Privacy Statement

Your privacy is important to QTC

QTC is committed to protecting the privacy of personal information which it collects. We understand and appreciate that you are concerned about the privacy of personal information and the confidentiality and security of information.

What is QTC?

As the Queensland Government’s central financing authority, QTC plays a pivotal role in securing the State’s financial success.

With a focus on whole-of-State outcomes, QTC provides a range of financial services to the State and its public sector entities, including local governments. We assist clients by:

  • sourcing and managing their debt funding in the most cost-effective manner and in a way that minimises liquidity risk and refinancing risk
  • helping them invest their surplus cash balances within a conservative risk management framework
  • offering a range of financial risk management advisory services, and
  • providing a range of specialist education and training courses that complements our products and advisory services.

QTC is also responsible for assisting in the prudential supervision of Cooperative Housing Societies as the delegate of the Registrar under the Financial Intermediaries Act 1996.

Queensland public sector privacy

QTC must comply with the Information Privacy Act 2009 (the IPA) that came into force on 1 July 2009, replacing Information Standard 42.

The Privacy Act 1988 (Cth) does not apply to QTC.

The IPA sets out obligations in relation to information privacy principles, how individuals can access and amend their personal information, when and how personal information may be transferred out of Australia, how contracted service providers are to deal with personal information they are given, the roles of the Information, Privacy and Right to Information Commissioners, how privacy complaints are to be handled, and the protections and offences under the IPA.

Schedule 3 to the IPA sets out eleven Information Privacy Principles (IPPs) with which QTC must comply.

Personal information

Under the IPA, for most purposes, personal information is defined as:

Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Suspension of the right to access personal information

The IPA is not intended to prevent access to, or amendment of, documents under other laws or administrative schemes. The principal circumstance where QTC’s obligations to provide access are suspended include:

  1. Where, under IPP 6, QTC is required or authorised to refuse access under any state law, such as where a police investigation requires that secrecy be maintained. Notably, QTC is exempt from the Right to Information Act 2009 (RTI Act) in relation to its borrowing, liability and asset management related functions.

    QTC is required to maintain a Register of Inscribed Stock, for example, Queensland Bonds. The information required to be entered on the Register and the rights of access to the Register are prescribed by the Queensland Treasury Corporation Regulation 2010 (Regulation) which displaces some elements of IPP 6.

    When managing the Register of Cooperative Housing Societies, the collection and verification of records and rights of access to that information is regulated by the Financial Intermediaries Act 1996 and the Financial Intermediaries Regulation 2007. These legislative provisions displace elements of IPP 6.

  2. The Financial and Performance Management Standard 2009, which is issued pursuant to the Financial Accountability Act 2009, obliges QTC to collect or publish personal information related to the financial management of QTC, including planning, performance management, internal control and corporate management. These obligations will displace elements of IPP 6 (eg, in requiring QTC to collect information about gifts given and received by QTC and its employees).
Back to top

What personal information does QTC collect, store and use?

QTC collects, keeps and uses records about its employees to enable it to carry out normal human resources functions, to communicate with employees for business continuity planning, to ensure compliance by employees with QTC’s policies and procedures, to manage conflicts of personal interests with employment duties, to protect property on QTC premises, and to deter potential theft of such property and assist in its recovery. The information that we collect, keep and use may include:

  • names
  • contact details
  • curriculum vitae (CV) details (see section on job applicants below)
  • bank account details
  • tax file numbers
  • photographs
  • salaries and benefits
  • gifts given and received
  • superannuation details
  • systems access and usage (including email usage)
  • directorships/moral rights/other interests
  • physical security histories, and
  • performance history, opinions and appraisals.

QTC collects and keeps information about job applicants for the purposes of considering their suitability as employees of QTC. Information collected includes CV details such as:

  • previous work histories
  • qualifications
  • experience and strengths
  • opinions
  • references, and
  • referee contact details.

This information may be provided to employee screening agencies for the purposes of employment screening.

