Privacy Collection Notice

Application of this Privacy Collection Notice

This Privacy Collection Notice applies to your use of the QDI, including your use of the system and services that provide your QDI. QDI and the QDI System are provided by CDSB.

Setting up and using your QDI involves the collection, use and handling of your personal information by CDSB. This Privacy Collection Notice provides information concerning the collection, use and handling of your personal information to the extent that it is collected by or provided to CDSB via your onboarding or use of your QDI.

Other privacy notices and policies will also apply to the collection, use and handling of your personal information in connection with the QDI, including:

• the CDSB general privacy policy
• the QDI terms and conditions
  and
• in relation to our verification of your information:
  • against TMR Identity Documents (for example, driver licence, photo identification card and marine licence records) collected under transport portfolio legislation: TMR's privacy notices and policies including the TMR general privacy statement, and
  • with the DVS service provided by the Australian Government: the Commonwealth Attorney-General’s Department’s Privacy Statement – Identity Verification Services
    and
• privacy notices and policies of other agencies who issue the Identity Documents you submit to us to help prove who you are; and of Relying Parties who you use your QDI with.

1. How is your personal information collected, used and handled in connection with the QDI?

The following sets out information concerning how your personal information is collected, used and handled in connection with the QDI by CDSB.

CDSB is the provider and administrator of the QDI. Where you use QDI, CDSB may access and use relevant records from the databases of TMR Identity Documents collected and used for TMR’s transport portfolio functions under transport portfolio legislation to verify your identity for QDI, as described in this Notice, and only with your consent or as otherwise authorised by law.

What personal information do we collect?

When you first establish your QDI or upgrade your QDI, we may collect your phone, email, a password and proof of identity information, which includes, where relevant to specific Identity Document information you submit to us to help prove who you are, your family name, given names and date of birth, and the Identity Document type, number, state of issue and registration date.

We only collect Identity Document information (e.g. licence numbers) and verify this against the database in which the relevant Identity Document is stored, to receive a match or 'no match' response. We do not collect or store copies of Identity Documents themselves.

We may also collect:

• updates to your information as notified by you or your representatives, or collected by us when you upgrade your QDI
• your digital photo (including any short video or sequence of images and/or device sensor signals):
  • when you first establish your QDI or upgrade your QDI, or otherwise during your use of your QDI, to confirm your identity through biometric matching and liveness checks (to confirm you are a real person and not using a photo, video or mask), and
  • if it is necessary for you to attend at a customer service centre to provide a photo for biometric matching.
• verification of your identity and confirmation of the information you provide against TMR Identity Documents and/or the service provided by the Australian Government known as the Document Verification Service (DVS) (further information is in section 10 of this Privacy Collection Notice)
• results from checking the Fact of Death data file administered by the Queensland Registry of Births, Deaths and Marriages, which if you are deceased, may include your full name, date of birth and residential address details, and
• information from QDI System Access/use logs (further details are as follows).

Biometric matching means use of a face verification service to electronically compare an image of your face captured using your phone or other device against a photo held in government records to verify your identity. For example, if you have a Queensland driver licence, the digital photo (including any liveness check data) you provide will be electronically compared with the photo held in the TMR records of your driver licence.

Why is your personal information collected?

We collect and use your personal information for the purposes of:

• creating your QDI, including verifying your identity against Identity Documents
• making your QDI available for use and providing you with services
• preventing fraud, identity theft and other forms of crime, including by conducting biometric matching and liveness checks
• communicating with you in relation to the QDI
• administration of the QDI, including verification of users, and security
• contacting you and inviting you to participate in surveys and to otherwise improve the QDI System and CDSB services more generally, and
• providing support for and improving the QDI.

We delete any photo, video or other image sequence you provide during biometric matching and liveness checks (and any biometric template created to complete the comparison) immediately when the test is completed. We may retain the match result (pass/fail) and a match confidence score for audit, security and fraud prevention purposes.

Where we collect sensitive information (such as information used for face matching), we do so only where it is reasonably necessary to achieve the identity proofing level required for the service you are accessing.

Who do we disclose your personal information to?

We will use your personal information (including details you provide us about your Identity Documents) to verify your identity against TMR Identity Documents (where relevant) and we will disclose your personal information to the DVS to verify any Identity Documents you submit to the QDI System.

