Privacy Policy

1 Introduction

1.1 This Privacy Policy sets out how Sydney Gay and Lesbian Mardi Gras (ABN 87 102 451 785) (SGLMG, us or we) manages personal information.

1.2 In this Privacy Policy, personal information means any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.

2 Consent

2.1 By providing personal information to us, you acknowledge us collecting, holding, using and disclosing your personal information in accordance with and for the purposes specified in this Privacy Policy and/or as otherwise disclosed to you, for example, at the time the information was collected.

2.2 You are not required to provide personal information to us. However, if you do not provide us with all the information we request, the services we provide to you may be affected, or we may not be able to provide these services to you at all.

3 Collection

3.1 We collect personal information when you:
i. interact with our website, https://www.mardigras.org.au/ (Website);
ii. subscribe to receive communications from us;
iii. donate to us;
iv. purchase tickets to events hosted by us or our partners;
v. apply for roles as a volunteer or employee;
vi. apply to sponsor our events or activities and/or provide such sponsorship to us; and
vii. tender to provide, or actually provide goods or services to us.

3.2 The types of personal information we collect from or about you will depend on the nature of your interactions with us.

3.3 For example, the personal information we collect may include your:
i. name;
ii. date of birth or age;
iii. gender and/or preferred pronouns;
iv. sexual orientation or practices;
v. contact details including your address, phone number and email address;
vi. credit card or other online payment details;
vii. health information that will assist us with catering to individual needs such as your dietary, disability or accessibility requirements;
viii. details regarding activities you would like to experience or participate in, such as your preferences in relation to music, parties and events;
ix. details of your education, employment history and potential referees if you submit a CV to us as part of an application to be a volunteer or employee; and
x. photos and/or video images of you where they are submitted to us or taken at our events (including in the context of security, crowd control or crowd-counting technologies to improve the way in which we provide services) or tagged on social media with hashtags we use to promote our events, for example #SydneyMardiGras.

3.4 We typically collect personal information directly from you through our Website, through SGLMG functions and events and when you communicate with us (either by email, telephone, in writing or in person). If your parent or guardian interacts with us on your behalf, we may also receive your personal information from them. We may also collect personal information about you from third parties such as Ticketek Pty Limited, Eventbrite, Inc. or other booking services, as well as venues hosting SGLMG functions and events, when you book into our services.

4 General Data Protection Regulation (GDPR)

If you are in the European Union (EU) (including the European Economic Area) or the United Kingdom, the collection and processing of your personal information will be subject to the General Data Protection Regulation (2016/679) (EU GDPR) or the version of GDPR which has been incorporated into the laws of the UK by virtue of section 3 of the European Union (Withdrawal) Act 2018 (UK GDPR). References in this Privacy Policy to the “GDPR” are to the EU GDPR and/or UK GDPR, as applicable. In providing our services to you, we may collect and process personal information as outlined in this Privacy Policy. Otherwise, including for individual users of our services, we will be a data controller for the purposes of the GDPR and this policy includes information that must be provided to you when we collect your personal information.

5 Use and disclosure

5.1 We will not use or disclose your personal information for any purpose other than the purpose for which it was collected (or a related purpose) unless you have consented to that other purpose or we are permitted to do so by law.

5.2 We collect personal information for the purpose of providing our activities and other services, including:
i. processing, administering and maintaining your membership; and
ii. processing payments.
When processing your personal data for these purposes, we are relying on the legal basis that processing your personal data is necessary for us to carry out our contractual obligations with you.
iii. processing and administering applications from individuals, businesses and community organisations who wish to be part of the SGLMG event;
iv. processing and administering applications for volunteer positions and employment with us;
v. tailoring our activities and other services to your needs;
vi. improving our activities and other services;
vii. promoting our activities and other services to you, promoting Sydney Gay and Lesbian Mardi Gras to you and, where you have opted in, promoting the services of our partners and sponsors to you;
viii. sending newsletters, surveys, information about contests, and emails or other communications to you about our events and activities;
ix. to conduct market research; and
x. the general management and conduct of our business, including responding to responding to complaints, inquiries or requests.
When processing your personal data for these purposes, we are relying on the legal basis that processing your personal data is necessary for us to further our legitimate business interests.
xi. complying with safety requirements (including crowd control), our insurance and legal obligations, including in relation to SGLMG functions and events.
When processing your personal data for these purposes, we are relying on the legal basis that processing your personal data is necessary in order to comply with our legal obligations.