QTC collects personal information about past, present and potential contractors, secondees and external service providers (or their employees). This information is collected and used to select, manage, monitor and pay contractors, secondees or consultants and to ensure that they comply with QTC policies and procedures. It is also used to manage conflicts between personal interests and performance of duties. The information may include:

  • names
  • personal interests, directorships, moral rights and other interests held by the individual
  • contact details
  • gifts and hospitality given and received
  • experience and qualifications
  • professional memberships
  • authorised signatory lists
  • bank account details
  • assessments and opinions regarding performance, and
  • Australian Business Number (ABN).

QTC collects and keeps information about the directors of QTC’s Capital Markets Board, and QTC’s related corporations for the purposes of preparing annual reports and returns, administering remuneration (if any) to directors, providing administrative assistance and managing conflicts of interests with directors’ duties. The information that we collect may include:

  • names
  • contact details
  • date of birth
  • details of other directorships, personal interests and moral rights held
  • professional memberships
  • bank account details
  • tax file number, and
  • superannuation and employment elections

Some of this information may be included in the annual reports and returns of QTC or of the relevant entity where this is required by law, accounting standards or standard business practice.

QTC also assists a number of organisations with administrative and company secretarial services. We may collect and use similar types of information about officers and employees of these companies for the purposes of providing these services.

QTC collects, keeps and uses personal information about the holders of Bonds and Notes in order to manage those Bonds and to satisfy its obligations under the Queensland Treasury Corporation Act 1988 and the Regulation. From time to time, personal information is collected about wholesale investors. This personal information may include:

  • tax file numbers
  • names
  • contact information
  • amounts of investments
  • bank account details
  • complaints
  • value of stock owned by holders, and
  • the interest rate applying to and the maturity date of the stock held.

Under the Regulation, some of these details must be entered by QTC on the Register of Inscribed Stock. A holder of Queensland Bonds is entitled to inspect their own ledger in the Register by paying the prescribed fee.

QTC presently outsources the maintenance of the Register. Details of holders of stock will be disclosed to QTC’s contractor for the purposes of maintaining that Register. Registry functions are currently performed by Link Market Services Pty Ltd.

QTC may disclose details of investments to the Department of Immigration and Border Protection where an investment in Queensland Bonds has been made to satisfy designated investment requirements for the purposes of migration applications made to that department.

QTC acts as the delegate of the Registrar under the Financial Intermediaries Act 1996. Its functions include the maintenance of the Register of Cooperative Housing Societies. QTC may collect, keep and use information about members and directors of Cooperative Housing Societies for the purposes of carrying out its prudential duties as delegate of the Registrar under the Financial Intermediaries Act 1996. Personal information kept may include:

  • names
  • contact details
  • property details and values
  • mortgage details
  • information in relation to credit worthiness
  • account numbers
  • loan balances and arrears
  • complaints from members, and
  • other directorships and interests (in respect of directors only).

Some parts of the Register of Cooperative Housing Societies are publicly searchable upon payment of a prescribed fee pursuant to section 22 of the Financial Intermediaries Act 1996 and Regulation 2 of the Financial Intermediaries Regulation 2007.

QTC may also collect, keep and use personal information about members for the purposes of managing the lending portfolio held by QTC as the source-lender for Cooperative Housing Societies in Queensland.

QTC keeps personal information about mortgagors of the former Suncorp Building Society. The personal information is used to facilitate the transfer of shares to mortgagors as they pay out their mortgages, pursuant to demutualisation arrangements of certain insurance companies (principally AMP and Colonial) where the mortgagors established insurance policies with those entities in the name of the Suncorp Building Society. The information includes:

  • name and contact details, and
  • entitlement to shares.

QTC keeps personal information about the investors in Suncorp Metway Ltd via two tranches of Exchanging Instalment Notes. The personal information was used to enable payment of interest and allotments of shares and is retained for evidentiary purposes. The information includes:

  • names
  • contact details
  • entitlements to shares and interest payment, and
  • bank account details.

QTC collects personal information about its clients, their employees and their office holders. The information collected by QTC may include:

  • names and contact details
  • qualifications and education
  • work history
  • position within an organisation
  • levels of authorisation
  • signature
  • attendance at QTC sponsored seminars/conferences
  • personal interests and family, and
  • gifts and hospitality given and received.

This information is used for day to day work contact and management of services for the client, to provide information to the individuals about other services provided by QTC and to organise general marketing and client relationship activities with the individuals concerned.

