The Privacy Officer
Black Swan State Theatre Company
PO Box 337
NORTHBRIDGE WA 6865
The Privacy Officer
Black Swan State Theatre Company
Level 1, 182 William Street
PERTH WA 6000
General statement of principle
- We will never give your name, address or other personal information to anyone wishing to contact our customer database for the purposes of marketing their own products and services to you.
- We will only permit offers or invitations from third parties to be made through us and only if you actively opt-in to receiving such offers or invitations and we consider the offer or invitation to be of some interest or benefit to our customers. If we do permit an offer or invitation to be made through us by a third party it would usually be a reduced price or priority booking for an arts event or a special offer from one of our sponsors.
- If you wish to be removed from our database, please email us at firstname.lastname@example.org.
What is “personal information”
- When used in this policy, the term “personal information” has the meaning given to it in the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principals. In general terms, it is any information that can be used to personally identify you. This may include (but is not limited to) your name, age, gender, postcode and contact details (including phone numbers and email addresses) and possibly financial information, including your credit card, direct debit or PayPal account information. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
Collection of your personal information
- Black Swan may collect and hold the following types of personal information:
b) mailing or street address;
c) email address;
d) telephone number;
e) age or birth date;
f) credit card information, but only if you expressly request us to hold that personal information (it is otherwise destroyed immediately after the relevant transaction has been completed);
g) details of the products you purchase from us, such as tickets and/or attendance to Black Swan events (Events), or products which you have enquired about, together with any additional information necessary to respond to your enquiries;
h) any additional information relating to you that you provide to us directly through the Black Swan website (Website) or indirectly through use of the Website or online presence through our representatives or otherwise; and
i) information you provide to us through customer surveys.
How we collect personal information
- We only collect personal information by lawful and fair means and not in an unreasonably intrusive way. We only collect personal information if the information is reasonably necessary for one or more of our functions or activities. We will collect your personal information directly from you unless it is unreasonable or impractical to do so. We collect your personal information in ways including:
b) during conversations between you and our customer service representatives; and
c) when you purchase a product from us, such as tickets to an Event.
- We may also collect personal information from third parties including:
a) public registers;
b) social media;
d) mailing lists;
e) recruitment agencies;
f) through someone else who has provided us with your information (eg. a purchaser of a gift voucher);
g) third party companies such as law enforcement agencies and other government entities; and
h) contractors and business partners.
- The Privacy Act also protects your sensitive information, such as health information (eg. whether or not you need wheelchair access or have difficulty hearing). If we need to obtain this type of information, we will ask for your consent, except where otherwise permitted by law.
Anonymity and pseudonyms
- You have the option of using a pseudonym when dealing with us except in circumstances in which it would be impracticable for us to deal with you if you were to be using a pseudonym.
Use of your information
- The primary purpose for which we collect information about you is to enable us to perform our business activities and functions and to provide the best possible quality of customer service. We collect, hold, use and disclose your personal information for the following purposes:
a) to provide products and services to you, including:
i. to advise you if an Event has been re-scheduled or cancelled;
ii. to advise you whether you are entitled to entry to a re-scheduled Event;
iii. to assist with processing transactions entered into by you to purchase tickets to Events, which may require providing your personal information to third parties such as credit card companies and financial institutions;
b) to provide you with news, information or advice about our existing and new products and services, including supplying you with flyers and material about future Events;
c) to communicate with you including by email, mail or telephone;
d) to manage and enhance our products and services;
e) to personalise and customise your experience;
f) to conduct competitions or promotions on behalf of Black Swan and selected third parties;
g) to verify your identity;
h) to provide as part of business data to third parties if you have authorised us to do so;
i) to conduct business processing functions through the Website;
j) for our administrative, marketing (including direct marketing), promotional, planning, product/service development, quality control and research purposes, or those of our contractors or external service providers;
k) to investigate any complaints about or made by you, or if we have reason to suspect that you are in breach of any of our terms and conditions or that you are or have been otherwise engaged in any unlawful activity; and
l) to comply with our legal obligations and assist government and law enforcement agencies or regulators.
- We may combine customer information we have with information available from a wide variety of sources, for example the census or Australia Bureau of Statistics data, to gain useful insights which can be used for the purposes set out in paragraph 14 above.
- We record information in this category only when requiring proof of concession status for ticket purchases. We will take all reasonable steps to ensure that pension or concession card numbers kept on file are used only for the purpose of verifying ticket concession status.
What happens if we can’t collect your personal information
a) we may not be able to provide you with the products or services you requested, either to the same standard, or at all;
b) we may not be able to provide you with information about products and services that you may want, including information about discounts sales or special promotions; and
c) we may not be able to let you know if an Event has been re-scheduled or cancelled.
