|
PURPOSE
EventConnect.com has opted into and is committed to the protection of personal privacy
as required under the Privacy Act 1988 (Cth) ("the Privacy Act").
EventConnect.com has adopted a set of privacy principles based on the National Privacy
Principles contained in Schedule 3 of the Privacy Act.
POLICY
This policy sets out EventConnect.com's Privacy Protection Principles. These are
the principles that EventConnect.com has adopted in order to protect information
about individuals. These principles deal with the collection, use and disclosure
of personal information, as well as access to information and intrusion issues.
It also sets out the principles that EventConnect.com will adopt when considering
the introduction of new technology or services.
EventConnect.com's Privacy Protection Principles are:
Principle 1 - Collection
EventConnect.com will only collect personal information that is necessary for one
or more of its functions or activities. EventConnect.com will only collect personal
information by lawful and fair means and not in an unreasonably intrusive way. At
or before the time (or, if that is not practicable, as soon as practicable thereafter),
EventConnect.com collects personal information about an individual from the individual,
EventConnect.com will take reasonable steps to ensure that the individual is aware
of:
(a) The identity of EventConnect.com and how to contact it;
(b) The fact that he or she is able to gain access to the information;
(c) The purposes for which the information is collected;
(d) The organisations (or the types of organisations) to which EventConnect.com
usually discloses information of that kind; and
(e) The main consequences (if any) for the individual if all or part of the information
is not provided.
If it is reasonable and practicable to do so, EventConnect.com will collect personal
information about an individual only from that individual. If EventConnect.com collects
personal information about an individual from someone else, EventConnect.com will
take reasonable steps to ensure that the individual is or has been made aware of
the matters listed from (a) to (e).
Principle 2 - Use & Disclosure
EventConnect.com will only use or disclose personal information about an individual
for a purpose other than the primary purpose of collection (a secondary purpose)
if:
(a) Both of the following apply:
(i) The secondary purpose is related to the primary purpose of collection and, if
the personal information is sensitive information, directly related to the primary
purpose of collection;
(ii) the individual would reasonably expect EventConnect.com to use or disclose
the information for the secondary purpose; or
(b) The individual has consented to the use or disclosure; or
(c) The information is not sensitive information and the use of the information
is for the purpose of direct marketing and:
(i) It is impracticable for EventConnect.com to seek the individual's consent before
that particular use; and
(ii) EventConnect.com will not charge the individual for giving effect to a request
by the individual to EventConnect.com not to receive direct marketing communications;
and
(iii) the individual has not made a request to EventConnect.com not to receive direct
marketing communications; and
(iv) in communication with the individual, EventConnect.com draws to the individual's
attention, or prominently displays a notice, that he or she may express a wish not
to receive any further direct marketing communications; and (v) each written marketing
communication by EventConnect.com with the individual (up to and including the communication
that involves the use) sets out EventConnect.com's business address and telephone
number and, if the communication with the individual is made by fax, email or other
electronic means, a number or address at which EventConnect.com can be directly
contacted electronically; or
(d) EventConnect.com has reason to suspect that unlawful activity has been, is being
or may be engaged in, and uses or discloses the personal information as a necessary
part of its investigation of the matter or in reporting its concerns to relevant
persons or authorities; or
(e) the use or disclosure is required or authorised by or under law; or
(f) EventConnect.com reasonably believes that the use or disclosure is reasonably
necessary for one or more of the following by or on behalf of an enforcement body:
(i) the prevention, detection, investigation, prosecution or punishment of criminal
offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed
law;
(ii) the enforcement of laws relating to the confiscation of the proceeds of crime;
(iii) the protection of the public revenue;
(iv) the prevention, detection, investigation or remedying of seriously improper
conduct or prescribed conduct;
(v) the preparation for, or conduct of, proceedings before any court or tribunal,
or implementation of the orders of a court or tribunal.
(g) If EventConnect.com uses or discloses personal information under paragraph (f)
above, it will make a written note of the use or disclosure.
