Site navigation
 
Department of Transport and Main Roads

Privacy Policy

Purpose

The Department of Transport and Main Roads is committed to managing personal information in accordance with the Information Privacy Act 2009 (Qld) (IP Act).

This Privacy Policy outlines how we uphold our obligations under the IP Act, ensuring the protection of individuals' privacy and fostering transparency in the management of personal information.

Policy statement

We are dedicated to fostering a culture of privacy awareness. We strive to ensure that personal information is collected, used, stored, and disclosed only for purposes directly related to our functions and services, and that it is protected throughout its lifecycle in accordance with the Queensland Privacy Principles (QPPs). The full text of the QPPs is available in schedule 3 of the IP Act.

Objectives

This policy supports our commitment to complying with the QPPs and has been developed in alignment with the IP Act and guidance provided by the Office of the Information Commissioner (OIC), Queensland. It aims to:

  • ensure the lawful, fair, and transparent handling of personal information
  • promote accountability and privacy best practices across all of our operations
  • outline how an individual can access their personal information and seek its amendment
  • provide guidance on how an individual can submit a privacy complaint.

Applicability

This policy applies to all our permanent full time, part time, volunteer, trainee and temporary employees, contractors, consultants, third party suppliers, vendors, and hosted managed service providers authorised to access our information systems and assets.

Authority

QPP1 outlined in Schedule 3, Part 1 of the IP Act sets out the obligation for all Queensland government agencies to establish and implement a privacy policy.

Information about you

We describe information about you using two terms:

  • personal information
  • sensitive personal information.

Personal information

Personal information means any information or an opinion about an identified individual or an individual who is reasonably identifiable from the information or opinion:

  1. whether the information or opinion is true or not
  2. whether the information or opinion is recorded in a material form or not.

Sensitive personal information

Sensitive information is a sub-category of personal information that requires greater security protections than other types of personal information. We may need to collect information that is considered ‘sensitive’ in order carry out some of our responsibilities and functions.

Sensitive information includes:

  • racial or ethnic origin
  • political opinions
  • membership of a political association
  • religious or philosophical beliefs or affiliations
  • membership of a professional or trade union or association
  • sexual orientation or practices
  • criminal record
  • health information
  • genetic information that is not otherwise health information
  • biometric information that is to be used for the purpose of automated biometric verification or biometric identification.
  • biometric templates

Why we collect personal information?

We oversee Queensland's transport systems for roads, rail, air, and sea. We collect personal information necessary for our functions and activities which include:

  • statutory and other legal functions and duties for Queensland’s integrated transport environment
  • the development of policy, legislation, and regulations
  • investigating incidents and/or defending any legal claims made against us and our staff
  • planning, funding and monitoring our services and functions
  • the improvement and development of digital and online services and products for our customers and stakeholders.

We collect and manage personal information as part of our routine activities, which include:

  • the issuing of driver licences
  • inspecting and registering vehicles and vessels
  • improving road safety
  • preserving the condition and value of the community’s road infrastructure
  • upgrading the road network
  • maintaining efficient traffic flows
  • overseeing personalised transport
  • managing mass passenger transit including bus, train and ferry
  • managing marine safety and regulating the safety of recreational vessels.

What types of personal information we collect and hold

The types of personal information we collect from you may vary based on service or function we need it for.

Examples of the types of personal information we collect include:

  • name
  • address
  • contact details
  • date of birth
  • your identification information
  • digital photographs
  • signature
  • licence status and history - including details of offences, restrictions, suspensions, cancellations and disqualifications.
  • vehicle and vessel registration and insurance information
  • go card travel information
  • video surveillance systems (VSS) (formerly CCTV) images and body worn camera footage
  • biometric information that is used for the purpose of automated biometric verification or biometric identification and its templates
  • offence detected photographs such as mobile phone and seat belt offences
  • financial information relating to payments and refunds.

