1. Policy Statement
The Queensland Pharmacy Business Ownership Council (Council) is committed to protecting your privacy by protecting the personal information you provide to us.
2. Purpose
The purpose of this policy is to explain how we manage personal information.
3. Scope
This policy applies to:
- Council members
- The Chief Executive Officer (CEO)
- Council staff
- Council inspectors, and
- Contractors to the Council.
4. Policy
4.1 Background
The Council is an independent statutory body established under the Pharmacy Business Ownership Act 2024 (PBO Act). Our role is to regulate pharmacy business ownership in Queensland. We do this by administering the pharmacy business ownership licensing scheme and monitoring and enforcing compliance with the PBO Act.
Our approach to handling your personal information is governed by the requirements of the Information Privacy Act 2009 (IP Act), and associated Queensland Privacy Principles (QPP), which set the rules for how Queensland government agencies, including the Council, handle personal information.
Personal information is defined in the IP Act as “information or an opinion about an identified individual or an individual who is reasonably identifiable from the information or opinion (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not”.
Put simply, personal information is any information or opinion about you that can identify you or lead to you being identified.
Personal information includes information which is considered sensitive information. Sensitive information includes:
- information, or opinion, about an individual’s racial or ethnic origin, political opinions, membership of a political, professional, or trade association, religious beliefs or affiliations, philosophical beliefs, membership of a trade union, sexual orientation or practices, or criminal record; or
- health information; or
- genetic information that isn’t otherwise health information; or
- biometric information that is used for the purpose of automated biometric verification or biometric identification; or
- biometric template – that is, a digital fingerprint or profile or biometric data that is used to verify or identify an individual.
The only sensitive information Council routinely collects is criminal history information for the purpose of deciding whether a person is fit and proper to own a pharmacy business.
In addition to the IP Act, we also have obligations under the PBO Act regarding the disclosure of confidential information. Under the PBO Act, confidential information is personal information, information about an individual’s commercial activities, and criminal history information. It does not include information that is publicly available.
For simplicity, in this policy we will use the term personal information to collectively refer to personal information, sensitive information and confidential information.
4.2 Why we collect personal information
We collect and use your personal information to perform our functions and activities under the PBO Act. These include:
- deciding applications relating to pharmacy business licences;
- changing, suspending and cancelling pharmacy business licences;
- monitoring and enforcing compliance;
- providing advice to the Queensland Minister for Health and Ambulance Services on pharmacy premises standards and other matters; and
- keeping a register of licensed pharmacy premises.
We also collect and use personal information to enable us to carry out our day-to-day operations such as:
- communicating with our stakeholders on a range of matters;
- recruiting Council employees and managing and administering employee entitlements; and
- responding to queries from the public and other agencies.
4.3 When we collect personal information
We collect your personal information in a variety of ways, including when you:
- fill in a form (printed or online) and submit it to us;
- pay a licensing fee;
- visit our website (www.pboc.qld.gov.au);
- communicate with us via letter, email, telephone, our website, or in person;
- subscribe to our mailing list or register for events such as webinars;
- apply to work for us;
- request access to, or amendment of, your personal information; or
- make an inquiry or complaint.
When we request your personal information, we will take reasonable steps to provide you with a notice (collection notice) that explains what information we need and why, and how we will use and disclose it. The collection notice may be provided electronically, in writing or verbally depending on the circumstances.
4.4 What personal information we collect
The personal information we collect will depend on the function or activity we need it for. However, we will only ask you for what is necessary to enable us to complete the specific function or activity.
The range of personal information we collect, use and store, and the functions for which it is collected, is explained further in the table below.
| Function | Personal Information |
|---|---|
Licensing | The Council collects and holds information about people who submit applications relating to licensing matters. This includes applicants’ names, contact details, professional registration details, commercial documentation, and criminal history information. The Council also collects and holds information about applicants’ nominated authorised representatives including names and contact details. |
Information and assistance | The Council collects and holds information about people who contact us via email, our website contact form, or phone. This includes their name and contact details. |
Human resources | The Council collects and holds personal information about our staff, relevant to their employment. This includes their name, date of birth, contact details, tax file number, qualifications, work history, entitlements, and next of kin and/or emergency contacts. |
Recruitment and contracting | The Council collects and holds personal information about people who apply to work for us. This includes names, contact details, required application documentation (e.g. resumes), identification information, suitability assessments, referees and referee reports. |
Complaints about the Council | The Council collects and holds personal information about people who make complaints to us about our services. This includes names, contact details, details of the nature of the complaint, and what action and/or resolution the complainant is seeking. |
Privacy complaints | The Council collects and holds information about individuals who make privacy complaints to us. This includes names, contact details, the personal information that is the subject of the complaint, and what action and/or resolution the complainant is seeking. |
Mailing list subscriptions | The Council offers a mailing list subscription service to deliver news, updates and alerts requested by subscribers. This service is provided by Vision6™ which is hosted in Australia. Vision6™ collects a subscriber’s name and email address. You can read the Vision6™ Privacy Policy here. |
Event registration | The Council collects information, including personal information such as contact information, that you provide to us when registering to attend our events. |
Google Analytics | The Council website is hosted in Australia. We may make a record of your visit and, for statistical purposes only, log the following information: your server address, top level domain name (e.g. .com .au), date and time of your visit to the site, pages visited, and documents downloaded, previous sites visited, and browser type. We use Google Analytics™ to gather anonymous information about visitors to our website. When you visit our web pages, your browser automatically sends anonymous information to Google™. This includes the web address of the page you are visiting, your Internet Protocol (IP) address, and demographic information. We use this data to analyse the pages that are visited, to improve your experience and ensure our website is useful. Google™ may also use cookies. The information generated by a cookie is transmitted to and stored by Google™ on servers located outside Australia. No personally identifying information is recorded or provided to Google™. |
4.5 How we use and disclose personal information
We use and disclose your personal information in accordance with our obligations under the IP Act and PBO Act.
