Privacy Statement

The Australia Privacy Principles (APPs) are the cornerstone of the privacy protection framework in the Privacy Act 1988 (Cth) (Privacy Act). These principles apply to Fitzroy Basin Association Limited (FBA) and as such we are required to maintain a privacy policy outlining our approach to managing the privacy of the personal information and data we collect about our stakeholders; including staff, land managers, contractors, event participants, and others. This Privacy Statement sets out our privacy policy.

The purpose of this Privacy Statement is to set out the type of information FBA collects and how we will hold, use and disclose your personal information, and sets out our commitment to protecting the privacy of personal information collected by us. By providing your personal information you are deemed to have consented to the collection, use, disclosure and storage of that information as outlined in this Privacy Statement.

If there is any inconsistency between this Privacy Statement and the Privacy Act, this Privacy Statement shall be interpreted to give effect to and comply with the Privacy Act. FBA may make changes to this policy, by displaying our revised policy on our website. However, changes to how personal information is handled will not apply retroactively.

What is personal information

In this policy, Personal information has the meaning given to it in the Privacy Act, being information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether the information or opinion is recorded in a material form or not. Examples of personal information include an individual’s name, address, telephone number and date of birth.

What is sensitive information

Sensitive information is a type of personal information that requires a higher level of protection under the Privacy Act. This includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a person’s sexual orientation or practices.

Why we request information

FBA will only collect personal information where it is reasonably required for our functions and activities.

Whenever it is lawful and practicable, we may allow you the option of not identifying yourself when dealing with us. For example, general access to our website does not, and general telephone queries do not, require you to disclose personal information about yourself. However, there are certain interactions where we may need to collect personal information from you for a specific purpose.

In this Privacy Statement, we, us or our means Fitzroy Basin Association (FBA) ABN: 30 802 469 401. This privacy statement sets out our commitment to protecting the privacy of personal information provided to us and /or otherwise collected by us, through our website. Collected personal information is protected by the Privacy Act 1988 (Cth) (Privacy Act). Personal information is any information or an opinion that identifies you or is reasonably identifiable.

Fitzroy Basin Association may change this statement. Your continued use of the website constitutes your acceptance of the statement as amended.

FBA may ask you to provide personal information during your engagement with our organisation for the following purposes:

  • to make contact regarding Natural Resource Management matters;

  • to conduct our activities including Natural Resource Management services and support;

  • to provide information to you about Natural Resource Management topics and matters;

  • to communicate with you (including through newsletters, social media or online);

  • to enter into formal business agreements with you;

  • to conduct research initiatives and surveys;

  • to comply with our legal and regulatory obligations;

  • to comply with the reporting requirements of our funders;

  • to help us manage and improve our services and website;

  • to assess, train, work with and manage our staff, volunteers and contractors; and

  • to protect the safety and security of our staff, premises and assets.

We may use information for internal marketing analysis, for example, to assess trends amongst the people and organisations we engage with or to measure the amount of traffic to our website. We may also use your personally identifiable information in order to communicate with you. Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to receive marketing information at any time by contacting us or using the ‘unsubscribe’ feature included in our electronic communications.

How we collect information

FBA will ordinarily only collect personal information directly from you. From time to time, we may receive personal information about you from third parties such as contractors undertaking work on our behalf.

When collecting personal information, we will tell you why we are collecting the information, what we plan to do with it and identify any third parties to whom we might disclose your personal information where it is required via a collections notice.

Your personal information will be collected by FBA from a variety of sources including:

  • your engagement with our services;

  • our organisation’s activities, events or marketing;

  • your activity on our website;

  • our interactions with you by mail, telephone, email or internet; and

  • sources where you have consented to us collecting your information.

If we receive your personal information from another source in the normal course of our business activities, we will contact you to let you know that we have obtained your personal information, how we have obtained your personal information, what we intend to do with it and seek your consent to deal with it, as if we had collected the information from you directly.

Types of information we may collect

We may collect the following types of personal information:

  • full name, date of birth, gender, address and contact details;

  • geographical data and information about your property or land;

  • information about your interactions with us (e.g. donations, participation in programs or research); and

  • feedback, complaints, and survey responses.

