Last updated on 28 June 2018
Ballarat Regional Tourism Inc trading as Visit Ballarat A.B.N. 66 944 757 683 (‘we’) want you to be familiar with how we collect, use and disclose information from and about you. We are governed by and adhere to the Australian Privacy Principles and the Privacy Act 1988 (Cth). We also comply with the European Union General Data Protection Regulation (‘GDPR‘).
What information we collect
We collect personal information needed to provide the Services. ‘Personal information’ means information we hold about you from which your identity is clear or can be reasonably determined. If you choose not to provide certain personal information to us, we may not be able to provide you with the Services you have requested.
In most cases we will ask for your express consent to collect personal information from you, but in some cases we may infer consent from your actions or behaviour in connection with the Services. If you are located in the European Union, we will always ask for your express consent to collect personal information from you.
The following are the main types of personal information collected by us and the main purposes for which they are collected:
Information provided direct to us
- this includes information that you provide to us in the course of registering for or acquiring a service, for example to become a member, register for a seminar/business event, advertise your business/event, post comments and participate in our services.
- this information may include, for example, your name, date of birth, contact details (including address, email address, telephone number), occupation and gender.
- it includes information, which you provide to us in the course of that relationship and through your use of the services.
- where possible you may have the option of interacting with us anonymously (for example when browsing our services as a casual user) or using a pseudonym. we will endeavour to make it clear whenever this is an option.
- public information and posts consist of comments or content that you post to the services and the information about you that accompanies those posts or content, which may include a name, username, comments, likes, tweets, status, profile information and picture(s).
- this information is always public and therefore available to everyone.
Information from third party social media
- we do not collect your passwords other than in relation to our own services.
Activity information – cookies and other technologies
- when you access and interact with the services, we may collect certain information about those visits. for example, in order to permit your connection to the services, our servers receive and record information about your computer, device and browser including potentially your ip address, browser type, and other software or hardware information.
- if you access the services from a mobile or other device, we may collect a unique device identifier assigned to that device, location data, or other transactional information from that device.
- cookies and other tracking technologies are comprised of small bits of data or code. some websites, applications and other services that you access send this data to your browser and then store the data on your computer.
- these technologies are often used as a means of remembering your preferences. they may be used to collect and store information such as pages you have visited, content you have viewed, search queries you have run and advertisements you have viewed in relation to your usage of the services and other websites you have visited.
- most browsers are initially set to accept cookies, but you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. please consult the ‘help’ section of your browser for more information.
- please note that by blocking any or all cookies you may not have access to certain features, content or personalisation available through the services.
Information of children
- we will not knowingly collect, use or disclose personal information from an individual below the age of 18 without obtaining prior written consent from a person with parental responsibility (such as a parent or guardian).
- we will use reasonable efforts to verify parental consent prior to the collection and use of personal information from children. consent may take a variety of forms including offline contact through printing and submitting a permission form, or online consent such as by ticking an online check box that parental or guardian consent has been obtained.
- we do not require parental consent in order to collect and use contact information to respond to a child’s one off specific request or to request the name or contact information of a parent or guardian for the purpose of verifying parental consent.
- we will allow parents or guardians to review any personal information collected from their children, subject to verifying the identify of the consenting parent or guardian.
- parents and guardians may revoke their consent and delete information collected from their children at their discretion.
Information from other sources
- we may supplement the information we collect with information from other sources, such as commercially available sources and data providers, as well as information from our business partners or related companies.
Information in relation to other persons
- when you apply for a job or contract with us we may collect certain information from you or from any recruitment consultant, your previous employers and others who may be able to provide information to assist us in deciding whether or not to make you an offer of employment or engage you under a contract.
- we may also collect personal information about individuals who are, or are employed by, our suppliers (including service and content providers), contractors, dealers, related companies, agents and corporate customers. generally, where appropriate, we will state why we are collecting personal information when we collect it and how we plan to use it, or these things will be obvious when we collect the information.
When you give us your personal information, it imposes a serious responsibility on us. Protecting your privacy when handling your personal information is fundamental to the way we serve you.
How we use your information
We use the information we collect from and about you to offer and provide the Services to you, including: to measure and improve those Services; to improve your experience with the Services; to allow you to participate in the Services and to respond to your queries.
When you are not reasonably identifiable in relation to the information collected from or about you, we may use that information for any purpose or share it with third parties. We may also de-identify the information we collect about you so that we can use and disclose it without using or revealing any personal information about you.
We also use the information we collect from and about you for these additional purposes:
To provide Services to you
- we will use your information to provide services to you, to enter into contracts with you and to improve services including research and data analysis by us, and our service providers.
- we may use and disclose your personal information in other ways expressly disclosed at the point of collection.
- if you are a prize winner we may disclose your information to relevant regulatory authorities and publish your details in accordance with the promotional terms and conditions.
Disclosure to service providers
- we may make your information available to certain third party service and content providers such as providers of website hosting service providers, marketing services, market research analytical modellers, tourism authorities, government departments, approved game/competition operators, mailing operations, legal advisers, who help us to provide the services.
- these third parties may be located overseas. we will take reasonable steps to protect your personal information no matter where it is stored. notwithstanding that, security of communications over the internet cannot be guaranteed. if these overseas organisations are required to disclose your information under a foreign law, we will not be responsible for that disclosure.
