The Privacy Officer
PO Box 3012
The Privacy Officer
6 Broadway, Crawley WA 6009
General statement of principle
3. We will never give your name, address or other personal information to anyone wishing to contact our customer database for the purposes of marketing their own products and services to you.
4. We will only permit offers or invitations from third parties to be made through us and only if you actively opt-in to receiving such offers or invitations and we consider the offer or invitation to be of some interest or benefit to our customers. If we do permit an offer or invitation to be made through us by a third party it would usually be a reduced price or priority booking for an arts event or a special offer from one of our sponsors.
5. If you wish to be removed from our database, please email us at firstname.lastname@example.org
What is “personal information”
6. When used in this policy, the term “personal information” has the meaning given to it in the Privacy Act 1988 (Cth) (Privacy Act). In general terms, it is any information that can be used to personally identify you. This may include (but is not limited to) your name, age, gender, postcode and contact details (including phone numbers and email addresses) and possibly financial information, including your credit card, direct debit or PayPal account information. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
Collection of your personal information
7. Ochre may collect and hold the following types of personal information:
(b) mailing or street address;
(c) email address;
(d) telephone number;
(e) age or birth date;
(f) credit card information, but only if you expressly request us to hold that personal information (it is otherwise destroyed immediately after the relevant transaction has been completed);
(g) details of the products you purchase from us, such as Ochre events (Events), or products which you have enquired about, together with any additional information necessary to respond to your enquiries;
(h) any additional information relating to you that you provide to us directly through the Ochre website (Website) or indirectly through use of the Website or online presence through our representatives or otherwise; and
(i) information you provide to us through customer surveys.
How we collect personal information
8. We only collect personal information by lawful and fair means and not in an unreasonably intrusive way. We only collect personal information if the information is reasonably necessary for one or more of our functions or activities. We will collect your personal information directly from you unless it is unreasonable or impractical to do so. We collect your personal information in ways including:
(a) over the internet, including through your access and use of the Website and cookies;
(b) during conversations between you and our representatives; and
(c) when you purchase a product from us, such as tickets to an Event.
9. We may also collect personal information from third parties including:
(a) public registers;
(b) social media;
(d) mailing lists;
(e) recruitment agencies;
(f) through someone else who has provided us with your information (eg. purchase of a gift voucher);
(g) third party companies such as law enforcement agencies and other government entities; and
(h) contractors and business partners.
10. The Privacy Act also protects your sensitive information, such as health information (eg. whether or not you need wheelchair access or have difficulty hearing). If we need to obtain this type of information, we will ask for your consent, except where otherwise permitted by law.
Anonymity and pseudonyms
11. You have the option of using a pseudonym when dealing with us except in circumstances in which it would be impracticable for us to deal with you if you were to be using a pseudonym.
Use of your information
12. The primary purpose for which we collect information about you is to enable us to perform our business activities and functions and to provide the best possible quality of customer service. We collect, hold, use and disclose your personal information for the following purposes:
(a) to provide products and services to you, including:
(i) to advise you if a Event has been re-scheduled or cancelled;
(ii) to advise you whether you are entitled to entry to a re-scheduled Event;
(iii) to assist with processing transactions entered into by you to purchase tickets to Events, which may require providing your personal information to third parties such as credit card companies and financial institutions;
(b) to provide you with news, information or advice about our existing and new products and services, including supplying you with flyers and material about future Events;
(c) to communicate with you including by email, mail or telephone;
(d) to manage and enhance our products and services;
(e) to personalise and customise your experience;
(f) to conduct competitions or promotions on behalf of Black Swan and selected third parties;
(g) to verify your identity;
(h) to provide as part of business data to third parties if you have authorised us to do so;
(i) to conduct business processing functions through the Website;
(j) for our administrative, marketing (including direct marketing), promotional, planning, product/service development, quality control and research purposes, or those of our contractors or external service providers;
(k) to investigate any complaints about or made by you, or if we have reason to suspect that you are in breach of any of our terms and conditions or that you are or have been otherwise engaged in any unlawful activity; and
(l) to comply with our legal obligations and assist government and law enforcement agencies or regulators.
