PURPOSE
EventConnect.com.au has opted into and is committed to the protection of
personal privacy as required under the Privacy Act 1988 (Cth) ("the Privacy
Act").
EventConnect.com.au has adopted a set of privacy principles based on the
National Privacy Principles contained in Schedule 3 of the Privacy Act.
POLICY
This policy sets out EventConnect.com.au's Privacy Protection Principles. These
are the principles that EventConnect.com.au has adopted in order to protect
information about individuals. These principles deal with the collection, use
and disclosure of personal information, as well as access to information and
intrusion issues. It also sets out the principles that EventConnect.com.au will
adopt when considering the introduction of new technology or services.
EventConnect.com.au's Privacy Protection Principles are:
Principle 1 - Collection
EventConnect.com.au will only collect personal information that is necessary for
one or more of its functions or activities. EventConnect.com.au will only
collect personal information by lawful and fair means and not in an
unreasonably intrusive way. At or before the time (or, if that is not
practicable, as soon as practicable thereafter), EventConnect.com.au collects
personal information about an individual from the individual,
EventConnect.com.au will take reasonable steps to ensure that the individual is
aware of:
(a) The identity of EventConnect.com.au and how to contact it;
(b) The fact that he or she is able to gain access to the information;
(c) The purposes for which the information is collected;
(d) The organisations (or the types of organisations) to which
EventConnect.com.au usually discloses information of that kind; and
(e) The main consequences (if any) for the individual if all or part of the
information is not provided.
If it is reasonable and practicable to do so, EventConnect.com.au will collect
personal information about an individual only from that individual. If
EventConnect.com.au collects personal information about an individual from
someone else, EventConnect.com.au will take reasonable steps to ensure that the
individual is or has been made aware of the matters listed from (a) to (e).
Principle 2 - Use & Disclosure
EventConnect.com.au will only use or disclose personal information about an
individual for a purpose other than the primary purpose of collection (a
secondary purpose) if:
(a) Both of the following apply:
(i) The secondary purpose is related to the primary purpose of collection and,
if the personal information is sensitive information, directly related to the
primary purpose of collection;
(ii) the individual would reasonably expect EventConnect.com.au to use or
disclose the information for the secondary purpose; or
(b) The individual has consented to the use or disclosure; or
(c) The information is not sensitive information and the use of the information
is for the purpose of direct marketing and:
(i) It is impracticable for EventConnect.com.au to seek the individual's
consent before that particular use; and
(ii) EventConnect.com.au will not charge the individual for giving effect to a
request by the individual to EventConnect.com.au not to receive direct
marketing communications; and
(iii) the individual has not made a request to EventConnect.com.au not to
receive direct marketing communications; and
(iv) in communication with the individual, EventConnect.com.au draws to the
individual's attention, or prominently displays a notice, that he or she may
express a wish not to receive any further direct marketing communications; and
(v) each written marketing communication by EventConnect.com.au with the
individual (up to and including the communication that involves the use) sets
out EventConnect.com.au's business address and telephone number and, if the
communication with the individual is made by fax, email or other electronic
means, a number or address at which EventConnect.com.au can be directly
contacted electronically; or
(d) EventConnect.com.au has reason to suspect that unlawful activity has been,
is being or may be engaged in, and uses or discloses the personal information
as a necessary part of its investigation of the matter or in reporting its
concerns to relevant persons or authorities; or
(e) the use or disclosure is required or authorised by or under law; or
(f) EventConnect.com.au reasonably believes that the use or disclosure is
reasonably necessary for one or more of the following by or on behalf of an
enforcement body:
(i) the prevention, detection, investigation, prosecution or punishment of
criminal offences, breaches of a law imposing a penalty or sanction or breaches
of a prescribed law;
(ii) the enforcement of laws relating to the confiscation of the proceeds of
crime;
(iii) the protection of the public revenue;
(iv) the prevention, detection, investigation or remedying of seriously
improper conduct or prescribed conduct;
(v) the preparation for, or conduct of, proceedings before any court or
tribunal, or implementation of the orders of a court or tribunal.
