PRIVACY
Destination NSW Privacy Policy
Last updated 2 September 2021
Destination NSW keeps its Privacy Policy under regular review and places any updates on this website. If you do not agree with this Policy, do not access or use our services or interact with any other aspect of Destination NSW
This privacy policy applies to visitors and users of this website and our other websites, access or use of our services or interactions with any other aspect of Destination NSW (ABN 52 890 769 976) (‘DNSW’) which is the lead government agency for the New South Wales (NSW) tourism and major events sectors.
Contents
This Policy is intended to help you understand:
1. What is the Role of Destination NSW
2. Privacy Legislative Framework
3. What is Personal Information or Personal Data?
4. What Information can we collect?
5. How does Destination NSW collect Personal Information?
6. How will your Personal Information be stored?
7. How long will your Personal Information be stored?
8. Processing and Use of Personal Information within Destination NSW
9. Disclosure of Personal Information to third parties
10. Does my Personal Information leave Australia?
11. What are the Exceptions?
12. Access, accuracy, amendments and complaints– Your Rights
12. Conclusion and Other
13. Contact us
1. What is the Role of Destination NSW
Our role is to market Sydney and NSW as one of the world’s premier tourism and major events destinations; promote travel to and within NSW, to secure major events; to work in partnership with Business Events Sydney to win major international conventions and incentive travel reward programs; to develop and deliver initiatives that will drive visitor growth throughout the State; and to achieve the NSW Government’s goal of tripling overnight expenditure within the State’s visitor economy by 2030.
Destination NSW is based in Sydney, New South Wales, Australia and has offices in the USA, South Korea, New Zealand, India, Germany, United Kingdom, Singapore and Japan.
2. Privacy Legislative Framework
Destination NSW will collect, store, use and disclose Personal Information in accordance with the Privacy and Personal Information Protection Act 1998 (NSW) (including the Information Privacy Principles (IPPs)) (PPIPA), Privacy Act 1988 (including the Australian Privacy Principles (APPs)) (Privacy Act) and any other relevant laws and codes of practice in operation from time to time including the GDPR.
Australian and New South Wales Legislation
When you interact with Destination NSW and use Destination NSW’s websites, mobile websites or mobile applications, your privacy is protected by the PPIPA and Privacy Act.
General Data Protection (GDPR) Regulation
The European Union General Data Protection Regulation (the ‘GDPR’) contains new data protection requirements that will apply from 25 May 2018. These will harmonise data protection laws across the European Union and replace existing national data protection rules. The introduction of clear, uniform data protection laws is intended to build legal certainty for businesses and enhance consumer trust in online services.
The GDPR applies to the data processing activities of Destination NSW in the European Union as We:
- have operations in the European Union namely United Kingdom, Germany and France; and
- Offer goods and services or monitor the behaviour of individuals in the European Union – via our websites and representative offices. Destination NSW promotes New South Wales as a tourism destination and also holds roadshows and famils in the European Union.
3. What is Personal Information or Personal Data?
Personal Information is defined by Australian and New South Wales Legislation and Privacy Principles as namely information or any opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable from the information or opinion.
Personal Information is also defined by the GDPR in which we provide particulars namely:
- any information relating to an identified or identifiable natural person (Article 4 of the GDPR - a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, cookie ID, ID card number, location data, advertising identifier on phones, IP address, an email address or a telephone number
- any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a home address, a photo, an email address, bank details, posts on social networking websites, or medical information.
Examples of data not considered personal data:
- a company registration number
- an email address such as info@company.com
- anonymised data (in certain circumstances)
4. What information can we collect
The types of information that Destination NSW collects will depend on the nature of your dealings with it and may include
- your name;
- your gender;
- postal address;
- email address;
- telephone number(s);
- your occupation;
- your country of residence;
- your age or date of birth;
- your identification details such as those in your driver’s licence or passport;
- the information you provide us when preparing an event application along with the content of any declarations made in connection with that application; and
- any information you provide to us in enquiries or through correspondence.
Destination NSW will collect only information than is necessary for it to fulfill these functions, unless required by law, ensure that any Personal Information collected is relevant to Destination NSW’s purpose, is accurate, complete and up-to-date. We collect information directly from you, unless it is reasonably impracticable to do so.
5. How does Destination NSW collect Personal Information?
Destination NSW will collect Personal Information for a lawful purpose which is reasonably necessary for, or directly related to our function or activities as a NSW Government agency and for obtaining feedback about the effectiveness of our services. Destination NSW’s functions are listed in the Destination NSW Act (2011): legislation.nsw.gov.au/acts/2011-21.pdf.
Destination NSW’s collection of Personal Information is performed in an open manner and where consent is obtained.
