Mates4Mates Privacy Policy


Mates4Mates respects and upholds your rights to privacy established by the Australian Privacy Principles contained in the Privacy Act 1988 (Act).

This policy outlines Mates4Mates commitment to protecting and upholding the right to privacy of clients, staff, volunteers, Governing body/Management Committee members and representatives of agencies we deal with.

Mates4Mates is committed to protecting and upholding the rights of our clients to privacy in the way we collect, store and use information about them, their needs and the services we provide to them.

Mates4Mates requires all staff, volunteers and the governing body/management members to be consistent and careful in the way they manage what is written and said about individuals and how they decide who can see or hear this information.


Mates4Mates is committed to secure information management and privacy and will ensure that:

  • it meets its legal and ethical obligations as an employer and service provider in relation to protecting the privacy of clients and organisational personnel
  • we provide information about the right to privacy to our clients, which includes how we collect, use and disclose personal information in order to perform our functions and activities, which includes the provision of health, wellbeing and social connection services to veterans and their families
  • clients and organisational personnel are provided with privacy when they are being interviewed or discussing matters of a personal or sensitive nature
  • all staff, Governing body/Management Committee members and volunteers understand what is required in meeting these obligations
  • will adhere to all requirements imposed under the Privacy Act 1988, including the requirements imposed by the Privacy Amendment (Notifiable Data Breaches) Act 2017, to strengthen the protection of personal information.

We are firmly committed to protecting the privacy and confidentiality of your personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in our care.

You can find more information about the APPs and privacy rights and responsibilities at the website of the Office of the Australian Information Commissioner at


This Privacy Policy conforms to the Privacy Act (1988) and the Australian Privacy Principles which govern the collection, use and storage of personal information and outline:

  • how we collect, use, exchange and disclose information about our clients, suppliers (and their employees) and people who use our services or apply for employment with us;
  • how we ensure that people know what sort of personal information is held, what purposes it is held it for and how it is collected, used, disclosed and who will have access to it
  • how to contact us if you have any questions or concerns about the management of your personal information;
  • how you can access your personal information;
  • how we will respond to and manage any breach of privacy.

In this policy we use the terms “personal information” and “sensitive information” – these terms are defined in the Privacy Act 1988.

In general terms, “personal information” is information or an opinion that can be used to personally identify you. “Sensitive information” is a type of personal information that requires higher protection and includes information or an opinion about an individual’s racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, trade union membership or associations, sexual orientation or practices, criminal record, health information and genetic information.

Mates4Mates’s handling of employee records in relation to current and former employment relationships is exempt from the APPs in certain situations, in which case this privacy policy will not apply.


We only collect your personal information if it is necessary for what we do (such as psychological counselling, physical rehabilitation, skills for recovery programs, veteran research) or to comply with the law. The kind of personal information that we need to collect from you will depend on how and why you are connecting with us and may include the following:

  • your contact details, including your full name, street address, email address and telephone number, as well as your date of birth and gender, no matter which type of product or service you are requesting from us;
  • if you are accessing our services online, we might also collect your IP address, browser type, domain names, browsing preferences, access times and the addresses of referring websites;
  • your occupation;
  • your service history;
  • information concerning your dealings with the Department of Veterans Affairs;
  • any relevant payment or billing information;
  • your health or disability related information, including your medical history, treating medical and allied health, and other service providers;
  • your proof of identity information and documentation including driver's license, passport or birth certificate information;
  • your next of kin and emergency contact information;
  • Relevant Guardians or Nominees

Mates4Mates Veteran & Family Wellbeing Centre clients

  • limited information about your services record/history, including your branch of service and status (e.g. serving, ex-serving, transitioning);
  • inferred information and characteristics as a result of undertaking data analysis;
  • information provided in surveys, incidents, feedback, complaints and commentary;
  • images from CCTV used in and around the centre.

Sensitive Information

In limited circumstances we may need to collect sensitive information about you, such as:

  • your physical and mental health information, including your medical history and treating doctor relevant to the services we will provide to you
  • information about your cultural background, such as whether you identify as Aboriginal or Torres Strait Islander

If we collect your sensitive information, we will only do so with your consent (unless otherwise required by law).