We may only use and disclose your personal information for the purpose it was collected (the primary purpose). We collect personal information under the PBO Act to process and decide applications for pharmacy business licences (the primary purpose), and in doing so we may disclose applicants’ personal information to relevant state, territory or Commonwealth authorities. For example, we may disclose applicants’ personal information for the purpose of requesting criminal history checks and verifying professional registration status (where applicable).
We will not otherwise use or disclose your personal information for another purpose (a secondary purpose), unless we have your consent or there is a lawful ability or requirement for us to do so.
When we collect your personal information we will inform you, via a collection notice, of important details including:
- the type(s) of personal information we are collecting;
- why we are collecting the information (i.e. the primary purpose);
- who the information will, or may be, disclosed to outside the Council and why;
- any law that requires us to collect the information;
- the main consequence(s), if any, if you do not provide all or part of the information we have requested (e.g. we may not be able to process an application or respond to a request); and
- how you can access or amend your personal information.
All personal information we collect is processed and stored in Australia. We use the following secure digital platforms:
- Kiteworks™ private data network to enable the secure transfer/upload of personal information and other licensing related data; and
- BPOINT™, provided by the Commonwealth Bank, to enable online payments. Payment details entered into BPOINT are not stored.
If we disclose personal information overseas, this will usually occur with your agreement, where we are authorised of required by law, or otherwise consistently with our obligations under the IP Act.
4.6 How we manage personal information
We hold your personal information securely and take reasonable steps to ensure it is:
- accurate and up to date; and
- protected from misuse, interference, loss, unauthorised access, modification or disclosure.
Before we use your personal information, we may check with you to make sure it is accurate, complete and up to date. We may also periodically prompt you to check the accuracy of your personal information, such as your contact details, and notify us of any changes.
We comply with relevant Queensland Government Standards and security protocols to protect personal information and ensure it can only be accessed by authorised employees. We also require our contracted information technology service providers to observe strict information security requirements.
Where permitted by the Public Records Act 2023 (Qld), and in accordance with our obligations under the QPPs, we will destroy or deidentify unsolicited personal information, or personal information no longer required to perform our functions, if it is lawful and reasonable to do so.
4.7 How to access or amend your personal information
You have the right to:
- request access to personal information about you that we hold; and
- request we amend your personal information, where you think that it is inaccurate, incomplete, out of date or misleading.
Applications to access or amend personal information are made under the Right to Information Act 2009 (Qld) (RTI Act).
There is no cost to access or amend your personal information.
Before we can give you access to, or amend, your personal information, we will need to verify your identity.
If you wish to amend your personal information, please contact us in the first instance via privacy@pboc.qld.gov.au as we may be able to amend incorrect or out of date information without the need for a formal process. For example, where you wish to update your contact details.
If you need to make a formal request to access or amend your personal information, further details, including the relevant application forms, are available on the Queensland Government’s RTI website.
You may submit your application to us via post or email. Please mark your application as ‘private and confidential’.
4.8 How to make a privacy compliant
If you believe that we have not handled your personal information in accordance with the IP Act you can make a privacy complaint.
Your complaint must:
- be in writing and include an address (e.g. email or postal address) so we can reply;
- be about your personal information only, unless another person has authorised you to make a privacy complaint on their behalf;
- provide specific details about issue(s) you have concerns about to enable us to investigate and respond;
- if you are making a complaint on behalf on someone else, provide evidence that they have authorised you to do so.
Please tell us as soon as you become aware of the issue. The sooner you tell us, the sooner we can act.
You may submit your complaint to us via post or email. Please mark your complaint as ‘private and confidential’.
Once we have received your complaint in writing, we have 45 business days to respond. If you are not satisfied with our response, or we have not responded and the 45 business days have passed, you have the right to make a complaint in writing to the Office of the Information Commissioner (OIC). Further information on how to make a complaint to the OIC is available on the OIC website.
4.9 Contact us
If you wish to make a privacy complaint; request access to, or amendment of, your personal information; or request a copy of this Privacy Policy, please contact us at:
Post:
The Privacy Officer
Queensland Pharmacy Business Ownership Council
Level 3, 15 Butterfield Street
HERSTON QLD 4006
Email:
5. Legislation
- Information Privacy Act 2009 (Qld)
- Pharmacy Business Ownership Act 2024 (Qld)
- Public Records Act 2023 (Qld)
- Right to Information Act 2009 (Qld)
6. Authority
The Chief Executive Officer is responsible for this Privacy Policy.
The Manager, Finance and Corporate Services is responsible for reviewing and evaluating the effectiveness of the policy on an annual basis.