Our Privacy policy

We may collect personal information about you in the following ways:

• directly from you (e.g. in-person, when you call one of our call centres, email us, or submit a form to us)
• from a representative for you (e.g. a lawyer representing you or someone authorised to act for you)
• from third parties (e.g. another government department or local council)
• from your interactions with us via our websites, forms, or our social media.

We will generally only collect personal information about you when we need it to perform an agency function. MAIC is responsible for managing the Compulsory Third Party (CTP) scheme in Queensland, and ND manages people who are injured as a result of the negligent driving of unidentified and/or uninsured (no CTP insurance) motor vehicles. We will collect the information lawfully and only collect the type and amount of information necessary to perform that function.

When we collect personal information about you, we will take reasonable steps to advise you:

• why the information is being collected
• the circumstances in which the information is collected
• the consequences if we do not collect the information
• any law that allows us to collect the information
• whether we normally disclose the information and, if we do, who it is disclosed to (and if they are likely to be located outside of Australia)
• how you can access or correct the personal information we hold about you or make a privacy complaint to us.

This information is usually contained in a privacy statement which may be a recording you can listen to when you contact one of our call centres or a written statement on a form we give to you. Here is an example of a privacy statement:

MAIC/ND is collecting your personal information for the purpose of investigating and responding to your customer complaint. We will handle your personal information in accordance with the Information Privacy Act 2009. We may need to give your personal information to other business units within MAIC/ND or disclose your personal information to third parties for the purposes of investigating and responding to your customer complaint. For more details about how we handle your personal information, including how you can access or correct the personal information we hold about you, please refer to our privacy policy.

Treasury and MAIC/ND collect personal information for reasons relating to our agency functions and activities. Below are some examples of the information we may collect and the reasons why we may collect it. Generally, we collect information to:

• provide our services to you, to other members of the public, and to the State of Queensland
• meet your needs (e.g. answer your questions, provide MAIC/ND services to you, assess an application from you)
• meet our needs (e.g. assess queries, provide our services to the public, contact you, analyse demographics).

Sometimes, we may need to collect sensitive information about you to perform our agency functions. We have included a definition of sensitive information beneath this table; it is personal information that is particularly private, and it may include your health information or information about your criminal record.

Some examples of when we might need to collect personal information, and why, are included below.

Personal information is any information or opinion which identifies you or allows you to be reasonably identified.

A subset of personal information is sensitive information. This is personal information that is particularly private, and which could have a more harmful impact if it is mishandled. Sensitive information includes:

• information about an individual’s race or ethnicity, political opinions or associations, religious or philosophical beliefs, membership of a professional or trade association or trade union, sexual orientation, or criminal record
• health information or other genetic information about the individual, and
• biometric information used for verification/identification or biometric templates.

We will use and disclose your personal information for the purpose it was collected – the reason why we collected it. For example, we may disclose your personal information to other government agencies, your authorised representatives, or the 3rd parties referred to in the table above.
We are also allowed to use or disclose your personal information for another purpose when:

• you have provided your consent, either expressly or impliedly
• the secondary purpose is related (or, for sensitive information, directly related) to why we originally collected your information, and you would reasonably expect the secondary use or disclosure
• we are required or authorised by law
• we are required to for law enforcement purposes
• it is required for limited research purposes in the public interest
• the Australian Security Intelligence Organisation has asked for the information to perform its functions
• a permitted general situation exists such as lessening or preventing a serious threat to the life, health or safety of an individual or the public, or locating a missing person.

Prior to using or disclosing your personal information, we will ensure that:

• we have taken reasonable steps to verify the currency, accuracy and completeness of the information, having regard to the purpose for which the information is proposed to be used or disclosed
• we only use or disclose the parts of the personal information that are relevant to fulfilling our function or activity.

We understand the importance of safeguarding personal information and keeping both digital and physical information secure. We are committed to continuously improving our systems and processes to protect your personal information. Preserving the security, confidentiality, and integrity of personal information is part of Treasury’s operations, and this is crucial to ensure we can continue to deliver our government services. We maintain and dispose of public records in accordance with our obligations under the Public Records Act 2023 (Qld).