5.3 Special categories of personal data (e.g. personal data revealing your sexual orientation or practices, or health information) require higher levels of protection. We have described the legal bases on which we process the special category personal data below, with respect to each of the purposes identified for processing your special category data.
i. Personal data revealing sexual orientation or practices, and health information, is held and processed for the purpose of appropriately directing our activities and services, and equal opportunities monitoring.
When processing your personal data for these purposes, we are relying on the legal bases that: (a) processing your personal data is necessary for us to further our legitimate business interests (providing you with services and access to activities; protection against improper or unauthorised use of the Website; and developing and promoting our services and activities); and (b) we have your explicit consent to do so.

5.4 We may also use personal information for related purposes that would be reasonably expected by you.

5.5 We may disclose your personal information to third parties in certain circumstances, including, for example:
i. to our related bodies corporate, professional advisers, contractors, consultants, venue operators, promoters, ticket sellers, and to insurance providers;
ii. service providers who assist us in supplying our services or who perform operational, administrative and other related functions on our behalf (including technology and business service providers, and mailing houses such as MailChimp (The Rocket Science Group, LLC)). We will only disclose limited personal information to our third party service providers to the extent required for the service provider to effectively provide their services to us; and
iii. other persons or organisations in order to comply with our legal obligations, which may include emergency situations, and assisting law enforcement agencies.

5.6 If you do not wish for your information to be used or disclosed for these purposes, please contact us via the contact details in Section 15 below.

5.7 As a public company, SGLMG is required by the Corporations Act 2001 (Cth) (Corporations Act) to maintain a register that includes the name and address of every member of SGLMG. In accordance with the Corporations Act, SGLMG must provide access to or a copy of its members’ register to any person who makes such a request.

5.8 We will not otherwise disclose any personal information unless we seek your consent or where such disclosure is legally authorised or required, such as in the investigation of a criminal offence, or in compliance with a search warrant, court order or subpoena.

6 Overseas disclosures

6.1 SGLMG may disclose personal information to overseas recipients such as its service providers in order to provide its products and/or services and for administrative, data storage or other business management purposes. The countries in which the recipients are likely to be located include New Zealand, the United States, Canada, the United Kingdom and the European Union. It is not practicable to identify any other countries in which recipients are likely to be located.

6.2 Overseas recipients may have different privacy and data protection standards. However, before disclosing any personal information to an overseas recipient, SGLMG will take steps, that are reasonable in the circumstances, to ensure the overseas recipient complies with the APPs, EU data protection laws, UK data protection laws (where applicable) or is bound by a substantially similar privacy scheme.

6.3 If you have any queries or objections to such disclosures, please contact us via the contact details in Section 15 below.

7 Cookies and log files

7.1 A cookie is a piece of data stored on the user’s hard drive containing information about the user. Usage of a cookie is in no way linked to any personal information while on this website. The Website only uses session cookies, which means that once the member or visitor closes their browser, the cookie simply terminates. If a member or visitor rejects a cookie, they may still use the Website. However, the use may be limited in some areas of the Website. Cookies can also enable us to anonymously track the interests of our members and visitors to enhance the usefulness and enjoyment of the Website.

7.2 When you visit the Website, our internet service provider makes a record of your visit and logs the following information for statistical purposes:
i. your server (IP) address;
ii. your top-level domain name (for example: .com, .gov, .au, .uk, etc.);
iii. the pages you access and any documents downloaded;
iv. the previous site you have visited; and
v. the type of browser you are using.

7.3 We may use this information to analyse trends, administer the site, track members or visitors’ movements and gather broad demographic information for aggregate use. IP addresses are not linked to any personal information.