The types of sensitive personal information we collect for specific functions and activities may include:

  • health and medical (in connection with travel subsidies, disability parking permits, claims, employment and statutory investigations)
  • video surveillance systems (VSS) (formerly CCTV) images and body worn camera footage
  • biometric information that is used for the purpose of automated biometric verification or biometric identification and its templates
  • fare evasion, criminal and traffic offence information.

We also collect personal information about its staff, contractors and suppliers. These records are used to support all employment activity including payroll, recruitment and administrative processes.

When do we collect personal information from you?

We only collect your personal information by lawful and fair means, using methods that are not unreasonably intrusive. We may ask you for certain types of personal information when you ask for a particular service or product from us. This collection may occur when:

  • you use our online services to apply for, or pay for a product
  • you contact us to request access to or to update your personal information
  • you complete an application in relation to one of our functions or services
  • you apply for a job with the department
  • you communicate with us or provide feedback to us, including on social media
  • you ask us a question, or request information from us
  • you submit a complaint to us
  • you provide a response to one of our surveys or lodge a submission with us
  • you participate in consultation and engagement activities
  • you sign up or register to join one of our newsletters or social media accounts.

When can you deal with us anonymously or using a pseudonym?

Where possible, we will allow you to interact with us anonymously (without providing your name or other identifying information), or by using a pseudonym (using a nickname, term or descriptor instead of your real name). For example, if you contact us with a general enquiry, we will only request your name if it is necessary to provide an appropriate response.

However, for most of our functions and activities we need your name, your contact details and enough information about the matter for us to reasonably and efficiently respond to your enquiry or request.

How do we collect personal information about you?

Direct collection

When we collect personal information about you, we aim to only collect the information we need to carry out our functions and responsibilities. Wherever practical and feasible, we will collect this information directly from you rather than through a third party.

Wherever possible, we will provide you with a privacy collection notice at the time of collection. This notice, which may be provided in written or verbal form, will clearly explain how your personal information will be used and managed.

Indirect collection

We may collect personal information about you indirectly from another government agency or other third party. Indirect collection may occur:

  • through administering legislation
  • when applying for certain services or products
  • through law enforcement activities
  • when responding to a complaint or enquiry
  • when conducting referee, criminal or other required checks for employment purposes
  • when administering whole-of-government online services.

In all instances where we collect personal information from third parties or other government agencies, this information will be managed and stored in line with this policy.

Information we generate ourselves

We maintain records of the interactions we have with individuals, including any services we have provided.

We collect limited information about users of our websites. Our server makes a record of your visit for diagnostic and analytic purposes only. Our websites may also use cookies to retain preferences during your visit to our website for use next time you visit the site. Cookies used on our websites do not identify individual users.

Unless you provide your personal information while using our online services, we will not seek to identify you or monitor your browsing activities. However, in some circumstances, for instance, during an investigation, law enforcement agencies may request access to activity logs under the appropriate legislative authority.

How do we manage your personal information?

The QPPs outlined in the IP Act guide how we manage your personal information at every stage of its lifecycle.

When managing personal information, we are committed to making decisions and taking actions that respect and uphold human rights, particularly our obligation to protect individuals' privacy and reputation.

What purposes do we use your personal information for?

We may use your personal information:

  • to provide you with a service or product of ours that you have requested
  • to provide technical or other support to you
  • to answer your enquiry about our services or functions, or to respond to a complaint
  • to manage our employment or business relationship with you
  • to promote our other programs, products or services which may be of interest to you (unless you have opted out from such communications)
  • to comply with legal and regulatory obligations
  • where otherwise permitted or required by law
  • for other purposes with your consent.

In most instances we only use personal information for the purpose we collect it, or a directly related purpose

How do we know that the personal information we hold about you is accurate?

Prior to using your personal information, we may check with you that your information is correct and up to date.

Please contact us if you think that the personal information we hold about you is incorrect or needs to be updated. More information about how you can contact us to change or update the personal information we hold about you is explained in the “how can I access or correct my personal information" section of this policy.