Destination NSW conducts a large part of its operations over the Internet and via email. As part of its functions, Destination NSW conducts market research surveys, offers access to publications, processes thousands of requests for tour brochures or information, provides avenues for the booking of holidays or facilities, provides opportunities for tourism operators to market and promote their services, distributes industry based publications, conducts many exciting competitions and collects information on the types of holidays or events that you, the consumer, would like to see more of in the future so that we can help the NSW tourism industry grow.
Your Personal Information is being collected when you provide it to us when you use our Services, and when other sources provide it to us, including when *:
- you interact with our websites;
- you submit an application form with Destination NSW containing Personal Information,
- provide Personal Information via email,
- complete a new supplier form,
- undertake a market research survey,
- enter into a contract with Destination NSW,
- when you apply for a job with Destination NSW,
- request program assistance from Destination NSW,
- consented to on a form,
- make an enquiry to Destination NSW,
- enter a competition run by Destination NSW; or
- you are engaged in activities with Destination NSW.
In addition, we collect information about you when.
Telephone Conversation
The history of the telephone call, including details such as your name, the time, your enquiry and communication with Destination NSW will be recorded and stored either electronically or via hard copy.
Information from Other Sources
Destination NSW may use social media platforms and other interactive online forums or platforms through which we promote and provide our services. We may collect your personal information when you interact with us or mention Destination NSW in public forums while using platforms such as Facebook, Instagram, Twitter and YouTube.
Photography and Videography
Destination NSW may commission photographers to attend events, famils and activations in order to photograph the event, family and activation and the general environment. This will include images and footage of patrons and participants for the purpose of using them in our promotional or marketing material (including any publication) in the future.
In some circumstances, images or footage may constitute as personal information. The image or footage may be reproduced on our websites, or reproduced in communications via hard or soft copy. The terms and conditions of all our activations, famils and events include the use of images and footage for these purposes. It should be noted that Destination NSW is not responsible for any activities of the media or other patrons in relation to the display or communication of any footage or images at any event, family or activation.
Email Addresses
Email addresses are recorded when an email message is sent to Destination NSW or when a user subscribes to an online mailing list.
These email addresses are stored electronically in accordance with standards and authorities under the State Records Act 1998 (NSW). An email address is only used for the purpose for which it is provided and is not added to any unauthorised mailing list or disclosed to other organisations unless you request that this to be done.
If you have subscribed to one of Destination NSW’s online mailing lists, you can easily remove your email details from the list by unsubscribing. Each mailing list provides clear instructions on how to unsubscribe.
Pixels
“Pixels” means the use of use of pixels (1 x 1 pixel images that allow services to tell companies how many people have visited their site). When you take a certain action on our website, a request is sent to the server to download the tracking pixel attached to the content you’re interacting with. It’s an invisible process to you but the data collected will help us and our sponsors build better digital ad and content experiences for you. All information collected is de-identified and we will never collect or disclose any personal information.
Cookies
Destination NSW, its websites and its third party partners, including analytics partners (such as Adobe Analytics and Google Analytics), may utilise cookies to enhance the user’s experience of the site. A cookie is a small text file that is sent back to your computer’s hard drive from a host website. Cookies record your preferences in relation to your use of a site and provide other information that allows us to recognise you in the future. The cookies on the listed websites do not read the information on your hard drive nor do they make your computer perform any unauthorised actions or make your computer send information to any other computer via the Internet.
You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether or not to allow it. However, if you decide to not accept cookies, some of Destination NSW’s web pages may not display properly or you may not be permitted to access certain information. When you access any of the pages on the website, we automatically record information that identifies, for each page accessed:
- the IP (Internet Protocol) address of the machine which has accessed it
- your top-level domain name (for example .com, .gov, .au, .uk etc.)
- the address of your server
- the date and time of your visit to the site
- the pages accessed and documents downloaded
- the previous site visited
- the type of browser and operating system you have used.
The information collected during each visit to our website is aggregated with similar logged information and published in reports in order for Destination NSW to manage its website services and identify patterns of usage of the sites. This will assist us in improving Destination NSW’s sites and the services offered on them.
Destination NSW will not disclose or publish information that identifies individual computers, or potentially identifies sub-groupings of addresses, without consent or otherwise in accordance with the PPIPA.
