PRIVACY POLICY
This is the privacy policy of The Hills Are Alive Group Pty Ltd, ACN 164 359 602 (THAA) and its related bodies corporate (we, our or us) which outlines our commitment to you in respect of the collection, management and use of your Personal Information in accordance with the Australian Privacy Act 1988 (Cth) which includes the Australia Privacy Principles (Privacy Act).
We will review this policy from time to time. We will make any updated policy available via our primary website (www.thehillsarealivegroup.com.au) and any relevant event specific website (individually and collectively, our Websites). Please contact our Privacy Officer if you have any questions about this document.
IF YOU DO NOT AGREE WITH ANY PART OF THIS POLICY, PLEASE DO NOT BROWSE, ACCESS OR USE ANY WEBSITE OPERATED BY US, PURCHASE A TICKET OR ATTEND ANY EVENT HELD BY US OR OTHERWISE ENGAGE IN OUR SERVICES.
Last update: 3 August 2022
1. Types of information that we collect and purpose of collection
‘Personal information’ is information or an opinion, in any form (whether true or not), that can be used to identify you (such as your name, age, address and, in some circumstances, your financial information). If the information identifies you or you are reasonably identifiable from it, the information will be considered Personal Information.
Personal information may also include anonymous aggregate data (such as your IP address, your operating system) where that data could be used by us to reasonably identify you.
The kinds of Personal Information we collect and hold about you will depend on the circumstances of collection, including whether we collect the information from you as a mailing list subscriber, purchaser of event tickets or merchandise, job applicant or in some other capacity.
For example, if you are a mailing list subscriber or request access to ticket presales, we collect your full name, email address, country, postcode and year of birth. If you purchase event tickets or merchandise from us, or receive a transferred event ticket, we collect additional information such as date of birth, address, phone number, information about goods or services ordered, billing and payment details, your enquiries or complaints and your transaction history with us. We may also collect information prior to, at entry or during one of our events, including for the purposes of contact tracing or otherwise to comply with any COVID-19 related government law, regulation, health order and other restrictions. Any collection of Personal Information for the purposes of contact tracing will be in accordance with relevant Federal or State laws, regulations and/or health orders in relation to the same.
For recruitment purposes, we may collect and hold Personal Information about prospective employees, such as your tax file number, date of birth, driver’s licence number and employment history. We may also need to collect sensitive information about you such as your membership in professional or trade associations and certifications from police checks. Unless the collection of sensitive information is permitted under Privacy Act, we will only collect sensitive information with your consent where that information is reasonably necessary for our business.
2. How we collect your Personal Information
We collect your Personal Information when you interact with us directly via our Websites and social media accounts. We also collect your Personal Information when you purchase event tickets or merchandise from us (either directly or via a third-party ticketing partner) and when you join competitions or giveaways organised by us.
Collection through social media platforms
When you interact with us using social media platforms, you are also providing Personal Information to the operators of these social media platforms. Such information is subject to those operators’ policies governing privacy. We are not responsible for the privacy practices and policies of these operators even if you accessed these platforms from our Websites. We encourage you to read and understand these operators’ privacy policies before providing them with your Personal Information.
Collecting Personal Information from other sources
Sometimes we collect Personal Information about you from other sources where you have consented to the collection of the information from someone else, we are authorised by law to collect the information from someone else or it is unreasonable or impracticable to collect the information from you personally.
If you purchase a ticket for one of our events, we will collect Personal Information from our third-party ticketing intermediary (for example, Moshtix).
If you apply for a position with us, we collect your Personal Information from third parties such as, recruitment service providers, referees, former employers, educational institutions and, if appropriate, health providers and police.
Examples of other sources that we may collect Personal Information from are our business partners (including any co-promotion partners and ticketing companies) and related entities which include:
Red Hill Entertainment Pty Ltd
At all times this information is collected by lawful means and in a manner that respects your privacy.
If we receive unsolicited Personal Information about you from a third party and it is clear to us that we should not have received that information, we will destroy or securely delete that information (if it is lawful and reasonable for us to do so).
Notification of collection of Personal Information
If we collect your Personal Information from third parties in circumstances where you may not be aware that we have collected your Personal Information, and that information can be used to identify you, we will take reasonable steps to notify you of the collection and the circumstances that surround the collection.
