Privacy Policy

Effective from: 14 November 2025

This Privacy Policy explains how the Justice of the Peace (JP) Volunteer Service at QEII Jubilee Hospital (“we”, “our”, “us”) handles personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

If you are an inpatient or a representative booking the inpatient JP service through our website, this policy applies to you.

Who we are and how to contact us

• Service: JPs in the Community, QEII Signing Site
• Phone: 07 2812 2159
• Online contact form: available here

What personal information we collect

We collect only the information necessary to arrange and delivery the inpatient JP service:

• Your name
• Your email address
• Your phone number
• The patient's name, if different to yours

Please do not include health or other sensitive information in the request form. If you do, we will handle it in accordance with the APPs.

How we collect personal information

We collect personal information directly from you when you submit our online booking request form. We may also receive the patient's name from the requester when acting on their behalf.

Why we collect and use personal information

We collect, use, and disclose personal information only for purposes directly related to providing the inpatient JP service, including:

• Scheduling and coordinating JP attendance for inpatients
• Communicating with you (eg., to confirm, reschedule, or clarify details)
• Working with Queensland Health staff to facilitate access to wards and patients
• Meeting legal or regulatory requirements (eg., recording client details in our logbooks)

We do not use personal information for marketing.

We do not sell personal information.

If you choose not to provide the requested information, we may be unable to process your booking or provide the service to you (or the patient if different to you).

Disclosures to third parties

We disclose personal information only as needed to provide the inpatient service:

• to Queensland Health: for coordination of inpatient access and service delivery

We do not otherwise share personal information unless required or authorised by law (eg., to respond to a lawful request by an suitably empowered government authority).

Location of personal information

All collected information is stored and processed in Australia.

Retention and deletion

We retain personal information for one (1) month from submission, after which it is securely deleted, unless we are required by law to retain it longer. If information is stored in backups, it will be deleted in line with our standard backup rotation and deletion cycles.

If personal information is restored from a backup outside of the retention window, it will be securely deleted.

Security

We take reasonable stepts to protect personal information from miuse, interference, loss, and unauthorised access, modification, or disclosure. Measure may include access controls, role-based permissions, and secure service providers.

Although every care is taken with the safety of the information, no warranty is provided or implied. No method of transmission or storage is completely secure.

Access and correction of your personal information

You may request access to the personal information we hold about you or ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant, or misleading.

• How to request: contact us using the details provided at the beginning of this policy.
• Identity verification: we will need to verify your identity before actioning your request.
• Timeframe: we will respond within thirty (30) days of receiving your request.

If we decline access or correction (where permitted by law), we will provide reasons and information on further steps you may take.

Anonymity and psueudonymity

Where practicable, you may interact with us anonymously and/or using a pseudonym. However, we generally need your contact details and the patient's name to deliver the inpatient service safely and effectively.

Complaints

If you have a privacy concern or wish to make a privacy-related complaint:

1. Contact us using the details provided at the beginning of this policy and provide as much detail as possible.
2. We will acknowledge your complaint and aim to respond within thirty (30) days.
3. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):
   • Online: https://www.oaic.gov.au/contact-us#complaint
   • Phone: 1300 363 992 (Australia only)
   • Mail: GPO Box 5288, Sydney NSW 2001

Notifiable Data Breaches

If we experience a data breach that is likely to result in serious harm, we will assess the incident and, where required by law, notify affected individuals and the OAIC under the Notifiable Data Breaches scheme.

Changes to this policy

We may update this policy from time to time to reflect changes to our practices or legal requirements. The updated version will be published on our website with a new effective date.