Our Privacy policy

Our privacy commitment to you

The National Injury Insurance Agency, Queensland (NIISQ Agency) is committed to protecting your privacy. We recognise the importance of your privacy and understand that people are concerned about the security and confidentiality of their personal information.

The NIISQ Agency owes an obligation of privacy to every individual it holds personal information about. The purpose of this privacy policy is to explain how the NIISQ Agency handles personal information.

What legislation applies to us?

Personal information is any information or opinion which identifies an individual or allows an individual to be reasonably identified. The Information Privacy Act 2009 (IP Act) outlines the rules we must comply with when handling personal information. These rules include the Queensland Privacy Principles (QPPs). The QPPs tell us how we can collect, use, disclose, and secure your personal information. We handle your personal information in accordance with the IP Act.

There are other laws which determine how we handle your personal information. These include:

Queensland Human Rights Act 2019.

Privacy Act 1988 (Cth)

Right to Information Act 2009 (Qld)

Public Records Act 2023 (Qld)

Public Sector Act 2022 (Qld)

National Injury Insurance Scheme (Queensland) Act 2016 (NIISQ Act)

National Injury Insurance Scheme (Queensland) Regulation 2016

  • We may collect personal information about you in the following ways:

    • directly from you (e.g. in-person, when you call us, email us, or submit a form to us)
    • from a representative for you (e.g. a lawyer representing you or someone authorised to act for you)
    • from third parties (e.g. another government department or doctor)
    • from your interactions with us via our websites, forms, or our social media.

    We will generally only collect personal information about you when we need it to perform an agency function. The NIISQ Agency is responsible for the administration and management of the National Injury Insurance Scheme Queensland (the Scheme). We will collect information lawfully and only collect the type and amount of information necessary to perform this function.

  • When we collect personal information about you, we will take reasonable steps to advise you:

    • why the information is being collected
    • the circumstances in which the information is collected
    • the consequences if we do not collect the information
    • any law that allows us to collect the information
    • whether we normally disclose the information and, if we do, who it is disclosed to (and if they are likely to be located outside of Australia)
    • how you can access or correct the personal information we hold about you or make a privacy complaint to us.

    This information is usually contained in a privacy statement which may be a recording you can listen to when you contact us or a written statement on a form we give to you. Here is an example of our privacy statement:

    We are collecting your personal information in order to perform our functions under the NIISQ Act. We collect, use, disclose and store your personal information in accordance with the Information Privacy Act 2009 (Qld). We may need to disclose your personal information to third parties in performing our functions under the National Injury Insurance Scheme (Queensland) Act 2016. Your personal information will not be released unless the disclosure is permitted or required by law. For more details about how we handle your personal information, including how you can access or correct the personal information we hold about you, please refer to our privacy policy or contact our RTI and Privacy Officer via privacy@niis.qld.gov.au.

  • The NIISQ Agency collects a large amount of personal information in order to meet our agency functions and perform our general business activities. Below are some examples of the information we may collect and the reasons why we may collect it. Generally, we collect information to:

    • provide our services to you, to other members of the public, and to the State of Queensland
    • meet your needs (e.g. answer your questions, provide services to you, assess an application from you)
    • meet our needs (e.g. assess queries/applications, provide our services to participants and other members of the public, contact you, conduct research to improve our services to you).

    Sometimes we may need to collect sensitive information about you to perform our agency functions. We have included a definition of sensitive information beneath this table; it is personal information that is particularly private, and it may include your health information or information about your road accident.

    Some examples of when we might need to collect personal information, and why, are included below.

     

     

    Types of personal information, including sensitive information, collected 3rd parties we may collect personal information from Why we collect, use, and disclose personal information
    • Name
    • Date of birth
    • Contact information e.g. address or phone number
    • Identity documents e.g. driver licence
    • Court document and police records
    • Cultural identity
    • Medical or health information
    • Bank account details
    • Relationship details and family circumstances
    • Employment history and educational background
    • Your authorised representatives e.g. lawyers or family members
    • Insurers
    • Other government departments / agencies
    • Healthcare provider/s
    • An educational institution or a current or former employer
    • Ambulance or other emergency service providers
    • Organisations that provide treatment, care and support services
    • Individuals that assess the treatment, care and support needs of participants.
    • To process and manage applications for scheme participation
    • To answer enquiries, questions, or complaints
    • To support fraud investigations or criminal proceedings
    • Recruitment and employment purposes
    • To fulfil our statutory functions under the NIISQ Act including arranging treatment, care and support services for participants, and associated business processes
    • To process an information access application.

     

    Personal information is any information or opinion which identifies you or allows you to be reasonably identified.

    A subset of personal information is sensitive information. This is personal information that is particularly private, and which could have a more harmful impact if it is mishandled. Sensitive information includes:

    • information about an individual’s race or ethnicity, political opinions or associations, religious or philosophical beliefs, membership of a professional or trade association or trade union, sexual orientation, or criminal record
    • health information or other genetic information about the individual, and
    • biometric information used for verification/identification or biometric templates.

