Version 1.0: 26 March 2021
3. Personal information is defined in the Privacy Act 1988 (Cth) (“Privacy Act“) as:
“Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- a) Whether the information or opinion is true or not; and
- b) Whether the information or opinion is recorded in a material form or not.”
4. The Privacy Act includes thirteen (13) Australian Privacy Principles (APPs). The APPs regulate the way many companies collect, use, hold and disclose personal information.
5. “Usage Information” means anonymous aggregate data that is automatically collected through your use of our Sites. This includes information that identifies your device, your operating system, your IP address and dates and times that you access and use the Sites. This information is used for statistical analysis to help us improve our services to the benefit of all users.
HOW AND WHY WE COLLECT PERSONAL INFORMATION
8. The Company collects personal information in a number of ways. The most common ways we collect personal information include:
a) Via the Australian Photography Awards and Stories Competitions. We will collect personal information required to conduct the competition.
b) Via our website. We will collect personal information when you lodge an enquiry on our website. We use that personal information to respond to your enquiry.
c) When you speak to us via phone, mail or email. We will use the personal information provided to correspond with you and provide the information or services that you have requested.
9. Our Sites may collect Usage Information that may or may not be personal information. For each visitor to the Site, our server automatically recognises and stores the individual’s “IP address” (eg. the domain name or Internet protocol address), the type of Internet browser being used, the address of the site that “referred” the individual to our website and clickstream data. If this information cannot be used or combined with other data to identify you, it will not be personal information.
10. We also collect personal information for the purpose of providing you with any goods or services that you request, to update our Sites, to improve the services or goods that we provide and to develop our business.
WHAT PERSONAL INFORMATION IS COLLECTED?
11. We aim to only collect personal information that is necessary to fulfil the purpose for which you have disclosed it, or as required by law.
12. If you ask us to provide you with information, goods or services, sign up to join our mailing list, or submit a competition entry form, you will be asked to provide contact information (such as your name, telephone number, postal address and email address). You may also be asked for demographic information (such as your age, location and gender) and/or profile data (such as entertainment preferences e.g. what type of films you prefer).
13. In some instances we may need to ask you for additional information necessary to provide you with the goods or services you have requested. When we ask you for further information in addition to that you provide to us initially, we will tell you why we are collecting that information.
14. We aim to only collect information that is absolutely necessary to provide you with any service you have requested. It is your choice to provide us with Personal Information. If you would prefer to remain anonymous, we are happy to still deal with you provided that we don’t need to know who you are. Please be aware that it may be necessary for us to collect your Personal Information to provide services to you. As such, if you do not wish to provide your Personal Information, we may not be able to provide you with full access to our Sites and services.
15. Instances where this may be possible include where you are providing us with anonymous feedback that does not require a response.
16. We do not collect sensitive information except with your consent, and then only if collection of such information is necessary for some activity or function. For the purpose of this policy, “Sensitive Information” means health information or information or an opinion about an individual’s:
- racial or ethnic origin;
- political opinions;
- membership of a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership of a professional or trade association;
- membership of a trade union;
- sexual preferences or practices; or
- criminal record.
17. We utilise “cookies” to monitor traffic patterns and to serve you more efficiently if you revisit the Website. A cookie does not identify you personally, but it does identify your computer. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance. If you disable cookies, the Website may not function properly.
THIRD PARTY SITES
STORAGE OF PERSONAL INFORMATION
19. Any information we collect about you will be kept securely by us unless an event beyond our control disrupts the measures we have in place. We use up-to-date security, firewall, anti-virus and encryption software to secure the data we keep and to prevent unauthorised access, destruction, use, modification or disclosure. We have procedures in place with regards to staff access to personal information and ensure that only those staff who need to know have access to your information.
20. We will only store personal information for so long as it is required either to fulfil the purpose for which it was collected or to fulfil our obligations at law. We will conduct regular reviews of the personal information we hold and destroy or de-identify information no longer required.
DISCLOSURE OF PERSONAL INFORMATION
21. Generally, personal information will not be disclosed to individuals or organisations outside of the Company without your prior consent. However, in the circumstances described below, personal information may be disclosed to:
- Essential service providers: There may be other companies that we rely on to provide goods or services to you. We may be required to provide your personal information to these companies to ensure that we can deliver goods or services to you.
- Law enforcement or government bodies: There are exceptions under the Privacy Act with regards to the provision of personal information to law enforcement or government bodies. When a legitimate request is sent to us by a law enforcement or government body we will comply with that request and may provide personal information about you without your consent.
