Last updated 17 December 2025
1. Collection of personal information
2. What happens if you do not provide BYS with your personal information
3. Dealing with BYS anonymously or by pseudonym
4. Collection and use of personal information about children
5. Use and disclosure of personal information
6. Storage and security of personal information collected by BYS
8. Access to and correction of personal information
Brisbane Youth Service (BYS) respects the rights of individuals to have their personal information handled with care and in accordance with laws. This Privacy Policy outlines the types of personal information BYS collects, as well as how BYS uses, handles and discloses personal information, and how you can access or correct the personal information BYS holds about you.
1. Collection of personal information
1.1. In the course of your interactions with BYS, such as engagement with a BYS service or support, we may collect your personal information for the purpose of identifying you and providing appropriate and relevant services and support to you.
1.2. The type of personal information BYS may collect about you depends on the dealings you have with us.
Support services
1.3. The kinds of personal information BYS may collect from you if you seek support services from us include your name, address, contact details, demographic details, relevant health details, and any other information relevant to your identified support needs.
1.4. When a person first presents to BYS for support, BYS Employees will use the B6.14 Consent to collect, use, and disclose information to explain why their personal information is collected, what type of information may be collected and may be stored at BYS. BYS Employees will also provide information about third parties to whom BYS may disclose personal information and for what purpose.
Applying for employment or engagement with BYS
1.5. If you apply for a job or position with us, BYS may collect your personal information for recruitment and employment purposes.
1.6. If you apply for a job or position with us, the personal information we may collect from you generally includes:
- Full name(s);
- Contact details – including next of kin and emergency contact details;
- Date of birth;
- Demographic information;
- Citizenship or residency status;
- Health details as relevant – including any disabilities;
- Previous employment details;
- Qualifications and experience; and
- Salary details – including bank account, tax file number, superannuation details, HECS, and salary packaging details.
1.7. Additional personal information may also be collected in accordance with applicable legislation, such as under the Working with Children (Risk Management and Screening) Act 2000.
How we collect personal information
1.8. BYS will only collect personal information by lawful and fair means, and usually directly from the individual to whom it relates. However, if it would be impracticable or unreasonable for BYS to collect this information directly from the individual, BYS may obtain personal information about the individual from a third party such as their substituted decision maker, parent or guardian, referral source such as a school counsellor, transfer of health information, or in the case of risk and safety entities such as Child Safety, Probation and Parole, and other Domestic Family and Sexual Violence services, and we will take reasonable steps to notify the individual where practical.
1.9. BYS Employees respect an individual’s right to withdraw their consent to collect their personal information at any time. Information stored within electronic files is not deleted when consent is withdrawn.
2. What happens if you do not provide BYS with your personal information
2.1. You may choose not to provide BYS with some or all of your personal information. However, BYS may not be able to provide you with the full extent of our services, or offer you the volunteering or employment opportunities you may seek.
3. Dealing with BYS anonymously or by pseudonym
3.1. Individuals have the option, where lawful and possible, to deal with BYS anonymously or by pseudonym. For example, if you contact us with a general question, or provide us with anonymous feedback, we will not record your name unless we need it to adequately respond to your query. However, for many of our functions and activities, we will need your name, contact information and other personal information required to properly respond to and address your query.
4. Collection and use of personal information about children
4.1. Due to the nature of BYS services, BYS may collect personal information about children (individuals under the age of 18).
4.2. BYS will assess whether a child has capacity to consent to privacy decisions on a case-by-case basis, however BYS will generally presume a child over the age of 15 years has capacity to consent.
4.3. Where BYS assesses a child does not have capacity to consent, BYS will collect personal information from the child’s responsible adult (e.g. parent or guardian) if possible, record the responsible adult’s details as the contact information for the child, and treat consent provided by the responsible adult as consent given on behalf of the child.
4.4. When working with a family unit where the primary supported person is a young parent and BYS is supported their child/ren information should only be recorded within the young parents electronic file.
5. Use and disclosure of personal information
5.1. We may use or disclose your personal information for the primary purpose for which it was collected, or:
- with the individual’s consent (written consent from BYS young persons can be obtained using B6.51 Request for Access to Information Form or and external service/organisational equivalent form);
- for a secondary purpose that is related (or for sensitive information, directly related) to the primary purpose, and this secondary purpose is reasonably expected by the person;
- where BYS is required or authorised by law to use or disclose personal information; or
- where disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any person, or to public health or safety; or
- disclosure is reasonably necessary for the enforcement of a criminal law or a law imposing a penalty or sanction, or for the protection of public revenue.
5.2. In the course of providing our services, we may disclose your personal information to the following third parties:
- Software suppliers and IT service provider;
- Our professional advisers, including lawyers, accountants and auditors; and/or
- Government agencies, non-government agencies, regulatory bodies, and law enforcement agencies, or other similar entities.
For the purposes of:
- Providing technical support to employees at BYS (for technological concerns, and software’s such as Best Practice);
- Seeking expert advice, ensuring compliance; and
- Complying with funding requirements, legislation, standards, and frameworks.
5.3. In circumstances where BYS is required to disclose personal information to a new third party, BYS will seek to contact the person to whom the information relates to obtain consent to the disclose. BYS Employees will inform the individual of the nature of the request to release information and, if appropriate and safe to do so, inform the person of the details of the information that will be disclosed.
5.4. BYS Employees may have additional obligations under the following BYS policies with respect to the disclosure of personal information:
- A2.08 Information and Record Keeping;
- A2.21 Child and Youth Risk Management Strategy;
- B5.06 Domestic Family and Sexual Violence Policy; and
- B6.08 Missing Persons Policy;
- B6.26 Safeguarding Children and Young People Policy; and
- C5.79 Reportable Conduct Scheme.
