Contact us
RPEQ sign in
RPEQ directory
Privacy policy
On this page
PURPOSE
The Information Privacy Act 2009 (Qld) (IP Act) and the Queensland Privacy Principles (QPPs) set the rules for how the Board of Professional Engineers of Queensland (BPEQ, we, us) handles personal information.
This Privacy Policy (Policy) explains how we handle personal information under the IP Act, including:
- the kinds of personal information we collect and hold, how we collect and hold that personal information, and the purposes for which we collect, hold, use and disclose personal information;
- how you may seek access to, or correction of, your personal information; and
- how you may complain about our handling of your personal information, and how we will deal with the complaint.
SCOPE
This Policy applies to all BPEQ Board members, staff and contractors.
COLLECTION OF PERSONAL INFORMATION
The definition of ‘personal information’ as used in this Policy is set out in section 12 of the IP Act and explained in section 10 below. Generally, personal information can be said to be information about a living person from which, the identity of the person can be reasonably ascertained.
We collect personal information required to exercise our statutory functions and powers, and to meet our legal obligations. We may collect this personal information in writing or by recording information provided verbally.
We collect personal information directly from individuals who access our services and from third parties as part of carrying out our functions, including those under the Professional Engineers Act 2002(Qld) (PE Act). These functions include:
- assessing applications made to us under the PE Act, the Mutual Registration Act 1992 (Cth) (MR Act), and the Trans-Tasman Mutual Recognition Act 1997 (Cth) (TTMR Act);
- registering persons who are eligible for registration and issuing certificates of registration;
- conducting, or authorising, investigations about the professional conduct of registered professional engineers (RPEQs) and contraventions of the PE Act;
- conducting audits of RPEQs’ compliance with the PE Act;
- keeping the register of RPEQs;
- advising the Minister about:
- eligibility requirements for persons applying for registration, or renewal or restoration of registration; and
- the suitability of assessment schemes for approval; and
- the operation of the PE Act in its application to the practice of engineering;
- reviewing the eligibility requirements under paragraph (f) above;
- performing any other functions given to us under the PE Act and any other Act;
- performing a function incidental to a function listed above;
- responding to enquiries from the public and agencies; and
- carrying out our business functions, (e.g. human resources management and recruitment processes).
The kind of personal information we collect from individuals includes names, contact details, details of individuals’ eligibility for registration, and details about complaints regarding the conduct of RPEQs or unregistered persons. This information may be collected when someone:
- applies for registration, renewal or restoration of registration;
- makes a complaint about the conduct of an RPEQ;
- makes a notification regarding a contravention of the PE Act; or
- contacts our enquiries service to request information or assistance.
Due to the nature of our statutory functions, we may collect the personal information of an individual from third parties. This can be provided to BPEQ by inclusion in a document, for example, when we conduct an audit, or undertake an investigation in accordance with our statutory powers.
We may also collect personal information such as individuals’ names and contact details to organise meetings with BPEQ Board members or staff or when offering training and other engagement activities, including via our website.
Where we receive personal information that we did not specifically request and which we otherwise could not have collected, we will, as soon as practicable, and where permitted by law to do so, destroy the information or ensure it is de-identified.
We may also collect sensitive information. The definition of ‘sensitive information’ is set out in section 10 below. We will only collect sensitive information directly from the individual it relates to or with their consent and where it is reasonably necessary for, or directly related to, our functions, including our obligations under the PE Act.
The kinds of personal information (including sensitive information) that we collect and hold in relation to our functions is set out in the table below.