The first time you use your QDI to verify your identity to any Relying Party, you will be asked to give your specific consent to share the relevant information with that Relying Party, which may include your name, date of birth, email address, a unique identifier that links your identity with the Relying Party, and other personal information. You may withdraw your consent at any time. To withdraw your consent to sharing your information with a Relying Party or all Relying Parties, email c4e.service@chde.qld.gov.au and request that consent for a particular service, or all services, be revoked. Be sure to include the email address of your QDI. Upon receipt of your request to withdraw your consent, we will cease to share your personal information with the relevant Relying Party or Relying Parties, except where we are authorised or required by law to do so.

We may also disclose your personal information to the Queensland Registry of Births, Deaths and Marriages to the extent necessary to conduct a check against the Fact of Death data file.

We will retain a securely encrypted record of each time you use your QDI for a minimum of 7 years after your last use of the QDI for audit purposes (and longer where required or authorised by law). We do not keep a record of which Relying Party you verify your identity to, unless it is CDSB.

Your QDI and/or personal information will not be disclosed without your permission, except as notified in this QDI Privacy Collection Notice or where otherwise required or authorised by law. This may include disclosure to police for the purpose of law enforcement functions where specific legislative authority exists.

So that we can provide the QDI services, your personal information may be hosted securely by our third party ICT service providers. Your personal information will be managed by those third party ICT service providers to the same or substantially similar information management standards as our standards in order to maintain the confidentiality, authenticity and integrity of that information.

Will my personal information be disclosed outside of Australia?

Your personal information may be sent out of Australia when you use your QDI to verify your identity to access a website that it is managed or operated overseas or where a Relying Party is located overseas.

Applicable legislation

CDSB will collect and manage your personal information in accordance with the Information Privacy Act 2009. Where you consent to verification against TMR Identity Documents, those records are collected under the Transport Planning and Coordination Act 1994 and other transport portfolio legislation. Where we verify Identity Documents through the Document Verification Service, the service operates under the Identity Verification Services Act 2023 (Cth) (IVS Act).

Access/use logs

We may also collect information contained in access/use logs automatically generated in the QDI System such as:

• access to the administration service
• changes to identities
• authentication successes\failures
• password changes
• M2M authorisation successes\failures
• access request failures
• multi-factor authentication successes\failures, and
• account creation\deletion.

The logs are used to assist in issue diagnostics, monitoring security of the system and analysing capacity and licence usage. CDSB may disclose relevant QDI log information to its contracted ICT and cyber security service providers and to relevant government agencies (including law enforcement agencies) where security or fraud related incidents require supporting information available in the QDI logs, or where otherwise required or authorised by law.

Other access

The QDI System may request your specific permission to access other applications and functions on your mobile device, including:

• the camera application
  or
• biometric and other device security features which may be required for verification, onboarding, reporting, analytics, support, and security purposes.

Access to these applications and features is required for verification, on-boarding, liveness checks, reporting, analytics, support, security purposes or for other purposes to provide you with a service.

Access may also be required to other applications or functions on your mobile device from time to time. If you do not wish to grant these permissions, you may not be able to use your QDI, or may find that some parts of your QDI do not function.

2. Consents

2.1 When you apply for a QDI, you will be asked to acknowledge that you have read this Privacy Collection Notice and consent to us collecting, using and disclosing your personal information as set out in this Privacy Collection Notice, including your information being verified with the Identity Document issuer or official record holder via third party systems for the purposes of confirming your identity. This includes CDSB accessing and using TMR Identity Documents and verifying other Identity Documents through the DVS, for the purposes of confirming your identity for QDI, as follows:

• in the case of TMR Identity Documents, this includes information collected or held by TMR under the Transport Planning and Coordination Act 1994, the Photo Identification Card Act 2008, the Transport Operations (Maritime Safety) Act 1994, the Transport Operations (Road Use Management) Act 1995 and other transport portfolio legislation, where relevant; and
• in the case of the DVS, this includes information collected or held by the Commonwealth Attorney-General's Department's under the Identity Verification Services Act 2023 (Cth) (IVS Act).

2.2 You will be asked to give specific consent at the time we (as applicable):

• verify your identity against TMR Identity Documents (where relevant) or through the Commonwealth Document Verification Service
• collect and use an image of you for face matching to strengthen your QDI, and
• share your QDI details with a Relying Party at your request.

2.3 You consent to your personal information being:

• shared with a third party when you give your specific consent to share the relevant information with that Relying Party, which may include your name, date of birth, email address, and a unique identifier that links your identity with the Relying Party, and
• sent or disclosed outside of Australia when you use your QDI to verify your identity to access a website that it is managed or operated overseas, or where a Relying Party is located overseas.

