How Queensland Rail protects your privacy
If you engage with us in person or use our online services, from visiting our website to booking online or applying for a job with us, then this privacy statement applies to you.
We are committed to protecting your data. We respect your privacy and we will take steps to secure any personal information you give us.
The way we do this is governed by the Information Privacy Act 2009 (Qld) (IP Act) which includes the Information Privacy Principles (IPPs).
The IPPs tell us how we may collect, store, allow individuals to access and amend, use and disclose your personal information.
What is "personal information"?
"Personal information" is information or an opinion, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
It does not matter if the information or opinion is part of a database; true; or in a material form.
Collection and use of personal information
We’ll only collect personal information we need.
This information may include your name, address, phone number, fax, email, other contact details, complaint, incident, comment or other answers or opinions provided; payment, financial institution or bank account details; age, gender, drivers licence, medical information or history, image and other identification details as required. We may collect these types of personal information either directly from you, or from third parties, such as your travel agent.
We may collect personal information to:
- Help you with your enquiries, complaints, reported incidents, entry forms, bookings and other requests.
- Get in touch with you if we need to and verify any information you have provided to us.
- Protect your safety, security and wellbeing on our property.
- Research and develop our services, including new or improved services.
- Return lost property to you.
- Provide you with travel services and information.
- Recommend other services that our selected partners offer which may be of interest to you.
We may collect this information when you:
- Visit our website or social media sites.
- Complete a form for us, such as lost property, concession claim, medical clearance, claim and unaccompanied minor forms.
- Register or operate as a travel agent selling travel on our behalf.
- Provide personal information to us directly, e.g. entering a competition, providing feedback or booking a ticket.
- Apply for a position with us.
- Talk to us - through calling our call centre, Rail Management Centre or using our emergency response infrastructure (phones or call buttons). We record these interactions.
You can choose not to provide us with your personal information. But without this personal information we may not be able to complete your request. For example, providing you with feedback on an enquiry.
Working at Queensland Rail
If you have applied for employment at Queensland Rail we will collect your personal information to process your employment application (for example, to verify employment information). As a Queensland Rail employee, we collect your personal information to perform employment related tasks (for example, to grant you building and IT access, manage your salary arrangements and monitor employee conduct).
Our marketing and your personal information
If you opt-in to receive our marketing, we may use personal information that we hold about you to identify services and products that may be of interest to you.
We may contact you by email, text message or other digital service (e.g., an application), phone, or post to let you know about specials, offers and promotions; or any new or existing products or services that may be of interest to you.
You can contact us at any time if you no longer wish to receive marketing materials from us or our related entities. If you receive a marketing email from us, you can opt out of it by clicking on the "Unsubscribe" link at the bottom of the email.
Storage and security of your personal information
We keep your personal information in various forms – including electronic records, hard copies, and telephone recordings. Third-party service providers may store some personal information on our behalf.
In all cases, we take our obligation to secure your personal information seriously and take reasonable steps to protect your personal information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure.
We use a strong network and online security systems. We also limit who can access your personal information, both in physical form and electronically. That said, no transmission of data over the internet can ever be guaranteed to be secure and so, we cannot guarantee the security of your personal information.
CCTV recordings and online privacy
When you visit our stations or premises
We collect: Video recordings, we use signs to tell you when they’re in use and where you can find them.
Why we collect it: Monitor your safety and network security, as well as investigate incidents involving employees when the law says we can.
How we store it: We use closed circuit television (CCTV) systems for 24-hour video surveillance at our stations, premises, and on some of our trains.
Why we may disclose it: The images are only accessible to authorised staff and law enforcement agencies when the law says we can or we have to.
Visit our website
We collect: Your server address, top-level domain name, date and time of visit, pages accessed documents downloaded, previous site visited browser used, and cookies.
Why we collect it: For statistical purposes. Don’t worry, we won’t attempt to identify you or your browsing activity.
How we store it: With our website service provider.
Why we may disclose it: We will allow law enforcement agencies to view the service provider's logs if the law (or a warrant) says we have to.
Disclosure of personal information
We may give your personal information to someone else but we’ll only do it for a good reason.
Some examples of who we might give your information to are:
Banks or other financial institutions to process payments.
Businesses providing prizes to competitions you have won through us.
Courier companies if we are required to make a delivery to you.
Our related entities which are controlled by us.
Our professional advisers, contractors or service providers who advise us or carry out our functions and activities.
Travel agents, accommodation and activity service providers and other carriers, tour operators and transport companies to process and make reservations for your travel, accommodation and activity arrangements.
Your representatives (for example your authorised representatives or legal advisers).
TransLink, if your query concerns a service that TransLink manages.
Queensland Police Service (QPS) or other law enforcement agency.
Government and regulatory authorities and other organisations, as required or authorised by law.
We will take reasonable steps to ensure that any person to whom we give your personal information also promises to keep your personal information private and secure.
Other important bits
We do use internet cookies on our website that allow our website to remember your machine. Cookies used by us have no way of disclosing your name or any information that could personally identify you.
Security - Transmission of personal information
This site uses encryption for secure transmission of personal information over the Internet. There can be risks with transmitting information across the Internet.
Where this site contains links to other websites not managed by us, we are not responsible for the privacy or security practices or the content of those websites.
Access and amendment of your personal information
You may ask to access your personal information held by us. You also have the right to ask us to amend your personal information if it is wrong, missing details, out of date or misleading.
If you need to contact us for other privacy matters, please contact:
Senior Advisor, RTI and Privacy
GPO Box 1429
Brisbane QLD 4000
Phone: 07 3072 8650
If you believe we have not dealt with your personal information in the way the IP Act, requires, you may make a complaint to us. A privacy complaint should:
- Include an address to which notices may be forwarded under the IP Act
- Provide certified identification
- Give details of the act or practice which is the subject of your complaint.
We will acknowledge privacy complaints within 14 days from the date on which the complaint is received and process the complaint within 45 business days. In the circumstance where a longer period of time is required in order to finalise a complaint, we will contact you to negotiate an extension of time.
We will advise you of our decision in writing.
Download the Privacy Statement