8 Aggregated data

8.1 We may from time to time share aggregated demographic information with our partners and sponsors. This is not intended to be linked to any personal information capable of identifying any individual.

9 Integrity of personal information

9.1 We will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information we collect is accurate, up-to-date, and complete, and that the personal information we use and disclose is accurate, up-to-date, complete and relevant (having regard to the purpose of the use or disclosure). To assist us, please ensure that the information you provide to us is accurate, up-to-date, and complete.

9.2 We have put in place appropriate security measures to protect your personal information from misuse, interference and loss as well as unauthorised access, modification and disclosure.

9.3 If we hold personal information about you that is no longer needed for any purpose for which it may be used or disclosed, we will take such steps as are reasonable in the circumstances to destroy or permanently de-identify that personal information.

10 Access to and correction of personal information

10.1 You can request, and we will provide you with access to, any personal information we hold about you (subject to certain legal exceptions). If a legal exception applies and we decide not to provide you with access to any personal information we hold about you, we will advise you of the reasons for our decision.

10.2 If we are satisfied that any personal information we hold about you is inaccurate, incomplete, out of date, misleading or irrelevant (having regard to the purpose for which it is held) we will take such steps (if any) as are reasonable in the circumstances to correct that personal information. This may include notifying third parties to whom we have disclosed that personal information. If we do not agree that personal information we hold about you is inaccurate, incomplete, out of date, misleading or not relevant you may ask that we attach a statement to this effect to our record.

10.3 Please let us know if you have any concerns or complaints about the way we are handling your personal information so we can address them. We will review any complaints and respond to them within a reasonable period of time acknowledging receipt of the complaint and informing you of the next steps we will take in dealing with your complaint.

10.4 If we are unable to satisfactorily resolve your concern or complaint, you can contact the Office of the Australian Information Commissioner (OAIC). To make a query concerning your privacy rights, or to lodge a complaint with the OAIC about how we have handled your personal information, you can contact the Commissioner’s hotline on 1300 363 992. The OAIC has the power to investigate the matter and make a determination.

11 Access and complaints if you are in the EU or the UK

11.1 If you are located in the EU or the UK, you also have in certain circumstances the right to request that the personal information that is collected from you is erased, its further processing is restricted, or to object to its further processing and the right to data portability. You can also ask that personal information provided by you to us is transmitted to another party. You may also withdraw your consent where it has been provided as a condition of our processing your information or object to the further processing of your personal information in certain circumstances.

11.2 If we refuse any request you make in relation to these rights, we will write to you to explain why and how you can make a complaint about our decision.

11.3 To make a request in respect of these rights or to make a complaint, please contact us via the contact details in Section 15 below.

11.4 You also have the right to lodge a complaint with a relevant data protection supervisory authority (for example in the place you reside or where you believe we breached your rights).

12 Other organisations’ websites

12.1 The Website and our email communications may contain links to other websites. We do not control these websites or any of their content and if you visit these websites, they will be governed by their own terms of use (including privacy policies). We encourage our members and visitors to be aware whenever they leave the Website, and to read the privacy statements of each and every website that collects personal information. This privacy statement applies solely to information collected and held by SGLMG.

13 Changes to this Privacy Policy

13.1 We may, from time to time, amend this Privacy Policy, in whole or part, in our sole discretion. Any changes to this Privacy Policy will be effective immediately upon the posting of the revised Privacy Policy on the Website. Depending on the nature of the change, we may announce the change on the home page of the Website or by email (if we have your email address). However, in any event, by continuing to access our services following any changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Privacy Policy, as amended from time to time, in whole or in part, you must not access our services including the Website.

14 Contact us

14.1 If you have any questions about this Privacy Policy or if you wish to request access to your personal information, correct or update your details, or raise any privacy concerns you may have, our contact details are as follows:
By email
Attention: CEO
Subject: Privacy policy
email: reception@mardigras.org.au

By mail Level 2/81-83 Oxford St,
Darlinghurst, NSW,
Australia, 2010