- 1.2 We are committed to protecting the privacy of individuals and as such, agree to follow the Australian Privacy Principles as set out in the Privacy Act 1988 (Cth) and the Information Privacy Act 2009 (Qld).
- 1.4 If you: (a) are from a country that is part of the European Union; (b) have a business that has an establishment in the European Union; or (c) are disclosing Personal Information for someone who is from the European Union, then we will follow the the General Data Protection Regulations to the extent they impose certain rights and obligations that the Australian Privacy Principles do not impose.
2.1 The following definitions apply to this policy:
- (a) Australian Privacy Principles: means the principles listed in Schedule 1 of the Privacy Act 1988 (Cth) as amended from time to time.
- (b) Personal Information: means information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent or can reasonably be ascertained, from the information or opinion.
- (c) Privacy Officer: means Gillian Toner (Head of Operations) who can be contacted at firstname.lastname@example.org.
- (d) Purpose: means any purpose that is related to the operation of our business including: i. the booking of travel holidays; ii. providing opportunities for tourism operators to market and promote their services; iii. providing other travel-related services; iv. market research for the purpose of determining demographic trends in the way consumers use travel information and other travel products; v. any act and omission that is directly related to the management and operation of our business; vi. disclosures to employees, officers, principals, agents, contractors, advisers, government agencies, financial institutions or their agents and local tourism organisations and providers; vii. any use and disclosure that is required or authorised by Law; or viii. any other purpose that is consented to by you including suppliers contacting you about goods and services.
- (e) Us/We/Our: means Visit Sunshine Coast Limited A.C.N. 144 749 717 and as the context requires, includes employees, officers, agents, contractors and subcontractors of Visit Sunshine Coast.
- (f) You: means the person to whom the Personal Information belongs, and may include: i. any of our current and past members; and ii. any person who has provided Personal Information in connection with goods and services provided by, or advertised by Us.
- 3.1 We collect Personal Information from you in a number of different ways. For example, we may collect Personal Information directly from you in the course of our dealings with you, when you: (a) provide Personal Information to us; (b) apply for a position of employment with us; (c) use our website or services (including via cookies); and (d) contact and correspond with us, for example to ask for information.
- 3.2 We may also: (a) collect Personal Information about you from another publicly available source of information; and (b) with your consent, collect Personal Information from third parties including recruitment agencies, previous employers, government departments and third-party service providers which provide criminal, bankruptcy and other checks.
- 3.3 The Personal Information we collect about you may include information which individually or collectively could be used to identify you including: (a) your name, date and place of birth; (b) contact details; Internet Protocol (IP) address; (c) occupation and education/work history; (d) information about your dealings with us and our customers; and (e) other demographic information which read in conjunction with other Personal Information might lead to a positive identification, including information about: i. gender; ii. race; iii. ethnic origin; iv. religious, political or philosophical beliefs; v. trade union membership; health information; and vi. sexual activity or orientation.
- 3.4 The purposes for which we collect your information may include: (a) verifying your identity; (b) contacting you (including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner); (c) developing and improving our services and obtaining feedback; or (d) Personal Information that is provided by you through the Site.
- 3.5 As a controller of Personal Information, we agree to collect and use the minimum amount of Personal Information that is needed to fulfil our Purposes.
- 3.6 If we are not able to collect Personal Information about you, we may not be able to provide you with products, services and assistance to the extent that they require us to collect, use or disclose Personal Information.
4 Use and disclosure
- 4.1 You consent to and agree that we may only use or disclose your Personal Information for the Purpose for which it was collected.
- 4.2 We may also use and disclose your Personal Information for a secondary purpose that is related to a purpose for which we collected it, where you would reasonably expect us to use or disclose your Personal Information for that secondary purpose.
- 4.3 Other instances when we may use and disclose your Personal Information include: (a) where you have consented to the use or disclosure; (b) in confidence to our advisers and insurers; (c) in confidence to third parties to improve our services and obtain feedback; (d) to any related entity or person of ours; (e) where the use or disclosure is authorised or required by or under an Australian law or a court/tribunal order.
- 4.4 We may also share and disclose your Personal Information to third parties, including: (a) employees, officers, agents, contractors and sub-contractors; or (b) third party service providers engaged by us in the ordinary course of business, subject to confidentiality provisions as we deem appropriate.
- 4.5 Some of the third parties to whom we disclose your Personal Information may be located outside Australia.
- 4.6 We may disclose your Personal Information to external national or overseas facilities in the course of conducting information and data processing, back up and scanning, or for the purposes of obtaining other services from third parties, subject to those third parties being bound by terms that substantially comply with this policy.
- 4.7 We agree to use our best endeavours to correct any errors and inaccuracies that exist in the Personal Information that is used and disclosed by us as soon as we become aware of them.