5.5. Any personal information that BYS is required to provide to government departments, funding bodies and/or for accreditation purposes, will be de-identified prior to sharing this information. BYS Employees will note if a BYS Young Person has requested to have their data withheld from these collections and ensure that their data is withheld. To ensure this occurs employees will look at the consents tab of the young person’s electronic file and confirm what the young person has selected.
5.5.1. When a young person has selected agencies, or person to withhold information from this should be clearly listed within the consent tab in their electronic file. Young people should be aware of the limitations to those persons or parties selected and limitations to confidentiality.
5.6. BYS Employees may discuss and share personal information about a BYS Young Person they support with other BYS Employees, with the consent of the young person being supported and for the purpose of providing the relevant support, such as in the following circumstances:
- Exploring additional support and/or program options;
- Seeking guidance or consultation;
- Facilitating referrals to other programs or services; and
- Working within a care team approach for the young person.
5.7. In circumstances where BYS Employees have concerns about the safety and/or well-being of the BYS Young Person they support, they may seek guidance and share relevant personal information with relevant BYS Employees without the BYS Young Person’s consent, if this reduces the risk of harm and/or for immediate safety purposes.
5.8. If there is a change of control in one of our businesses (whether by merger, sale, transfer of assets or otherwise) we may transfer personal information to a purchaser under a confidentiality agreement for the purposes of business continuity. We would only disclose such personal information in good faith and where required by any of the above circumstances.
Personal information and artificial intelligence (AI) systems at BYS
5.9. BYS does not input personal information into publicly available AI systems.
5.10. Refer to Acceptable Artificial Intelligence (AI) Usage Policy (A2.34) for further guidance.
6. Storage and security of personal information collected by BYS
6.1. Personal information collected by BYS is stored in hard copy and/ or electronically in the electronic file database.
6.2. BYS will take reasonable steps to protect the personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure. This includes by requiring:
- Hard copy records to be kept in locked cabinets;
- Any personal information held by BYS is sent to a printer in an employee accessible area only and is retrieved only by BYS Employees (BYS employs the use of individual swipe cards to access printing at its head office);
- Two [2] step multi factor authentication as an additional security measure.
- BYS Employees lock their computer screens when away from their desks. This reduces the risk of other people having access to or visibility of potential sensitive and personal information;
- Access to personal information is restricted to authorised persons only; and
- BYS have the appropriate consent(s) to release information.
6.3. BYS will retain personal information for as long as it is needed for the purpose for which the personal information was collected, and as otherwise necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
7. Direct marketing
7.1. BYS will not use personal information collected about BYS Employees for direct marketing purposes.
7.2. BYS will not use personal information about children for direct marketing purposes.
8. Access to and correction of personal information
8.1. BYS will take reasonable steps to ensure the personal information it collects and holds is accurate, complete, and up-to-date.
8.2. Individuals may request access to, or correction of, the personal information BYS holds about them at any time by contacting the BYS Quality Officer. BYS will need to verify the identity of the individual making the request in the first instance, such as by sighting photo ID. BYS will then respond to the request, or provide access to the personal information within a reasonable time and (usually within 30 days). If BYS refuses the request, BYS will notify the individual and provide its reasons in writing.
9. Data breach incidents
9.1. In the event we discover there has been actual or suspected unauthorised access to, disclosure, or use of your personal information (a data breach), we may notify you. We will work with you to mitigate the consequences, including harms, resulting from any such data breach. We are required under the Privacy Act to notify the Office of the Australian Information Commissioner (OAIC) about certain data breaches.
9.2. Any individual who believes their personal information has been subject to misuse, interference and loss, unauthorised access, modification or disclosure (data breach) may lodge a complaint using the BYS Feedback and Complaints Form (B6.12). Their concern will be handled and addressed according to the Feedback and Complaint Management Policy and Procedure (A2.12). BYS will also work with the individual to minimize or mitigate the consequences of a data breach, in accordance with the BYS Data Breach Policy and Response Plan (A2.17).
9.3. If a person who is supported by BYS is not satisfied with our response, they may lodge a complaint with the OAIC via their website.
Definitions
BYS Employee: means all employees, students and volunteers, and contractors.
Personal information: is information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.
Sensitive information: is subset personal information that is afforded a higher level of privacy protection due to its sensitive nature, and includes:
any information or opinion regarding an individual’s:
- racial or ethnic origin;
- political opinion;
- membership of a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership of a professional or trade association;
- membership of a trade union;
- sexual preferences or practices;
- criminal record;
that is also personal information; or
- health information about an individual;
- genetic information about an individual that is not otherwise health information; or
- biometric templates.
Health information is personal information and includes:
information or an opinion about:
- the health, including an illness, disability or injury, (at any time) of an individual; or
- an individual’s expressed wishes about the future provision of health services to the individual; or
- a health service provided, or to be provided, to an individual;
that is also personal information; or
- other personal information collected to provide, or in providing, a health service to an individual;
- other personal information collected in connection with the donation, or intended donation, by an individual of his or her body parts, organs or body substances;
- genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
Contact
If you have any enquiries in relation to privacy or personal information, please contact:
Quality Lead
Brisbane Youth Service
PO Box 1389
Fortitude Valley Qld 4006
Phone: 3620 2451
Email: quality@brisyouth.org
If you wish to change how you receive communications from us (via mail, phone, SMS or email) please email us at fundraising@brisyouth.org or call us on 3620 2466.