QTC collects personal information from counterparties relating to financial markets transactions so that transactions can be verified and QTC can meet its obligations under agreements and the rules of the Australian Financial Markets Association, which require that all deals be on the record and able to be independently verified.

Back to top

Disclosure, use and availability

Personal information that is kept by QTC is generally accessible to all QTC employees. QTC’s employees are bound by an obligation of confidentiality to QTC when performing their functions. Similarly, sometimes QTC may engage contractors or use secondees to perform services. These people are also under obligations of confidentiality when performing services for QTC.

Some types of personal information may be the subject of more restricted access within QTC, depending on the circumstances. For example, information about salaries and work performance will only be available to persons performing a legitimate human resources function within QTC (eg, Human Resources Group, QTC’s Board, Human Resources Committee, the employee’s manager and the Chief Executive).

From time to time, QTC may need to disclose some types of personal information to other organisations or individuals outside QTC. Examples of external disclosures include disclosures of:

  • information about Queensland Bonds to the Commonwealth Department of Immigration and Border Protection about investments that are designated for the purposes of visa applications
  • information from the Housing Cooperative Register to persons searching the register in accordance with the Financial Intermediaries Act 1996
  • external contractors, including professional advisers as is reasonably required for QTC to perform its functions
  • TFNs and ABNs to taxation authorities, and
  • filing statutory returns and notices to the Australian Securities and Investments Commission (ASIC) for subsidiary organisations under the Corporations Act 2001 and publication of information about directors in annual reports pursuant to the Financial Accountability Act 2009.
Back to top

Retention

QTC keeps information in accordance with the requirements of the Public Records Act 2002 and any relevant Information Standards issued by the State of Queensland. QTC may keep its records in electronic or hard copy (or both) and will only destroy records that are public records as and when the Public Records Act 2002 permits.

Access to, and amendment of, personal information by individuals

IPP 6 gives individuals a right of access to QTC records of personal information about them unless QTC is required or authorised to refuse access under State law.

IPP 7 also gives individuals the right to correct their own personal information they are entitled to access if it is incorrect, out-of-date or misleading.
Any applications for access to personal information in records, to either view or correct it, should be made to the QTC Compliance Officer.

The Right to Information Act 2009 and the Public Records Act 2002 also govern access to personal information. Section 17 of the Right to Information Act 2009 provides that the RTI Act does not apply to QTC in relation to its borrowing, liability and asset-management-related functions. Therefore, QTC is not obliged to provide any personal information which relates to these functions. In addition, the RTI Act provides for various exemptions in respect of information which is required to be disclosed under the RTI Act.

Access to personal information in the Inscribed Stock Register (Queensland Bonds) and to registers kept about Cooperative Housing Societies is regulated by specific legislation.

Steps that should be taken by persons wishing access to their personal information

If you wish to obtain personal information, access may be made by submitting an application directly to QTC. Download, print and complete the Right to Information and Information Privacy Access Application form.

The completed form should be emailed or sent to the following address:

Compliance Officer
Queensland Treasury Corporation
GPO Box 1096
Brisbane Qld 4001
Phone: +61 7 3842 4600
compliance@qtc.com.au

If you do not agree with the decision of the Compliance Officer about your application, you can apply for internal or external review, in accordance with the procedures set out in the IPA.

Resolving your concerns

If you have any questions or concerns about your privacy, please raise them with your usual contact at QTC or the Compliance Officer. QTC may ask you to put your concern in writing, or you may exercise your appeal or complaint rights in respect of decisions that have been made.

Privacy complaints

If you consider that QTC has breached its privacy obligations, you may make a complaint to the Information Commissioner. The IPA sets out particular requirements for the complaint, the steps that will be taken in dealing with it, and the remedies that the Queensland Civil and Administrative Tribunal may order, should the complaint be proved.

Annexure A: information privacy principles

1) An agency must not collect personal information for inclusion in a document or generally available publication unless:

(a) the information is collected for a lawful purpose directly related to a function or activity of the agency, and

(b) the collection of the information is necessary to fulfil the purpose or is directly related to fulfilling the purpose.

2) An agency must not collect personal information in a way that is unfair or unlawful.

1)This section applies to the collection by an agency of personal information for inclusion in a document or generally available publication.