| Our function | Kind of personal information collected by us |
|---|---|
| Registration | We collect and hold personal information about people who apply for registration under the PE Act, MR Act or TTMR Act. The kinds of personal information (including sensitive information) that we may collect for this purpose includes:
Registrations data is held and managed in iMIS, software owned by ASi. View ASi’s Legal and Privacy Policies here. |
| Complaints about RPEQs and Notification of compliance breaches | We collect and hold information about individuals who make complaints or notify us about potential compliance breaches. The kinds of personal information we may collect for this purpose includes names, contact details, and any other personal information relevant to the subject matter of the complaint and the desired resolution. Should an individual choose not to provide certain personal information to us in making a complaint or notifying us of a compliance breach, we may be unable to properly consider this. We also collect and hold personal information from respondents who are subject to a complaint/investigation. We will only collect sensitive information of a respondent required to resolve a complaint/ investigation, directly from the respondent unless otherwise authorised under the IP Act. Complaints and notifications information is held and managed in Resolve, software owned by Resolve Management Group. View Resolve Management Group’s Privacy Policy here. |
| Regulatory audits, reviews and investigations | We collect and hold personal information from individuals the subject of an audit, review or investigation that is relevant to the matters or issue under examination. The kinds of personal information that we may collect for this purpose includes personal information relating to the functions of the person being audited and, in some circumstances, personal information of persons who have had contact with the personal being audited or investigated, and who have provided their personal information to the person being audited or investigated. |
| Information and assistance | We collect and hold personal information about individuals who contact our Enquiries Service by phone, post, or email. The kinds of personal information collected for this purpose may include names, contact details, and the enquirer’s circumstances which led to or are relevant to their enquiry. In certain circumstances this may include the collection of sensitive information directly from individuals who contact us and their opinions about other people, and expressions of dissatisfaction. |
| Human resources | We collect and hold personal information, including sensitive information, about our staff relevant to their employment at BPEQ. This information is requested directly from staff but we may also collect personal information about our staff from other staff and third parties. The kinds of personal information that we may collect for this purpose includes a staff member's contact details, date of birth, tax file number, qualifications, work history, required reasonable accommodations, entitlements, and next of kin and/or emergency contacts. We may also collect sensitive information such as medical information for the purposes of the employment relationship. As payroll and leave are managed for us by the Corporate Administration Agency (CAA) via the Aurion software system as part of a service level agreement, we may disclose personal information (including sensitive information) of our staff to CAA for the purposes of carrying out its business functions and where it is authorised to do so under the IP Act. Similar information may be collected from and held about our Board members. |
| Complaints about us | We collect and hold personal information about individuals who make complaints to us about our services for the purposes of investigating and resolving the complaint. The kinds of personal information collected for this purpose includes the complainant's name, contact details, and personal information in relation to their interactions with us and expressions of dissatisfaction. This information is requested directly from the complainant. |
| Recruitment and contractors | We collect and hold personal information about individuals who apply to work at BPEQ. The kinds of personal information collected for this purpose includes names, contact details, application documentation, identification information, assessments for suitability, referees and references. |
| Information collected through our website | Our website www.bpeq.qld.gov.au is hosted in Australia and does not generally collect personal information about site visitors. Our web measurement tools and Internet Service Providers record only anonymous information about site visitors for statistical purposes including:
We collect personal information through our website from individuals who subscribe to our electronic mailing lists, or use an online form (e.g. to register to participate in training or events, apply for external review, or lodge a privacy complaint). |
| Surveys | We may invite external review applicants and privacy complainants to complete voluntary surveys at the conclusion of a process for the purpose of gauging satisfaction with our services. BPEQ uses Typeform for these purposes. If an individual agrees to participate in these surveys, we will collect the individual's personal information through Typeform. Typeform may hold this information overseas, in Virginia, USA through Amazon’s AWS service. View Typeform’s Privacy Policy here. |
| Mailing list subscription | Our newsletter subscription service is delivered by Vision6. With their consent, a subscriber's email address is collected by Vision6 to deliver requested news, updates and alerts. You can read the Vision6 Privacy Policy here. Subscribers may unsubscribe from the newsletter at any time by following the prompt at the bottom of all emails. |
| Event registration | We collect and hold personal information such as contact information, that an individual provides to us when registering to attend our events. |
| Social media platforms | We use LinkedIn to communicate with the public about our work and to raise awareness of the PE Act. When individuals communicate with us via these social media platforms, we may collect personal information an individual provides during this communication. View LinkedIn’s privacy policies. |
| Google analytics | We use Google Analytics to gather statistics about how our website is accessed. Google Analytics uses cookies to gather information for the purpose of providing statistical reporting on website usage. The information generated by a cookie is transmitted to and stored by Google on servers located outside Australia. No personal information is recorded or provided to Google as part of this process. If you are logged into our website, information about your user account is not linked to data recorded by Google Analytics and is not provided to Google. Information gathered using the Google Analytics includes:
View Google’s privacy policy. |
| Analytics, business improvement and reporting | We may collect and hold information using our various analytics tools and survey platforms, namely:
We collect this information to communicate with subscribers regarding our events, services, or content and to improve our services and content. This will not ordinarily include personal information. To the extent the information collected by these tools includes personal information, it will be de-identified and used for analytics, business improvement and reporting purposes. |
USE AND DISCLOSURE OF PERSONAL INFORMATION
We use and disclose personal information for the purpose for which it was collected, including:
- exercising our powers or performing our statutory functions and duties, such as dealing with registration applications, reviewing and investigating discipline and compliance complaints or responding to enquiries; and
- managing associated business processes, such as recruitment and human resources administration.
