OIC must be made in writing either by completing a hard copy of the complaint form, or by letter to the OIC office at:

  • Office of the Information Commissioner
    PO Box 10143, Adelaide St
    Brisbane QLD 4000

Policy implementation and review

This policy will be reviewed every two years to ensure it meets legislative requirements, the department’s needs and/or best practice guidelines.

Information used to inform the review may include:

  • feedback received from customers, stakeholders and staff
  • the results of internal or external reviews, audits or evaluations carried out by the department
  • any changes in policy, legislation or the department’s organisational structure.

Contact us