1. INTRODUCTION; APPLICATION OF PRIVACY LAWS
In any particular case We will be happy to provide further detail of Our treatment of Personal Information, subject to Our obligations of confidentiality, the privacy of others, and the sensible restraints of security.
Also, We aim to continuously improve Our protection of privacy and this policy may change over time.
2. SOME IMPORTANT EXPRESSIONS DEFINED
In this Policy, the following words and expressions have the following respective meanings:
Act means the Privacy Act 1988 (Cth).
Expert Events means Expert Events Pty Ltd (ABN 35 619 941 561). References to “We” “Our” and “Us” and cognate expressions are references to Expert Events.
GDPR means the European Union General Data Protection Regulation.
Personal Information means information that identifies (or can reasonably be used to identify) an individual and includes “personal data” as defined in the GDPR.
Privacy Principle means an “Australian Privacy Principle”, as set out in the Act.
Sensitive Information includes Personal Information concerning (or that implies) an individual’s health status or illness, philosophical, religious or ethnic background, or membership of a professional or trade association.
It is the responsibility of all Expert Events staff to comply with privacy laws (where applicable) and this policy. We will conduct periodic training in and obtain professional advice on the management of Personal Information for Our staff.
We will, where commercially and legally possible, reasonable and appropriate, request Our contractors to agree to comply with this policy and with the provisions of applicable privacy laws.
4. CONSENT AND OUR APPROACH TO IT
If We consider that We need the consent of an individual in relation to Personal Information, We will not put undue pressure on the individual to give that consent. We will make reasonable endeavours to ensure that an individual can make an informed and voluntary decision.
5. WHAT KINDS OF PERSONAL INFORMATION DO WE NORMALLY COLLECT? HOW AND FOR WHAT PURPOSES DO WE COLLECT IT?
The kinds of Personal Information We collect, the way We collect it and Our purpose for doing so, depends on a variety of circumstances, including the nature of Our interaction with that person. The individuals from/about whom We collect information fall into the following main categories:
- clients or staff of clients who may be acquiring or proposing to acquire Our services;
- individuals who attend the conferences and other events that We manage for Our clients;
- sponsors and exhibitors who support and participate in the conferences and events that We manage; and
- suppliers of goods and services to Us and Our clients, including venues, the suppliers of accommodation and travel and tour providers.
In the case of those individuals who wish to participate in conferences or events under Our management, as attendees or delegates, sponsors, exhibitors or speakers, We normally collect Personal Information direct from the individual, via an online form that the individual submits via the conference/event website. In some cases, We may receive Personal Information about such individuals from Our client.
What information do We collect?
We usually collect names, addresses, phone numbers and email addresses.
We may collect credit-card information if that is the means by which an individual is to pay Us or Our client. If an individual is to pay for attendance or other participation in a conference/event, We may also collect that person’s credit-card details, or other particulars, as may be necessary to process payments. Payments made to Us by credit card are subject to, and compliant with, Payment Card Industry (“PCI”) security protocols and We do not retain or store credit-card details. Where an individual submits credit-card details to Us to book accommodation, We will have access to those details until the date that is 14 days after all guests whose accommodation was paid for on that card have checked-out.
We may also collect Sensitive Information in the following instances:
- health information, where that may be relevant to the supply of food and beverage to individuals with special dietary needs, at events We manage;
- information concerning an individual’s religious, ethnic or philosophical background or allegiance, where that is relevant to food and beverage supplied to them at events We manage, or to other aspects of those events; and
- where We are managing a conference or other event for a trade or professional association, information pertaining to an individual’s membership of the association is itself sensitive information as defined in the Act.
Purposes and use of collection of Personal Information
Generally, We collect Personal Information so that We can interact with the individual and/or their business, and, by doing so, provide professional conference and event-management services for Our client—the conference/event host.
We collect Personal Information for the purposes of managing Our commercial relationship with Our clients, suppliers, conference attendees and other participants, such as sponsors and exhibitors. This enables Us to accept payments, allow admission to the conference or event, and to manage the delivery of goods and services to the individuals during the conference/event.
In the case of sponsors and exhibitors, the collection of Personal Information enables Us to manage the delivery of their entitlements and benefits.
We also collect and retain the information so We can let individuals know of Our services and any relevant news on Our current and future events, and activities that may be of interest.
Where We collect Sensitive Information, it is usually so that We can ensure that culturally sensitive or health-sensitive services, and goods including food and beverage, are provided to attendees of the events We manage.
We may send you information about events hosted by Our clients in which you may wish to participate, as well as general information about companies that sponsor our events.
You have the right at any time to stop Us from contacting you for marketing purposes. You may always opt out of receiving such information and any such information We send you will include an “opt-out” function.
