Privacy and Confidentiality
The Privacy Act 1988 (Cth) (Privacy Act) requires entities bound by the Australian Privacy Principles to have a privacy policy dealing with the management of personal information held by those entities. This privacy policy has been developed to ensure that personal information that is collected by North Queensland Women’s Legal Service (NQ Women’s Legal Service) is handled appropriately in line with the Australian Privacy Principles and the Privacy Act.
The specific legal obligations of NQ Women’s Legal Service when collecting and handling your personal information are outlined in the Privacy Act and in the Australian Privacy Principles found in Schedule 1 of the Privacy Act. The website of the Office of the Australian Information Commissioner contains useful information on the Privacy Act and the Australian Privacy Principles can be accessed following the link to https://www.oaic.gov.au.
We are committed to protecting your privacy and handling all personal information that we collect and hold in accordance with this policy, the Australian Privacy Principles and the Privacy Act. This commitment is demonstrated in this policy.
This policy outlines:
The types of personal information that we usually collect.
The purposes for which we collect it.
To whom we disclose it.
How we hold and keep it secure; and
Your rights in relation to your personal information, including how to complain and how we deal with complaints.
This policy applies to all records, whether hard copy or electronic, containing personal information about individuals, and to interviews or discussions of a sensitive personal nature, including NQ Women’s Legal Service’s organisational and internal records, client records and unpublished materials of NQ Women’s Legal Service. We may be required to update this policy from time to time. Our information handling practices may change due to technological changes, changes in NQ Women’s Legal Service's practices, and feedback from stakeholders and the public as well as changes in the Privacy Act and corresponding regulations. Our privacy policy as updated from time to time will be published on our website and any updated versions will be emailed to all NQ Women’s Legal Service’s employees and volunteers who are required to familiarise themselves with any updates.
This policy applies to any person (these include all clients, volunteers and contractors) for whom we currently hold, or may in the future collect, personal information.
This policy does not apply to acts and practices that relate directly to the employee records of our current and former employees. However, this policy does apply to our handling of personal information of NQWLS volunteers.
We collect, hold, use and disclose personal information to carry out our functions and activities as a specialist community legal centre assisting women in Queensland.
These functions and activities include:
Providing legal services, client advocacy support, and referrals for women in the areas of family law, child support, child protection, domestic, family and sexual violence and migration law.
Maintaining relationships with stakeholders including government, peak bodies, funding bodies, not-for profits, corporate sponsors and donors.
Developing and participating in law reform activities, such as writing law reform submissions, research projects, attending meetings with members of parliament and appearing and giving evidence before parliamentary inquiries.
Providing community legal education for service providers, service volunteers and women in Queensland.
Developing media releases and campaigns on legal and social issues affecting women; Assessing suitable candidates for career opportunities with NQ Women’s Legal Service.
Running our website and social media pages; and
Engaging in fundraising events.
COLLECTION OF YOUR PERSONAL INFORMATION
Personal information includes any information or opinion about an identified, or reasonably identifiable, individual, whether true or not. It does not include information that is de-identified.
At all times, we endeavour to only collect the personal information we need for a particular function or activity we are carrying out.
The main way we collect your personal information is when you provide it to us when you:
Contact us to ask us for information.
Call any of our legal advice numbers.
Use any of our services such as our outreach clinics, or duty lawyer services.
Receive legal services from, or are referred to us
Attend a fundraiser or function.
Attend or register for a community education event organised by us.
Ask for access to information that we hold about you or other information about NQ Women’s Legal Service operations; and
Apply for a job vacancy or volunteer role at NQ Women’s Legal Service.
We collect personal information through a variety of other methods including, but not limited to:
New client intake forms.
Copying of disclosure documents and other information during a legal matter.
Other party details during the life of a file (no consent by the other party given necessarily).
Publicly available sources, including social media.
Attendance at community legal education seminars or other meetings.
Comments or complaints made to NQ Women’s Legal Service; and
Training or fundraising events.
What kinds of personal information do we collect and hold?
We collect different personal information depending upon our relationship with you and the service being provided or the function or activity for which we are collecting the information. This includes collecting personal information from our sponsors/funders, prospective employees and volunteers.
The types of information that we may collect from you to provide client services includes:
Contact information such as your name, address, email address and phone number.
A case summary containing the information relating to your matter.
