fbpx

Privacy Policy

Policy purpose

The purpose of this Policy is to explain how Queensland Hydro collects and manages personal and sensitive information.

Policy statement

The proper management of personal information is important to Queensland Hydro Pty Ltd ACN 661 444 515 (“Queensland Hydro”, “we” or “us”). We comply with all relevant privacy laws where we operate, including the requirements applicable to us under the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles and the Human Rights Act 2019 (Qld).

What is personal information?

When used in this policy, “personal information” has the meaning given to it in the Privacy Act, being information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.

When used in this policy, “sensitive information” has the meaning given to it in the Privacy Act, being information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices or criminal record, that is also personal information.

Queensland Hydro is a publicly owned entity established by the Queensland Government to design, deliver, own, operate and maintain long duration pumped hydro energy storage assets. We collect and hold personal and sensitive information so we can perform the operations and functions of our business.
Sometimes, the law requires us to collect it.
The types of personal and sensitive information that we collect, use and hold depend on the nature of our engagement with you. Set out below are the main types of personal information collected by Queensland Hydro and the main purposes for which it is collected, used, disclosed and held.

You may choose to provide your name or other contact details when you contact or engage with us (whether by phone, mail, email, through the Queensland Hydro website or otherwise). For example:

  • When you submit a query or request to us, we may collect your name, email address, telephone number and other information. We collect, hold and use this information to assist you with your query or request.
  • When you consent (and do not unsubscribe) to receive marketing and communications updates from us. We collect, use and hold this information to provide relevant updates about Queensland Hydro, our Projects, or other activities. You can opt-out by contacting [email protected].
  • When you visit our offices, we may collect your name, email address, company/employer (if applicable), telephone number and other information. We collect, hold and use this information to manage your visit and comply with our policies and legal obligations in relation to visitors.
  • When you respond to a survey that we run or fill in forms on one of our websites, we may collect your name, email address, company/employer (if applicable), telephone number and other information. We collect, hold and use this information so we can perform the operations and functions of our business that relate to the survey or form you complete.
  • When you participate in public consultation or feedback processes, we may collect name, email address, company/employer (if applicable), telephone number and other information, including sensitive information that you provide to us. We collect, hold and use this information so we can perform the operations and functions of our business to which the public consultation or feedback processes relate. We may also provide this information to a third-party for the purposes of conducting market research to enhance our operations.
  • When you apply for or receive a Queensland Hydro scholarship, we may collect your name, email address, educational history, company/employer (if applicable), telephone number, residential address and other information, including sensitive information that you provide to us. We collect, hold and use this information to process applications for scholarships and decide on whether or not to make an offer of scholarship or to enter a contract.
  • When you, on behalf of a community organisation, apply for a community grant, we may collect your name, email address, company/employer, telephone number and other information, including sensitive information that you provide to us. We collect, hold and use this information to process applications for a community grant and decide on whether or not to make an offer of a community grant or to enter into a contract.

    Employees, contractors and job applicants

    If you apply for a job or contract with us, we may collect certain personal and sensitive information (including name, contact details, working history, health information necessary for pre-employment health checks and relevant records checks) from you, from a recruitment consultant, from previous employers and others who may be able to provide information to us, or from public sources. We collect, hold and use this information to process the application and assist us to decide whether or not to make an offer of employment or to enter a contract.

    Landowner and occupier information

    We may collect and hold personal and sensitive information (for example, name and contact details) about landowners and occupiers who are located near our land and infrastructure, or near a planned pumped hydro energy storage project. We may use this information to contact these individuals in connection with activities related to planning, construction, operation and maintenance of pumped hydro energy storage assets, including access to property, safety or emergency issues, maintenance and vegetation management.

    Information from public sources

    We may collect information about you from public sources, such as social media sites, in connection with the operation of our business. For example, this could include social media handles and other social media profile information.

    Information as required or permitted by law

    We may collect information about you as required or permitted by law.

    Information from our website

    When you visit our website, we may collect device information, server log information, IP address, and location information. We collect, hold and use this information as part of the operation of our website including to gather information about visitors to our website and improve the user experience.

    Third parties

    We may collect personal and sensitive information from third parties so we can perform the operations and functions of our business. For example, if we engage a contractor to carry out surveys or public consultation on our behalf, we may collect and hold contact information and other information that was provided to the contractor as part of the survey or public consultation and use that information to perform the operations and functions of our business to which the survey or public consultation relates.

