1 About our Policy 1.1 Introduction
VenueSafe respects the rights and privacy of all individuals and is committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs), and other relevant privacy laws. This Policy describes how, and the purpose for which, VenueSafe collects, uses, stores and discloses your information, including personal information, in connection with your interaction and engagement with VenueSafe and your access to and use of the Platform.
1.2 Your agreement to this Policy
By accessing the Platform you confirm that you have read and agree to the terms of this Policy and consent to your personal information (including, your sensitive information) being collected, stored, used and disclosed in accordance with this Policy. Please read this Policy carefully to understand our practices regarding your personal information.
1.3 Changes to this Policy
VenueSafe may routinely review and update this Policy, including taking account of new or amended laws, new technology and/or changes to operations. All personal information held by VenueSafe will be governed by the most recent updated Policy.
If changes are made to this Policy, we will upload the revised Policy to the Platform. Changes to this Policy will come into effect immediately upon such changes being uploaded on the Platform. Your continued use of the Platform following such upload will constitute your acceptance of any changes.
If you disagree with the revised Policy, you may terminate your agreement with VenueSafe (in accordance with the terms of the relevant agreement), cease using the Platform and deactivate your Account.
1.4 Employee records exemption
Where applicable, VenueSafe will rely on the "employee records exemption" in the Privacy Act and any other applicable exemptions in the Privacy Act or other relevant legislation. The employee records exemption means that, in many cases, VenueSafe is not bound by the requirements of the Privacy Act in relation to personal information it holds about its current or former employees (relating to their employment).
2 Types of information we collect
2.1 Your engagement with VenueSafe
There are many ways that you can engage with VenueSafe, its Representatives or the Platform including (but not limited to) as a Customer, User, Vendor or Administrator, or via telephone, email, post or in person.
Depending on how you engage with VenueSafe and its Representatives and use the Platform, we may ask you to share, or may collect your ‘personal information’.
2.2 Personal information
When used in this Policy, the term “personal information” has the meaning given to it in the Privacy Act. Accordingly, “personal information” includes any information or opinion that identifies or can be used to identify, contact, or locate you. This may include, but is not limited to, your name, date of birth, address, gender, contact details (including phone numbers and email addresses) and possibly financial information, including your credit card or direct debit account information.
Your consent to this Policy is the legal basis upon which we can collect, use, store, process and disclose your personal information. You acknowledge and accept that by using our Platform, you are consenting to providing us with your personal information and agree to
your personal information being collected, used, stored, processed and disclosed in accordance with this Policy.
If you do not wish to provide us with your personal information, then you are not required to do so. However, by deciding not to provide us with your personal information you may not be able to access the services provided by Vendors or effectively use the services offered through the Platform either to the same standard as if you had provided the required personal information or not at all.
2.4 Types of personal information
The types of information that we collect from you depends on your dealings with VenueSafe. For example, the information that we collect from Customers and Vendors will vary. Below is a non-exhaustive list of the general categories of information we collect.
2.4.1 Information you give us
We generally collect the following personal information from you through the Platform, or via telephone, email, post or in person.
We may ask for and collect your:
a) first name;
b) last name;
c) date of birth;
d) residential and postal address;
e) email address;
f) telephone number;
g) personal interests;
i) language preferences;
j) social media account details (including social media profiles and URL details);
k) credit/debit card details; and
l) any additional information relating to you that you provide to VenueSafe through the website, by phone, email, surveys, or in person, or information you have provided indirectly through use of the Website or online presence.
2.4.1b Communications with VenueSafe
When you communicate with VenueSafe or use the Platform to communicate with other Users, we monitor, record and store those communications and any information you choose to provide to VenueSafe and other Users.
2.4.1c Information received from a Vendor
If a Vendor intends to provide VenueSafe with personal information (including sensitive information) about any other person they must obtain the relevant person’s consent before providing us with that information.
2.4.2 Information we automatically collect from you
When you use the Platform, VenueSafe automatically collects certain information from you, including personal information.
2.4.2a Usage information
VenueSafe collects information about your interactions with the Platform, such as the pages or content you view, your searches, and other actions you take on the Platform.
2.4.2b Engagement records
If you contact VenueSafe on the Platform, by telephone, email, post or in person we automatically record any information, including personal information that you provide to us.
2.4.2c Log Data and Device Information
We automatically collect log data and device information when you access and use the Platform. That information includes, among other things, a recording showing how you used the Platform, your clicks, scrolls and activities on the Platform, your IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you have viewed or engaged with before or after using the Platform. We use this type of information to administer the Platform and to analyse trends.
When you use the Platform, VenueSafe may obtain information using technologies such as cookies, tags, web beacons, and navigational data collection (log files, server logs, and clickstream data) to better understand your experience. For example, VenueSafe may collect information like the date, time and duration of visits and which webpages are accessed.
VenueSafe may also log IP addresses (the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track user movements, and gather broad demographic information.