- Entities related to us or who take control of part or all of our business: In providing personal information to us you will need to be aware of the possibility that, in future, another entity may take control of part or all of our business. In that case, your personal information will be provided to that entity.
22. If we disclose personal information to a third party under outsourcing or contracting arrangements (a service provider), we will take steps to ensure that they have:
- Signed a binding agreement (reviewed by our legal advisors);
- Handle the personal information in a manner consistent with the APPs (regardless of whether they are a small business, or would otherwise be exempt from the Privacy Act);
- Only use the personal information in order to provide specific services or to perform the specific functions required; and
- Store the personal information securely, and only for as long as is necessary to provide the required services to perform the required functions.
23. We will not sell or otherwise provide your Personal Data to a third party, or make any other use of your Personal Data, for any purpose which is not incidental to your use of our services (including our Sites). For the avoidance of doubt, Personal Data will not be used for any purpose which a reasonable person in your position would not expect.
24. We recognise your right under the Spam Act 2003 (Cth) and the GDPR to opt out from direct marketing communications, and as such these consents can be modified at any time by emailing us at [email@example.com], or by clicking ‘unsubscribe’ on any direct marketing communications.
25. Please note certain non-marketing related correspondence from us, including messages relating to payment, will be automatically sent to you by virtue of your use of the Sites and associated services and you may not have the option to unsubscribe from receiving this correspondence.
ACCESS TO PERSONAL INFORMATION
26. Under the Privacy Act, you have the right to seek access and to update or correct the personal information that we hold about you. If you wish to exercise your right under the Privacy Act to seek access to the personal information held for you, you should make the request in writing (to the address specified below).
27. Ordinarily we will not charge for providing access/copies of personal information we hold about you, and will generally respond to access requests of this type within 30 days. If we anticipate there being a fee (for the time we spend locating and compiling the information you have asked for) we will provide you with an estimate before proceeding. If a fee is payable it will be based on an hourly rate plus the cost of photocopying or other out of pocket expenses. For legal and administrative reasons we may also store records containing personal information in archives. Access to these historical records may result in a charge being incurred (an estimate will be provided to you prior). Due to the nature of archive, requests for access to historical records may take longer to process than with current records.
28. You may correct the personal information we hold about you at any time, you should make the request in writing (to the address specified below). We do not charge a fee to correct personal information held. You acknowledge and agree that you remain solely responsible for maintaining the truth, accuracy, and completeness of your information at all times, and we shall have no liability to you or any third party arising from your failure to do the same.
29. On review of your request, if we agree that the personal information held is not accurate, complete and up to date, it will be corrected by the appropriate person. If we do not agree, you will be provided with the reason(s) for the views and the opportunity to make a statement of your view and have it included with the information held.
30. In accordance with the GDPR, we additionally acknowledge the specific rights of EU subjects to:
- have their data erased that is no longer being used for a legitimate purpose;
- request a copy of all Personal Data held about them by us in a readable format; and
- request restricted processing of their Personal Data whilst any complaints or concerns are being resolved.
To erase, request or restrict processing of your Personal Data, please email us at [firstname.lastname@example.org].
SECURING YOUR INFORMATION
32. No security measures are, however, 100% secure and we cannot guarantee the security of your information or data at any time. To the extent permitted by law, we accept no liability for any breach of security, or direct hacking of our security measures, or any unintentional disclosure, loss, or misuse of any information or data, or for the actions of any third parties that may obtain any information or data.
33. Notwithstanding the above, we acknowledge their obligation to report any data breach that is likely to risk the rights and freedoms of natural persons to the Australian Information Commissioner and, where such data breach involves the information of EU subjects, report to the European Data Protection Supervisor. We will also inform you, where possible, if any Personal Data has been breached in circumstances that pose a serious risk of harm to your rights and freedoms.
34. We may, in the course of providing the Sites to you, disclose Personal Data to overseas countries that are deemed by the EU Commission as having an ‘adequate’ level of Personal Data protection. Where we transfer data to a third party in a country where no adequacy decision has been made, we warrant that such third parties in those countries are bound under contract to meet the requirements of the GDPR.
35. You have a right to complain to us if you are concerned about your privacy, how we have dealt with your personal information or in relation to the Privacy Act.
36. If you are concerned about how we have dealt with your personal information you should first contact us (using the details set out below). We will endeavour to send you a written response within 10 business days.
37. If you are not satisfied with the way we have managed or attempted to resolve your complaint you may complain to the Office of the Australian Information Commissioner by calling them on 1300 363 992, via their website at oaic.gov.au or by mail to the Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001.
ACCEPTANCE OF THESE TERMS