(h) The first paragraph above operates in relation to personal information that
EventConnect.com has collected from a related body corporate or business as if EventConnect.com's
primary purpose of collection of the information were the primary purpose for which
the related body corporate or business collected the information.
Principle 3 - Data Quality
EventConnect.com will take reasonable steps to make sure that the personal information
it collects, uses or discloses is accurate, complete and up-to-date.
Principle 4 - Data Security
EventConnect.com will take reasonable steps to protect the personal information
it holds from misuse and loss and from unauthorised access, modification or disclosure.
EventConnect.com will take reasonable steps to destroy or permanently de-identify
personal information if it is no longer needed for any purpose for which the information
may be used or disclosed under EventConnect.com Privacy Protection Principle 2.
Principle 5 - Openness
EventConnect.com will set out in a document clearly expressed policies on its management
of personal information. EventConnect.com will make the document available to anyone
who asks for it. On request by an individual, EventConnect.com will take reasonable
steps to let the individual know, generally, what sort of personal information it
holds, for what purposes, and how it collects, uses, and discloses that information.
Principle 6 - Access and Correction
If EventConnect.com holds personal information about an individual, it will provide
the individual with access to the information on request by the individual, in a
form or manner suitable to the individual's reasonable needs, except to the extent
that:
(a) In the case of personal information, providing access would pose a serious and
imminent threat to the life or health of any individual; or
(b) Providing access would have an unreasonable impact upon the privacy of other
individuals; or
(c) The request for access is frivolous or vexatious; or
(d) The information relates to existing or anticipated legal proceedings between
EventConnect.com and the individual, and the information would not be accessible
by the process of discovery in those proceedings; or
(e) Providing access would reveal the intentions of EventConnect.com in relation
to negotiations with the individual in such a way as to prejudice those negotiations;
or.
(f) Providing access would be unlawful; or
(g) Denying access is required or authorised by or under law; or
(h) Providing access would be likely to prejudice an investigation of possible unlawful
activity; or
(i) Providing access would be likely to prejudice:
(i) the prevention, detection, investigation, prosecution or punishment of criminal
offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed
law; or
(ii) the enforcement of laws relating to the confiscation of the proceeds of crime;
or
(iii) the protection of the public revenue; or
(iv) the prevention, detection, investigation or remedying of seriously improper
conduct or prescribed conduct; or
(v) the preparation for, or conduct of, proceedings before any court or tribunal,
or implementation of its orders; by or on behalf of an enforcement body; or
(j) An enforcement body performing a lawful security function asks VENUE CONNECT
not to provide access to the information on the basis that providing access would
be likely to cause damage to the security of Australia. However, where providing
access would reveal evaluative information generated within EventConnect.com in
connection with a commercially sensitive decision-making process, EventConnect.com
may give the individual an explanation for the commercially sensitive decision rather
than direct access to the information. If EventConnect.com has given an individual
an explanation under the above paragraph and the individual believes that direct
access to the evaluative information is necessary to provide a reasonable explanation
of the reasons for the decision, EventConnect.com will, at the request of the individual,
undertake a review of the decision not to release the information. Personnel other
than the original decision-maker will undertake the review. If EventConnect.com
is not required to provide the individual with access to the information because
of one or more of paragraphs (a) - (j) above (inclusive), EventConnect.com will,
if reasonable, consider whether the use of mutually agreed intermediaries would
allow sufficient access to meet the needs of both parties. If EventConnect.com levies
charges for providing access to personal information, those charges:
(a) will not be excessive; and
(b) will not apply to lodging a request for access.
If EventConnect.com holds personal information about an individual and the individual
is able to establish that the information is not accurate, complete and up-to-date,
EventConnect.com will take reasonable steps to correct the information so that it
is accurate, complete and up-to-date. If the individual and EventConnect.com disagree
about whether the information is accurate, complete and up-to-date, and the individual
asks EventConnect.com to associate with the information a statement claiming that
the information is not accurate, complete or up-to-date, EventConnect.com will take
reasonable steps to do so. EventConnect.com will provide reasons for denial of access
or a refusal to correct personal information.