(g) If EventConnect.com.au uses or discloses personal information under
paragraph (f) above, it will make a written note of the use or disclosure.
(h) The first paragraph above operates in relation to personal information that
EventConnect.com.au has collected from a related body corporate or business as
if EventConnect.com.au's primary purpose of collection of the information were
the primary purpose for which the related body corporate or business collected
the information.
Principle 3 - Data Quality
EventConnect.com.au will take reasonable steps to make sure that the personal
information it collects, uses or discloses is accurate, complete and
up-to-date.
Principle 4 - Data Security
EventConnect.com.au will take reasonable steps to protect the personal
information it holds from misuse and loss and from unauthorised access,
modification or disclosure.
EventConnect.com.au will take reasonable steps to destroy or permanently
de-identify personal information if it is no longer needed for any purpose for
which the information may be used or disclosed under EventConnect.com.au
Privacy Protection Principle 2.
Principle 5 - Openness
EventConnect.com.au will set out in a document clearly expressed policies on its
management of personal information. EventConnect.com.au will make the document
available to anyone who asks for it. On request by an individual,
EventConnect.com.au will take reasonable steps to let the individual know,
generally, what sort of personal information it holds, for what purposes, and
how it collects, uses, and discloses that information.
Principle 6 - Access and Correction
If EventConnect.com.au holds personal information about an individual, it will
provide the individual with access to the information on request by the
individual, in a form or manner suitable to the individual's reasonable needs,
except to the extent that:
(a) In the case of personal information, providing access would pose a serious
and imminent threat to the life or health of any individual; or
(b) Providing access would have an unreasonable impact upon the privacy of
other individuals; or
(c) The request for access is frivolous or vexatious; or
(d) The information relates to existing or anticipated legal proceedings
between EventConnect.com.au and the individual, and the information would not
be accessible by the process of discovery in those proceedings; or
(e) Providing access would reveal the intentions of EventConnect.com.au in
relation to negotiations with the individual in such a way as to prejudice
those negotiations; or.
(f) Providing access would be unlawful; or
(g) Denying access is required or authorised by or under law; or
(h) Providing access would be likely to prejudice an investigation of possible
unlawful activity; or
(i) Providing access would be likely to prejudice:
(i) the prevention, detection, investigation, prosecution or punishment of
criminal offences, breaches of a law imposing a penalty or sanction or breaches
of a prescribed law; or
(ii) the enforcement of laws relating to the confiscation of the proceeds of
crime; or
(iii) the protection of the public revenue; or
(iv) the prevention, detection, investigation or remedying of seriously
improper conduct or prescribed conduct; or
(v) the preparation for, or conduct of, proceedings before any court or
tribunal, or implementation of its orders; by or on behalf of an enforcement
body; or
(j) An enforcement body performing a lawful security function asks VENUE
CONNECT not to provide access to the information on the basis that providing
access would be likely to cause damage to the security of Australia. However,
where providing access would reveal evaluative information generated within
EventConnect.com.au in connection with a commercially sensitive decision-making
process, EventConnect.com.au may give the individual an explanation for the
commercially sensitive decision rather than direct access to the information.
If EventConnect.com.au has given an individual an explanation under the above
paragraph and the individual believes that direct access to the evaluative
information is necessary to provide a reasonable explanation of the reasons for
the decision, EventConnect.com.au will, at the request of the individual,
undertake a review of the decision not to release the information. Personnel
other than the original decision-maker will undertake the review. If
EventConnect.com.au is not required to provide the individual with access to
the information because of one or more of paragraphs (a) - (j) above
(inclusive), EventConnect.com.au will, if reasonable, consider whether the use
of mutually agreed intermediaries would allow sufficient access to meet the
needs of both parties. If EventConnect.com.au levies charges for providing
access to personal information, those charges:
(a) will not be excessive; and
(b) will not apply to lodging a request for access.
