Visit Victoria Limited (ABN 37 611 725 270) (we, us, our) is a company limited by guarantee.
This Policy also applies to all individuals and entities who interact with Visit Victoria, this includes (but is not limited to) agents, contractors, subcontractors, employees, representatives, users of Visit Victoria's services, volunteers, and participants in Visit Victoria events.
We are committed to ensuring that we manage personal information in an open and transparent way in accordance with applicable Commonwealth and Victorian privacy laws.
1.2 Our obligations
We are required to comply with the Privacy and Data Protection Act 2014 (Vic) (PDP Act). We may also be required in some circumstances to comply with Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth).
2. What personal information do we collect and hold?
We may collect personal information if the information is reasonably necessary for one or more of our functions or activities as outlined in section 4. For example, we may collect:
- your name, address, location and other contact details;
- your date of birth and age;
- your gender;
- information about your health needs;
- information about your nationality and language;
- information about your interests, preferences, or travel plans;
- information about our events (i.e. which events you attend and how you participate in our events);
- where you choose to disclose via social media, your preferences, likes and dislikes;
- billing information.
2.2 What if you don't provide us with your personal information?
We will provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual's actual name.
In some cases however, if you don't provide us with your personal or health information when requested, we may not be able to provide you with the information, or assistance that you are seeking. For example, you must identify yourself to subscribe to receive our newsletter, receive funding, register for an event, or enter a competition.
3. How do we collect personal information?
3.1 Methods of collection
We will only collect personal information by lawful and fair means. We will only collect personal information about an individual from that individual (unless it is unreasonable or impracticable to do so).
3.2 Collection notices
Where we collect personal information about you, we will take reasonable steps to provide you with certain details about that collection such as who we are and how you may contact us, why we are collecting the information and who we may share it with.
We will generally include this information in a collection notice provided to you at or before the time the information is collected (or, if that is not practicable, as soon as practicable after that time).
Collection notices provide more specific information than this Policy. The terms of this Policy are subject to any specific provisions contained in collection notices and in the terms and conditions of particular offers, products and services.
3.3 Unsolicited information
Unsolicited personal information is personal information we receive that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement).
We may keep records of unsolicited personal information if permitted by law (for example, if the information is reasonably necessary for one or more of our functions or activities). If not, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.
4. Why do we collect personal information?
4.1 What are the primary purposes that we collect personal information for?
The primary purposes for which we collect, hold, use and disclose personal information are set out below:
- providing information, news, offers and conducting surveys;
- providing or facilitating the provision of goods and services;
- processing payments;
- engaging volunteers;
- registering subscriptions to our newsletter or application forms;
- running or managing events (including receiving information from ticketing agencies in circumstances where individuals have given the ticketing agency permission to provide the individual's personal information to presenters/producers related to an event);
- managing an account created by an individual in relation to an event and communicating with an individual about their participation in an event;
- running a competition or promotion;
- communicating with respondents to a call for expressions of interest or participation in relation to our events;
- maintaining our relationship with an individual or entity delivering goods and services;
- promoting ourselves and our products and services, including through direct marketing and events;
- performing research and statistical analysis, including facilitating research by third parties and for service improvement purposes;
- reporting statistics (on an aggregated, de-identified basis) to the government departments that fund us and to our donors, sponsors and promotional partners;
- answering queries and resolving complaints (including responding to comments or messages submitted to us via our website);
- general account management, planning and administration (including managing relationships with business contacts who have transacted with us);
- sending individuals follow ups on events, products or services ordered, used or inquired about;
- keeping individuals informed of changes to this website and the events, products or services offered through this website or other sites of related companies, licensees or other production companies with which we collaborate; and
- analysing the results of surveys.
4.2 What secondary purposes may we use personal information for?
We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or:
- which are permitted by law;
- for which you have provided your consent; or
- which are necessary for maintaining the reliability and security of infrastructure and services.
Secondary purposes that we may use your personal information for include improving our services through quality improvement activities such as audits and surveys and for the purposes of obtaining professional advice or in the unlikely event of an investigation, where a law enforcement agency may lawfully exercise a warrant to inspect records.