Safe methods of contact and safety regarding leaving a phone message
Information about domestic violence, urgency of matter and housing stability.
Demographics such as CALD and Indigenous status, language, whether an interpreter is required, visa status and disability
Name, date of birth, and relationship of any other parties involved in the matter, including any legal representatives.
Name and age of your children (if applicable), and who they reside with.
Services requested or reason for contacting us.
Sensitive information (see further below).
Financial and employment information.
Family circumstances.
Gender.
Referral information relating to internal and external referrals of clients such as date of referral, referral entities and reasons for referral.
Descriptions of domestic violence acts or history of domestic violence committed against you.
Information relating to court orders.
Information otherwise required by law; and
Any other personal information required to provide legal or other services to you.
We collect this personal information from you so that we can assist you with your legal issues and can provide you with any support or referrals that you require. When information is being sought from you to provide client services, we will obtain your consent to collect the information. We will also answer or address any concerns about the way your personal information will be recorded and managed.
We also collect personal information that you provide when you apply for a role with us. This includes:
Contact information such as your name, address and phone number.
Education details.
Employment history and reference details.
Resumés and practicing certificates; and
Any other personal information that you submit if you apply for a position with us.
If you are a volunteer at NQ Women’s Legal Service, the types of personal information we may collect from you include:
Contact information such as your name, address and phone number.
Emergency contact/next of kin details.
Services to be provided on our behalf.
Employment history and reference details.
Resumés and practicing certificates; and
Any other personal information that you submit if you apply for a position with us.
If you are involved in fundraising or sponsorship activities with NQ Women’s Legal Service, the type of personal information that we may collect from you includes your name, contact details and dietary requirements. To make payment to us for fundraising, third party companies that are independent to NQ Women’s Legal Service may collect your credit card or banking information. This information is not collected by or shared with us.
We may also collect your name and contact details and some other personal information if you participate in a meeting with us or you are assisting in our law reform or campaigning endeavours.
What kinds of sensitive information do we collect and hold?
Sometimes we may need to collect sensitive information about you, for example, to handle your legal matter. This might include information about your health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal records, genetic or biometric information.
To enable us to provide legal services to you, we may collect information on whether you are First Nations, have a disability or are from a non-English speaking background. We will not collect sensitive information without your consent unless permitted under the Privacy Act and required to provide you with the services requested.
Indirect collection
While assisting you with a legal matter, we may collect personal information (including sensitive information) about you indirectly from publicly available sources or from third parties (such as experts or witnesses). We will only collect personal information about you from publicly available sources and/or third parties in legal matters where you would reasonably expect us to do so or with your consent.
We may also receive unsolicited personal or sensitive information relating to you from third parties such as the other side in a legal matter. In such circumstances we will notify you of such provision of personal information from the third party as soon as practicable after the event.
Destruction of personal and sensitive information
We will destroy or permanently de-identify personal information that is no longer needed or after legal requirements for retaining documents and personal records have expired. Records are kept for seven years from the last point of service provision unless special circumstances exist which require the client record to be held for a longer period (for example, ongoing legal proceedings).
Once records have reached the seven-year destruction date, or other date as required by law, the hard copy records are disposed of securely by shredding via an external agency (e.g. where the files are held in off-site archiving) and any electronic client data that we hold will also be deleted.
Anonymity
We generally require your details to provide legal advice to ensure we meet our ethical obligations as solicitors and comply with the Community Legal Centres Australia practice guidelines. Only in very limited circumstances are we able to provide legal information anonymously or without full client details.
Website and social media
Our website may use 'cookies' or other similar tracking technologies that help us track website usage and preferences. Cookies are small files that store information on your computer, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but our website may not work as intended for you if you do so.
No attempt will be made by us to identify users or their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the Internet Service Provider's logs.
Our web pages may also contain electronic images, known as web beacons. These electronic images enable us to count users who have visited certain pages on our website. Web beacons are not used by us to access your personal information, they are simply a tool we use to analyse which web pages are viewed, in an aggregate number.
We only collect general data analytics from our social media sites that are de-identified (for example, the number of interactions and followers).
We will only record your email or contact address if you send us a message. It will only be used for the purpose for which you have provided it and will not be added to a mailing list, unless expressly requested by you. We will not use your e-mail address or contact for any other purpose and will not disclose it to a third party without your consent.