Principle 7 - Identifiers
Except as specifically authorised under the Privacy Act, EventConnect.com will not
adopt as its own identifier of an individual an identifier of the individual that
has been assigned by:
(a) An agency; or
(b) An agent of an agency acting in its capacity as agent; or
(c) A contracted service provider for a Commonwealth contract acting in its capacity
as contracted service provider for that contract.
EventConnect.com will not use or disclose an identifier assigned to an individual
by an agency (or by an agent or contracted service provider mentioned above) unless:
(i) The use of disclosure is necessary for EventConnect.com to fulfill its obligations
to the agency;
(ii) One or more of paragraphs (e) to (h) in Privacy Protection Principle 2 above
(inclusive) apply to the use or disclosure; or
(iii) The use or disclosure is permitted under the regulations to the Privacy Act.
Note - the terms 'agency' and 'contracted service provider' in Privacy Protection
Principle 7 are defined in the Privacy Act, but, in general, relate to Commonwealth
Government agencies.
Principle 8 - Anonymity
Wherever it is lawful and practicable, individuals will have the option of not identifying
themselves when entering transactions with EventConnect.com. However, in most cases
it will not be practicable for the transactions to proceed to finality or for EventConnect.com
to provide pre and post-paid services without requiring their identification.
Principle 9 - Transborder Data Flows
EventConnect.com will transfer personal information about an individual to someone
(other than EventConnect.com or the individual) who is in a foreign country only
if:
(a) EventConnect.com reasonably believes that the recipient of the information is
subject to a law, binding scheme or contract which effectively upholds principles
for fair handling of the information that are substantially similar to EventConnect.com's
Privacy Protection Principles; or
(b) the individual consents to the transfer; or
(c) the transfer is necessary for the performance of a contract between the individual
and
EventConnect.com, or for the implementation of pre-contractual measures taken in
response to the individual's request; or
(d) the transfer is necessary for the conclusion or performance of a contract concluded
in the interest of the individual between EventConnect.com and a third party; or
(e) all of the following apply:
(i) the transfer is for the benefit of the individual; and
(ii) it is not practicable to obtain the consent of the individual to that transfer;
and
(iii) if it were practicable to obtain such consent, the individual would be likely
to give it; or
(f) EventConnect.com has taken reasonable steps to ensure that the information which
it has transferred will not be held, used or disclosed by the recipient of the information
inconsistently with EventConnect.com's Privacy Protection Principles.
Principle 10 - Sensitive Information
EventConnect.com will not collect Sensitive Information about an individual unless:
(a) the individual has consented; or
(b) the collection is required by law; or
(c) the collection is necessary to prevent or lessen a serious and imminent threat
to the life or health of any individual, where the individual whom the information
concerns:
(i) is physically or legally incapable of giving consent to the collection; or
(ii) physically cannot communicate consent to the collection; or
(d) the collection is necessary for the establishment, exercise or defence of a
legal or equitable claim.
Principle 11 - Privacy of Network Communications
When installing, operating, or maintaining its network, EventConnect.com will take
whatever measures are practicable, or are required by law, to ensure the privacy
of communications passing over its network.
Interception (Monitoring and Recording). Interception of a communication during
the course of its passage across the network is prohibited unless it is necessary
for the effective performance of functions or activities relating to:
> the installation of any line or equipment used in connection with the network,
or
> the operation or maintenance of the network, or
> the identifying or tracing of a person suspected of having contravened a provision
of Part VIIB of the Crimes Act 1914 (Cth);
> interception requested by law enforcement and security agencies (which will
only be undertaken on production of a lawful warrant and where VENUE CONNECT is
satisfied that the warrant has been issued in accordance with the requirements with
the Telecommunications (Interception) Act 1979 (Cth). In addition, recording will
only be undertaken where aural/visual monitoring is not suitable for the purpose
and voice recording will only be undertaken where authorised by the customer or
by law.)
Interception will only be undertaken in accordance with company procedures. Only
staff who have received instruction on the appropriate monitoring and recording
procedures and who are aware of their responsibilities for the protection of customer
privacy and confidentiality will be permitted to undertake monitoring functions.