    In addition to the uses of information described above, we may use your personal information:

    • in accordance with your written consent;
      • for purposes connected with our business operations, including:
      • exercising its powers or perform its functions and duties;
      • communicating with you about our business;
      • obtaining feedback related to our business by carrying out analytics, business improvement and reporting, including via third-parties;
      • performing business processing functions, including processing job applications;
      • updating our records and keeping contact details up to date;
      • preventing or investigating any actual or suspected fraud, unlawful activity or misconduct;
      • complying with the law including using your personal information where we are required or permitted to do so; and
      • preparing reports and other information for entities that we report to in the course of our business, such as Queensland Government departments and agencies; or
    • otherwise in ways that you would reasonably expect and as permitted or required by law.

    Sometimes we may need to use your sensitive information. We will generally only use your sensitive information with your consent.

    There are some limited exceptions that permit us to use your sensitive information for a secondary purpose without your consent, including where it is required or authorised by or under law, or where a permitted general situation exists, like where we reasonably believe that the use of your sensitive information is necessary to prevent a serious threat to the life, health or safety of an individual or the public.

    Disclosure of personal information

    We may disclose personal information for the purposes described in this policy to:

    • our employees, consultants, agents, contractors, suppliers, service providers, professional advisors and related entities who are acting on our behalf;
    • parties to whom Queensland Hydro has outsourced a business function, including but not limited to service providers for the purposes of operation of our website, IT systems administrators, data entry service providers, market research providers, other service providers, and professional advisors such as accountants, lawyers and business advisors;
    • emergency services and other entities such as disaster management groups who provide assistance during an emergency event;
    • entities that we report to in the course of our business, such as Queensland Government departments and agencies;
    • regulatory authorities or government agencies or bodies where required by law; and
    • anyone to whom Queensland Hydro assets or business (or any part of it) is transferred or offered to be transferred.

      Where we have disclosed personal information to a third party acting on our behalf, we request that those third parties do not use the personal information for their own purposes and that they comply with this policy.

    Protecting your personal and sensitive information

    We protect information using a range of security measures and procedures to prevent loss, modification, unauthorised access and misuse, including:

    • providing training and awareness to staff on the risks posed to information held by us;
    • access controls, such as unique, authenticated accounts restricted to authorised personnel;
    • restricting physical access to records and premises to authorised persons; and
    • protecting our technology environment with appropriate security measures such as firewalls, encryption and scanning for malicious content.

      In some situations, we may disclose personal information to third parties who store data overseas (such as data hosting and other related service providers). Before doing so, we take reasonable steps to ensure the overseas recipient will deal with such personal information in a manner that is consistent with the Privacy Act.

    Individuals have the option to interact with us anonymously or using a pseudonym, where reasonably possible. For example, if you contact us with a general enquiry, you will not be aside for your name unless it is required to adequately handle your enquiry.

    However, for most interactions, we will ask for your name, contact information and enough information about your enquiry to enable us to deal with your enquiry fairly and efficiently.

    In addition to Information and Communications Technology security and physical security measures, we take reasonable steps to protect the security of the personal and sensitive information we hold from both internal and external threats through access security and monitoring controls including:

    • regularly assessing the risk of misuse, interference, loss and unauthorised access, modification or disclosure of that information;
    • taking measure to address those risk, eg by keeping a record of when someone has added, changed or deleted personal information held in our electronic databases and regularly checking that staff only access those records that they are permitted to and when they need to; and
    • conducting regular internal and external audits to assess whether we have complied with or implemented these measures.

    Where we no longer need your personal information and we are lawfully authorised or required to do so, we will destroy personal information in a secure manner or take steps to de-identify the personal information we hold.

    Accessing and correcting your personal and sensitive information

    If you wish to seek access to the personal or sensitive information we hold about you or correct the personal or sensitive information we hold about you, please contact us using the contact details set out below. Depending on the nature of the request, we may ask you to provide us further information to verify your identity, put your request in writing or to complete an enquiry form, which will be sent to you.

    Complaints

    You can make a privacy related complaint by contacting us using the contact details set out below.

    We will investigate complaints and once we have completed our investigation, we will contact you, usually in writing, to advise the outcome.

    If you are not satisfied with our response, you may also complain to the Office of the Australian Information Commissioner by completing their online privacy complaint form or by submitting a written complaint by post to GPO Box 5288, Sydney NSW 2001 or by fax sent to +61 2 6123 5145.

    Contact us

    For further information about this policy, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

    Email: [email protected] or find out more via our Feedback & Complaints page.

    We will review this policy regularly and may make changes from time to time. If we do so, we will update the policy on our website to reflect those changes. The updated versions of this policy will be effective from the date of posting on our website.