If EventConnect.com.au holds personal information about an individual and the
individual is able to establish that the information is not accurate, complete
and up-to-date, EventConnect.com.au will take reasonable steps to correct the
information so that it is accurate, complete and up-to-date. If the individual
and EventConnect.com.au disagree about whether the information is accurate,
complete and up-to-date, and the individual asks EventConnect.com.au to
associate with the information a statement claiming that the information is not
accurate, complete or up-to-date, EventConnect.com.au will take reasonable
steps to do so. EventConnect.com.au will provide reasons for denial of access
or a refusal to correct personal information.
Principle 7 - Identifiers
Except as specifically authorised under the Privacy Act, EventConnect.com.au
will not adopt as its own identifier of an individual an identifier of the
individual that has been assigned by:
(a) An agency; or
(b) An agent of an agency acting in its capacity as agent; or
(c) A contracted service provider for a Commonwealth contract acting in its
capacity as contracted service provider for that contract.
EventConnect.com.au will not use or disclose an identifier assigned to an
individual by an agency (or by an agent or contracted service provider
mentioned above) unless:
(i) The use of disclosure is necessary for EventConnect.com.au to fulfill its
obligations to the agency;
(ii) One or more of paragraphs (e) to (h) in Privacy Protection Principle 2
above (inclusive) apply to the use or disclosure; or
(iii) The use or disclosure is permitted under the regulations to the Privacy
Act.
Note - the terms 'agency' and 'contracted service provider' in Privacy
Protection Principle 7 are defined in the Privacy Act, but, in general, relate
to Commonwealth Government agencies.
Principle 8 - Anonymity
Wherever it is lawful and practicable, individuals will have the option of not
identifying themselves when entering transactions with EventConnect.com.au.
However, in most cases it will not be practicable for the transactions to
proceed to finality or for EventConnect.com.au to provide pre and post-paid
services without requiring their identification.
Principle 9 - Transborder Data Flows
EventConnect.com.au will transfer personal information about an individual to
someone (other than EventConnect.com.au or the individual) who is in a foreign
country only if:
(a) EventConnect.com.au reasonably believes that the recipient of the
information is subject to a law, binding scheme or contract which effectively
upholds principles for fair handling of the information that are substantially
similar to EventConnect.com.au's Privacy Protection Principles; or
(b) the individual consents to the transfer; or
(c) the transfer is necessary for the performance of a contract between the
individual and
EventConnect.com.au, or for the implementation of pre-contractual measures
taken in response to the individual's request; or
(d) the transfer is necessary for the conclusion or performance of a contract
concluded in the interest of the individual between EventConnect.com.au and a
third party; or
(e) all of the following apply:
(i) the transfer is for the benefit of the individual; and
(ii) it is not practicable to obtain the consent of the individual to that
transfer; and
(iii) if it were practicable to obtain such consent, the individual would be
likely to give it; or
(f) EventConnect.com.au has taken reasonable steps to ensure that the
information which it has transferred will not be held, used or disclosed by the
recipient of the information inconsistently with EventConnect.com.au's Privacy
Protection Principles.
Principle 10 - Sensitive Information
EventConnect.com.au will not collect Sensitive Information about an individual
unless:
(a) the individual has consented; or
(b) the collection is required by law; or
(c) the collection is necessary to prevent or lessen a serious and imminent
threat to the life or health of any individual, where the individual whom the
information concerns:
(i) is physically or legally incapable of giving consent to the collection; or
(ii) physically cannot communicate consent to the collection; or
(d) the collection is necessary for the establishment, exercise or defence of a
legal or equitable claim.
Principle 11 - Privacy of Network Communications
When installing, operating, or maintaining its network, EventConnect.com.au will
take whatever measures are practicable, or are required by law, to ensure the
privacy of communications passing over its network.
