We are committed to protecting the privacy of your personal information. We work to ensure that we comply with the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles under the Privacy Act, and any other applicable privacy laws. If you are resident in the European Economic Area (EEA) or the United Kingdom (UK), applicable privacy laws include the EU General Data Protection Regulation and the UK General Data Protection Regulation respectively.
Personal Information is information or an opinion that identifies an individual. This can include names, addresses, email addresses, phone and phone numbers.
Sensitive information is a type of personal information that includes information about an individual’s racial or ethnic origin, professional, political or religious affiliations or memberships, sexual orientation or practices, criminal record, health, genetics and/or biometrics.
At all times we try to collect directly from you only the personal information we reasonably need for the particular function or activity we are carrying out. This can include when you visit our website, contact us, make a booking with us, submit a booking enquiry to us, raise a query or complaint with us, sign up to one of our mailing lists, apply for a job with us (as further described below), contract with us or otherwise interact with us.
We may also collect your personal information (including sensitive information) that we reasonably need from third parties, including government agencies, regulators, commercial counterparties and third party service providers (including credit reporting, recruitment or information agencies), and from publicly available records when handling or resolving a complaint, investigation (including investigating a data breach), conducting recruitment processes or otherwise performing any particular function or activity we are carrying out.
Depending on the nature of our relationship and interactions with you, we may collect a range of personal information. This includes your name, contact details (including your address, email address and phone number), date of birth, gender, nationality, organisation and IP address. If you attend one of our events, we may also take audio or visual recordings which identify you.
On occasion, we may collect information about you of a sensitive nature (such as information about your health). However, we will only do this with your consent or otherwise in accordance with applicable laws.
We also collect personal information when recruiting people to work with us. This may include the types of information listed above, along with your qualifications, work history and reference details. Before offering you a position, we may collect additional details such as your tax file number, superannuation information and other background check information (such as police clearances and working with children checks, to the extent required or permitted by applicable laws).
Generally, we will collect this information directly from you. We may also collect this information from third parties (such as recruitment agencies, background check agencies or your referees).
The purposes for which we collect your personal information depend on the nature of our relationship and interactions with you. These purposes may include:
Legal bases for processing personal information if resident in the EEA or UK
We process your personal information where it is in our legitimate interests to do so. We believe that our use of your personal information is within a number of our legitimate interests, including the purposes listed above under the heading ‘why we collect personal information’.
We may also process your sensitive personal information where it is in the course of our activities as a not-for-profit body, or where processing your sensitive personal information is necessary for us to exercise our rights or carry out our employment and social security law obligations.
You may choose to remain anonymous or use a pseudonym in your communications with us where it is lawful and practicable. However, if you choose to do so, please note that we may not be able to provide you with information or goods and services, or effectively manage our relationship with you.
We endeavour to take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure. We also endeavour to take reasonable steps to destroy or de-identify personal information that we no longer require.
We maintain physical security over paper and electronic data stores, including through the use of locks and security systems at our premises. We also maintain computer and network security such as firewalls to protect your personal information and to control access to our computer systems.
We secure communications between your browser and this website with encryption technology wherever possible. We also encourage you to exercise care in sending personal information via the internet.
We may use and disclose your personal information for our legitimate business purposes, including for the purposes set out above in relation to our collection of personal information. For example, we may disclose your personal information to:
To additional protect your personal information when disclosing it to third parties, we also include special privacy provisions in our contracts and engagements.
We may use the personal information you provide to us to send information to you, including promotional material about us (and our various entities, goods and services) and the goods and services of relevant third parties. We may send you such information by direct mail, telemarketing, email, SMS, MMS or other similar means.
If you do not want to receive marketing from us, you can unsubscribe by emailing us (see email contact below) or by clicking on the “unsubscribe” link in an automated mailout that you have received from us.
We may disclose, transfer, store, process or use your personal information outside of your country of residence (or where you are resident in the European Economic Area (EEA), outside of the EEA). This may happen if our related entities, employees, contractors or third parties we engage with are located overseas, including in the United States of America and the United Kingdom.
For residents in the EEA and United Kingdom (UK), we may transfer your personal information outside of the EEA and UK provided that the means of transfer provides adequate safeguards in relation to your data, including in accordance with any applicable laws.
If you would like to access any of the personal information we hold about you, please email us (see email contact below). We will endeavour to provide access promptly and free of charge. However, we may refuse to provide access, or may charge a fee for compiling the requested information, if it is lawful for us to do so. If we refuse a request for information, or decide to charge such a fee, we will provide you with a reason for our decision as required by applicable privacy laws.
Please let us know if there are any errors or discrepancies in the personal information we hold about you or if your details have changed. We will take reasonable steps to correct, update and/or delete this information in accordance with applicable privacy laws following your request. Please note, if you choose to update and/or delete the personal information we hold about you, we may not be able to provide you with requested information, products or services, or to effectively conduct our relationship with you.
In addition to the above right of access and right of rectification, you may also have other rights in relation to the personal information we hold about you. These include the right to object to, or restrict our processing of, your personal information, the right to request that we erase your personal information, and the right to transfer your personal information between service providers.
However, please note that some of these rights may not always apply to the personal information we hold about you as there are sometimes requirements and exemptions which mean we need to keep the personal information, or other times when the rights may not apply at all.
We will consider your questions, concerns and complaints to work out what steps can be taken in response. If you make a complaint which requires detailed consideration or investigation, we may ask you to give us more information about your complaint and the outcome you are seeking. We may need to gather relevant facts, locate and review relevant documents and speak with other people involved. In any event, we will endeavour to provide you with a response within 30 days.
If you are not satisfied with an outcome following the above process, you may wish to contact the Office of the Australian Information Commissioner at:
If you are resident in the EEA or UK
You have the right to make a complaint to your local data protection authority, which in the UK is the Information Commissioner’s Office (www.ico.org.uk). The authorities for EU Member States are listed (along with contact details) on the European Commission website here.