2.4.2e Payment Transaction Information
VenueSafe collects information related to your payment transactions (which only applies to Vendors) through the Platform, including the payment instrument used, payment dates and times, payment amounts, your billing postcode, address and other related transaction details. This information is necessary for the adequate performance of the agreement between you and VenueSafe.
2.4.3. Information we collect from third parties
VenueSafe may collect personal information about you, including sensitive information, from third parties. We do not control, supervise and are not responsible for how those third parties process your personal information. Any information request regarding the disclosure of your personal information by a third party to us should be directed to such third parties.
2.4.3a Third Party Services
If you link, connect, or login to the Platform or your Account through a third party service (e.g. Google, Facebook) the third party service may send us information such as your profile
information from that service. This information varies and is controlled by that third party service or as authorised by you via your privacy settings with that third party service. The use of these technologies allows those third party services to evaluate your use of the Platform and other websites, deliver customised advertising content, measure the effectiveness of their advertising, and provide other services relating to website activity and internet usage.
VenueSafe makes no representations or warranties in relation to the privacy practices of any third party service providers and we are not responsible for the privacy policies or the content of any third party service provider.
2.4.3b Advertising Services
If you click on an online VenueSafe advertisement (e.g. ads on Google) the third party service hosting that advertisement will collect certain information and will provide that information to us to allow us to measure the effectiveness of our advertising.
2.4.3c Your References
If someone has provided VenueSafe with a reference about you, it will be held and stored by VenueSafe.
3 How we hold and store your personal information
VenueSafe will take all reasonable steps to protect the personal information that we hold from misuse, loss, or unauthorized access, including by means of:
a) encrypted secure transmissions of your personal information (as necessary); b) controls regulating which Vendors can access particular information; and
c) enterprise fire walls to protect servers that host your personal information.
If you suspect any misuse or loss of, or unauthorized access to, your personal information, please contact our Privacy Officer immediately.
If we suspect any misuse or loss of, or unauthorised access to, your personal information we may inform you of that suspicion and take immediate steps to limit any further access to, or distribution of, your personal information. If we determine that the breach is likely to result in serious harm to you and we are unable to prevent the likely risk of serious harm with remedial action, we will take action in accordance with the Privacy Act.
If we receive unsolicited personal information that we are not permitted to collect under this Policy, or within the confines of the law, we will destroy or de-identify the unsolicited personal information as soon as practicable if it is lawful and reasonable to do so. We will destroy or de-identify your personal information if we no longer require it to deliver our services as soon as practicable if it is lawful and reasonable to do so.
We are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorised access, loss, destruction, or alteration.
3.1 Storing data for contact tracing purposes
VenueSafe may store data for contract tracing purposes for up to the maximum period of time as allowed in the region in which the data is collected. After the period of time has lapsed, VenueSafe will delete the data from its database. For example, in Australia and New Zealand, your data will be kept for a maximum of 56 days.
VenueSafe may provide this information to the State Government to support broader contact tracing initiatives.
4. How we use your personal information
Information about how we use your personal information is below. This list is not exhaustive and there may be other third parties to which we give your personal information (for example, professional advisors or insurers) where required or permitted by law.
4.1 Use of your personal information for the Platform
We may use your personal information to build, operate and improve the Platform and as necessary for the adequate performance of our agreement with you.
Below is a non- exhaustive list of the purposes for which we may use your personal information. We may use your personal information to:
a) verify or authenticate information provided by you and your identity;
b) conduct necessary checks to verify the information you have provided as part of the Registration Process;
c) enable you to access and use the Platform;
d) enable you to create and update your Vendor Profile;
e) maintain and update our records;
f) operate, protect, improve, and optimise the Platform and our Customers’ experiences on the Platform;
g) operate, improve, and optimise related services, such as by performing analytics and conducting research;
h) assist us to provide effective customer service to our Vendors;
i) process, manage and administer account payments, billing issues and payroll transactions;
j) send you support messages, updates and account notifications;
k) where you have consented to the use or disclosure;
l) complete internal accounting and administration; and
m) facilitate any authorised payments.
The primary purpose for which we collect information about you is to enable VenueSafe to perform its business activities and functions and to provide you with the best customer experience.
4.2 Use of your personal information for the VenueSafe community
We may use your information to protect our community and the Platform, to create and maintain a safe environment for all of our Vendors and to comply with applicable laws.
Below is a non-exhaustive list of the purposes for which we may use your personal information. We may use your personal information to:
a) verify or authenticate information provided by Customers
b) detect and prevent fraud, spam, abuse, exploitation, neglect, security incidents, and other harmful activity;
c) conduct security investigations and risk assessments
d) resolve any disputes or issues with any of our Vendors and enforce our agreements with third parties;
f) comply with our legal obligations and protect our lawful interests.
4.3 Use of your personal information for marketing and advertising purposes
Your personal information will not be shared, sold, rented or disclosed other than as described in this Policy.
We may use your personal information to undertake and direct advertising and marketing activities that we consider may be of interest to you. These communications may be sent in various forms in accordance with applicable marketing laws, such as the Spam Act 2004 (Cth).