  • We will use and disclose your personal information for the purpose it was collected – the reason why we collected it. For example, we may disclose your personal information to other government agencies, your authorised representatives, or the third parties referred to in the table above.

    We are also allowed to use or disclose your personal information for another purpose when:

    • you have provided your consent, either expressly or impliedly
    • the secondary purpose is related (or, for sensitive information, directly related) to why we originally collected your information, and you would reasonably expect the secondary use or disclosure
    • we are required or authorised by law
    • we are required to for law enforcement purposes
    • it is required for limited research purposes in the public interest
    • the Australian Security Intelligence Organisation has asked for the information to perform its functions
    • a permitted general situation exists such as lessening or preventing a serious threat to the life, health or safety of an individual or the public, or locating a missing person.

    Prior to using or disclosing your personal information, we will ensure that:

    • we have taken reasonable steps to verify the currency, accuracy and completeness of the information, having regard to the purpose for which the information is proposed to be used or disclosed
    • we only use or disclose the parts of the personal information that are relevant to fulfilling our function or activity.

  • We understand the importance of safeguarding personal information and keeping both digital and physical information secure. We are committed to continuously improving our systems and processes to protect your personal information. Preserving the security, confidentiality, and integrity of personal information is part of the NIISQ Agency’s operations, and this is crucial to ensure we can continue to deliver our government services. We maintain and dispose of public records in accordance with our obligations under the Public Records Act 2023 (Qld).

    We use secure systems to hold your personal information in accordance with the requirements of the Queensland Government information security policy IS18, and we take all reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure.

  • We may contract with an entity to perform some of our functions and activities. If the entity will deal with personal information as part of providing us with these services, we generally use a contract to bind them to comply with our privacy obligations. For example, bound contracted services providers are expected to comply with the QPPs. If the contractor breaches one of the privacy rules, individuals may be able to hold them accountable for the breach.

  • We hold your personal information within Australia. We will only disclose your personal information outside Australia if:

    • you consent; or
    • we are authorised or required to by law; or
    • it will protect your life, health, safety or welfare or the public’s health, safety or welfare; or
    • two or more of the following apply –
      • the recipient is subject to equivalent privacy obligations; or
      • the disclosure is necessary to perform a function of the NIISQ Agency; or
      • the disclosure is for your benefit; or
      • we have taken reasonable steps to ensure the information is protected by equivalent privacy obligations.

  • You have the right to request access to your personal information held by us. There are different ways for you to request access to your personal information.

    Administrative access

    In some cases, personal information of individuals can be released without the need for a formal access application to be made under the Right to Information Act 2009 (Qld) (RTI Act). Where possible, we seek to facilitate the proactive release of information through administrative release as a faster and easier way for you to access your information as guided by our Administrative Release Policy.

    If you would like to discuss applying for administrative release of your personal information, please contact us by email on RTI@niis.qld.gov.au addressed to the RTI and Privacy Officer.

    Application for access under the RTI Act

    If we hold personal information about you and we consider access via administrative release is not available to you, you can request access to your information under the RTI Act. You can apply to access your personal information by either:

    • filling in this RTI form
    • emailing your request to RTI@niis.qld.gov.au
    • mailing your written request to:
      RTI and Privacy Officer
      National Injury Insurance Agency Queensland
      GPO Box 1391, Brisbane Qld 4001

    You will need to provide certified identification with your application (certification obtained within the last 12 months). In most instances, we can give you access to your personal information. However, the RTI Act may prevent us from releasing the information if it is exempt or not in the public interest to release. If this applies to you, we will provide you with a decision letter explaining why the information cannot be released to you.

    More information is available from our RTI webpage

  • We take all reasonable steps to ensure the personal information we hold about you is current and accurate. However, if you consider the personal information we hold about you is inaccurate, incomplete, out of date or misleading, you can request that we amend it. There are different ways for you to request amendment of your personal information.

    Administrative amendment

    In some cases, personal information can be amended without the need for a formal amendment application to be made under the RTI Act. If you would like to discuss applying for administrative amendment of your personal information, please contact us and we will assess your request:

    • by phone on 1300 607 566 (NIISQ Enquiry Line – leave a message for the RTI and Privacy Officer to call you back)
    • by email on RTI@niis.qld.gov.au addressed to the RTI and Privacy Officer.

    Application for amendment under the RTI Act

    If we hold personal information about you and we consider amendment via administrative amendment is not available to you, you can request an amendment to it under the RTI Act. You can apply to amend your personal information by:

    You will need to tell us what document you want amended, the amendments you want made, and provide certified identification (certification obtained within the last 12 months) with your application. If an agent is acting for you, the agent will need to provide evidence of their authority to act for you. If you are a parent, requesting amendment of your child’s information, you will need to provide proof of relationship, for example, a birth certificate.