2) However, this section applies only if the agency asks the individual the subject of the personal information for either:

(a) the personal information, or

(b) information of a type that would include the personal information.

3)The agency must take all reasonable steps to ensure that the individual is generally aware of:

(a) the purpose of the collection, and

(b) if the collection of the personal information is authorised or required under a law:

(i) the fact that the collection of the information is authorised or required under a law, and

(ii) the law authorising or requiring the collection

(c)if it is the agency’s usual practice to disclose personal information of the type collected to any entity (the first entity): the identity of the first entity, and

(d) if the agency is aware that it is the usual practice of the first entity to pass on information of the type collected to another entity (the second entity): the identity of the second entity.

4) The agency must take the reasonable steps required under subsection (3):

(a) if practicable: before the personal information is collected, or

(b) otherwise: as soon as practicable after the personal information is collected.

5) However, the agency is not required to act under subsection (3) if:

(a) the personal information is collected in the context of the delivery of an emergency service, and for example, personal information collected during a triple 0 emergency call or during the giving of treatment or assistance to a person in need of an emergency service

(b) the agency reasonably believes there would be little practical benefit to the individual in complying with subsection (3) in the circumstances, and

(c) the individual would not reasonably expect to be made aware of the matters mentioned in subsection (3).

1) This section applies to the collection by an agency of personal information for inclusion in a document or generally available publication.

2) However, this section applies to personal information only if the agency asks for the personal information from any person.

3) The agency must take all reasonable steps to ensure that:

(a) the personal information collected is:

(i) relevant to the purpose for which it is collected

(ii) complete and up to date, and

(b) the extent to which personal information is collected from the individual the subject of it, and the way personal information is collected, are not an unreasonable intrusion into the personal affairs of the individual.

1) An agency having control of a document containing personal information must ensure that:

(a) the document is protected against:

(i) loss, and

(ii) unauthorised access, use, modification, or

(iii) disclosure

(iv) any other misuse, and

(b) if it is necessary for the document to be given to a person in connection with the provision of a service to the agency, the agency takes all reasonable steps to prevent unauthorised use or disclosure of the personal information by the person.

2) Protection under subsection (1) must include the security safeguards adequate to provide the level of protection that can reasonably be expected to be provided.

1) An agency having control of documents containing personal information must take all reasonable steps to ensure that a person can find out:

(a) whether the agency has control of any documents containing personal information

(b) the type of personal information contained in the documents

(c) the main purposes for which personal information included in the documents is used

(d) what an individual should do to obtain access to a document containing personal information about the individual

2) An agency is not required to give a person information under subsection (1) if, under an access law, the agency is authorised or required to refuse to give that information to the person.

1) An agency having control of a document containing personal information must give an individual the subject of the personal information access to the document if the individual asks for access.

2) An agency is not required to give an individual access to a document under subsection (1) if:

(a) the agency is authorised or required under an access law to refuse to give the access to the individual, or

(b) the document is expressly excluded from the operation of an access law.

1) An agency having control of a document containing personal information must take all reasonable steps, including by the making of an appropriate amendment, to ensure the personal information:

(a) is accurate, and

(b) having regard to the purpose for which it was collected or is to be used and to any purpose directly related to fulfilling the purpose, is relevant, complete, up-to-date and not misleading.

2) Subsection (1) applies subject to any limitation in a law of the State providing for the amendment of personal information held by the agency.

3) Subsection (4) applies if:

(a) an agency considers it is not required to amend personal information included in a document under the agency’s control in a way asked for by the individual the subject of the personal information, and

(b) no decision or recommendation to the effect that the document should be amended wholly or partly in the way asked for has been made under a law mentioned in subsection (2).

4) The agency must, if the individual asks, take all reasonable steps to attach to the document any statement provided by the individual of the amendment asked for.

Before an agency uses personal information contained in a document under its control, the agency must take all reasonable steps to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, complete and up to date.

1) This section applies if an agency having control of a document containing personal information proposes to use the information for a particular purpose.

2) The agency must use only the parts of the personal information that are directly relevant to fulfilling the particular purpose.