Participant Monitoring. Participant monitoring may be undertaken for the purposes
of improving the quality of service to customers and the training of staff, or where
there is a specific operational, security or technical reason to do so. Customer
consent will be obtained prior to undertaking participant monitoring unless it is
not practicable to do so, such as in the case of calls or monitoring which are typically
of very short duration.
Principle 12 - New Services and Developments and Procedures.
EventConnect.com will consider the privacy impact of new business processes and
services before they are introduced.
EventConnect.com will provide services with privacy standards that are commensurate
with community expectations and which enables individual customers to choose a higher
degree of privacy protection where practicable.
The privacy impact arising from the introduction of the new services or products
will be balanced against their benefit to the general community and will take into
consideration the extent, means and cost by which privacy concerns can be mitigated.
Where practicable, EventConnect.com will provide customers with the ability to choose
between differing degrees of privacy protection. Education and choice In order that
customers may make an informed choice as to their usage of new services or products,
where appropriate EventConnect.com will advise customers of the privacy implications
of those services.
Where practicable, and where to do so would not undermine commercially sensitive
material, EventConnect.com will respond to queries concerning any implications for
privacy protection of existing and new services and make publicly available information
about any implications for privacy protection in relation to those services.
Principle 13 - Compliance Audit
EventConnect.com will maintain an independent compliance audit program to ensure
its Privacy Protection Principles and policies remain appropriate and that EventConnect.com
operates in compliance with those Principles and policies.
Targeted advertising using identifiers such as cookies and tracking pixels
The EventConnect.com website uses cookies, tracking pixels and related technologies. Cookies are small data files that are served by our platform or third party platforms we use and stored on your device. Our site uses cookies dropped by us or third parties for a variety of purposes including to operate and personalise the website. Also, cookies may also be used to track how you use the site to target ads to you on other websites.
By visiting EventConnect.com, third parties (such as AdRoll) may place cookies on users' browsers for targeted advertising purposes.
The type of data collected includes, IP addresses, cookie identifiers, website activity and are used for targeted advertising. This data may be used by third parties (such as AdRoll) to target advertising on other sites based on your users' online activity.
You can opt out of receiving targeted advertising. Here are some links to help you opt-out; the DAA opt-out site www.aboutads.info or the NAI opt-out site at networkadvertising.org/choices, or for those in Europe, the EDAA opt out site at youronlinechoices.eu
DEFINITIONS
Identifier includes a number assigned by an organisation to an individual to identify
uniquely that individual for the purposes of the organisation's operations. However,
an individual's name or ABN (as defined in A New Tax System (Australian Business
Number) Act 1999) is not an identifier. Individual means a natural person.
Monitoring means the listening to, reading or recording of a communication during
the course of its passage over a telecommunication system. Participant monitoring
means the listening to, reading or recording of, a communication during the course
of its passage over a telecommunication system by a party to that communication
and by using equipment forming part of the service.
Personal Information means information or an opinion (including information or an
opinion forming part of a database), whether true or not, and whether recorded in
a material form or not, about an individual whose identity is apparent, or can reasonably
be ascertained, from the information or opinion.
Privacy Act means the Privacy Act 1988 (Cth), as amended from time to time.
Sensitive Information means:
(a) information or an opinion about an individual's:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual preferences or practices; or
(ix) criminal record; that is also personal information; or
(b) health information about an individual.
Seriously Improper Conduct includes corruption, a serious abuse of power, a serious
dereliction of duty, or any other seriously reprehensible behaviour.
Surveillance means the systematic observance of a person's behaviour, communication
or personal information.
Third Party in relation to personal information, means any organisation or individual
other than EventConnect.com holding the information and the individual who is the
subject of the information.
Unless otherwise specified, words in this document have the meaning set out in the
Privacy Act.
REFERENCES
1. Privacy Statement
2. Privacy Protection Policy
RESPONSIBLE EXECUTIVE
Managing Director: Mr S Coombes
Signed: S. Coombes
RECORD OF ISSUES
Version 1 released February 2004
|