Sensitive information

Sensitive information will only be collected with your consent and when it is reasonably necessary to carry out FBA’s activities. FBA assumes you have consented to us collecting any information that you provide to us in accordance with this Privacy Statement, including sensitive information, unless you tell us otherwise at the time you provide it. The kinds of sensitive information we may collect from you include:

  • Racial and ethnic origin (in the case of employees);

  • Health information (in the case of employees).

Usage information collected via our website

Every time you visit our website, FBA may collect information about you, including:

  • the date and time of your visit to the FBA’s website;

  • how you interact with the website;

  • your IP address and device information;

  • the type of browser and operating system you are using; and any address of a recurring site and any website you are about to visit.

The above information provides FBA with details about how the website is used including the frequency and duration of visits, and which web pages you have accessed on the website. The information we collect will not personally identify you.

Cookies

Most commercial websites, including our website, use cookies. Cookies are pieces of information that websites send to the browser and are stored in the computer hard drive. Cookies make using the website easier by storing information about your preferences on the website. Cookies will not identify you personally. If you would prefer not to receive cookies, you can alter your security settings on your web browser to disable cookies or to warn you when cookies are being used. However, by disabling the ‘cookie’ function in your web browser you may impede your ability to use parts of our website.

We partner with well-recognised third-party vendors such as Google Analytics to allow tracking technologies, through the use of first party cookies and third-party cookies. The purposes of the cookies are to analyse and track users’ use of our website, determine the popularity of certain content and better understand such online activity. By accessing our website, you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policy and contact them directly for responses to your questions. We don’t transfer any personal information to these third-party vendors.

Disclosure of personal information

FBA will only disclose your personal information to a third party if it is necessary for FBA to carry out the functions and services for which it was collected in the first place. This may include disclosure to contractors working for or on behalf of FBA. It may also include disclosure to funding partners or investors in a project to which your information relates or to their contractors or representatives for the purpose of reporting, research or analysis required under FBA’s agreement(s) with them. If personal information is disclosed by us to a government agency in accordance with a requirement in a funding agreement, you acknowledge that information may become subject to further disclosure under freedom of information or right to information laws.

FBA will de-identify your personal information to the extent that it is practical to do so before disclosing it to any third party and we will ensure that, after disclosure, your personal information will be managed in accordance with both the purpose for which it was collected and in accordance with the Privacy Act.

You consent to FBA disclosing your personal information:

  • to third parties who assist us in providing services or who perform functions on our behalf (such as mail service providers, professional advisers and specialist consultants);

  • to organisations that assist us in research and development;

  • where it is required, authorised or permitted by law;

  • in the public interest (for example where a crime, fraud or misdemeanour is committed or suspected and disclosure is justified); and

  • to anyone else who you authorise us to disclose your information to from time to time.

We use our best endeavours to ensure that we only disclose personal information to third-party service providers that have implemented appropriate systems and processes to protect your personal information.

Overseas disclosure

FBA utilises internet carriers to transmit and store documents, databases and other data that may contain personal information. FBA preferences carriers where the data will be stored on servers located in Australia. However, in carrying out these transmission and storage functions on behalf of FBA, these providers may transmit or store personal information in overseas jurisdictions. In this instance, FBA will:

  • choose servers located in the EU or USA;

  • perform due diligence to ensure the service provides comply with the Australian Privacy Principles;

  • engage with service providers who have contractual protections; and

  • use the strongest security measures provided to protect access to the information.

We will notify you of any other specific disclosure to overseas recipients prior to the disclosure taking place.

Third-party organisations and websites

Our website may contain links to other websites outside of our control and which do not operate under this Privacy Statement. When you click through to these websites, this policy no longer applies. We recommend that you read the privacy policies for all third-party websites.