Use of tracking tools
We may use cookies, Google Analytics, Hotjar and other similar tracking tools on our Websites to collect information about how our Websites is being used:
(a) Cookies are text files placed in your computer’s browser to store your preferences. These cookies collect information on how you and other visitors use our Websites.
(b) Google Analytics is a service which transmits website traffic data. It will not identify individual users and IP addresses with any other data held by Google.
(c) Hotjar is a combination of various online tools that we use to track the behaviour of the people who use and visit our Websites.
We use tracking tools to maintain our site, identify and analyse trends and to obtain broad demographic information. We do not use information transferred through cookies for any promotion or marketing purposes, nor is that information shared with any third parties. If such data could be used cumulatively to personally identify you, we will seek your consent to collect and process such Personal Information.
Most browsers are initially set to accept cookies or other tracking tools. If you prefer, you can set your browser to refuse these by selecting the appropriate settings or blockings, deleting or disabling them in your browser or device permits. If you disable cookies, we cannot guarantee that our Websites will be fully functional.
You may opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.
3. Use and disclosure
Use and disclosure of Personal Information
We use Personal Information for a variety of purposes to effectively conduct our business including:
(a) to administer the supply of products and services to you (including sale of tickets to our events);
(b) planning, delivery and operation of our events;
(c) to provide you with access to the Websites;
(d) to contact and communicate with you (including to provide you with information about our events for which you have been registered as an attendee);
(e) to run competitions, promotions and marketing campaigns including direct marketing (only where you have opted in to receiving such communication);
(f) to conduct market research and website development;
(g) for internal record keeping;
(h) to consider applications for current and future employment; and
(i) to comply with legal and regulatory requirements (including, without limitation, providing Personal Information to relevant State and Territory health authorities when required to do so for contact tracing purposes).
We will not use or disclose Personal Information we hold about you that was collected for a particular purpose for another purpose, unless:
i. you have consented to the use or disclosure of the information for another purpose;
ii. we use that information for a secondary purpose that is related to the primary purpose, the information is not sensitive information and you would reasonably expect us to use or disclose the information for that secondary purpose; or
iii. the use or disclosure is otherwise permitted under the Privacy Act.
You have a right under the Spam Act 2003 (Cth) to opt out from direct marketing and you can opt out at any time by emailing our Privacy Officer at thefarmer@thehillsarealive.com.au or by clicking the ‘unsubscribe’ link on any direct marketing communications.
Disclosure to third parties
To help us carry out our business functions, we may disclose Personal Information about you to third parties, provided such disclosure is lawful, including:
(a) our related entities including The Hills Are Alive Group Pty Ltd;
(b) our business partners or joint venture entities in the music, entertainment and marketing industries;
(c) our third-party ticket merchants and ticket resale merchants;
(d) our artists performing at events that you have purchased tickets to;
(e) our event partners or sponsors;
(f) our external service providers, including mail houses, couriers, payment processors or payment gateway providers and e-commerce website providers;
(g) our professional advisers, such as auditors and lawyers;
(h) an individual’s representatives, including any person who has authority to act on their behalf;
(i) debt collection agencies and credit reporting bodies;
(j) government and regulatory authorities (as required or authorised by law or a court/tribunal order); and
(k) any other person where you have given your consent.
By consenting to receiving direct or commercial marketing messages, you also consent to disclosure of your data to the following third-parties and for those third-parties to use this data to send you direct or commercial marketing messages:
(a) our business partners or joint venture entities who we have partnered with for the purposes of the events you bought a ticket to or attend;
(b) our third-party ticket merchants and ticket resale merchants who sold/listed tickets in respect of the events you bought a ticket to or attended;
(c) artists performing at events that you have purchased a ticket to or attended; and
(d) our event partners or sponsors.
We will take reasonable steps to ensure that these third parties are bound by privacy obligations in relation to your Personal Information. You can withdraw your consent to have your Personal Information shared with third-parties by emailing thefarmer@thehillsarealive.com.au but withdrawal of such consent may affect your ability to access and use our Websites or purchase a ticket to or attend our events.
We will not sell, gift, rent or trade your Personal Information to anyone.
