Muscular Dystrophy Queensland (MDQ) is committed to compliance with the Privacy Act and the 13 Australian Privacy Principles (APPs), which is the legislation governing the collection, use, storage, and disclosure of personal information, including sensitive information. You can find out more about the Privacy Act 1988 (Cth) and the Australia Privacy Principles by calling the office of the Australian Information Commissioner on 1300 36 39 92, or through their website.
To provide programs and services, MDQ needs to collect and store some relevant personal details about stakeholders.
In dealing with personal information, Muscular Dystrophy Queensland will:
- ensure privacy for all stakeholders when they are discussing matters of a personal or sensitive nature
- only collect and store personal information that is necessary for the functioning of the organisation and its activities
- use fair and lawful ways to collect personal information
- collect personal information only by consent from an individual
- protect sensitive information
- ensure that people know what sort of personal information is held, what purposes it is held it for and how it is collected, used, disclosed and who will have access to it
- ensure that personal information collected or disclosed is accurate, complete, and up-to-date, and provide access to any individual to review and/or correct their wrong information
- take reasonable steps to protect all personal information from misuse and loss and from unauthorised access, modification or disclosure
- destroy or permanently de-identify personal information no longer needed and/or after legal requirements for retaining documents have expired
- notify individuals and the Office of the Australian Information Commissioner (OAIC) when there has been a data breach (or suspected breach) of personal information, if it is likely to result in serious harm to individuals whose privacy has been breached
Personal information is only collected following consent – explicit consent via signed consent form; verbal consent which is documented on the client database, and implied consent when the stakeholder shares the information. All information is treated with respect and according to privacy laws and principles.
For children, MDQ recognises the rights of the parents/guardians to give consent, however, also understands that the Privacy Act sets no minimum age at which an individual can make informed decisions regarding his or her personal information. MDQ acknowledges that the Guidelines to the National Privacy Principles suggest that each case must be considered individually as to when a young person may have the capacity to make a decision on his or her own behalf.
How MDQ collects personal information
MDQ collects personal information directly from MDQ stakeholders, either verbally or in written format. In some cases, we collect personal information through details that have been provided on MDQ’s website and Facebook page. Instances where personal information may be collected include:
- Through a call to MDQ’s Helpline, email asking for assistance, conversations
- Information provided by care givers or external professionals e.g. NDIA staff, health professionals
- Marketing, mailing lists and records of event attendees and responses to MDQ’s fundraising campaigns
What information is stored?
Only personal information that is needed is stored. MDQ requires personal information to:
- Communicate with you
- provide appropriate services (this may include health information)
- meet the reporting requirements of some funded services.
Storing and disclosing personal information
MDQ stores personal information in a variety of secure formats including in secure databases and on portable devices with password control. The security of this personal information is of primary importance to MDQ. We ensure that our cloud-based programs store information on Australian servers and we take all reasonable steps to protect information from loss, misuse, unauthorised access, or disclosure.
MDQ may be obliged by law to disclose personal information. We may disclose personal information to third parties if permitted by the Privacy Act or, with explicit consent, to other entities for service provision or to assist MDQ’s functions or activities, including:
- Government departments, namely Qld Health, National Disability Insurance Agency (NDIA), Education Qld
- ‘For purpose’ disclosure to lawyers, accountants, auditors or business consultants
- Law enforcement agencies
MDQ does not sell or share our fundraising database information.
Within the organisation, staff have restricted access to folders which are not relevant to them.
Accessing, correcting or opting out of sharing personal information
It is important that the personal information that MDQ holds is kept up to date and accurate. You may request access to your personal information or request that your personal information is changed or removed from MDQ’s records. MDQ may ask questions to verify identity in this process. Access may be denied if MDQ cannot satisfactorily identify the stakeholder; if the request is unreasonable; or if there are perceived grounds to refuse access e.g. if in providing access, there is a risk that the privacy of another party is impacted.
You can deal with MDQ anonymously or use a pseudonym instead of your personal details when engaging with MDQ, however, there may be limitations to the services we are able to provide.
You can opt-out of allowing your personal information to be collected and held by MDQ, however, this will impact the services that MDQ will be able to provide to you. MDQ does not charge a fee to access, update, remove or opt-out of sharing personal information.
Please contact the Privacy Officer (details at the end of this document) if you wish to access, update or opt out of sharing information with MDQ.
What happens when you share personal information online?
How to register a complaint if you believe your privacy has been breached
You may lodge a complaint regarding a perceived breach of your privacy related to the Australian Privacy Principles. The complaint must be made in writing and addressed to MDQ’s Privacy Officer (details below). MDQ will need a reasonable time to investigate and respond to the complaint. In the unlikely event that the privacy issue cannot be resolved, you may take your complaint to the Australian Information Commissioner (www.oaic.gov.au ).
Privacy Officer: Senior Administration Officer
Postal address: Locked Bag 3000 Eagle Farm BC 4009
Telephone: 07 3243 9700 or 1800 676 364