Introduction

The Queensland Hotels Association (QHA) aims to build and maintain positive relationships with its members, stakeholders, clients, and the general public by maintaining the highest standards of honesty, fairness, proper and ethical dealings, and confidentiality. A significant part of our business involves the collection, storage and transmission of information about people, businesses, and corporate entities, and the Association understands and accepts the requirement to protect the privacy and nature of the information held by it.

Purpose

This document specifies and explains the Association’s privacy policy, and how it collects and manages the information given to and held by it.

Legislation

The over-arching legislation relevant to this policy is the Commonwealth Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). This policy embraces the 13 Australian Privacy Principles (APPs) enunciated in the Act.

Australian Privacy Principles

The QHA will take all reasonable steps to implement practices, procedures and systems to ensure that it complies with the Australian Privacy Principles and to deal with inquiries or complaints from individuals about the QHA’s compliance with those APPs, which are listed below:

  • APP1 – Open and transparent management of personal information
  • APP 2 – Anonymity and Pseudonymity
  • APP 3 – Collection of Personal Information
  • APP 4 – Dealing with Unsolicited Personal Information
  • APP 5 – Notification of the Collection of Personal Information
  • APP 6 – Use or Disclosure of Personal Information
  • APP 7 – Direct Marketing
  • APP 8 – Cross-border Disclosure of Personal Information
  • APP 9 – Adoption, Use or Disclosure of Government Related Identifiers
  • APP 10 – Quality of Personal Information
  • APP 11 – Security of Personal Information
  • APP 12 – Access to Personal Information
  • APP 13 – Correction of Personal Information

Use and Disclosure

The Queensland Hotels Association will only use and/or disclose information for the purpose for which it was collected. The information collected by the Association is generally of two types:

  • Personal information – information about individuals which is collected and stored on file generally in relation to applications for employment, applications for training, evaluative information, and information comprising resumes or CVs. It could include: names, mailing address, telephone numbers, email addresses, academic qualifications and so on. More sensitive information such as ethnic origin, religion, political orientation, criminal records or sexual orientation is not generally collected or held by the Association. Irrespective, the Association will not disclose any personal information to third parties without the specific, written consent of the owner of the information. This information is generally held on a paper or electronic file, and is securely destroyed at the end of the mandated holding period. The Association may disclose personal information where it is under a legal obligation to do so, including circumstances where it is under a lawful duty of care to disclose information. The Association will tell the individual about this disclosure, unless doing so is itself unlawful.
  • Information about businesses and organisations – as a peak industry body, the Association collects, stores, uses, manipulates and shares information about businesses and organizations in the hotel and hospitality industries. It also collects information to support its database of hotel and corporate members, and its corporate sponsors and industry stakeholders. Although much of this information is on the public record, the information can also include: postal address, telephone contact details, key appointments, and email and website information. This information is generally used for the purposes of conducting the business of the Association, including research, data interpretation, marketing, and statistical and issues analysis. The Association does disclose basic details of its membership information to QHA sponsor organizations, and to QHA Corporate Members, for marketing purposes.

Collection

The Association collects information provided by individuals and organizations from correspondence, application forms, and data collection forms such as questionnaires which are raised from time to time. Information from a wide range of areas such as training, business practice, workplace health and safety, employment and industrial relations, and marketing is collected in the normal course of the interaction between the Association and its members. When collecting information the Association, either through its website or through individual privacy notices on forms and letters, will tell a client:

  • Who is collecting the information
  • How the Association can be contacted
  • The main purpose of collecting the information
  • Whether the information will be disclosed to third parties
  • Any privacy implication relevant to specific information collection activities (surveys etc)

Privacy Statements

Where feasible, and in good faith, the Association will place simple privacy statements on its published material, especially where that material is produced for the purposes of gathering or soliciting information. This includes application and census forms, questionnaires, contract documents, and forms used for the collection of personal information, such as recruitment material. Such statements will be along the lines :

Privacy Statement: The Queensland Hotels Association collects personal or corporate information in the conduct of its normal business activities. Personal information will be protected, and other information will be handled, in accordance with the requirements of the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), and the Australian Privacy Principles.

Information and Data Security

The Association will take all reasonable precautions and steps to protect the personal and organizational information it holds from misuse, and from unauthorized access, disclosure, modification, or theft. This will include password protection of electronic records, security of stored information in locked cabinets, filing systems or rooms, and/or the physical protection of its records within locked and secured office spaces. Information of a particularly sensitive nature, including Registered Training Organisation training records, will be secured in a locked and fire-protected safe.