The main ways we collect personal information are:


  • when you contact or visit us (or we visit you), including visiting a centre, contacting us directly or through a call centre, making an inquiry, completing our online forms, making a complaint or supplying feedback, attending an event
  • if you access our websites, including using cookies, which may track what you view on our websites and other websites/apps that you visit, and can also help the website to recall your specific information on later visits. Cookies may also come from third party services for the purpose of collecting data to enable website performance measurement and personalised advertising (for more information see our Cookie Policy below). For the provision of online services, such as telemedicine or social connection activities, we may also collect contact information that will be used to provide these services to you.


  • from any person authorised to act on your behalf or authorised to provide your personal information to us (such as referrals from medical and allied health practitioners)

From third parties

  • from Australian government agencies and departments such as the Department of Veteran Affairs, the National Disability Insurance Agency or health departments
  • from third party providers who work with us
  • from RSL Queensland (our related organisation)


We may hold your information in either electronic or hard copy form. We will take reasonable steps to ensure your personal information is destroyed or de-identified once we are no longer required to hold your personal information, and it is no longer needed.
We take reasonable steps to protect the security of your personal information that we hold, including by:
  • having security measures in place to protect the personal information we hold from misuse and loss and from unauthorised access, modification, or disclosure
  • having measures to restrict access to only personnel who need that personal information to effectively supply services to you
  • appropriate training for our staff on how to keep your information safe and secure
  • when personal information is transmitted to other websites, it is protected by encryption, such as the Secure Socket Layer (SSL) protocol
  • having a Data Breach Response Plan and following the requirements of the Data Breach Notification scheme under the Privacy Act.
  • notify individuals and the Office of the Australian Information Commissioner (OAIC) when there has been a data breach (or suspected breach) of personal information, if it is likely to result in serious harm to individuals whose privacy has been breached
  • destroy or permanently de-identify personal information no longer needed and/or after legal requirements for retaining documents have expired


We use your personal information in connection with carrying on our business. The way we use your personal information will depend on how and why you are connecting with us and may include the following purposes:


  • confirm your identity
  • verify eligibility requirements
  • supply goods or services to you
  • communicate with you concerning our services and activities
  • manage your involvement in the services
  • assess service outcomes
  • respond to feedback from you
  • conduct fundraising activities;
  • accept donations from you
  • for our own internal administrative purposes, such as to develop and/or test our systems
  • aid in administering our policies, or to investigate complaints or incidents
  • recruit and assess our employees, or to engage contractors
  • in the case of our suppliers or service providers, to administer contracts which we may have with you
  • maintain and update our records
  • comply with all laws

Mates4Mates Veteran & Family Wellbeing Centre clients

  • verify eligibility requirements
  • facilitate connection with other ex-service and community organisations within the centre/network
  • manage and co-ordinate your attendance at the centre
  • conduct a wellbeing check

We may also use your personal information for purposes related to any of the above, or which are disclosed to you at the time the relevant personal information is collected.


We may share your information for the purposes set out in section 7, where you would reasonably expect us to disclose your information, and/to comply with the law. This may include for the purposes of the administration of the products or services you have requested, mailing services, distribution services, IT services, data analysis, research, advertising, consultancy services, advocacy, and relevant stakeholders such as the Department of Veterans Affairs, National Disability Insurance Agency, Garrison Health/ ADF Health Services , Medicare, medical and allied health practitioners, disability and health services.

The way we disclose your personal information will depend on how and why you are connecting with us. For example, we may disclose your personal information to:


  • related entities, contractors, suppliers, distributors, and agents used by us in the ordinary course of our business
  • law enforcement agencies. Government agencies, or other third parties, where required under or authorised by law
  • our professional advisers to enable them to provide services to us
  • any other organisations where you have provided your consent

From time to time, we may provide aggregated and de-identified information to other business partners for various purposes, including for research purposes.