Data matching
“Data matching” means the bringing together of at least two data sets that contain Personal Information, and that come from different sources, and the comparison of those data sets with the intention of producing a match. Destination NSW may from time to time utilise Google’s Customer Match technology (a data matching tool) to provide a service to you whereby offers are geared to your personal preferences. Accordingly, Destination NSW may share your Personal Information with Google’s Customer Match platform in order to undertake data matching. In the course of data matching, your Personal Information remains protected through the use of a one-way hashing mechanism that cannot be encrypted. Personal Information that Destination NSW shares with Google, including email addresses, will be hashed against Google’s database of hashed users, without Google ever seeing the unhashed data. By continuing to use this site, you consent to Destination NSW sharing your Personal Information with Google for data matching purposes. If you would not like Destination NSW to use your Personal information for data matching, you can request such by contacting DNSW on +61 02 9931 1111. For more information on Google’s Customer Match platform visit: support.google.com/adwords/answer/6334160
Adobe Device Co-op
Destination NSW participates in the Adobe Experience Cloud Device Co-op to better understand how you use our website and apps across the various devices you use, and to deliver tailored promotions. To learn more about how Adobe does this please refer to the relevant website.
Swift Digital
Destination NSW uses Swift Digital, an online marketing platform service provider to send and manage emails. In using this service, the company may collect personal information which may contain email addresses and other information to be used for the distribution of email campaigns and other important information. All information collected using the Swift Digital service is the property of Destination NSW and is never shared or used by third parties. Swift Digital maintains your data in compliance with Australia’s Spam Act 2003 (Cth) and Australian Privacy laws. All data is maintained within Australia and never leaves Australian jurisdiction. Where stipulated data is encrypted in transit using SSL connections. All data stored via Swift Digital is encrypted at rest. Should you wish to contact Swift Digital, you can find contact details on their website.
The provision of your Personal Information on Destination NSW’s website is voluntary and you can opt out at any time. However, if you choose not to provide your Personal Information we may not be able to forward the material that you are requesting, provide you with one of the numerous services available through this website or respond to your request, application, proposal or query efficiently. You can choose to remain anonymous or use a pseudonym.
6. How will your Personal Information be stored?
Destination NSW takes all reasonable steps to protect the security and integrity of any Personal Information held, be it stored in electronic or hard copy format. Information is stored using Microsoft Systems and software.
There are risks associated with the transmission of information over the Internet and you should therefore make your own assessment of the risks in the provision of your information to Destination NSW’s website.
This website contains numerous links to other organisation’s web pages. Destination NSW is not responsible for the information handling practices or privacy policies of those other organisations. Destination NSW can of course provide you with an alternative means of dealing with it, or transacting business with it, if you feel uncomfortable with the electronic transmission of information
7. How long will your Personal Information be stored?
Destination NSW will store your information as per the data retention laws in Australia, or as applicable. If your personal information is sensitive, the retention time will be as appropriate. Should you provide consent for a longer retention period, we will hold your data in line with your consent. We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject.
Once it is no longer necessary to retain the information, we will dispose of it in a secure manner.
8. Use of Personal Information by Destination NSW
Destination NSW will only use, communicate, handle or disclose Personal Information for the primary purpose for which the information was collected, in circumstances where you consent to other use of your Personal Information or otherwise in accordance with the applicable privacy and data protection laws and GDPRs. This includes use for:
- sending information about Destination NSW and its third party tourism and event stakeholders.
- sending promotional emails, information, promotions, conduct of competitions announcements and other marketing communications.
- posting/adding a photo of a person on a website.
- sending surveys for you to undertake in relation to your experience with our services.
- enabling of Tourism Australia, and other State and Territory tourism organisations to carry out marketing, advertising and promotional activities.
- marketing, media and promotional purposes.
- the performance of a contract including access to/consultation of a contacts database containing personal data
- compliance with a legal obligation.
- protect the vital interests of the data subject or of another natural person.
- the performance of a task carried out in the public interest or in the exercise of official authority vested in Destination NSW.
- the purposes of the legitimate interests pursued by Destination NSW or by a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular if the data subject is a child.
- storing IP addresses or MAC addresses.
- responding to a query or request.
- processing your application.
We may use your personal information to let you know about our products or services, either where we have your express or implied consent or where we are otherwise permitted by law to do so. We may contact you for these purposes in a variety of ways, including by mail, email, SMS or telephone. Where you have consented to receiving marketing communications from us, your consent will remain current until you advise us otherwise. In the event you do not wish to receive such marketing and promotions communications, or you do not wish for your information to be used, you may opt-out using the unsubscribe mechanism contained in the communication or by contacting us via the contact details at the bottom of this policy.
GDPR
The GDPR will directly affect the processing of personal data of European Union citizens resident in the European Union, including those in the United Kingdom.
The processing of any personal data belonging to European Union citizens or others resident in the European Union will be subject to the GDPR no matter where the data is stored or processed.