We use secure systems to hold your personal information in accordance with the requirements of the Queensland Government information and cyber security policy (IS18), and we take all reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure.

We may contract with an entity to perform some of our functions and activities. If the entity will deal with personal information as part of providing us with these services, we generally use a contract to bind them to comply with our privacy obligations. For example, bound contracted services providers are expected to comply with the IP Act. If the contractor breaches one of the privacy rules, individuals may be able to hold them accountable for the breach.

We hold your personal information within Australia. We will only disclose your personal information outside Australia if:

• you consent; or
• we are authorised or required to by law; or
• it will protect your life, health, safety or welfare or the public’s health, safety or welfare; or
• two or more of the following apply –
  • the recipient is subject to equivalent privacy obligations; or
  • the disclosure is necessary to perform a function of MAIC/ND; or
  • the disclosure is for your benefit; or
  • we have taken reasonable steps to ensure the information is protected by equivalent privacy obligations.

You have the right to request access to your personal information held by us. There are different ways for you to request access to your personal information.

Administrative amendment

In some cases, personal information of individuals can be released without the need for a formal access application to be made under the Right to Information Act 2009 (Qld) (RTI Act). Where possible, we seek to facilitate the proactive release of information through administrative release as a faster and easier way for you to access your information.

For example, the CTP Claims History Administrative Release Scheme facilitates the administrative release of CTP claims history information through the Queensland CTP Portal. For more information about this, including eligibility and application process, please access the CTP Claims History Administrative Release Scheme.

If you would like to discuss applying for administrative release of your personal information, please contact us by email on maic@maic.qld.gov.au addressed to MAIC/ND Officer.

Application for access under the RTI Act

If we hold personal information about you and we consider access via administrative release is not available to you, you can request access to your information under the RTI Act. As statutory bodies administered within Treasury, applications under the RTI Act are processed by Treasury. You can apply to access your personal information by:

• completing this form
• sending your request to rtiadmin@treasury.qld.gov.au
• mailing your request to:
  RTI Officer, Queensland Treasury
  GPO Box 611, Brisbane Qld 4001

You will need to provide certified identification with your application (certification obtained within the last 12 months). In most instances, we can give you access to your personal information. However, the RTI Act may prevent us from releasing the information if it is exempt or not in the public interest to release. If this applies to you, we will provide you with a decision letter explaining why the information cannot be released to you.

More information is available from Treasury’s RTI webpage.

We take all reasonable steps to ensure the personal information we hold about you is current and accurate. However, if you consider the personal information we hold about you is inaccurate, incomplete, out of date or misleading, you can request that we amend it. There are different ways for you to request amendment of your personal information.

Administrative amendment

In some cases, personal information can be amended without the need for a formal amendment application to be made under the RTI Act. If you would like to discuss applying for administrative amendment of your personal information, please contact us and we will assess your request by email on maic@maic.qld.gov.au addressed to MAIC/ND Officer.

Application for amendment under the RTI Act

If we hold personal information about you and we consider amendment via administrative amendment is not available to you, you can request an amendment to your information under the RTI Act. As statutory bodies administered within Treasury, applications under the RTI Act are processed by Treasury. You can apply to amend your personal information by:

• completing this form
• sending your request to rtiadmin@treasury.qld.gov.au
• mailing your request to:
  RTI Officer, Queensland Treasury
  GPO Box 611, Brisbane Qld 4001

You will need to tell us what document you want amended, the amendments you want made, and provide certified identification (certification obtained within the last 12 months) with your application. If an agent is acting for you, the agent will need to provide evidence of their authority to act for you.

More information is available from Treasury’s RTI webpage.

