(at 31 October 2019)
The Fivex Foundation Pty Ltd, a non-profit company limited by guarantee, ABN 676 3441 0254 (the Foundation, we, our or us) is committed to protecting and respecting your privacy, having regard to the Privacy Act 1988 (Cth) and similar legislation in other countries (including the General Data Protection Regulation (GDPR) that applies in member states of the European Union).
As a result, the Foundation has implemented practices, procedures and systems in relation to privacy and, in particular, to:
- maintain the confidentiality and security of personal information and personal data it collects and holds; and
- manage its systems, practices and procedures in an open and transparent way.
By “personal information” and “personal data”, we mean information, data or an opinion about an identified individual, or about an individual who is reasonably identifiable from the information (including by reference to identifiers such as a name, an ID number, location data, an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of that person). Those individuals include people who enter for awards or book for events we run or co-ordinate, or who otherwise contact us, or our agents, suppliers, distributors, contractors or other associates. This policy sets out how we handle the personal information and data we collect and hold.
By continuing to use our site, you agree that we may collect and handle your personal information and data in accordance with this policy (as amended from time to time).
What personal information or data does the Foundation collect and hold?
The kinds of personal information and data we may collect and hold depend on how you interact with us, but can include:
- contact details (including email addresses);
- qualifications and accreditations;
- credit card details;
- details of your visits to our site (including traffic and location information, which pages you visit, weblogs and other communication information); and
- images submitted by you in relation to the Fivex Art Prize or similar competitions.
When you visit our site, we may also collect information about your computer, including (where available) your IP address, operating system and browser type.
We do not keep files containing all of the above information on all people who contact us, or with whom we deal. In many cases, we may have only one or two pieces of information or data relating to any particular person.
Why does the Foundation collect and hold personal information?
We collect and hold personal information for a variety of purposes – and different kinds of personal information and data are used for different purposes.
In each case, however, the personal information and data we collect and hold is reasonably necessary for our functions and activities and for our legitimate interests, including in order to provide you with services you would expect from us. These purposes are:
- to administer the Fivex Art Prize and other competitions (including in some cases in conjunction with third parties);
- to provide you with news and information, products or services that you request from us or which we reasonably believe may interest you;
- for purposes necessary to provide you with goods and services that you have ordered or requested from us (including through our site);
- to personalise and customise your experience when using our sites (including so that our site is presented in the most effective manner for you and your computer);
- to communicate with you (including by email, mail or telephone, and including in relation to changes to our products and services);
- to manage and enhance our services;
- to conduct research;
- for system administration and for network analysis and security (by ourselves and our IT contractors);
- to report aggregate information to our affiliates and supporters;
- to allow you to participate in interactive features of our sites that may be available;
- to investigate any complaints about or made by you, or if we have reason to suspect that you are in breach of any of our terms and conditions or that you are or have been otherwise engaged in any unlawful activity; and
- as required or permitted by any law (including privacy legislation).
From time to time, when collecting information or data from you, we may also ask you to “opt-in” to consent to us using or disclosing your personal information and data other than in accordance with this policy or any applicable law.
As part of our commitment to protecting your privacy, however, you will also be given the opportunity to “opt out” from receiving communications from us or from third parties that send communications to you in accordance with this policy or in accordance with any additional consent you give, and we will comply with your decision. (You will be able to “opt out”, for example, by clicking on an “unsubscribe” link at the end of an email, or by contacting our Privacy Officer.)
How does the Foundation get the personal information and data it collects and holds?
The Foundation only collects personal information by fair and lawful means, including when people:
- book for Foundation events;
- enter competitions or promotions we may hold;
- fill in any contact forms on our sites (including when signing up for newsletters);
- post material to our sites or to social media that we use (such as Facebook, Twitter, Pinterest and Instagram);
- use any app we might provide;
- link their social media accounts to a Foundation account; and
- contact us other than through our sites or social media (for example, if you email us directly, or send us a fax or letter).