Who we disclose your personal information to
- We may disclose your personal information to:
a) our employees, related bodies corporate, contractors or external service providers for the operation of the Website or our business, fulfilling requests by you, and otherwise provide products and services to you, including without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, and professional advisers such as accountants, solicitors, business advisors and consultants;
b) our existing or potential agents, business partners or joint venture entities or partners;
c) our sponsors, or promoters of any competition that we conduct or promote via our services;
d) specific third parties authorised by you to receive information held by us;
e) the police, any relevant authority or enforcement body, or your Internet Service Provider or network administrator, for example, if we have reason to suspect that you have committed a breach of any of our terms and conditions, or have otherwise been engaged in any unlawful activity, and we reasonably believe that disclosure is necessary; and
f) any other party as required or permitted by any law (including the Privacy Act).
- If you are under 18 or have special needs, we may disclose your personal information to your parent or legal guardian or any person appointed to manage your affairs.
Direct marketing materials
- We will only use or disclose your personal information for the purpose of direct marketing if we collected the personal information directly from you, and you would have reasonably expected us to use the information for the purpose of direct marketing.
- You may at any time opt-out of receiving marketing communications by notifying us in writing using the contact details set out above. We will then ensure that your name is removed from our mailing list.
- Direct marketing communications we make to you will be about products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail and email, in accordance with applicable marketing laws, such as the Spam Act 2004(Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.
- We do not provide your personal information to other organisations for the purposes of direct marketing unless authorised by you.
- If you receive communications from us that you believe have been sent to you other than in accordance with this policy, or in breach of any law, please contact us using the contact details set out above.
Accessing and correcting your personal information
- You have the right to request access and correction of your personal information at any time using the contact details set out above.
- Where we hold information that you are entitled to access, we will endeavour to provide you with suitable means of accessing it (for example, by mailing or emailing it to you) within a reasonable period after your make your access request. Existing patrons who have purchased tickets from the Black Swan Website are able to login and update their personal details and preferences directly online.
- There are some circumstances under the Freedom of Information Act 1992 (WA) when we are not obliged to provide access to the personal information we hold, if granting access would interfere with the privacy of others, or if it would result in a breach of confidentiality. We will advise if one of these situations applies to your request.
How you can complain about a breach of privacy
- We will treat your requests or complaints confidentially. We will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
Disclosure of personal information outside Australia
- We do not anticipate that we will disclose personal information to external service providers who operate or hold data outside Australia. However, if we were to disclose personal information to overseas recipients, we would do all things reasonably necessary to ensure that appropriate data handling and security arrangements were in place. Please note that Australian law may not apply to some overseas entities.
Security and storage of information
- We will take all reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Our security safeguards include:
a) staff education – we train and remind our staff of their obligations with regard to your information;
b) system security – we use firewalls, password access and secure servers and encrypt data that is sent by you to us and by us to third parties; and
c) taking precautions with overseas transfers and third parties – when sending information overseas or use third parties that handle or store data we ensure that appropriate data handling and security arrangements are in place.
- Credit card purchases or donations you make on the Website are processed with secure server technology provided by Thawte DV SSL CA through the Website’s host, Simplisite Business Solutions Pty Ltd. The security features provided include “authentication”, which ensures your data is being sent to the correct computer server and that the server is secure, and “encryption”, which encodes the data so that it cannot be read by anyone other than the secure server. The Website uses 128-bit encryption.
- Additionally, Tessitura Networks payment gateway, Payment Express, is PCI DSS compliant. All credit card information in Tessitura is encrypted with encryption keys created using the Tessitura Security application. New encryption keys are created at least annually, or more often as required for Black Swan.
- If we no longer need your personal information for any of the purposes set out in paragraph 14 above and we are not required by law to retain it, we will take reasonable steps to destroy the information or ensure that it is de-identified.
Cookies and web beacons
- When visiting the Black Swan Website, we may store some information commonly known as a “cookie” on your computer. A "cookie" is a small file containing a string of characters that is sent to your computer, tablet, mobile phone or other electronic device when you visit a website. Cookies help Black Swan provide a more customised service (e.g. by storing user preferences in cookies) and enables you to get the best out of the Website. They are also used to better understand how you use the Website (e.g. by tracking user trends and patterns of how people navigate our sites). These cookies may be used to collect visitor activity information, manage user log-ins, personal preferences, and provide you with relevant information or customised advertisements.
The Black Swan Website uses "first party" cookies and "third party" cookies (cookies originating from a third-party website). First party cookies are used for storing preferences and data needed throughout your visit to our Website (e.g. managing user log-ins, personal preferences, contents of your shopping cart) and to provide you with customised advertising. Third party cookies are used for tracking user trends and patterns with the help of third party web statistics providers. These third-party cookies are used exclusively on the Black Swan Website and designated website service provider and are not shared with any other third party.
We also use web beacons (also known as web bugs or clear GIFs) to record the behaviour of users visiting our website. You can find more detailed information about cookies and web beacons and how they work at All About Cookies (http://www.allaboutcookies.org/)