2.4 By using your QDI to verify your identity with a Relying Party, including on a Relying Party website, you consent to your personal information being disclosed to the Relying Party.

2.5 By using QDI you consent to us delivering push notifications to your device that are directly relevant to your QDI.

3. What happens if you don't provide your personal information and consent?

You do not have to agree to us verifying your Identity Documents against TMR Identity Documents or through the Document Verification Service. You can choose instead to manually verify your identity over the phone or in person using the steps set out on the Queensland Digital Identity website.

Because QDI's purpose is to establish your identity, we need to collect at least some personal information to create and operate your QDI account (for example, your email address or phone number and a password). QDI offers different levels of 'identity proofing' (IP). You can achieve IP1 without verifying your identity using Identity Documents, but some Relying Parties will require IP1+ or above. IP1+ means we verify key identity details (such as your name and date of birth) against one or more Identity Documents or official records, so anonymity or pseudonymity is not possible above IP1. If you do not provide the Identity Documents and consents we require for online verification, you may not be able to reach IP1+ or above for QDI. You may need to use an alternative method to verify your identity to any third party who has asked you to use your QDI. If the third party's website does not include information about alternative methods, you should contact the third party directly.

4. Authorisation

We collect and hold the personal information referred to in this Privacy Collection Notice under our policy mandate to provide digital identity services across the Queensland Government.

5. Use of de-identified information

5.1 Verification information captured using QDI will be reported to us in a de-identified state for our business purposes, including administration of QDI services, and for maintaining and improving QDI.

5.2 QDI may be configured to report de-identified information back to us relating to ICT errors arising in connection with the use of QDI services, without notice to you.

6. Access to, correction and deletion of your personal information

6.1 You may request access to and correction of your personal information in accordance with this Notice. You may also request deletion or deactivation of your QDI account using the process on the Queensland Digital Identity page: (including where initiated from within a participating application such as the Queensland Government Digital Licence App). CDSB may need to complete evidence-of-identity checks before actioning a request.

6.2 Information about how you may:

• access or correct personal information held by CDSB, and
• complain about a breach of the Queensland Privacy Principles, and how the agency will deal with complaints, may also be found in the CDSB general privacy policy.

You may also contact us using the contact details in section 11.

6.3 CDSB may decline to provide access to or amend or delete personal or other information where it is legally permitted to refuse to do so. The relevant agency will explain the basis for its decision when responding to your request or otherwise within a reasonable time.

6.4 Reasons for refusal may include, but are not limited to, where access, amendment or deletion would be:

• inconsistent with CDSB's obligations to maintain records under legislation including the Public Records Act 2023
  or
• contrary to the public interest under the Information Privacy Act 2009 or the Right to Information Act 2009.

6.5 You should notify CDSB of any changes to your personal information so that your records are complete and up to date.

7. Retention of your personal information

7.1 Information associated with your QDI account and its use (including identity verification outcomes, consent records and audit/security logs) may constitute a public record for the purposes of the Public Records Act 2023. Under the Public Records Act, CDSB must retain and protect public records and may only dispose of them under approved disposal authorities.

7.2 CDSB retains QDI account information to support and evidence business transactions and processes for which QDI is used, to protect against fraud, misuse and unauthorised access, to support auditing, compliance, investigation and dispute resolution, and to meet other legal and operational requirements.

7.3 CDSB generally retains QDI account information for at least 7 years after the last transaction made using your QDI (and longer where required or authorised by law). After the applicable retention period expires, information will be disposed of in accordance with approved disposal authorities.

7.4 There is no general right to deletion of a QDI account or all QDI information on request under Queensland or Australian law. CDSB makes available functionality to request deletion or deactivation of a QDI account and information to comply with distribution requirements of third party app stores and similar platforms on which QDI-related applications may be made available. You may request deletion or deactivation, and CDSB will action that request to the extent disposal is authorised and retention requirements permit under applicable laws including the Public Records Act 2023 and subject to CDSB’s recordkeeping, legal and operational obligations as described in this section.

7.5 CDSB assesses deletion requests on a case-by-case basis. In limited circumstances CDSB may delete an IP1 (pseudo-anonymous) QDI account (for example, to resolve duplicate-account issues where a new email address must be linked to an existing verified QDI). CDSB may also delete accounts in fraud or compromised-credential scenarios following appropriate verification and security processes. Associated evidentiary records may still be retained in accordance with sections 7.1–7.4.