How do we store and secure your personal information?

We take steps to protect your personal information against misuse, interference, loss, unauthorised access, modification and disclosure. These steps include:

  • restricting access to staff who require the information to do their job
  • monitoring system access with authenticated credentials
  • ensuring our buildings are secure
  • regularly updating and auditing our storage and data security systems.

We also uphold our responsibilities under the Financial and Performance Management Standard 2019, Public Records Act 2023 and the Queensland Government Information Standards to maintain compliant records.

How long do we keep your personal information?

The records we keep are stored in line with the the our General Retention and Disposal Schedule (GRDS) approved by Queensland State Archives. We take reasonable steps to ensure personal information is stored securely, not kept longer than necessary, and disposed of appropriately.

When might my personal information be shared with another party outside of the department?

We may give your personal information to third parties if:

  • it is necessary to provide the service or product you have requested
  • if it is permitted or required by law
  • for another purpose, with your consent.

When we ask for your personal information we will inform you, through our privacy collection notices, about any third parties to whom the information may be routinely disclosed.

Service providers

To help deliver some of our services and functions we may engage the use of contracted service providers. Some examples include:

  • operation and maintenance of the go card system
  • cloud-based storage of information
  • community surveys, engagement and feedback.

To provide these services and functions, service providers may collect and use personal information on our behalf.

Before a contracted service provider delivers services or performs functions on behalf of us, we ensure they can meet our strict privacy and confidentiality obligations. All contracted service providers are bound by a contract or service agreement to use your personal information solely for the purpose of providing the service on our behalf. They are held to the same high standards of privacy and confidentiality as us.

Law enforcement activities

There are specific flexibilities in the application of the privacy principles for law enforcement activities. These provisions recognise that an agency's use of personal information for investigation and enforcement purposes may entail the secondary use of existing department information, or the exchange of relevant information with third parties. In such cases, we will ensure that these activities are conducted in compliance with the obligations of the IP Act and any other applicable authorising legislation.

Body worn cameras

The department's compliance officers, which include Transport Inspectors, Maritime Officers and TransLink’s Senior Network Officers use body worn cameras (BWC).

We are committed to respecting individuals' privacy. As such, its compliance officers will only activate BWCs where it is lawful, necessary, and proportionate to do so, such as during interactions where evidence may need to be collected for compliance, enforcement, or safety purposes.

Video surveillance systems

We use video surveillance systems (VSS) in many locations throughout Queensland to enhance safety and for monitoring and maintenance purposes.

The department uses VVS to:

  • maintain security and safety at our workplaces and worksites
  • observe driver behaviour
  • monitor passenger behaviour on the public transport network
  • manage traffic flow
  • manage and monitor vessel flow
  • maintain security and safety at our boat harbours, mariners and boat ramps

Any time a VVS captures identifiable images of an individual, it is potentially capturing personal information. The department’s VSS are operated with respect for people's privacy, and any images captured are maintained ensuring that the:

  • recording and retention of images are undertaken fairly and lawfully
  • recorded images are only used for the purpose for which the VSS system was installed, unless the images are required by a law enforcement agency
  • individuals are made aware that they are subject to VSS surveillance, unless the system is being used for investigations or other law enforcement purposes.

Camera detected offence program

In Queensland, the Camera Detected Offence Program (CDOP) is jointly managed by Transport and Main Roads, Queensland Treasury and the Queensland Police Service (QPS).

CDOP operations include the deployment of:

  • mobile, fixed and point to point speed cameras
  • redlight cameras
  • combined redlight and speed cameras
  • mobile and fixed mobile phone and seatbelt cameras
  • automatic number plate recognition cameras for unregistered and uninsured vehicles and vehicles transporting dangerous goods in tunnels.