In doing so, we will take all steps as are reasonable to ensure that these parties respect and uphold the provisions of this Privacy Policy in relation to your personal information.


The collection of personal information will be limited to that which is required for the conduct of the project. Individual participants will not be identified.

People being invited to participate in a research project must be:

  • given a choice about participating or not
  • given the right to withdraw at any time
  • informed about the purpose of the research project, the information to be collected, and how information they provide will be used
  • given copies of any subsequent publications


Our preference is to not to store or disclose personal information outside Australia. However, this does occur in limited circumstances, such as service providers and information technology and cloud services providers located in countries other than Australia given the nature of ADF deployment.

We take reasonable steps to ensure that overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

Can I remain anonymous or give a pseudonym?

You have the option of not identifying yourself, or using a pseudonym, when dealing with us provided it lawful and practical to do so. However, there are a number of circumstances where this is not possible, including when:

  • engaging in any of our services
  • you are a prospective employee.

If you do not provide some or all of the personal information we request, we may be unable to effectively provide our services to you.


We may use your personal information for the purpose of providing you with information about our products, services or events or any other direct marketing activity which we consider may be of interest to you or engage in any other direct marketing activity if it is within your reasonable expectations that we would send you such information given the nature of earlier communications with you and/or the products or services that you have requested from us.

You may at any time opt out of receiving any communications from us (other than as required for the operation of our business e.g. regarding the payment of membership fees) by using the “unsubscribe” facility included in an email you receive from us or by contacting us using the details set out at the bottom of this document.


You can ask for a copy of your personal information, or ask us to update or correct it, by contacting the Privacy Officer (whose details are listed in section 16). We will respond to these requests in a timely manner (usually within 30 days).
Before we respond to your request, we will need to confirm your identity and we may ask you to complete an access request form. You do not have to provide a reason for requesting access.
If you believe that personal information, we hold about you is incorrect (i.e. it is incomplete, inaccurate, out-of-date, irrelevant or misleading), you can ask us to correct it. If we are satisfied that the information is incorrect, we will take reasonable steps to correct it and to inform any other organisation to which we have provided the information of the correction. If we refuse your request for correction and you ask us to do so, we will take reasonable steps to include a statement with, or associated with, the personal information that says you believe our record about you is inaccurate, out-of-date, incomplete, irrelevant or misleading.
If we refuse your requests to access, correct or associate a statement with your personal information, we will inform you of our reasons for the refusal and provide you with relevant complaint mechanisms.
We may change our Privacy Policy from time to time by publishing changes to it on our website with an updated effective date. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy. If we make significant changes to our Privacy Policy, we may also notify you by other means such as sending an email or posting a notice on our home page.


If you have any questions or comments about this policy or if you have any complaint regarding the treatment of your privacy by us, please contact us in writing using the following details:

  • The Privacy Officer Mates4Mates
  • PO Box 208, Fortitude Valley QLD 4006
  • Ph: 1300 4 MATES (62 837)
  • Email:
We treat complaints relating to privacy very seriously.

For complaints outside of privacy concerns, these can be submitted via email to or by calling 1300 4 MATES (62 837).

If you submit a concern or complaint, we will endeavour to deal with it comprehensively and reach an outcome where all parties are satisfied.

However, if you believe we have not adequately dealt with your complaint, or if you would like further information about privacy in Australia, then you can contact the Office of the Australian Information Commissioner at
If you are a NDIS participant, you may choose to make a complaint directly to the NDIS Quality and Safeguards Commission
This policy relates to:
NDIS Quality and Safeguards Commission Practice Standards, V.4 November 2021, Standard 2.4 Information Management QIC Health and Community Service Standards 7th Edition (v1.1) launched (, Criterion 2.3 Information Management.

Privacy Act (1988) and the Australian Privacy Principles Privacy Amendment (Notifiable Data Breaches) Act 2017 NATIONAL DISABILITY INSURANCE SCHEME ACT 2013 National Disability Insurance Scheme (Protection and Disclosure of Information—Commissioner) Rules 2018

Last updated: February 2024