Access to Information Held by the Association

Individuals or organizations whose information is held by the Association will be given access to the information held by the Association upon request. Information or advice in relation to information may be obtained by visiting the offices of the Association or by contacting the Association Office Manager by telephone, email or in person. All reasonable requests will be met in a timely manner, unless prevented by a reason as detailed in the Act.

Points of Contact

The officers responsible for the administration of the QHA’s Privacy Policy are:

  • The Chief Executive; and
  • The Office Manager.

Both of these members are authorized to respond to requests for information or advice relating to this policy.

APP 1 – Open and transparent management of personal Information

The QHA will manage personal information in an open and transparent way. The QHA will at all times maintain this Privacy Policy in relation to the management of personal information by the QHA.

The kinds of personal information that the QHA collects and holds

The QHA may collect and hold information, including sensitive information, required to conduct its usual activities and functions. Such information may include, but is not limited to:

  • Identity information, including full name and date of birth
  • Contact information, including residential and postal address, telephone numbers and email address
  • Employment information, including occupation, employer name and income
  • Tax File Numbers (TFNs)
  • Australian Business Numbers (ABNs)
  • Queensland Liquor Licence Numbers
  • Certain financial information such as credit card and bank account details (used for financial transactions only)

How the QHA collects and holds personal information

Information is generally collected from members when they complete and sign an application to join the QHA. This application forms part of the relevant QHA membership data. Additional information may also be collected from other QHA documentation, for example personal contact details may be required if a member applies for industry training with the QHA. Employers may also provide salary and other employment related information in seeking specialist industrial relations advice.

All information is stored in secure physical storage facilities and/or in electronic form. Electronic data is only accessible by authorised persons for appropriate purposes and is password protected.

The purposes for which the QHA collects, holds, uses and discloses Personal Information

The QHA will only collect, hold, use and disclose the information it reasonably requires for its usual business functions and activities. Further details of these are set out later in this Policy.

How an individual may access personal information about the individual that is held by the QHA and seek the correction of such information

As noted below, except in certain limited circumstances, individuals may access their personal information and advise the QHA of any corrections to that information.

How an individual may complain about a breach of the Australian Privacy Principles that binds the QHA and how the QHA will deal with such a complaint

An individual may complain about a breach of the Australian Privacy Principles by writing to the QHA seeking such information. Written and email requests are acceptable forms of communication.

Disclosure of personal information to overseas recipients

The QHA may disclose personal information to an overseas recipient where such disclosure is part of the QHA’s normal business activities. Such disclosure will only be made in accordance with the provisions outlined elsewhere in this Policy.

Countries in which recipients of personal information are likely to be located

The QHA does not usually conduct business with any entity or persona located outside of Australia.

Availability of the Policy

The Policy will be available on the QHA’s website and may also be obtained free of charge from the QHA in any reasonable form.

APP 2 – Anonymity and Pseudonymity

When dealing with the QHA in relation to a particular matter, individuals have the option of not identifying themselves, or of using a pseudonym, where it is practical and lawful to do so.

Given the nature of the QHA’s activities and its interactions with members and the wider public, it is generally impractical for the QHA to deal with individuals who have not identified themselves or who have used a pseudonym.

APP 3 – Collection of Personal Information

Personal information other than sensitive information

The QHA will not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of the QHA’s functions or activities.

Sensitive Information

The QHA will not collect sensitive information about an individual unless the individual consents to the collection of the information and the information is reasonably necessary for one or more of the QHA’s functions or activities. Exceptions may apply where the collection of the information is required or authorised by or under an Australian law or a court/tribunal order.

Functions and activities of the QHA

Functions and activities that the QHA engages in in relation to a particular individual
may include:

  • Setting up one or more membership accounts
  • Collecting Tax File Numbers as required by superannuation legislation
  • Receiving and posting information on behalf of QHA members, either by the member themselves, their employer or their spouse
  • Collecting and assessing health/medical information for the purpose of providing employment or industrial relations advice to members
  • Obtaining salary and income information in relation to industrial relations advice or in support of job applications
  • Collecting personal contact information related to applications for industry training

Means of collection

The QHA will only collect personal information by lawful and fair means. Wherever it
is reasonable and practical to do so, the QHA will only collect personal information
about an individual from that individual. In practice, some information is usually
provided to the QHA by an individual’s employer in the normal course of business.

APP 4 – Dealing with Unsolicited Personal Information

If the QHA receives personal information and the QHA did not request that information (unsolicited information) the QHA will, within a reasonable period after receiving the information, determine whether or not QHA could have collected the information under Australian Privacy Principle 3, if the QHA had solicited the information.