Disclosure overseas
In some circumstances, we may need to disclose your Personal Information to third party suppliers and service providers located overseas including PayPal, Shopify, Braintree and Afterpay. We take reasonable steps to ensure overseas recipients of your Personal Information do not breach the Privacy Act.
Our Websites contain features or links to websites and services provided by third parties such as social media platforms, e-commerce platforms, online streaming services and external payment gateways. These third-party service providers have their own privacy policies and may disclose your Personal Information to overseas recipients.
4. Protecting Personal Information
Storing Personal Information
We store your Personal Information in different ways, including in physical and electronic form on site and with third party storage providers.
We maintain physical, electronic and procedural security measures to safeguard your Personal Information and to secure and protect it from misuse and unauthorised access, disclosure or interference by:
(a) physical security measures for access to systems, including restricting access to authorised personnel only, control of access to buildings and use of user identifiers and passwords;
(b) electronic security systems such as firewalls and data encryption, backup and recovery of systems, use of rostering, staff management and finance software, use of secure payment portals and Secure Socket Layer (SSL); and
procedural security measures, including imposing confidentiality obligations on employees, consultants and contractors, providing them with training and requiring them to comply with strict privacy and security policies and procedures including account decommissioning for exiting staff.
Security Breach
Although we take care with your Personal Information, we cannot 100% guarantee that there will not be any security breaches.
We acknowledge our obligation to report any data breach that is likely to risk the rights and freedoms of natural persons to the Australian Information Commissioner. If possible, and where this data breach poses a risk of serious harm to you or your rights and freedoms, we will also inform you.
To the extent permitted by law, we accept no liability for any breach of security or direct hacking of our security or any unintentional disclosure, loss or misuse of any information or data or for the actions of any third parties that may obtain any information or data.
What happens if we no longer need your Personal Information?
If we no longer need your Personal Information for any purpose, we will take reasonable steps to destroy or permanently de-identify the information, unless the information is contained in a Commonwealth record or we are required by law, or a court/tribunal order, to retain the information.
5. Access to, and correction of, Personal Information
Access to Personal Information
You may request access to Personal Information we hold about you by contacting our Privacy Officer in accordance with the contact details set out at the end of this policy.
We will respond to a request for access within a reasonable time, and give you access in the manner you request, if it is reasonable and practicable to do so, unless an exception in the Privacy Act applies. For example, if providing this access may disclose information about another person, we may need to refuse to grant you access.
We may need to verify your identity before we give you access to your Personal Information. Depending on the nature of the request, we may charge you a small fee to access that information.
Correct Information
You acknowledge that it is your sole responsibility to maintain the accuracy and completeness of your Personal Information and that your failure to do so may inhibit our ability to undertake our various business functions, including processing your purchase of any ticket and allowing you access to any of our events.
You may request us to correct any information about you which you think is inaccurate, incomplete or out of date. We will respond to a correction request within a reasonable time.
If we correct your Personal Information that we have previously disclosed to another entity, and you ask us to tell the other entity about the correction, we will take reasonable steps to tell the other entity about the correction, unless it is impractical or unlawful to do so.
Refusal to allow access to, or correction of, Personal Information
If we refuse to allow you access to your Personal Information or to correct that information, then we will provide you with the reasons for our decision and will inform you of mechanisms available to complain about the refusal.
6. Anonymity
You have the option to remain anonymous, or to use a pseudonym when dealing with us where it is lawful and practical to do so. However, without your Personal Information we may not be able to provide you with our products and services. You will not be able to purchase any ticket for or attend any of our event without providing Personal Information.
7. Contact
Privacy Officer
If you have any questions in relation to our Privacy Policy, complaints about our privacy practices or would like further information, please contact our Privacy Officer:
· Privacy Officer
· Mail: 1170 Loch Wonthaggi Rd, Kernot VIC 3979
· Email: thefarmer@thehillsarealive.com.au
External complaint mechanism
If you are not happy with the outcome of the Privacy Officer’s investigation or we have not replied to you within 30 days, then you can raise your concern with:
· The Office of the Australian Information Commissioner
· Telephone: 1300 363 992
· Email: enquiries@oaic.com.au
· Mail: Office of the Australian Information Commissioner
· GPO Box 5218 Sydney NSW 2001
· Online: https://www.oaic.gov.au/privacy/privacy-complaints/