We may use or disclose personal information for a secondary purpose with your consent or where authorised under the IP Act. This may include:
- where we are authorised or required by law (including to meet its procedural fairness obligations). This may include disclosure to a court or tribunal, for example where a decision on a complaint, or a registration decision is appealed to the Queensland Civil and Administrative Tribunal; or in relation to an application for judicial review application under the Judicial Review Act 1991(Qld); and
- where you would reasonably expect us to use or disclose your personal information for a purpose that is related to the primary purpose or, in the case of sensitive information, directly related to the primary purpose.
ACCESS AND CORRECTION OF PERSONAL INFORMATION
You may request access to and seek correction of any personal information held by us. Details about how you may seek access to, or correction of your personal information are outlined in our Right to Information webpage.
DISCLOSURE OUTSIDE OF AUSTRALIA
In certain circumstances, we may disclose personal information to entities outside of Australia. This includes where the disclosure of personal information overseas is necessary to deal with a complaint or application relevant to our statutory functions and obligations (e.g. where a complainant or applicant is overseas).
When you communicate with us through a social media platform such as LinkedIn, the social media provider and its partners may collect and hold your personal information overseas. We also use Typeform to conduct voluntary surveys from time to time, which may involve the collection and disclosure of participants’ personal information overseas.
We will not disclose personal information outside of Australia unless this complies with the IP Act.
DEALING WITH BPEQ ANONYMOUSLY OR USING A PSEUDONYM
Individuals who engage with us including through our Enquiries Service, by using an online enquiry form, reporting a data breach, or making a complaint have the option of not identifying themselves, or of using a pseudonym.
However, we may be unable to deal with an individual anonymously where:
- we are required or authorised under an Australian law, or a court or Tribunal order, to deal with individuals who have identified themselves; or
- it is impracticable for us to deal with individuals who have not identified themselves or who have used a pseudonym. (e.g. where a complaint relates to a particular individual's file).
SECURITY OF PERSONAL INFORMATION
We hold personal information securely and take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure in accordance with the requirements of the IP Act.
We comply with relevant Queensland government Information Standards and security protocols to protect personal information and ensure it can only be accessed on an authorised basis.
Where we hold personal information that is no longer required for a purpose in which the information may be used or disclosed under the IP Act, we will take reasonable steps to destroy the information or ensure it is de-identified if:
- the information is not required to be kept under the Public Records Act 2023 (Qld); and
- we are not required under an Australian law, or a court or tribunal order to retain the information.
PRIVACY COMPLAINTS ABOUT BPEQ
If you believe we have not handled your personal information in accordance with the IP Act, you may make a privacy complaint. A privacy complaint may be made on behalf of another person if:
- they have authorised you to do so;
- they are a minor/child and you are their parent or guardian; or
- they lack capacity and you are their guardian or have other legal authority to act for them.
You may make a privacy complaint to us in writing, by including:
- an address for us to respond to you (e.g. an email address); and
- details about the matter or issues you are complaining about (e.g. what did we do, or not do, which you consider is a breach of our obligations under the IP Act).
You must send your complaint to us within 12 months of becoming aware of the act or practice you consider constitutes a breach of the IP Act. If you make a privacy complaint on behalf of someone else, you must include an authority from the person on whose behalf the complaint is made, or other evidence (e.g. a birth certificate demonstrating that the complainant is a minor/child and you are their parent).
Contact address for privacy complaints
Email: legal@bpeq.qld.gov.au
Post: Board of Professional Engineers of Queensland
GPO Box 5216
Brisbane QLD 4000
Timeframe for handling a privacy complaint
Where a privacy complaint is made, we have 45 business days to provide a response to the complaint. If, after 45 business days have passed since you made a complaint and you have either:
- received a response from us which you do not consider to be adequate; or
- not received a response from us,
you may escalate your complaint to the Office of the Information Commissioner by following this procedure.
APPROVAL
This policy was approved by the Board Chair on 27 August 2025.