We are conscious of respecting people's privacy, as such, images captured by camera detection devices are maintained in the following manner:

  • recording and retention of images is undertaken fairly and lawfully by all agencies involved in the CDOP
  • images are only used for the purpose for which the camera detection device was installed, unless legal authority permits another use
  • road users are made aware of the use of camera detection devices in Queensland through various mechanisms including site specific signage for some fixed cameras, publication of fixed camera sites on the our website and general signage located at specific entry points in Queensland. The locations of mobile speed camera sites are released on the open data portal by QPS
  • images captured that are considered likely to contain an offence are verified by authorised people before an infringement notice is issued.

When do we share personal information outside Australia?

We may disclose your personal information overseas where:

  • it is necessary to provide the service or product you have requested
  • it is permitted or required by law
  • information sharing arrangements or contracts are in place
  • for other purposes with your consent.

Social media

The department has official social media accounts on Facebook, X, Instagram, You Tube and LinkedIn to reach and engage with audiences in the community.

When you communicate with us through a social network platform, we will only use the personal information you provide to help us perform departmental functions or activities. The social network provider and its partners may collect and hold your personal information overseas. Users of these platforms must make themselves aware of the individual social media platform's terms of use and privacy conditions policy prior to use.

Mobile apps

The department has a range of mobile apps that can capture personal information such as contact details, date of birth, and location.

Any personal information that is collected or provided via a software application (App) will be collected, used and disclosed in accordance with the IP Act and any terms or privacy notices specific to that App.

Where relevant, we may record information about your use of the App. This information may include:

  • the random, auto-generated user account number created when the App is first launched and associated with your device
  • when and how you use the App
  • the pages you access, and the types of functions you use.

Personal information that is captured through our apps will be used by us for the purpose we told you we were collecting it for and managed in line with our responsibilities.

Third party login providers

If you use a third party for your login to a Transport and Main Roads online service or App, the third party will have its own terms and conditions and privacy obligations for their logins. For information on these terms and conditions and privacy obligations, use the following links.

QGov (Queensland Government)

Terms and conditions

Facebook or Meta Data Policy Terms of Service

Links to other sites

Our website may provide links to third party websites. These linked sites are not under our control, and we do not accept responsibility for the conduct of third parties linked on our website.

How can you access, correct or delete your personal information?

You have the right to request access to, and amendment of, your personal information held by us.

Our online services and apps allow you to access, update, or amend certain personal information.

You may also request the deletion of:

  • accounts created using Transport and Main Roads Apple or Android apps
  • information linked to those accounts or any Transport and Main Roads online service or app integrated with Meta products, such as Facebook.

To access, correct, update, or request the deletion of personal information or accounts associated with a Transport and Main Roads app or Meta product (via third-party login providers), you can:

  • use the relevant online service or app
  • visit the department's website
  • contact the customer service call centre on 13 23 80
  • for TransLink-related enquiries, contact TransLink on
  • visit a Customer Service Centre in person.

Departmental employees seeking access to their personnel information should contact their local Human Resource Advisor as the first point of contact. If the requested information cannot be released or amended administratively, a formal access application can be submitted via the online application form available on the Right to Information (RTI).

When can you opt out of receiving communications from us?

You have the right to opt-out of direct marketing, and profiling for marketing.

If you receive email marketing communications from us, the right to opt-out of being included in our mailing list should be as simple as clicking on the ‘unsubscribe’ link in an email you receive from us and following the prompts.

What happens if a privacy data breach occurs?

In the event of a data breach involving personal information, we follow our Data Breach Policy to respond promptly and effectively. This includes assessing the breach, mitigating risks, and notifying affected individuals and relevant authorities where required.

Notifiable data breaches

Section 73 of the IP Act sets out the obligation for all Queensland government agencies to establish a Mandatory Notification of Data Breach (MNDB) Scheme. The MNDB scheme requires us to publish a data breach policy and notify the OIC and affected individuals of eligible data breaches.

An eligible data breach occurs when:

  • there is unauthorised access to, or disclosure of, personal information held by us
  • the unauthorised access to, or disclosure of the personal information is likely to result in serious harm to an individual (an ‘affected individual’).