5 Information about events, the Website and our services
- 5.1 We may contact you via email, SMS or by other means in order to provide you with updated information about the Site, in relation to events, or to provide you with other information about our goods and services.
- 5.2 If you do not wish to receive any such information, please contact us as set out below.
6 Information we keep about you
- 6.1 You have a right to request access to or to correct Personal Information held by us.
- 6.2 If you wish to access, correct or update any Personal Information we may hold about you, please contact us as set out below. However we may refuse access where legislation allows us to do so.
- 7.2 We will investigate the complaint and determine whether a breach has occurred and what action, if any, to take. When contacting us, please provide as much detail as possible in relation to the query, issue or complaint.
- 7.3 We will take any privacy complaint seriously and we request that you cooperate with us during this process and provide us with relevant information we may require so we can deal with your complaint fairly and promptly.
- 7.4 If you remain dissatisfied with our response, you can also make a formal complaint with the Office of the Australian Information Commissioner (which is the regulator responsible for privacy in Australia).
8 Storage and security of your Personal Information
- 8.1 We will take reasonable steps to keep any Personal Information we hold about you secure.
- 8.2 Except to the extent liability cannot be excluded due to the operation of statute, we exclude all liability (including in negligence) for the consequences of any unauthorised access to your Personal Information. Please notify us immediately if you become aware of any breach of security. 8.3 We may store your files in hard copy or electronically in our IT systems. These may include Australian-based cloud servers or the servers of third parties within Australia.
- 8.4 We implement a range of physical and electronic security measures to protect the Personal Information that we hold, including: (a) mandatory password protection on all computers (users are required to change their passwords at regular intervals); (b) hardware encryption on desktops, laptops and portable storage devices; (c) secure hard copy document, electronic storage media and hardware disposal procedures; (d) firewall and antivirus/malware software; and (e) systems and application access controls implemented to restrict access to information (on a need to know basis).
- 8.5 Staff receive periodic training on security issues, to foster a security aware culture. We also regularly review our security measures to identify charges that may be necessary or desirable.
9 Social Media
- 9.1 We display user generated content on social media accounts and other digital platforms.
- 9.2 By posting, linking or tagging any account, application or platform that is operated by us, you: (a) grant us a non-exclusive royalty free, worldwide, revocable, perpetual licence to use, modify, delete from, add to, reproduce or display your content on these accounts; and (b) to the fullest extent permitted by law, consent to the infringement of your moral rights for any user generated content that is uploaded onto our social media accounts; and (c) acknowledge that we do not approve, endorse, recommend or sponsor user generated content and provide no warranty as to its accuracy, currency and suitability.
11 Personal Information for EU based Individuals General Data Protection Regulation
- 11.1 This clause 11 applies if the European Union’s General Protection Data Regulations 2016/679 (GPDR) apply to you. Consent
- 11.2 Subject to this clause 11 you consent under the GDPR to us using your Personal Information for the relevant Purpose. Processing and Technical Measures
- 11.3 We will: (a) only process your Personal Information to the minimal extent needed to satisfy our Purpose; (b) implement technical and organisational measures that enable clause
- 11.3(a) to be satisfied; (c) implement additional safeguards to protect special categories of Personal Information (e.g. health information, race, sexual orientation, religion and political beliefs); and (d) ensure that any employees, officers, agents contractors or subcontractors who we engage are substantially bound by the same terms. Code of Conduct
- 11.4 We will implement a code of conduct that includes a requirement for us to comply with the GDPR. Access and Erasure
- 11.5 We will: (a) give you access to your Personal Information should you request it; (b) provide your Personal Information to a third-party subject to you consenting to the disclosure; and (c) erase your Personal Information if you ask for us to do so (subject to this not compromising our ability to carry out any research that is authorised by law or to exercise freedom of expression). Direct Marketing and Profiling
- 11.6 Subject to us receiving a request from you to, we will: (a) remove you from any direct marketing that uses your Personal Information; (b) not use or process your Personal Information in a way so that is used for data profiling. Children
- 11.7 If you are under the age of 16, we will use our best endeavours to obtain consent from your parent or guardian. Off Shore Transfers
- 11.8 We will implement legal arrangements that are substantially consistent with clause 11 when your Personal Information is transferred to a country that has not been approved by the European Union. Data Notification Breach
- 11.9 We will take steps to actively notify you within 72 hours of us discovering that your Personal Information has been used or disclosed in a way that is inconsistent with this Policy. Queries
- 11.10 Through our Privacy Officer, we will respond to any queries or requests you might have about the use, disclosure, protection or removal of your Personal Information.
12 Contact us
- 12.1 Please direct any privacy issues or queries to our Privacy Officer.