7.6 Deactivation prevents further use of your QDI but does not necessarily result in immediate deletion of all QDI information, which will continue to be retained in accordance with section 7.3.

7.7 Deleting or deactivating your QDI does not remove your credentials from the Queensland Government Digital Licence App. To remove those credentials, you must securely reset your Digital Licence App and may also need to remove credentials from other third party apps or services where you have used your QDI.

8. Mandatory Notification of Data Breaches (MNDB)

If an eligible data breach occurs that is likely to result in serious harm, CDSB will notify the Information Commissioner and affected individuals, consistent with Chapter 3A of the Information Privacy Act 2009. For more information, see the CDSB Data Breach Policy.

9. Scope of this Privacy Collection Notice

9.1 This Privacy Collection Notice only applies to the handling of personal information to the extent that it is collected by or provided to us in connection with setting up or using your QDI.

9.2 Your personal information may also be collected by, provided to or held by us or other agencies or persons in connection with use of your QDI to establish your identity with Relying Parties. The handling of personal information in that context will be subject to any laws, privacy notices and policies applicable to such uses.

9.3 We will cease to have control over your personal information once you disclose it to a Relying Party. Relying Parties may manage the personal information in accordance with their own privacy policies and practices, and we are not responsible for use, disclosure or other dealings with personal information by Relying Parties.

10. Document Verification Service - further information

When we confirm your information or identity with the DVS, your personal information will be sent to the DVS Hub, administered by the Commonwealth Attorney-General’s Department, and matched against official records held by the government agency responsible for issuing the Identity Document (document issuer).

The DVS Hub will advise us of whether the information you provide matches official records.

We do not store copies of your Identity Documents after the DVS check is complete. We may store a record of information including the document type and number for as long as may be required to ensure the document cannot be used to create another QDI.

10.1 How will the Commonwealth Attorney-General’s Department handle your personal information?

The DVS Hub facilitates information transfer between us and the document issuer. The DVS Hub itself does not retain any personal information and the Attorney-General’s Department cannot view or edit any of the personal information transmitted through the DVS Hub.

The Attorney-General’s Department engages a third-party provider as a managed service provider for the DVS, who is required to adhere to the Australian Privacy Principles (APP) requirements under the Privacy Act 1988 (Cth) and security standards to ensure the use and disclosure of personal information is limited to explicitly defined purposes including:

• for the purposes of the contract with the department, and
• to comply with any request under section 95C of the Privacy Act 1988 (Cth).

The Attorney-General’s Department is authorised to operate the DVS Hub for the purpose of verifying individual’s identities under the IVS Act.

For more information on how the Attorney-General’s Department may handle your personal information, see the Attorney-General’s Department’s Privacy Statement – Identity Verification Services.

10.2 How will the document issuer handle your personal information?

Your personal information will be shared by the Attorney General’s Department via the DVS Hub with the government agency that issued your Identity Document to verify it against their official records. These agencies already hold your personal information as part of their official records, in line with their own privacy policies and legal obligations.

10.3 The Attorney-General’s Department’s verification assistance service

If we request assistance from the Attorney-General’s Department to verify your identity through the DVS, the Attorney-General’s Department will collect your personal information for the purposes of verifying your Identity Document(s) through the DVS.

The Attorney-General’s Department may also disclose your personal information to the relevant document issuer to assist them with verifying your Identity Documents. This collection is authorised under APP 5.2(c) and section 27 of the IVS Act which permits the collection of your personal information from someone other than yourself when it is authorised under an Australian law.

The Attorney-General’s Department will handle your personal information in accordance with its obligations under the Privacy Act 1988 (Cth).

Where the Identity Document(s) you require to be verified include information regarding other individuals (such as a Medicare card covering multiple individuals), it will be assumed that you have advised those individuals and obtained their consent to the disclosure. This information will only be used for the purposes of verifying your Identity Document(s) through the DVS. Any personal information of other individuals will otherwise be managed in the same way as your personal information.

11. Contact details

You may direct privacy complaints and requests for access to, amendment or deletion of personal information as specified in the CDSB general privacy policy or as follows:

Post

Right to Information and Privacy
Department of Customer Services, Open Data and Small and Family Business
PO Box 15086
CITY EAST QLD 4002

Email

CDSBRTIandPrivacy@cdsb.qld.gov.au

Phone

(07) 3008 2903