If we receive personal information about you from a third party, we will protect it as set out in this Privacy Statement. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Your rights and controlling your personal information

If you believe that any information, we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us via the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

If you no longer wish to allow FBA to use your personal information in a particular way, we will take steps to comply with your wishes. Unless you ask FBA to delete or otherwise destroy personal information, FBA will keep your information until such point that it is no longer relevant to our functions, services or other business or legal requirements. Once personal information is no longer required for any lawful purpose, we will take reasonable steps to securely destroy or permanently de-identify the information.

As an example, our destruction and de-identification methods may include:

  • Paper records being placed in security bins and shredded or sent for secure destruction; or

  • Electronic records being deleted from all locations, to the best of our ability, or encrypted and/or placed beyond use.

If you wish to access your personal information or find out if FBA holds personal information about you, you should contact FBA in writing. FBA will endeavour to comply with your request but may refuse access if we have a legal right or requirement to do so in accordance with the Privacy Act.

Storage and security

We are committed to ensuring that the personal information we collect is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

Your personal information is securely stored, either in electronic or hard copy form. We have included reasonable security safeguards for electronic and hard copy records. Reasonable technical safeguards include:

  • using passwords to restrict computer access and requiring regular changes to passwords for our employees;

  • using the multi-factor authentication for log ins;

  • storing information in secured systems operated by us and by trusted third-party cloud service providers;

  • hosting our website with a secure webhost that monitors servers for potential vulnerabilities and attacks;

  • using a secure socket layer technology (SSL) to encrypt information;

  • access passes to enter our premises; and

  • keeping up to date with software updates.

While we endeavour to maintain high standards of data and privacy security, all online systems are subject to risk of interference, loss and unauthorised access, modification and disclosure. We cannot guarantee the security of any information that is transmitted to or by us online and the transmission and exchange of information is carried out at your own risk.

Notifiable data breach

FBA is required to notify the Privacy Commissioner and affected individuals if an eligible data breach occurs. An eligible data breach is generally defined as unauthorised access to, or disclosure of, personal information and a reasonable person would conclude that this would (or could) be likely to result in “serious harm” to any of the individuals to whom the information relates.

Where FBA suspects (but does not yet have reasonable grounds to believe) that an eligible data breach has occurred, FBA will, within 30 days, carry out a reasonable and expeditious assessment to establish if a breach has occurred.

If FBA has reasonable grounds to believe there has been a breach, FBA will prepare a data breach statement setting out a description of the breach, the kinds of information concerned and recommendations actions that affected individuals should take in response to the breach. A copy of this statement will be provided to the Office of the Australian Information Commissioner.

If practical, FBA will take reasonable steps to notify affected individuals as well as any other at-risk individuals of the breach as soon as possible by direct communication. If such direct communication is not practical, FBA will publish the statement on our website and take reasonable steps to publicise it.

Complaints

If you have a complaint about how we handled your personal information or about any decision to refuse access or correction of your personal information, please contact us using the FBA contact details in the next section. We will request that you lodge your complaint in writing.

We will acknowledge receipt of your complaint as soon as possible after receiving your written complaint. We will then investigate the circumstances of your complaint and provide you with a response within a reasonable timeframe, in most circumstances within 30 days.

FBA takes complaints very seriously. All complaints lodged through communications channels above will be handled with care and respect.

If you are still not satisfied with how your complaint is handled by us, then you may lodge a formal complaint with the Office of the Australian Information Commissioner at:

  • Telephone: 1800 841 118 (if calling from outside Australia including Norfolk Island please call: +61 3 7045 5077)

  • National Relay Service

  • TTY users phone 133 677 then ask for 1800 841 118

  • Speak and Listen users phone 1300 555 727 then ask for 1800 841 118

  • Internet relay users connect to the National Relay Service then ask for 1800 841 118

  • Post: Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001

  • Fax: +61 2 9284 9666

  • Email: enquiries@oaic.gov.au

Website: http://www.oaic.gov.au/privacy/making-a-privacy-complaint

Contacting FBA

To contact FBA regarding this policy, your personal information, or any other privacy related matter please call, write, or email using the details below:

Fitzroy Basin Association
1/80 East St, Rockhampton QLD 4700
(07) 4999 2800
admin@fba.org.a

Last update:  May 2026