QNU Privacy Policy
The Queensland Nurses’ Union (QNU) places great emphasis on maintaining and enhancing the privacy and security of your personal information. In order to provide a service to our members, the QNU collects and uses personal information. This information may be in electronic or paper form. Personal information held by the union includes the information provided to us on our membership application form (that then forms part of our membership database) and individual member files that are created when members have an industrial, professional, legal, health and safety or WorkCover matter that the union is handling on their behalf.
Members wishing to access the personal information the QNU holds on them should first contact their nearest QNU office.
The QNU does not disclose information of a personal nature unless the individual concerned has given consent for us to do so or if disclosure is required under law. The QNU stores such information in a secure place and access to such information is limited to those employees who require access to carry out their work duties. Limited personal information (such as name and workplace of members) may be provided to QNU Branch officials and union representatives to facilitate the performance of their roles as established under the QNU rules.
In very limited circumstances some information of a personal nature (such as the names and addresses of members) may be provided to an external organisation in order for the union to conduct our business. (An example of such an arrangement is that we need to disclose the name and address of all members to the mailing house that distributes our journal.) In these circumstances we ensure that a strict confidentiality agreement is in place prior to handing over such information. Under no circumstances would the QNU “sell on” our membership listing to any outside organisation. We make every effort to ensure that the integrity of our membership database is maintained.
If you believe the QNU has inappropriately collected or handled your personal information you can:
- Contact the union and ask for your complaint to be investigated: or
- If you are dissatisfied with the investigation, you can complain to the Federal Privacy Commissioner who is independent of the QNU. The Federal Privacy Commissioner has the power to investigate complaints about possible breaches of the Privacy Act 1988, order compensation to be paid and order agencies to change the way they handle personal information where it is not being done according to law.
While it is possible for the first contact to be with the Federal Privacy Commissioner, the Commissioner’s office will usually always ask the organisation to conduct its own inquiry first and to let the Privacy Commissioner have the findings. It is therefore quicker for you to contact the QNU as the first step should you hold privacy concerns about the information we hold on you.
Privacy provisions in the Privacy Act 1988 (Commonwealth) affecting nongovernment organisations came into effect from 21 December 2001. Under the amended legislation organisations (including the QNU) are required to comply with National Privacy Principles (NPPs) or be bound by a code approved under the Privacy Act. The QNU elected to be bound by the NPPs. The following is a summary of the NPPs prepared by the Office of the Federal Privacy Commissioner of the NPPs.
Summary of National Privacy Principles (NPP) – Office of the Federal Privacy Commissioner
NPP 1 – Collection
Collection of personal information must be fair, lawful and not intrusive. A person must be told the organisation’s name, the purpose of collection, that the person can get access to their personal information and what happens if the person does not give the information.
NPP 2 – Use & Disclosure
An organisation should only use or disclose information for the purpose it was collected unless the person has consented, or the secondary purpose is related to the primary purpose and a person would reasonably expect such use or disclosure, or the use is for direct marketing in specified circumstances, or in circumstances related to public interest such as law enforcement and public or individual health and safety.
NPP 3 – Data Quality
An organisation must take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to date.
NPP 4 – Data Security
An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access modification or disclosure.
NPP 5 – Openness
An organisation must have a policy document outlining its information handling practices and make this available to anyone who asks.
NPP 6 – Access & Correction
Generally speaking, an organisation must give an individual access to personal information it holds about that individual on request.
NPP 7 – Identifiers
Generally speaking an organisation must not adopt, use or disclose, an identifier that has been assigned by a Commonwealth government ‘agency’.
NPP 8 – Anonymity
Organisations must give people the option to interact anonymously whenever it is lawful and practicable to do.
NPP 9 – Transborder Data Flows
An organisation can only transfer personal information to a recipient in a foreign country in circumstances where the information will have appropriate protection.
NPP 10 – Sensitive Information
An organisation must not collect sensitive information unless the individual has consented, it is required by law – or in other special specified circumstances, for example, relating to health services provision and individual or public health or safety).
Reviewed: 2011
Next Review: 2012