How do We collect Personal Information?
In the case of attendees at the conferences and events We manage, We collect Personal Information direct from attendees, from Our client or from an external supplier of conference-registration services. Such Personal Information will usually be supplied to Us by electronic means, such as emails, or by attendees themselves when they submit online forms (contained in the event websites that We manage) to register their wish to attend, or to participate as a sponsor, exhibitor or speaker. We may also collect your Personal Information from Our client, the host of the relevant event that We are managing, if they provide Us with contact information:
- in cases where Our client is an association, their members; and/or
- of persons who have participated in previous events hosted by Our client, whether as a delegate, sponsor or exhibitor.
6. HOW DO WE HOLD THE PERSONAL INFORMATION WE COLLECT?
We hold the Personal Information We collect in a variety of ways, including on Our electronic (computer) database and, in some cases, also on file in hard copy.
We have adopted various security measures to protect this information from unauthorised access (see below).
7. WILL WE DISCLOSE PERSONAL INFORMATION TO OTHERS?
- When We manage a conference or event for a client, We will usually provide Personal Information collected in the course of managing their conferences and events to that client.
- If an individual is attending a conference or event We are managing, We may disclose that person’s Personal Information to sponsors of that event.
- In addition to the exceptions listed below, We will disclose Personal Information to third parties as the individual would reasonably expect in the provision of Our For example, where it is necessary or desirable to ensure that an individual receives appropriate goods or services at an event, We will disclose relevant Personal Information to suppliers that We engage to provide those goods or services.
The circumstances will determine what information will be disclosed—but We will make reasonable endeavours to ensure that only the information that is necessary or desirable is disclosed.
Some suppliers may need an individual’s Personal Information to provide appropriate goods or services. We may, for example, engage conference registration-desk services, ushers and event staff, who may have access to Personal Information. We may also engage third parties to assist with the development, maintenance or hosting of conference and event websites and other information technology utilised at the conference or event.
If an individual pays for accommodation, We will disclose the individual’s credit-card details to the hotel or other supplier of accommodation, and those details may be retained by those hotels and suppliers of accommodation as provided in their respective privacy policies and collection statements. They may retain the individual’s credit-card information in order to ensure full payment is made for room hire and other goods and services provided to the individual.
In some cases, We may need to pass on Sensitive Information, where this is necessary to arrange the supply of culturally sensitive goods or services to the individual or for health reasons. For example, We may need to advise a venue, or food and beverage supplier, if the individual has special dietary requirements that may be based on religious or philosophical beliefs, or that arise because the individual has a particular food allergy.
In addition to the suppliers We engage to supply goods and services for Our clients’ conferences and events, We may from time to time outsource management of certain in-house functions, such as:
- development and management of Our own website and databases;
- bookkeeping and accounting; and/or
We may also disclose Personal Information to Our professional advisers, such as Our lawyers and accountants in any case where We need to seek advice.
Apart from disclosure to third parties that would be reasonably expected and is reasonably necessary to conduct Our work, We will not otherwise disclose an individual’s Personal Information to other third parties unless:
- We have the individual’s consent;
- making the disclosure is related to the primary purpose for which We have collected the information and We deem that the individual would reasonably have expected Us to make the disclosure;
- We are required to do so by law, in which case We would inform the individual, unless doing so itself is unlawful or would impede or defeat the purpose of the disclosure; or
- We are required to hand over Our management of a conference or event to another professional conference organiser or event manager;
- We are negotiating a sale of Our business, in which case We will disclose the information only if the other party with whom We are negotiating agrees to refrain from use of the information until it completes the purchase.
We will never sell an individual’s Personal Information unless We have the individual’s express consent; or the sale is part of a sale of Our business or a part of Our business, as noted above.
8. OVERSEAS DISCLOSURE
In some instances, We may be dealing with a client or providing services in respect of an event taking place overseas. If We need to disclose Personal Information to any person overseas, We will not do so unless:
- We are satisfied that privacy laws in the overseas country provide similar protection for the privacy of the individual as applies in Australia under the Act; or
- We obtain the consent of the individual.
9. ONLINE PRIVACY AND COOKIES
We will not use your use of Our website or an event website to ascertain information about you other than that which you voluntarily submit to Us when you register for participation in an event.
Cookies are text files placed on your computer to collect standard Internet log information and visitor-behaviour information. When you visit Our website or an event website, We may collect information from you automatically through cookies or similar technology. For further information, visit: www.allaboutcookies.org
What types of cookies do We use?
While there are a number of different types of cookies, Our website uses navigational and functionality cookies. These allow Us and the website to recognise you and remember your previously selected preferences, which could include your preferred language and your location. We use a mix of first-party and third-party cookies.