Participants in law reform, research, advocacy marketing projects
Personal information is collected for purposes of law reform, research, advocacy or marketing projects. The personal information collected is limited to that which is required for the conduct of the project/publication.
We will not collect any information that may lead to you being identified in any form without your express written permission.
If you are invited to participate in a research project you will be:
Given a choice about participating or not.
Given the right to withdraw at any time.
Informed about the purpose of the research project, the information to be collected, and how information they provide will be used/distributed; and
Offered copies of any subsequent publications.
DISCLOSURE
We take all reasonable steps to use and disclose personal information for the primary purpose for which it is collected.
The primary purpose for the collection, use and disclosure of your personal information varies, depending on the service being provided. However, it is generally to provide legal advice and other services to women in Queensland.
For a job applicant, the primary purpose for our collection and use of your personal information is to assess your suitability and eligibility for a position with us and we will not use or disclose this personal information for any other purpose.
For volunteers, the primary purpose for our collection and use of your personal information is to manage our volunteering arrangement with you. Access to personnel information is restricted to the supervising solicitor, deputy principal solicitor, principal solicitor and Director.
For persons involved in fundraising or sponsorship activities, the primary purpose for our collection and use of your personal information is to obtain funding. For these purposes, we may share your name and dietary requirements with suppliers involved in these activities (for example, caterers).
We may also use or disclose your personal information for secondary purposes that you would reasonably expect and that are related to the primary purpose of collection. In a legal matter, for instance, we may disclose personal information to other service providers, such as barristers, experts, and solicitors, to enable us to carry out our primary purpose of providing legal services to you. If identifiable information about you will be shared with another agency (for example, for facilitated referrals or partner agencies), we will obtain your consent for this, preferably in writing, but verbal consent if written consent is not possible. We will record the date of the verbal consent or obtain your signature on our 'Consent to Share Information' Form.
We will only disclose personal information to third parties without your consent, if compelled under limited circumstances (such as a Court Order or by law) to disclose such information or if the disclosure is permitted by the Privacy Act.
Disclosure to Community Legal Centres Australia
If you are a client, we share your deidentified information with Community Legal Centres Australia through their community legal services system for reporting, funding and law reform purposes. The community legal services system is designed for community legal centres in Australia as a case management and funder reporting database.
The storage of this information must comply with the Australian Privacy Principles and your information is entirely private and not accessible to other community legal centres. However, there is general information that will be accessible in reports to funding bodies, state managers and community legal centres in Australia, but those reports contain no personal information.
Disclosure to overseas recipients
We are unlikely to disclose personal information about you to overseas recipients. We will only disclose your personal information to overseas recipients in accordance with Australia Privacy Principle 8, such as in circumstances where you consent to the disclosure of the information to an overseas recipient or if the disclosure is required by Australian law.
Disclosure to service providers
We use a number of service providers to whom we may disclose personal information. These include providers that host our website servers, our domain and manage our IT.
QUALITY OF YOUR PERSONAL INFORMATION
To ensure that the personal information we collect is accurate, up-to-date and complete we:
Record information in a consistent format.
Where necessary, confirm the accuracy of information we collect from a third party or a public source; and
Promptly add updated or new personal information to existing records.
We also review the quality of personal information before we use or disclose it.
STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
We hold personal and sensitive information:
In hard copy:
o In the compactus or relevant solicitor or client advocate’s filing cabinet, which is kept locked; and
o At external archiving facilities in accordance with all legislative requirements for storage and confidentiality of legal documents.
Electronically, through:
o Internal servers, client management system, websites and a private cloud.
o Electronic storage devices, include password protected USB; and
o Email systems on Microsoft Outlook.
Staff solicitors, staff client advocates, paralegals, administration officers, administration volunteers and volunteer support workers are authorised to access the compactus and filing cabinets for the purposes of filing or retrieving legal or client advocacy team client files.
Volunteer solicitors do not have access to the compactus or filing cabinet, or internal servers and have limited access to NQ Women’s Legal Service computers to ensure that your personal information is only accessed by volunteers or employees who require access to assist you with your matter.
We have security measures in place to take reasonable steps to protect against the loss, misuse and alteration of personal and sensitive information under our control. Some of these security measures include:
All hardcopy personal and sensitive information is kept securely.
All personal and sensitive information kept electronically is held on secure servers with substantial security measures in place.