We prefer to obtain any personal information or data we collect directly from you. In some cases, however – such as when a friend or family books a place for you at an event – it may be unreasonable or impracticable to obtain personal information directly, and we may obtain that information or data from someone else. We may also collect personal information and personal data from external service providers to whom we have contracted services as well as from third parties who offer products and services to our members and registrants.
If you are concerned about what personal information or data we may hold about you, please see below for information on how you can access and (if necessary) correct that information and data, and how you can have that information or data deleted.
When you visit our website or use an app we may develop we may send your browser a cookie. A cookie is a small file placed on your computer or mobile phone’s browser that helps us recognise you when you return to our website or to the app and can tell us whether or not you’ve visited the site before. Your browser will tell us if you have these cookies, and if you don’t, we may generate new ones.
You can disable cookies from our site at any time by changing your browser settings (typically found in the “options” or “preferences” menu of your browser). Please note, however, that changing these settings may prevent areas of our website from working as intended.
We also use third-party cookies, including Google Analytics features (such as Remarketing, e-Commerce Tracking, Demographics and Interest Reporting), Facebook Remarketing tags and tracking pixels and DoubleClick remarketing pixels. Based on your past visits to our website, these enable third-party vendors such as Google and Facebook to provide you with information about products and services that may be of interest to you as you browse the internet more generally (including information about products and services from third-parties).
You can choose to opt out of the above by visiting the Network Advertising Initiative opt out page (available at http://optout.networkadvertising.org/?c=1#!/) or, by visiting http://optout.aboutads.info/?c=2#!/ (for Google Analytics).
For more information about cookies, including to see what cookies have been placed, how to manage and delete them, and how to opt-out of being tracked by social networks and third-party advertisers, visit these services:
If you are resident in Europe, our resources and services are only available to people aged 13 years or over. If you are aged under 13 and resident in Europe, you will need to have a parent or guardian sign up for our services or to place orders on your behalf.
We may use or disclose your personal information or data to promote both our products or services and those of third parties through direct marketing.
You may ask us to identify how we acquired the personal information or personal data that we use or disclose for direct marketing purposes by contacting us via the details set out at the end of this Policy.
If at any time you do not wish to receive any direct marketing communications whether from us or from third parties, you can ask us not to send you any further direct marketing communications and not to disclose your personal information to third parties for that purpose by using the “unsubscribe” facility included in a prominent statement in the direct marketing communications or by contacting us via the details set out below.
Can I interact with the Foundation anonymously or under a pseudonym?
In many cases, you will need to provide your real name when interacting with us. This will particularly be the case when you are (for example) booking to attend an event or submitting an artwork for a competition.
You may however – wherever lawful and practicable – use a pseudonym (or simply not identify yourself) when dealing with us. For example, if you have a complaint or concern about our site, or a general question about any of our resources or services, you are welcome to contact us without identifying yourself. In some cases, however, if you do not provide us with information, we may not be able to provide you with our resources or services, or we may not otherwise be able to respond adequately to you.
For clarification on when you must identify yourself, please contact our Privacy Officer. (You may use a pseudonym – or simply not identify yourself – when making such an enquiry.)
Who has access to my personal information?
Generally, only our officers and staff will access your personal information and data, and then only on a “need to know” basis.
We may also disclose your personal information and data:
- to people who work for us or for one of our suppliers, or on our behalf, and who may be engaged in, among other things, filling and delivering orders, processing payments and mail-outs, marketing, administration, research and providing other technical and non-technical support (including IT services);
- to protect the rights, property, health or safety of the Foundation or its officers, customers or others (including exchanging information with other companies and organisations to protect against fraud and to reduce credit risk);
- to our agents, legal advisers, business partners, joint venture entities and other partners;
- to sponsors and promoters of any competition or event that we conduct or promote;
- to anyone else that you specifically authorise us to receive information held by us; and/or
- as otherwise required or permitted by law (including under privacy legislation).