If the unsolicited information could not have been collected under APP3, the QHA will, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.

APP 5 – Notification of the Collection of Personal Information

At or before the time or, if that is not practicable, as soon as practicable after, the QHA collects personal information about an individual, the QHA will take such steps as are reasonable in the circumstances to advise the individual:

  • The identity and contact details of the QHA
  • The fact that the QHA has collected the personal information and the circumstances of that collection
  • The purposes for which the QHA collects the personal information
  • The main consequences (if any) for the individual if all or some of the personal information is not collected by the QHA
  • The name of any other entity subject to the Privacy Act, body or person, or the types of any other such entities, bodies or persons, to which the QHA usually discloses personal information of the kind collected by the QHA
  • That the QHA’s Privacy Policy contains information about how the individual may access the personal information about the individual that is held by the QHA and seek the correction of such information
  • That the QHA’s Privacy Policy contains information about how the individual may complain about a breach of the Australian Privacy Principles and how the QHA will deal with such a complaint
  • Whether the QHA is likely to disclose the personal information to overseas recipients and if this is so, the countries in which such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make the individual aware of them
  • If the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order, the fact that the collection is so required or authorised (including the name of the Australian law, or details of the court/ tribunal order, that requires or authorises the collection).

APP 6 – Use or Disclosure of Personal Information

Information about an individual that the QHA collects for a particular purpose (the primary purpose), will not be used or disclosed for another purpose (the secondary purpose) unless the individual has consented to the use or disclosure of the information. The primary purpose in relation to the QHA is to obtain membership and industry training information.

The consent of the individual to the use or disclosure of information other than for the primary purpose may not be required where:

  • The individual would reasonably expect the QHA to use or disclose the information for the secondary purpose and the secondary purpose is:
    o if the information is sensitive information—directly related to the primary purpose; or
    o if the information is not sensitive information—related to the primary purpose.
  • The use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order
  • A permitted general situation (as defined in section 16A of the Act) exists in relation to the use or disclosure of the information by the QHA
  • A permitted health situation (as defined in section 16B of the Act) exists in relation to the use or disclosure of the information by the QHA
  • The QHA reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body. In such cases, the QHA will make a written note of the use or disclosure.

APP 7 – Direct Marketing

The QHA will not use or disclose personal information for the purpose of direct
marketing except where:

  • The QHA collected the information from the individual, and
  • The individual would reasonably expect the QHA to use or disclose the information for the purpose of direct marketing, and
  • The information is not sensitive information.

Unless the individual requests otherwise, the QHA may from time to time use
personal information to:

  • Conduct member research to find out views on existing and proposed products
    and services; or
  • Provide information about QHA products and services, industry seminars or any
    other QHA related products.

The QHA will at all times provide a simple means by which an individual may easily request not to receive direct marketing communications from the QHA. Where such a request has been received, the QHA will cease to use or disclose personal information for the purpose of direct marketing.

Individuals that do not wish to receive direct marketing communications should advise the QHA via one of the following means:
Telephone: 07 3221 6999
Fax: 07 3221 6649
In writing: QHA GPO Box 343 Brisbane Qld 4001
Email: info@qha.org.au
The QHA will never disclose an individual’s personal information to a third party for the purposes of direct marketing unless that individual has given their express consent for such disclosure and use.

APP 8 – Cross-border Disclosure of Personal Information

The QHA will not disclose personal information about an individual to a person or organisation that is not in Australia (or one of its territories) without taking reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to the information.

The QHA may disclose personal information to an overseas recipient in one or more of the following circumstances:

  • The overseas recipient of the information is subject to conditions that have the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information and there are mechanisms that the individual can access to take action to enforce that protection
  • The individual is informed that, in the normal course of business, information may be disclosed to an overseas recipient and consents to the disclosure The disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order
  • A permitted general situation (as defined in section 16A of the Act) exists in relation to the disclosure of the information.

APP 9 – Adoption, Use or Disclosure of Government-related Identifiers

Adoption of government related identifiers

The QHA will not use a government-related identifier of an individual as its own identifier of the individual.

Use or disclosure of government-related identifiers

The QHA will not use or disclose a Government-related identifier of an individual unless:

  • The use or disclosure of the identifier is reasonably necessary for the QHA to verify the identity of the individual for the purposes of the QHA’s activities or functions, or
  • The use or disclosure of the identifier is reasonably necessary for the QHA to fulfil its obligations to a Government agency or a State or Territory authority, or The use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order, or
  • A permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1) of the Act) exists in relation to the use or disclosure of the identifier, or
  • The QHA reasonably believes that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

APP 10 – Quality of Personal Information

The QHA will take such steps as are reasonable in the circumstances to ensure that the personal information that the QHA collects is accurate, up to date and complete.