13. We may combine customer information we have with information available from a wide variety of sources, for example the census or Australia Bureau of Statistics data, to gain useful insights which can be used for the purposes set out in paragraph 12 above.
15. We record information in this category only when requiring proof of concession status for ticket purchases. We will take all reasonable steps to ensure that pension or concession card numbers kept on file are used only for the purpose of verifying ticket concession status.
What happens if we can’t collect your personal information
(a) we may not be able to provide you with the products or services you requested, either to the same standard, or at all;
(b) we may not be able to provide you with information about products and services that you may want, including information about discounts sales or special promotions; and
(c) we may not be able to let you know if an Event has been re-scheduled or cancelled.
Who we disclose your personal information to
17. We may disclose your personal information to:
(a) our employees, related bodies corporate, contractors or external service providers for the operation of the Website or our business, fulfilling requests by you, and otherwise provide products and services to you, including without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, and professional advisers such as accountants, solicitors, business advisors and consultants;
(b) our existing or potential agents, business partners or joint venture entities or partners;
(c) our sponsors, or promoters of any competition that we conduct or promote via our services;
(d) specific third parties authorised by you to receive information held by us;
(e) the police, any relevant authority or enforcement body, or your Internet Service Provider or network administrator, for example, if we have reason to suspect that you have committed a breach of any of our terms and conditions, or have otherwise been engaged in any unlawful activity, and we reasonably believe that disclosure is necessary; and
(f) any other party as required or permitted by any law (including the Privacy Act).
18. If you are under 18 or have special needs, we may disclose your personal information to your parent or legal guardian or any person appointed to manage your affairs.
Direct marketing materials
19. We will only use or disclose your personal information for the purpose of direct marketing if we collected the personal information directly from you, and you would have reasonably expected us to use the information for the purpose of direct marketing.
20. You may at any time opt-out of receiving marketing communications by notifying us in writing using the contact details set out above. We will then ensure that your name is removed from our mailing list.
21. Direct marketing communications we make to you will be about products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail and email, in accordance with applicable marketing laws, such as the Spam Act 2004 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.
22. We do not provide your personal information to other organisations for the purposes of direct marketing unless authorised by you.
24. If you receive communications from us that you believe have been sent to you other than in accordance with this policy, or in breach of any law, please contact us using the contact details set out above.
Accessing and correcting your personal information
25. You may request access to any personal information we hold about you at any time by contacting us using the contact details set out above. Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you) within a reasonable period after your make your access request.
26. We will not charge for simply making a request, and generally do not charge fees for giving access to personal information. However, we may apply a reasonable access charge where the request for personal information contains complications or is resource intensive. If there is an access charge, we will give you an estimate up front and confirm that you would like to proceed. If you make an access request, we will ask you to verify your identity.
27. There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others, or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal and the mechanisms available to complain about the refusal.
28. If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, please request us to amend it. We will then consider if the information requires amendment. If we do not agree that there are grounds for amendment, then if you request us to do so, we will add a note to the personal information stating that you disagree with it and will give you written reasons for the refusal to amend the personal information. We will not charge for making any corrections to your personal information.
How you can complain about a breach of privacy
30. We will treat your requests or complaints confidentially. We will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
Disclosure of personal information outside Australia
31. We do not anticipate that we will disclose personal information to external service providers who operate or hold data outside Australia. However, if we were to disclose personal information to overseas recipients, we would do all things reasonably necessary to ensure that appropriate data handling and security arrangements were in place. Please note that Australian law may not apply to some overseas entities.
Security and storage of information
32. We will take all reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Our security safeguards include:
(a) staff education – we train and remind our staff of their obligations with regard to your information;
(b) system security – we use firewalls, password access and secure servers and encrypt data that is sent by you to us and by us to third parties; and
(c) taking precautions with overseas transfers and third parties – when sending information overseas or use third parties that handle or store data we ensure that appropriate data handling and security arrangements are in place.
33. If we no longer need your personal information for any of the purposes set out in paragraph 12 above and we are not required by law to retain it, we will take reasonable steps to destroy the information or ensure that it is de-identified.