We regularly assess the risk of misuse, interference, loss and unauthorised access, modification or disclosure of personal information.
Staff are provided with regular privacy and data breach training and every new staff member is required to undergo an induction program that includes information on these topics.
We have a data breach response plan setting out the process to follow in the event of an actual or suspected data breach.
We have designated client meeting areas to ensure personal information privacy and security.
We use tools such as Sentinel One & Microsoft Defender and regularly monitor our systems (for example, through anti-virus alerts).
We adopt Australian Cyber Security Centre best standards regarding passwords, including requiring users to periodically reset passwords, implementing a lockout for multiple failed login attempts, and discouraging users from reusing the same password across critical services or sharing passwords.
We keep operating systems, browsers and plugins up to date with patches and fixes.
We make sure that the latest versions of software are in use and that processes are in place to ensure that patches and security updates to applications are installed as they become available.
We employ multi-factor authentication for remote access to NQ Women’s Legal Service systems and multi- factor security on email accounts, and use Sophos anti-virus and firewall software; and
We keep audit logs in case of a data breach, including tracking on files.
However, despite our best efforts, we cannot guarantee that personal and sensitive information cannot be accessed by an unauthorised person or that unauthorised disclosures will not occur.
We are not responsible for the content of other internet sites, including links to external websites from NQ Women’s Legal Service's webpages. Other internet sites or services that are accessible through NQ Women’s Legal Service's website have separate data and privacy practices independent of us. We recommend that you read and familiarise yourself with the privacy policy of other websites that you visit or any links that you may click on when browsing our website. Please contact other entities directly if you have any questions about their privacy policies.
DATA BREACHES AND LOSS OF DATA
A data breach happens when personal or sensitive information is accessed, used, modified or disclosed without authorisation, or is lost.
We have developed a data breach response plan to mitigate potential harm to any persons affected by a data breach.
In summary, our data breach response plan:
Outlines the responsibilities of staff members when there is a data breach or suspected data breach and directs them as to the steps that they should take.
Appoints a data breach response team.
Sets out a strategy for containing, assessing and managing data breaches.
Specifies the process for notifying any affected persons and the Privacy Commissioner about an eligible data breach; and
Outlines the review process to help prevent data breaches in the future.
If it becomes apparent to us that your personal or sensitive information is involved in an eligible data breach, you will be notified in accordance with the provisions of the Notifiable Data Breach Scheme of the Privacy Act.
ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
We will endeavour to ensure that the personal information collected from you is up to date, accurate and complete. Under Australian Privacy Principles 12 and 13 of the Privacy Act, you have the right to request access to the personal information that we hold about you or ask for your personal information to be corrected.
You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to. If we make a correction and we have previously disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
We will ask you to verify your identity before we give you access to your information or correct it.
We are entitled to deny access to, or refuse correction of, your personal information in certain circumstances. Some examples of when we will deny access are if your request is impractical or unreasonable, or providing access would have an unreasonable impact on the privacy of another person.
If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons. If we refuse to correct your personal information, you can ask us to associate with that particular personal information (for example, attach or link) a statement that you believe the information is incorrect and why.
If you need to access or correct any personal information we hold about you or your organisation, please contact us using the contact details below.
ACCESSING YOUR FILE
You can ask for access to your file in writing by letter or email to NQ Women’s Legal Service.
We will ask you to verify your identity before we give you access to a copy of your file.
The documents you are entitled to copies of upon request include:
External correspondence.
Correspondence to you.
Court documents; and
Documents provided by you, other parties or other documents excluding internal NQ Women’s Legal Service records including file notes.
We will only release client files or records to third parties with your express written consent, or if we are required by court order and/or legislation.
HOW TO MAKE A COMPLAINT
If you wish to complain about our handling of your personal information, you should follow the following process:
Advise us in writing of your concern, using the contact details outlined below. We will respond within 30 days.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at the following details:
Phone number: (02) 1300 363 992
Fax number: 02 9284 9666
Electronic enquiries: Enquiry Form (business.gov.au)
Postal address: GPO Box 5218, Sydney, NSW, 2001
CONTACT DETAILS
If you would like to contact us to make a complaint or request to access or correct personal information that we hold about you our contact details are as follows:
Phone number: (07) 4772 5400 or 4033 5825
Email: director@nqwls.com.au