The QHA will also take such steps as are reasonable in the circumstances to ensure that the personal information that the QHA uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up to date, complete and relevant.

APP 11 – Security of Personal Information

The QHA will take such steps as are reasonable in the circumstances to protect the personal information it collects from misuse, interference and loss, and from unauthorised access, modification or disclosure. QHA records are kept either in the secured office of the QHA or in an electronic form which is password protected.

Where the QHA holds personal information about an individual and:

  • The QHA no longer needs the information for any purpose for which the information may be used or disclosed by the QHA, and
  • The information is not contained in a Commonwealth Government record, and
  • The QHA is not required by or under an Australian law, or a court/tribunal order, to retain the information,

the QHA will take such steps as are reasonable in the circumstances to destroy the
information or to ensure that the information is de-identified.

APP 12 – Access to Personal Information

Where the QHA holds personal information about an individual, the QHA will, on request by the individual, give the individual access to that information. Such a request can be made by the means set out above. The QHA will take reasonable steps to confirm the identity of the individual before providing access to personal information.

Denying access to information.

The QHA may deny access to personal information where:

  • The QHA reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
  • Giving access would have an unreasonable impact on the privacy of other individuals; or
  • The request for access is frivolous or vexatious; or
  • The information relates to existing or anticipated legal proceedings between the QHA and the individual, and would not be accessible by the process of discovery in those proceedings; or
  • Giving access would reveal the intentions of the QHA in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
  • Giving access would be unlawful; or
  • Denying access is required or authorised by or under an Australian law or a court/ tribunal order; or
  • Both of the following apply:
    o the QHA has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the QHA’s functions or activities has been, is being or may be engaged in; and
    o Giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
  • Giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
  • Giving access would reveal evaluative information generated within the QHA in connection with a commercially sensitive decision-making process.

Providing access to information

The QHA will respond to a request for access within a reasonable period after the request is made and will give access to the information in the manner requested by the individual if it is reasonable and practicable to do so.

If the QHA declines to give access to personal information because of one of the conditions outlined in this policy, or declines to give access in the manner requested by the individual, it will take such steps as are reasonable in the circumstances to give access in a way that meets the needs of the entity and the individual. This may include providing access through the use of a mutually agreed intermediary. The
QHA will also provide:

  • The reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
  • The mechanisms available to complain about the refusal; and
  • Any other information required to be given by law.

Where the QHA imposes a charge for an individual to access personal information,
such charge will be reasonable and will not apply to the making of the request.

APP 13 – Correction of Personal Information

Where the QHA holds personal information about an individual and it is found that, having regard to a purpose for which the information is held, the information is inaccurate, out of date, incomplete, irrelevant or misleading, or the individual requests that the QHA correct the information, the QHA will take such steps as are reasonable in the circumstances to correct that information to ensure that it is accurate, up to date, complete, relevant and not misleading.

If the QHA corrects personal information about an individual that the QHA has previously disclosed to another party and the individual requests that the QHA notify the other party of the correction, the QHA will take such steps as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.

Where appropriate, the QHA may request that the individual provides suitable evidence that the information subject to correction is inaccurate, out of date, incomplete, irrelevant or misleading.

If the QHA refuses to correct the personal information as requested by the individual, the QHA will give the individual a written notice that sets out:

  • The reasons for the refusal except to the extent that it would be unreasonable to
    do so; and
  • The mechanisms available to complain about the refusal; and
  • Any other matter prescribed by law.

If the QHA refuses to correct the personal information as requested by the individual and the individual requests the QHA associates with the information a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading, the QHA will take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.

The QHA will deal with a request to correct personal information within a reasonable period after the request is made and will not charge the individual for the making of the request, for correcting the personal information or for associating the statement with the personal information (as the case may be).

Review of the Policy

This Policy will be reviewed annually or earlier if required by changes to relevant legislation or by the lawful direction of an appropriate regulatory authority.

Conclusion

The personal, commercial and general information of its members and clients is important to the Queensland Hotels Association, and the Association will take all reasonable measures to ensure that such information is protected and guarded, and not disclosed to those who are not authorized to access it. The Association will abide by the requirements of the Privacy Act 1988, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), and the Australian Privacy Principles, and will review this policy from time to time to ensure its continued relevance and accuracy.