To provide co-branded services
- we may offer co-branded services, such as promotions together with a client, member or third party. these co-branded services may be hosted on the services or on the third party’s services.
- by virtue of these relationships, we may share the information you submit in connection with the co-branded service with the third party.
To communicate with you
- we may use the information we collect from and about you to deliver relevant ads to you when you use the services.
- we may periodically send promotional materials or notifications which we believe might be of interest to you. these may include invitations to participate in various services or activities such as consumer surveys, campaigns or promotions.
- this marketing may be carried out in a variety of ways (including by direct mail, email, sms/mms, or social media or by customising online content and displaying advertising on the services) and may continue after you cease acquiring any services from us until you opt out.
- we may share your information with our related companies.
- we may share the information provided by you or generated through your participation in the services with government departments or tourism bodies that we are conducting the services on behalf of.
- if we sell all or part of the business or are otherwise involved in a merger or transfer of the business, we may transfer or disclose your information to the party or parties involved in the transaction and as part of any due diligence processes which may take place in contemplation of a potential transaction.
To protect one’s rights
- we may disclose your information in situations where we have a good faith belief that such disclosure is necessary in order to:
- protect the safety, privacy and security of users of the services or members of the public;
- protect against fraud or for risk management purposes; or
- comply with the order of a court, the law or legal process in any country.
How we protect your information
We use commercially reasonable administrative, technical, personnel and physical measures to safeguard information in our possession against loss, theft and unauthorised use, disclosure or modification.
We use the industry standard encryption software, Secured Socket Layer (SSL) 128 bit encryption. We also employ software programs to monitor network traffic in order to identify unauthorised attempts to upload or change information, or otherwise cause damage.
Despite our every effort to protect your personal information, there remains the possibility that a breach of our security could occur and we therefore cannot guarantee the complete safety of your information.
In the event of loss of personal information, that is likely to result in a risk to the rights and freedoms of individuals, we will:
- seek to rapidly identify and secure the breach to prevent any further breaches;
- engage the appropriate authorities where criminal activity is suspected;
- assess the nature and severity of the breach including the type of personal information involved and the risk of harm to affected individuals;
- notify the affected individuals directly within 72 hours)if appropriate and where possible; and
- notify the privacy commissioner (at the oaic) if the breach is significant.
How to access your personal information
In your request, please clearly state what information you would like to access, review, correct or update. We will try to respond to your request as soon as reasonably practicable.
Your right to access your personal information is not absolute. The law permits us to refuse your request to provide you with access to your personal information in circumstances where:
- access would pose a serious threat to the life or health of any individual;
- access would have an unreasonable impact on the privacy of others;
- the request is frivolous;
- the information relates to a commercially sensitive decision making process;
- access would be unlawful;
- access may prejudice enforcement activities, a security function or commercial negotiations.
If you are in the European Union, you have the right to receive any personal data that you have provided to us. We must provide you with that personal data in a structured, commonly used and machine readable format. This right only applies to personal data that you have provided to us and where the processing of your data carried out by automated means and is based on your consent or for the performance of a contract.
You also have the right to require us to delete your personal data. You may request that we delete your personal data at any time where:
- the information is no longer necessary for the purpose for which it was collected; or
- you withdraw your consent to the collection of the personal data (and there is no other legal ground for processing your data).
We do not have to delete your personal data where it is necessary for us to exercise the right of freedom of expression and information.
How can you opt out
If you want to stop receiving promotional materials, you can change your account settings or follow the unsubscribe instructions at the bottom of each email or message. If you have installed a mobile application and you wish to stop receiving push notifications, you can change the settings either on your mobile device or through the application.
If you have linked any of your social media accounts to your account for any Services, you can cancel that link by changing your social media account settings.
If you are in the European Union, you may object at any time to the processing of your personal data. This right only applies where the legal basis for the processing is legitimate business interests or direct marketing (including profiling).If you object to the processing of your personal data, we must stop the data processing.
Other important information for you
Location of data
- some of the services are hosted in and managed outside of australia and in dealing with us, you consent to having any personal information accessible from or transmitted outside of australia.
- if you are in the european union, your personal information will only be transferred to a foreign country where that country provides an adequate level of data protection, where standard date protection clauses or binding corporate rules apply, or where there are approved codes of conduct or certification in place.
Links to third party sites
- the services may be linked to third party services operated by unaffiliated entities and may carry advertisements, offer content, functionality, games, newsletters or applications.
Collection of personal financial information
- if we use an unaffiliated payment service to allow you to make payments, you will be directed to a payment service website.
- we do not always completely remove or delete all of your information due to technical and systems constraints, contractual, financial or legal requirements.
- you may use the contact details under the ‘how to contact us’ section, to notify us of any privacy complaint you have against us, including if you think that we have failed to comply with the australian privacy principles (app),r any binding app code that has been registered under the privacy act or if you are in the european union, the gdpr.
- we are committed to acknowledging your complaint in a prompt manner and will give you an estimated timeframe for when we will respond to your complaint.
- if you are not satisfied with our response to your complaint, or at any time, you may refer your complaint to the office of the australian information commissioner (www.oaic.gov.au).
How to contact us
Attention: Privacy Officer
Postal: PO Box 1246 Bakery Hill VIC 3354