How can you make a privacy complaint?

If you believe that we have not dealt with your personal information in a way that is consistent with our obligations under the IP Act, you may submit a privacy complaint.

Privacy complaints can be made by an individual or their authorised representative.

Privacy complaints made to the department must:

  • be made in writing
  • explain the incident or practice that has given rise to the privacy complaint.

We will acknowledge your formal privacy complaint within 3 business days of receiving the complaint in writing.

Under the IP Act, we are permitted a minimum of 45 business days to provide a response in relation to a privacy complaint. Where we need a longer timeframe to investigate and respond to a privacy complaint, we will contact you to advise you of the estimated delivery date for our response and keep you up to date with how your complaint is progressing.

We will communicate our decision in writing, including any recommended actions that are considered appropriate to resolve the complaint.

Privacy complaints may be marked Private and Confidential and forwarded to:

RTI, Privacy and Complaints Management
Department of Transport and Main Roads
GPO Box 1549
Brisbane Qld 4001
Or, via email to [email protected]

Complaints may also be made using the Online Contact Methods available on our website.

Complaints may be made anonymously, however where a complaint is received that requires investigation of a customer record or requires a response containing personal information, evidence of the complainant’s identity must be provided.

Mediation by the OIC

The OIC is an independent statutory body established under the Right to Information Act 2009 and the Information Privacy Act 2009 with the aim of promoting access to government held information and protecting personal information held by the public sector.

If you are unhappy with the outcome or action we have taken to address your privacy complaint you may refer your complaint to the OIC for their independent review and mediation.

Complaints referred to the OIC must be made in writing either by completing a hard copy of the complaint form on the OIC’s website, or by letter, to the OIC office at:

Office of the Information Commissioner
PO Box 10143, Adelaide St
Brisbane QLD 4000

Legislation

Public sector legislation

The department operates within the obligations of legislation governing public sector organisations when managing personal information, including but not limited to:

Our administrative legislation

We collect and manage personal information that may be specifically required or authorised by our administrative legislation. This includes:

  • Air Navigation Act 1937
  • Century Zinc Project Act 1997 (ss 5(2)-(7), 11, 12, 13)
  • Civil Aviation (Carriers’ Liability) Act 1964
  • Cross River Rail Delivery Authority Act 2016
  • Gold Coast Waterways Authority Act 2012
  • Heavy Vehicle National Law Act 2012
  • Maritime Safety Queensland Act 2002
  • Photo Identification Card Act 2008
  • Queensland Rail Transit Authority Act 2013
  • Rail Safety National Law (Queensland) Act 2017
  • State Transport Act 1938
  • State Transport (People Movers) Act 1989
  • Sustainable Ports Development Act 2015
  • Thiess Peabody Mitsui Coal Pty. Ltd. Agreements Act 1965
  • Agreements Act 1965 (except to the extent administered by the Deputy Premier, Treasurer and Minister for Trade and Investment; and the Minister for Resources)
  • Tow Truck Act 1973
  • Tow Truck Act 2023
  • Transport Infrastructure Act 1994
  • Transport Operations (Marine Pollution) Act 1995
  • Transport Operations (Marine Safety) Act 1994
  • Transport Operations (Marine Safety – Domestic Commercial Vessel National Law Application) Act 2016
  • Transport Operations (Passenger Transport) Act 1994
  • Transport Operations (Road Use Management) Act 1995
  • Transport Planning and Coordination Act 1994
  • Transport (South Bank Corporation Area Land) Act 1999
  • Transport Security (Counter-Terrorism) Act 2008.

Implementation and review

This policy takes effect on 1 July 2025 and will be reviewed every two years to ensure it meets business needs and best practice guidelines.

Information used to inform the review may include:

  • feedback received from customers, stakeholders and staff
  • the results of internal or external reviews, audits or evaluations
  • any changes in policy, legislation or organisational structure.
Last updated
15 November 2025