Below is a non-exhaustive list of the purposes for which we may use your personal information. We may use your personal information to:
a) send promotional messages, marketing, advertising, and other information to you via telephone, email, online and other means;
b) contact you by telephone or text message solely in connection with the services we provide and only if you have provided us with your phone number;
c) conduct product and market research; and
d) personalise, measure, and improve our advertising and marketing.
You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications. Even if you do opt out of receiving marketing communications from us, you agree that we may still send you information relevant to the supply of any services arranged by us. For more information about how to opt out of receiving marketing communications, please see paragraph 8 below, entitled “Your choices”.
4.4 Use of financial information
If you use the Platform to make purchases or complete other financial transactions (such as payment of invoices for products or services you purchase from a third-party user or Vendor), VenueSafe may collect information about the purchase or transactions. This includes, payment information, such as your credit card or debit card number (stored securely), billing details and other account and contact information (Financial Information).
VenueSafe will only collect your Financial Information from you with your prior knowledge.
VenueSafe may use your Financial Information solely to process payments for products or services you request or purchase. We only use and retain your Financial Information to
complete payments you initiate. Any Financial Information that is collected is solely for the purpose of transaction approval and the transfer of funds.
VenueSafe provides data encryption throughout the payment process and only shares your Financial Information with your credit card provider, third party payment processor, Vendor, and financial institution, to process payments. The Financial Information we collect from you is strictly confidential and held on secured servers in controlled facilities.
We may use third party agents to manage online payment processing. Any third-party agent used by us is not authorized to use your Financial Information in anyway other than to process payments and is required to keep any Financial Information it uses or collects confidential.
VenueSafe makes no representations or warranties in relation to the privacy practices of any third-party agent and we are not responsible for the privacy policies or the content of any third-party agent.
5. Disclosing your personal information
5.1 Disclosure with your consent
Except as may be stated in this Policy, where you have provided your express consent for specific parts of your personal information to be disclosed, we will only disclose and share your personal information that is held by us as at the time of receiving your consent.
5.2 Sharing between Vendors and Customers
By joining the Platform, you agree to allow Vendors to view your personal information and contact you. You also agree that VenueSafe may seek your consent to share your email and telephone details with Third Parties to allow them to contact you.
5.3 Compliance with legal requirements and requests
We may disclose your personal information to courts, law enforcement, government authorities, or authorised third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary to:
a) comply with our legal obligations (for example, COVID19 regulations or to comply with a warrant or court order);
b) lessen or prevent a serious, immediate threat to someone's health or safety or the public's health or safety;
c) comply with an investigation or report to relevant authorities where we reasonably suspect that unlawful activity has been, is being, or may be engaged in;
d) prevent, investigate, prosecute and punish crimes or wrongdoings or prepare for, or conduct, proceedings before any court or tribunal (or the implementation of orders of a court or tribunal or on behalf of an enforcement body);
e) respond to claims asserted against VenueSafe;
f) respond to requests relating to criminal investigations or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our Users to legal liability;
g) comply with our mandatory obligations under relevant state legislation;
i) protect the rights, property or personal safety of VenueSafe, its Representatives, Vendors, Customers, or members of the public.
5.4 Unidentified data sharing
VenueSafe may also share information about our Customers and Vendors that has been aggregated or combined so that it no longer identifies an individual Customer or Vendor and other anonymised information for regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.
6. Changes to this Policy
VenueSafe may change this Policy by uploading a revised Policy onto its website (www.venue-safe.com.au). Unless stated otherwise, the change will apply from the date that the revised Policy is uploaded.
If you have any questions about this Policy or our privacy practices, you can contact us at firstname.lastname@example.org
7. Accessing your personal information
You may access and amend parts of your personal information by logging into your Account and making changes at any time. Alternatively, you have a right to request access to your personal information at any time by contacting our Privacy Officer.
Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). Your personal information will usually be available within 30 days of your request. If there is a fee for accessing your personal information, we will confirm the amount before providing the information. If you make an access request, we will ask you to verify your identity.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others, or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal. Please see the APPs for further information.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the personal information stating that you disagree with it.
We request that you keep your information as current as possible so that we may continue to improve our service to you.
To request access or to amend your personal information, please contact our Privacy Officer using the following details.
8. Your Choices
You may opt-out of receiving marketing communications or targeted advertising from us at any time, by using the link in promotional and marketing emails or by contacting us directly on email@example.com. Please note you cannot opt-out of receiving administrative and transaction related emails from us unless you deactivate your Account. These are emails that relate to your Account and/or your activity on the Platform.
9. Contact Us
If you have a concern about how we have handled your personal information, please let us know so we can address the problem.
We are genuinely committed to the rules, ethos and intent detailed in this Policy and we aim to ensure that your requests or complaints are treated confidentially. Our Privacy Officer will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
Please contact our Privacy Officer at firstname.lastname@example.org.
Last updated 5 January 2020.