How to manage cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in some cases, some of Our website features may not function as a result.
Privacy policies of other websites
10. SECURITY OF PERSONAL INFORMATION
It is not appropriate in this policy to provide specific details of security measures We have adopted to protect the privacy of Personal Information We hold. To do so could compromise those security measures.
We will use an appropriate combination of:
- physical barriers including locked doors;
- alarm systems;
- access technology, password systems and encryption where appropriate; and
- administrative and behavioural protocols for Our staff,
to exclude unauthorised persons or intruders from gaining access to the Personal Information We hold.
We have acquired and will continue to acquire and maintain (reasonably within Our means) computer technology and other appropriate technology, such as password-security protocols and firewalls to prevent or retard unauthorised access into Our computer system. No security system is, however, 100% secure—so We cannot promise or warrant that unauthorised access will never occur.
11. ACCESS AND CORRECTION RIGHTS
We will provide individuals access to the Personal Information that We hold about them, unless the Act (if it applied to Us) would allow Us to deny access to some or all of the Personal Information concerned, or to provide an explanation for a decision instead.
Some circumstances where the Act (if it applied to Us) would allow Us to deny access are where:
- providing access would unreasonably be to the detriment of the privacy of another individual;
- the request is frivolous or vexatious;
- the requested information relates to existing or anticipated legal proceedings between Us and the individual;
- giving access would reveal Our intentions in relation to negotiations with the individual and prejudice those negotiations; or
- providing access would be unlawful or if denying access is required or authorised under law.
This is not an exhaustive list of circumstances where We may reserve the right to deny access.
When an individual requests access to Personal Information We will require a written request, to be sent to Us at the address noted below.
We will acknowledge the access request within 14 days and deal with it within 30 days or earlier. Though We may ask, We will not require an explanation of why the request has been made as a prerequisite to giving access. We will not charge a fee for access.
If We determine to deny access to the whole or part of Personal Information requested, We will provide a short explanation, but We will not provide details of Our reasoning.
12. GDPR rights
If the GDPR applies, We will usually be a “data processor” for its purposes.
If it applies, you have the following rights under the GDPR:
- The right to access – You have the right to request Us for copies of your Personal Information. We may charge you a small fee for this service.
- The right to rectification – You have the right to request Us to correct any information you believe is inaccurate. You also have the right to request Us to complete information you believe is incomplete.
- The right to erasure – You have the right to request Us to erase your Personal Information, under certain conditions.
- The right to restrict processing – You have the right to request that We restrict the processing of your Personal Information, under certain conditions.
- The right to object to processing – You have the right to object to Our processing of your Personal Information, under certain conditions.
- The right to data portability – You have the right to request that We transfer the Personal Information that We have collected to another organisation, or directly to you, under certain conditions.
If you make a request under the GDPR, We have one month to respond to you. If you would like to exercise any of these rights, please contact Us at Our email: firstname.lastname@example.org
13. USE OF GOVERNMENT IDENTIFIERS
We will not use Australian government identifiers such as tax-file numbers or Medicare numbers as a means of identifying an individual.
Given the personal nature of Our services, it is not normally appropriate for individuals to remain anonymous in their dealings with Us. If We conduct a survey, usually We will not require Personal information that will identify the individual.
15. CONTACTING US AND COMPLAINTS
If an individual:
- has an enquiry about Our management of Personal Information or privacy procedures;
- wishes to request access to Personal Information;
- wishes to see a copy of this Policy document; or
- wishes to make a complaint about Our handling of Personal Information, that person can contact Us by the following means:
Phone: +61 7 3848 2100
Address: The Privacy and Data Protection Officer, Expert Events Pty Ltd, Suite 11, 137-143 Racecourse Road, Ascot, Queensland, Australia 4007
Complaints about privacy must be made in writing. This will allow Us to deal with complaints in a professional, sensitive and consistent manner.
We will acknowledge receipt of a request within 14 days of receiving it and We will respond within 30 days of receipt. We will also do Our best to deal with the complaint within that time, assuming that We are able to investigate and ascertain the necessary facts within that time. We will let the individual know if it is likely to take substantially longer.
A complainant will be given an opportunity to put their complaint in writing, to propose a remedy for the complaint and to discuss the matter with Us.
We will determine, in the case of each complaint (if any), what is to be done, if anything, to redress the complaint.
Also, We will assess whether the complaint demonstrates a systemic problem and will make a determination as to how We can address/rectify such issues so they do not recur.
Expert Events Pty Ltd
Expert Events Pty Ltd
(ABN 35 619 941 561)
Adopted: 27 August 2020