4.3 Direct marketing and re-marketing
We may use your personal information to let you know about our products or services, either where we have your express or implied consent or where we are otherwise permitted by law to do so. We may contact you for these purposes in a variety of ways, including by mail, email, SMS or telephone.
Where you have consented to receiving marketing communications from us, your consent will remain current until you advise us otherwise. However, you can opt out at any time, by:
- contacting us as set out in paragraph 10;
- advising us if you receive a marketing call that you no longer wish to receive these calls; or
- using the unsubscribe facility that we include in our commercial electronic messages (such as emails and SMSs) to opt out of receiving those messages.
5. How may we use and disclose your personal information?
We will only use and disclose your personal information when it is lawful and reasonable to do so. We will also only use and disclose your personal information for the purpose for which it was collected, or a purpose related to the purpose for which it was collected or as authorised by law. We may also disclose personal information without consent if we are required to do so by law.
We may disclose your personal information to third parties where appropriate for the purposes described under paragraph 4, including to:
- information technology and data storage providers;
- partner or affiliated organisations;
- research and statistical analysis providers;
- third party program evaluators;
- ticketing agencies; and
- mail houses.
In each case, we may disclose personal information to a service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
We may also report statistics to the government departments that fund us and to our sponsors and promotional partners for information purposes.
6. Transfer of personal information outside Victoria
In some cases, persons that we disclose personal information to may be located outside of Victoria or we may store information on computer servers located outside of Victoria.
When we transfer personal information to third parties or outside Victoria, we use secure arrangements to protect the information. We will only transfer personal information outside Victoria after taking reasonable steps to satisfy ourselves that the recipient of the personal information is bound to comply with equivalent privacy obligations to those applying to us.
7. Integrity of personal information
We hold personal information in a number of ways, including in hard copy documents, electronic databases, email contact lists, and in paper files held in drawers and cabinets. We take reasonable steps to:
- make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;
- protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
- destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Information Privacy Principles set out in the PDP Act (we do keep some information for a number of years to comply with legal requirements).
8. Access and correction
Please contact our Privacy Officer (details under paragraph 10 below) if you would like to access or correct the personal information that we hold about you. We may ask you to verify your identity before processing any access or correction requests, to make sure that the personal information we hold is properly protected. Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 30 days.
We will generally provide you with access to your personal information, subject to some exceptions permitted by law. We will also generally provide access in the manner that you have requested (eg by providing photocopies), provided it is reasonable and practicable for us to do so.
If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
8.3 What if we do not agree to your request for access or correction?
If we do not agree to your access or correction request, or if we do not agree to give you access in the manner you requested, we will provide you with a written notice setting out the reasons for our decision (except to the extent that, having regard to the grounds for refusal, it would be unreasonable to do so) and available complaint mechanisms.
If we refuse to correct personal information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to do this in such a way that will make the statement apparent to users of the information.
If you have a complaint about how we have collected or handled your personal information, please contact our Privacy Officer (details under paragraph 10 below).
We will try in the first instance to deal with your complaint and take any steps necessary to resolve the matter. If we are not able to do so, we will ask you to submit your complaint in writing.
We will endeavour to acknowledge receipt of your written complaint within 7 days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the relevant facts, locating and reviewing relevant documents and speaking to relevant individuals.
In most cases, we expect to investigate written complaints and provide a response within 30 days of receipt. If the matter is more complex and our investigation may take longer, we will let you know, and tell you when we expect to provide our response. Our response will set out:
- whether in the Privacy Officer's view there has been a breach of this Policy or any applicable privacy legislation; and
- what action, if any, we will take to rectify the situation.
If you are unhappy with our response, you can refer your complaint to the Office the Commissioner for Privacy and Data Protection toll free on 1300 666 444.
10. Email and 'contact us' messages
We may preserve the content of any email, 'contact us' or other electronic message we receive. Any personal information contained in those messages will only be used or disclosed in ways set out in this Policy. The message content may be monitored by our service providers or our employees for purposes including compliance auditing and maintenance or where email abuse is suspected.
11. Contacting us
Please contact us if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details are set out below.
Write to: Corporate Council Officer
Email: [email protected]
Telephone: +613 9002 2222