1) An agency having control of a document containing personal information that was obtained for a particular purpose must not use the information for another purpose unless:

(a) the individual the subject of the personal information has expressly or impliedly agreed to the use of the information for the other purpose, or

(b) the agency is satisfied on reasonable grounds that use of the information for the other purpose is necessary to lessen or prevent a serious threat to the life, health, safety or welfare of an individual, or to public health, safety or welfare, or

(c) use of the information for the other purpose is authorised or required under a law, or

(d) the agency is satisfied on reasonable grounds that use of the information for the other purpose is necessary for 1 or more of the following by or for a law enforcement agency:

(i) the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of laws imposing penalties or sanctions

(ii) the enforcement of laws relating to the confiscation of the proceeds of crime

(iii) the protection of the public revenue

(iv) the prevention, detection, investigation or remedying of seriously improper conduct

(v) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal, or

(e) the other purpose is directly related to the purpose for which the information was obtained, or

Examples for paragraph (e):

1 An agency collects personal information for staff administration purposes. A new system of staff administration is introduced into the agency, with much greater functionality. Under this paragraph, it would be appropriate to transfer the personal information into the new system.

2 An agency uses personal information, obtained for the purposes of operating core services, for the purposes of planning and delivering improvements to the core services.

(f) all of the following apply:

(i) the use is necessary for research, or the compilation or analysis of statistics, in the public interest

(ii) the use does not involve the publication of all or any of the personal information in a form that identifies any particular individual the subject of the personal information

(iii) it is not practicable to obtain the express or implied agreement of each individual the subject of the personal information before the use.

2) If the agency uses the personal information under subsection (1)(d), the agency must include with the document a note of the use.

 

 

1) An agency having control of a document containing an individual’s personal information must not disclose the personal information to an entity (the relevant entity), other than the individual the subject of the personal information, unless:

(a) the individual is reasonably likely to have been aware, or to have been made aware, under IPP 2 or under a policy or other arrangement in operation before the commencement of this schedule, that it is the agency’s usual practice to disclose that type of personal information to the relevant entity, or

(b) the individual has expressly or impliedly agreed to the disclosure, or

(c) the agency is satisfied on reasonable grounds that the disclosure is necessary to lessen or prevent a serious threat to the life, health, safety or welfare of an individual, or to public health, safety or welfare, or

(d) the disclosure is authorised or required under a law, or

(e) the agency is satisfied on reasonable grounds that the disclosure of the information is necessary for 1 or more of the following by or for a law enforcement agency:

(i) the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of laws imposing penalties or sanctions

(ii) the enforcement of laws relating to the confiscation of the proceeds of crime

(iii) the protection of the public revenue

(iv) the prevention, detection, investigation or remedying of seriously improper conduct

(v) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal, or

(f) all of the following apply:

(i) the disclosure is necessary for research, or the compilation or analysis of statistics, in the public interest

(ii) the disclosure does not involve the publication of all or any of the personal information in a form that identifies the individual

(iii) it is not practicable to obtain the express or implied agreement of the individual before the disclosure

(iv) the agency is satisfied on reasonable grounds that the relevant entity will not disclose the personal information to another entity.

2) If the agency discloses the personal information under subsection (1)(e), the agency must include with the document a note of the disclosure.

3) If the agency discloses personal information under subsection (1), it must take all reasonable steps to ensure that the relevant entity will not use or disclose the information for a purpose other than the purpose for which the information was disclosed to the agency.

4) The agency may disclose the personal information under subsection (1) if the information may be used for a commercial purpose involving the relevant entity’s marketing of anything to the individual only if, without limiting subsection (3), the agency is satisfied on reasonable grounds that:

(a) it is impracticable for the relevant entity to seek the consent of the individual before the personal information is used for the purposes of the marketing

(b) the relevant entity will not charge the individual for giving effect to a request from the individual to the entity that the individual not receive any marketing communications

(c) the individual has not made a request mentioned in paragraph (b) and

(d) in each marketing communication with the individual, the relevant entity will draw to the individual’s attention, or prominently display a notice, that the individual may ask not to receive any further marketing communications, and

(e) each written marketing communication from the relevant entity to the individual, up to and including the communication that involves the use, will state the relevant entity’s business address and telephone number and, if the communication with the individual is made by fax, or other electronic means, a number or address at which the relevant entity can be directly contacted electronically.

Back to top