This policy forms part of the by-laws of Queensland Pups & Handlers Inc. as defined in the constitution of the association.

1. Overview

This document will cover how we as a club will be handling and securing information supplied to us. Please note that this document does not cover the information collected by our website. Please see this link to access the website privacy policy: https://www.q-pah.org/privacy-policy

2. Objectives of this policy

As we are a kink-associated club, handling personal or personally-identifiable information is paramount to ensure none of our members are negatively affected by leaking personal information and their association with the club without their consent.

3. Handling of Membership Database

As this database contains names, emails addresses and other personally identifiable information, only the executives in the committee will have access. All other committee members will not have direct access to see or change the membership database.

3.1 General Requests for Access to Membership Database

By law, we are required to be able to let any of our members request information from this database. To accomplish this requirement while ensuring privacy to our members we will require the following process to be followed:

1. A request for access to this database must first be submitted in writing to the secretary, via email.
2. The request must explain in detail why they want to access this information.
3. The executive team has 7 days from the date the email has been received to respond to the request.
4. If approved, a time and place for sharing this information will be discussed with the person requesting the information. If there are reasonable grounds for believing this information would put a member at risk, a written response will be returned explaining why we cannot comply with the request.
5. When sharing the information, two members of the committee must be present at all times.
6. The membership database will never be printed or saved directly and only the pertinent information required by the request will be shared.

3.2 Emergency Access to Membership Database

If certain information (e.g. a phone number for a particular member) is needed in an emergency (for example someone’s life is in danger), one of the members of the executive team who has access to the database will be alerted.

If the request is deemed valid and the information does need to be supplied immediately, only the required information for the request is supplied, and then the rest of the committee is to be alerted either by email or in the next committee meeting about the request for information and the reason why it was supplied.

3.3 Aggregated and Anonymised Details About Membership Database

While the database itself is considered highly confidential and must be protected, there are some stats about the database itself that are considered safe to share with external parties. 

Details of the membership database that can be shared without going through the process aligned above must be in either an aggregated or anonymised form (such as how many members we have, or how many active/lapsed members).

Information that can be shared freely without going through the normal approval process must have the following characteristics:

1. Must be either aggregated data or completely stripped of personally identifiable information
2. Must have no way of being linked back to any member either directly or when used in conjunction with any other information

6. Photos and Images of Members

Photos may be taken at any of our events. These photos may be posted on any of our social platforms or on the website. All members have the option to opt-out of their image being used at any time, by either informing a committee member (who is then responsible to ensure the rest of the committee is informed) or by emailing us.

If a member wishes to remove their image (either individual images or all images featuring them) from the website or any social platform account controlled by Q-PAH, this can be accomplished by emailing us with details about which images (containing the member’s likeness) are requested to be removed.

Note, we can only remove images from platforms and accounts we control. We are unable to remove any images posted or displayed on other peoples accounts or websites.

7. Other Private or Personal Information

Any other information acquired or provided to the committee which can be deemed as sensitive or personal will be kept at the strictest confidence. No committee member will share or discuss sensitive information they have been privy to while working as a committee member to anyone outside of the committee.

The committee shall deem whether something should be classed as sensitive or protected on a case-by-case basis Such items may include but are not limited to:

• Medical diagnoses or information about a member’s health (mental or physical) which was presented to the committee in confidence
• Issues and disagreements between members which have been escalated to the committee 
• Addresses, names, professions, ages and other personal information which is not already public
• Life circumstances of members (e.g. relationships, or living arrangements) which have been given to committee in confidence and is not already public

8. In the Event of Privacy Breach

In the case of a privacy breach where private or personal information has been exposed outside of the normal approval process, either accidental or by a malicious actor, the committee must act to inform all affected members about the privacy breach and what information may have been exposed as soon as possible.