    More information is available from our RTI webpage.

  • Complaints to the NIISQ Agency

    You can make a privacy complaint to us if you believe we have not handled your personal information in accordance with the rules under the IP Act, including the QPPs. You may make your privacy complaint by:

    RTI and Privacy Officer

    National Injury Insurance Agency Queensland
    GPO Box 1391, Brisbane Qld 4001

    Please mark your complaint as “Private and Confidential”. We will need your privacy complaint to:

    • be in writing
    • include a contact address so that we can reply (an email address is sufficient)
    • be about how we have handled your personal information (not someone else’s information)
    • provide certified identification (such certification to have been obtained within the last 12 months)
    • give specific details about your concerns/issues with how we have handled your personal information
    • contain enough information to enable us to understand the nature of your complaint, the impact it has had on you, and what outcome you are seeking, and
    • be sent to us within 12 months of you becoming aware of the practice you are making the complaint about.

    We will investigate your complaint and advise you of the outcome within 45 business days. To address your complaint, we may need to disclose the nature of your privacy complaint and your identity to relevant business areas within the NIISQ Agency and any relevant third parties. By proceeding with your complaint, you indicate your consent for us to do this.

    If you are an employee of the NIISQ Agency, you can make your complaint by following the Agency’s Employee grievance procedure.

    Complaints to the Office of the Information Commissioner

    If you are not satisfied with our response to your complaint, you may refer your complaint to the Privacy Commissioner in the Office of the Information Commissioner (OIC). You cannot refer the matter to the OIC until 45 business days have passed since you first made your complaint to us. The OIC does not have an investigative or determination role in privacy complaints but rather the OIC provides a mediation service to the parties to the complaint.

  • A data breach means either:

    • unauthorised access to, or unauthorised disclosure of, information we hold
    • the loss of information we hold in circumstances where unauthorised access to, or unauthorised disclosure of, the information is likely to occur.

    If we identify a data breach, we will handle it in accordance with our data breach policy. Learn more about our Data breach policy here.

  • You may be able to engage with the NIISQ Agency anonymously or by using a pseudonym (using a different name to represent yourself) basis if you would prefer to do so. For example, this will be possible in circumstances such as if you are making a general enquiry or making a complaint.

    This option will not be available if:

    • we are required or authorised by law to deal with individuals who have identified themselves; or
    • it is impracticable for us to deal with people who have not identified themselves or who have used a pseudonym.

    For example, it will not be available if we need to know who you are to provide you with a service or process an application.

    If you engage with us on an anonymous or pseudo-anonymous basis, there may be limitations as to how we can assist you. For example, we may be unable to follow up with you about the outcome of your complaint or enquiry where it is made anonymously or provide you with services under the NIISQ Act.

  • We use cookies to collect anonymous statistical information about our website visitors, including:

    • your browser, computer platform, and screen resolution
    • your traffic patterns through our site, such as:
      • the date and time of your visit
      • the pages and documents assessed
      • the website you visited before ours
      • your IP addresses.

    We do not identify users or any other browser activity outside websites, except if we are authorised or required to do so by law (for example, if a law enforcement agency has a warrant to inspect activity logs).

    We also use analytics systems such as Google Analytics (including advertising features) on our website to gather anonymous information about visitors to our website. When you visit our web pages, your browser automatically sends anonymous information to Google. Examples of the information include the web address of the page that you’re visiting, your IP address and demographic information.  Google may also use cookies. You can read more about how Google uses data. You can choose not to allow Google to collect your information by opting out of Google Analytics or specifically opt out of Google Analytics Display Advertiser Features.

    We use the anonymous data collected from cookies and analytics to analyse the pages on our website that are visited, to improve your experience in using the website, and to make sure our website is useful.

    Our internet service provider, Queensland Treasury information services staff, or NIISQ Agency ICT staff may monitor email traffic for system trouble shooting and maintenance purposes only. We have censorware software that blocks inappropriate material.  The system generates an automatic message advising the originator and address that the message has been blocked.

    Part of this site transmits information securely across the internet, but no security is perfect, and we recognise that there may be risks. We will notify you where personal information is not transmitted securely.

    Our website contains links to other sites. We are not responsible for the privacy or security practices or the content of any such websites.

    Our website uses online forms to allow you to communicate with us, for example, our online general enquiry form. If you use one of these forms, the personal information you provide will be dealt with in accordance with this policy.

  • Under the Human Rights Act 2019 (HR Act), public entities must act compatibly with human rights and give those rights proper consideration before making a decision. The rights set out in the HR Act include a right to privacy. When carrying out our functions, including meeting our obligations under the IP Act, we will consider, and act compatibly with, your human rights including this right to privacy.

Last updated: July 2025