9. Disclosure of Personal Information to third parties
We may disclose your personal information to third parties where appropriate for the uses described above, including to:
- state and territory tourism authorities in the course of conducting trade events information technology and data storage providers;
- partner or affiliated organisations (including regional/local tourism organisations);
- external service providers such as professional advisers, IT consultants, research and statistical analysis providers; publishing houses and marketing/advertising agencies;
- Government ministers and Government departments that fund Destination NSW;
- business partners with whom Destination NSW has a relationship.
For example, we may share event attendee data provided by our event service provider to other partner or tourism organisations that were part of the event.
If Destination NSW obtains your consent, personal information about you may be disclosed to organisations involved in the New South Wales tourism industry such as airlines, hotels, tour operators and product suppliers.
Destination NSW will not use or disclose personal information for a purpose other than that for which it was collected unless:
- your consent is obtained;
- Destination NSW is required to, or authorised by the law or a court or tribunal order; or,
- otherwise in accordance with the applicable privacy and data protection laws.
To the extent permitted under the law, Destination NSW may also use or disclose your personal information for a secondary purpose related to, or directly related to, the purpose of collection where you would reasonably expect that your information would be used for this other purpose. These secondary purposes may include activities such as public education or quality assurance.
Destination NSW will take all reasonable steps to ensure that itself and all associated service providers do not breach privacy laws in relation to the information
10. Does my Personal Information leave Australia?
We may transfer or disclose your personal information to overseas as part of Destinations functions, including to recipients in the United States, United Kingdom, India, China, Hong Kong, Japan, New Zealand, France, Germany and other Destination NSW international offices.
For example, we may disclose information to our employees, service providers or other tourism partner or organisation as part of an event marketing campaign (and such recipients may transfer information from overseas to Australia).
We will only disclose your personal information to any overseas recipient if one of the following applies:
- the information is subject to laws or alike that are substantially equivalent to the Australian Privacy Principles.
- it is permitted by the Australian Privacy Principals or other law;
- It is required or authorised by law.
- It is required or authorised by an international agreement relating to information sharing to which Australia is a party.
- It is reasonably necessary for an enforcement related activity conducted by, or on behalf of, an enforcement body and the recipient performs similar functions.
11. What are the Exceptions?
The circumstances in which Destination NSW will collect, use and disclose more extensive information than stated above in the following circumstances are:
- unauthorised attempts to access files which are not publicly available
- unauthorised tampering or interference with files on the listed websites
- unauthorised attempts to index the contents of the listed websites
- attempts to intercept messages of other users of the listed websites
- communications which are defamatory, abusive, vilify individuals or groups or which give rise to a suspicion that an offence is being committed
- attempts to otherwise compromise the security of the web server, breach the laws of the State of New South Wales or Commonwealth of Australia, or interfere with the use of the listed websites by other users.
Destination NSW reserves the right to make disclosures to relevant authorities where the use of the listed websites raises a suspicion that an offence is being, or has been, committed. In the event of an investigation, Destination NSW will provide access to data to any law enforcement agency that may exercise a warrant to inspect our logs.
Destination NSW may initiate proceedings in relation to any loss or damage suffered as a result of unauthorised use of information or any of the above circumstances.
12. Access, accuracy, amendments and complaints – Your Rights
Destination NSW takes all reasonable steps to ensure the Personal Information it collects is accurate, complete and up-to-date. Accordingly and as required by the PPIPA, you can access any of your Personal Information that we hold, except in the circumstances set out in appropriate legislation. If you would like to access or update your Personal Information, or if you would like to know more about the Personal Information that we may hold on you please e-mail us.
If you wish to complain about how Destination NSW manages personal information, you should submit a written complaint by post or email using the contact details set out in this Policy. Destination NSW will endeavour to respond to your complaint within 30 days of receipt.
If you are not satisfied with Destination NSW’s response you may make a written complaint to the Privacy Commissioner: www.ipc.nsw.gov.au.
GDPR / EU
Under the GDPR, EU residents have certain rights including:
- Right of Access
- Right of Erasure
- Right to Rectification
- Right to Object
- Rights in relation to automated decision making and profiling
If you wish to exercise these rights in relation to privacy, you may do so by contacting us as per details below in section 13.
12. Conclusion and Other
This privacy policy also acts as Destination NSW’s privacy management plan for the purposes of compliance with the PPIPA (Privacy Management Plan). This Privacy Management Plan sets out how Destination NSW complies with the PPIPA.
Due to the developing nature of privacy principles for online communication, this policy may be modified or expanded in light of new developments or issues that may arise from time to time. The amended policy will be posted to this site and will operate from the time it is posted.
13. Contact us
If you wish to contact us about this privacy policy, please contact:
The Privacy Officer
Email: legal.procurement@dnsw.com.au
Phone: +61 02 9931 1111
Address: GPO Box 7050, Sydney, NSW, 2001