Interception (Monitoring and Recording). Interception of a communication during
the course of its passage across the network is prohibited unless it is
necessary for the effective performance of functions or activities relating to:
> the installation of any line or equipment used in connection with the
network, or
> the operation or maintenance of the network, or
> the identifying or tracing of a person suspected of having contravened a
provision of Part VIIB of the Crimes Act 1914 (Cth);
> interception requested by law enforcement and security agencies (which
will only be undertaken on production of a lawful warrant and where VENUE
CONNECT is satisfied that the warrant has been issued in accordance with the
requirements with the Telecommunications (Interception) Act 1979 (Cth). In
addition, recording will only be undertaken where aural/visual monitoring is
not suitable for the purpose and voice recording will only be undertaken where
authorised by the customer or by law.)
Interception will only be undertaken in accordance with company procedures. Only
staff who have received instruction on the appropriate monitoring and recording
procedures and who are aware of their responsibilities for the protection of
customer privacy and confidentiality will be permitted to undertake monitoring
functions.
Participant Monitoring. Participant monitoring may be undertaken for the
purposes of improving the quality of service to customers and the training of
staff, or where there is a specific operational, security or technical reason
to do so. Customer consent will be obtained prior to undertaking participant
monitoring unless it is not practicable to do so, such as in the case of calls
or monitoring which are typically of very short duration.
Principle 12 - New Services and Developments and Procedures.
EventConnect.com.au will consider the privacy impact of new business processes
and services before they are introduced.
EventConnect.com.au will provide services with privacy standards that are
commensurate with community expectations and which enables individual customers
to choose a higher degree of privacy protection where practicable.
The privacy impact arising from the introduction of the new services or products
will be balanced against their benefit to the general community and will take
into consideration the extent, means and cost by which privacy concerns can be
mitigated. Where practicable, EventConnect.com.au will provide customers with
the ability to choose between differing degrees of privacy protection.
Education and choice In order that customers may make an informed choice as to
their usage of new services or products, where appropriate EventConnect.com.au
will advise customers of the privacy implications of those services.
Where practicable, and where to do so would not undermine commercially sensitive
material, EventConnect.com.au will respond to queries concerning any
implications for privacy protection of existing and new services and make
publicly available information about any implications for privacy protection in
relation to those services.
Principle 13 - Compliance Audit
EventConnect.com.au will maintain an independent compliance audit program to
ensure its Privacy Protection Principles and policies remain appropriate and
that EventConnect.com.au operates in compliance with those Principles and
policies.
DEFINITIONS
Identifier includes a number assigned by an organisation to an individual to
identify uniquely that individual for the purposes of the organisation's
operations. However, an individual's name or ABN (as defined in A New Tax
System (Australian Business Number) Act 1999) is not an identifier. Individual
means a natural person.
Monitoring means the listening to, reading or recording of a communication
during the course of its passage over a telecommunication system. Participant
monitoring means the listening to, reading or recording of, a communication
during the course of its passage over a telecommunication system by a party to
that communication and by using equipment forming part of the service.
Personal Information means information or an opinion (including information or
an opinion forming part of a database), whether true or not, and whether
recorded in a material form or not, about an individual whose identity is
apparent, or can reasonably be ascertained, from the information or opinion.
Privacy Act means the Privacy Act 1988 (Cth), as amended from time to time.
Sensitive Information means:
(a) information or an opinion about an individual's:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual preferences or practices; or
(ix) criminal record; that is also personal information; or
(b) health information about an individual.
Seriously Improper Conduct includes corruption, a serious abuse of power, a
serious dereliction of duty, or any other seriously reprehensible behaviour.
Surveillance means the systematic observance of a person's behaviour,
communication or personal information.
Third Party in relation to personal information, means any organisation or
individual other than EventConnect.com.au holding the information and the
individual who is the subject of the information.
Unless otherwise specified, words in this document have the meaning set out in
the Privacy Act.
REFERENCES
1. Privacy Statement
2. Privacy Protection Policy
RESPONSIBLE EXECUTIVE
Managing Director: Mr S Coombes
Signed: S. Coombes
RECORD OF ISSUES
Version 1 released February 2004
|