How long we keep your personal information and data
We only keep your personal information and data for as long as is necessary to provide you with the goods or services you have requested from us or for as law as we reasonably need to retain the information for our legitimate interests.
We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time we need to keep it. For example, we delete or de-identify personal information and personal data after two years if we have no further interactions with you during that time.
Your rights and choices
As set out in more detail below, you may:
- object to our using your information for direct marketing and on the basis of our legitimate interests;
- withdraw any consent you have given to us in relation to our use of your personal information and data (including by contacting us as set out below or by “unsubscribing” to emails sent to you;
- request access to the information or data we hold about you;
- receive a copy of information or data we hold about you;
- ask us to transfer the information or data we hold about you to another service provider;
- ask us to correct information or data we hold about you;
- in certain circumstances, restrict the processing of information or data we hold about you;
- in certain circumstances, delete information and data we hold about you; and
- make a complaint (as further discussed below) in relation to how we have collected or used your personal information and data.
How can I access (and, if necessary, correct or delete) personal information and data that the Foundation has collected and holds about me?
If you otherwise want to review (and, if necessary, correct, delete or update) personal information and data that the Foundation may have collected and hold on you, please contact our Privacy Officer.
We will respond to your requests to access and to correct or delete your personal information as soon as possible (but in any case, within a reasonable period).
How can I complain about the Foundation if it breaches any of applicable privacy principles or any registered code that binds it?
Contact our Privacy Officer (details below) if you have any complaints about breaches by the Foundation of any applicable privacy principles or of any registered code that binds it.
If you qualify as a “European Union data subject”, you may also lodge a complaint about us and our use of your personal information or data to the relevant supervisory authority. Information on how to file such a complaint is available at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
How will the Foundation deal with complaints I might have about breaches of applicable privacy legislation or any relevant registered code?
We will treat any complaint about a breach of privacy legislation or any relevant registered code seriously, and will investigate any breach of which we become aware – including how it occurred and how best to prevent such a breach occurring again.
What steps does the Foundation take to secure personal information and data?
We take reasonable steps to ensure that your personal information and data is treated securely and in accordance with this policy and is not subject to misuse, interference or loss, or unauthorised access, modification or disclosure. For example, apart from using secure servers, we implement firewalls, password access and challenge phrases and, where relevant, we impose limits on who can access personal information. We also encrypt payment transactions using Secure Socket Layer (SSL) certificates.
You understand, however, that the transmission and storage of personal information is not necessarily wholly secure, and that the steps we take to protect your information and data, though reasonable, may not always be effective. In those circumstances, except insofar as the GDPR requires, we do not accept responsibility for any misuse or loss of, or unauthorised access to, your personal information. If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.
If we have given you (or where you have chosen) a password which enables you to access our services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Does the Foundation disclose personal information or data to people or organisations outside Australia?
The Foundation holds personal information and data securely both in its offices and on secure servers, some of which are located in Sydney.
Personal information may also be processed by staff or agents operating outside Australia or the European Economic Area. Such staff may be engaged in, among other things, filling your orders, processing payment details and providing support services.
We will not, however, transfer your personal information or data overseas to a country that is not subject to a comparable privacy scheme unless the organisation to which we disclose that information implements privacy policies at least comparable to the obligations that apply under Australian law and the GDPR.
Who do I contact about privacy issues?
If you have any concerns or questions about privacy issues, including how the Foundation is dealing with or holding your personal information and data, contact our Privacy Officer by email to firstname.lastname@example.org .
Please also contact our Privacy Officer if, for example:
- you want to review and/or correct any personal information or data we hold about you;
- you would like to withdraw any consent you have given to us in relation to how we use your personal information or data;
- you would like us to delete your personal information and data; or
- you receive communications purporting to be connected with the Foundation or our services that you believe have been sent other than in accordance with this policy or in breach of any law.