Complaints to MAIC/ND

You can make a privacy complaint to us if you believe we have not handled your personal information in accordance with the rules under the IP Act, including the QPPs. As statutory bodies administered within Treasury, Treasury supports our processing of privacy complaints. You may make your privacy complaint by:

• sending an email to privacy@treasury.qld.gov.au addressed to the Treasury Privacy Contact Officer
• mailing your request to:
  Treasury Privacy Contact Officer, Queensland Treasury
  GPO Box 611, Brisbane Qld 4001

Please mark your complaint as “Private and Confidential”. We will need your privacy complaint to:

• be in writing
• include a contact address so that we can reply (an email address is sufficient)
• be about how we have handled your personal information (not someone else’s information)
• provide certified identification (such certification to have been obtained within the last 12 months)
• give specific details about your concerns/issues with how MAIC/ND has handled your personal information
• contain enough information to enable us to understand the nature of your complaint, the impact it has had on you, and what outcome you are seeking, and
• be sent to us within 12 months of you becoming aware of the matter you are making the complaint about.

We will investigate your complaint and advise you of the outcome within 45 business days. To address your complaint, we may need to disclose the nature of your privacy complaint and your identity to relevant business areas within Treasury, MAIC/ND, and third parties. By proceeding with your complaint, you indicate your consent for us to do this.

Complaints to the Office of the Information Commissioner

If you are not satisfied with our response to your complaint, you may refer your complaint to the Privacy Commissioner in the Office of the Information Commissioner (OIC). You cannot refer the matter to the OIC until 45 business days have passed since you first made your complaint to us. The OIC does not have an investigative or determination role in privacy complaints but rather the OIC provides a mediation service to the parties to the complaint.

A data breach means either:

• unauthorised access to, or unauthorised disclosure of, information we hold
• the loss of information we hold in circumstances where unauthorised access to, or unauthorised disclosure of, the information is likely to occur.

If we identify a data breach, we will handle it in accordance with our data breach policy (which is also Treasury’s data breach policy, as we are statutory bodies administered within Treasury). A reference in the data breach policy to the Under Treasurer may be read as a reference to the Insurance Commissioner for the purpose of MAIC/ND.

Access our data breach policy here.

You may be able to engage with MAIC/ND on an anonymous or pseudo-anonymous basis if you would prefer to do so. For example, this will be possible in circumstances such as if you are making a general enquiry or making a complaint.

This option will not be available if:

• we are required or authorised by law to deal with individuals who have identified themselves; or
• it is impracticable for us to deal with people who have not identified themselves or who have used a pseudonym.

For example, it will not be available if we need to know who you are to provide you with a service or process a claim.

If you engage with us on an anonymous or pseudo-anonymous basis, there may be potential negative consequences for you. For example, we may be unable to follow up with you about the outcome of your complaint or enquiry where it is made anonymously, or provide you with fulsome government services.

We use cookies to collect anonymous statistical information about our website visitors, including:

• your browser, computer platform, and screen resolution
• your traffic patterns through our site, such as:
  • the date and time of your visit
  • the pages and documents assessed
  • the website you visited before ours
  • your IP addresses.

We do not identify users or any other browser activity outside websites, except if we are authorised or required to do so by law (for example, if a law enforcement agency has a warrant to inspect activity logs).

We also use analytics systems such as Google Analytics (including advertising features) on our website to gather anonymous information about visitors to our website. When you visit our web pages, your browser automatically sends anonymous information to Google. Examples of the information include the web address of the page that you’re visiting, your IP address and demographic information. Google may also use cookies. You can read more about how Google uses data. You can choose not to allow Google to collect your information by opting out of Google Analytics or specifically opt out of Google Analytics Display Advertiser Features.

We use the anonymous data collected from cookies and analytics to analyse the pages on the MAIC/ND and Treasury websites that are visited, to improve your experience in using the websites, and to make sure our websites are useful.

Our internet service provider or information services staff may monitor email traffic for system trouble shooting and maintenance purposes only. We have censorware software that blocks inappropriate material. The system generates an automatic message advising the originator and address that the message has been blocked.

Part of this site transmits information securely across the internet, but no security is perfect, and we recognise that there may be risks. We will notify you where personal information is not transmitted securely.

This site contains links to other sites. We are not responsible for the privacy or security practices or the content of any such websites.

Under the Human Rights Act 2019 (HR Act), public entities must act compatibly with human rights and give those rights proper consideration before making a decision. The rights set out in the HR Act include a right to privacy. When carrying out our functions, including meeting our obligations under the IP Act, we will consider, and act compatibly with, your human rights including this right to privacy.