“Personal Information” means information that can be used to personally identify you such as your name, contact details, birth date, and payment details. We do not knowingly collect or process the Personal Information of anyone under the age of 13 without the consent of their parent or guardian.
“Sensitive Information” is a special type of Personal Information that relates to health information (including dietary requirements), political beliefs, ethnicity, membership of a professional or trade association, sexual preferences, philosophical beliefs, or criminal record. We will not collect Sensitive Information except with your consent, and only if collection of such information is necessary for any of our Goods and Services.
“Usage Information” means anonymous aggregate data that is automatically collected through your use of our Collection Points or in connection to the Goods and Services. This includes information that identifies your device, your operating system, your IP address, and dates and times that you access and use the Collection Points. This information is used to resolve any technical issues that may arise, or for statistical analysis to help us to improve our Goods and Services.
We may collect your Personal Information directly from you when you:
It is your choice to provide Personal Information to us. Wherever it is lawful and practicable, you have the option not to identify yourself when interacting with us. Please be aware that, if you do not wish to provide your Personal Information, this may limit our ability to provide or your ability to enjoy the Goods and Services.
Sometimes we collect Personal Information about you from other sources where it is necessary to do so. This may happen where:
If we collect your Personal Data from third parties in circumstances where you may not be aware that we have collected such Personal Data, we will either take reasonable steps to notify you of the collection and circumstances surrounding the collection, or we will take steps to de-identify the information.
Unless the collection of Sensitive Information is permitted under the Privacy Act, we will only collect sensitive information with your consent where that information is reasonably necessary for our functions.
We may collect Usage Information from the Collection Points which utilises cookies, pixel tags and other tracking technologies (collectively “Cookies”). Cookies are small packets of data that are downloaded onto your device when you access a website. Cookies hold specific information that help us ‘remember’ our users and guests’ actions and preferences over time. These are the types of Cookies that we may use to operate the Collection Points:
Cookies can stay on your device temporarily or until you manually delete them. Please note that adjusting your settings to block or restrict Cookies may limit our ability to provide the Goods and Services to you in a fully operational form.
To request a full list of the individual Cookies and tracking technologies we use, please email our Privacy Officer.
We do not have access to, or control over, the technologies that Third Party Sites may use to collect information about you. We disclaim any and all liability in connection with the services of any Third Party Sites integrated or otherwise linked to the Goods and Services, and we encourage you to reach out to them directly should you have any questions in connection with their services. For a full list of Third Party Sites integrated or otherwise linked to our Goods and Services, please email our Privacy Officer.
We collect, use and disclose your Personal Data for legitimate purposes including, but not limited to:
For the avoidance of doubt, we will only use your Personal Data for purposes that you would reasonably expect us to use your Personal Data for in connection with providing the Goods and Services to you, or where we are required by law to collect your Personal Data. We will not sell, rent, or license your email address or any of your Personal Data.
We recognise your right under the Spam Act 2003 (Cth) and the GDPR to opt out from direct marketing. You can opt out at any time by unsubscribing from such direct marketing communications.
Please note certain non-marketing related correspondence from us, including messages relating to payment, will be automatically sent to you by virtue of your use of the Collection Points and you may not have the option to unsubscribe from receiving this correspondence.
Sometimes we may disclose your Personal Data to third parties. You agree and consent to us disclosing your Personal Data (on a need to know basis) to:
We will take reasonable steps to ensure that these third parties are bound by Australian privacy laws.
You can withdraw your consent for us to share your Personal Data with third parties at any time by emailing our Privacy Officer, but please note that withdrawal of such consents may affect your ability to access and use our Goods and Services.
You have a general right to access or modify any Personal Information that is held about you by us, unless a valid exception applies. You can request this at any time by contacting our Privacy Officer.
You acknowledge that it is your responsibility to maintain the truth, accuracy, and completeness of your information and your failure to do so may inhibit our ability to provide the Goods and Services to you. You acknowledge and agree that you remain solely responsible for maintaining the truth, accuracy, and completeness of your information at all times, and we shall have no liability to you or any third party arising from your failure to do the same.
In accordance with the GDPR, we acknowledge the additional rights of EU subjects to:
To erase, request, or restrict processing of your Personal Data, please email our Privacy Officer.
We store your personal information in different ways, including in physical and electronic form, via cloud and other third party data storage providers.
You acknowledge that no security measures are, however, 100% secure, and that we cannot guarantee the security of your information or data at any time. To the extent permitted by law, we accept no liability for any breach of security, or direct hacking of our security measures, or any unintentional disclosure, loss or misuse of any information or data, or for the actions of any third parties that may obtain any information or data.
Notwithstanding the above, we acknowledge our obligation to report any data breach that is likely to risk the rights and freedoms of natural persons to the Australian Information Commissioner and, where our data breach involves the information of EU subjects, report to the European Data Protection Supervisor. We will also inform you, where possible, if your data has been breached in the circumstance where it poses a risk of serious harm or your rights and freedoms.
We may, in the course of providing the services to you, transfer your Personal Data to overseas countries that are deemed by the EU Commission as having an ‘adequate’ level of Personal Data protection. Where we transfer data to a third party in a country where no adequacy decision has been made, we will take reasonable steps to ensure person or entity handling your data in those countries are bound under contract to meet the requirements of the Privacy Act and GDPR (as applicable).
If you have any feedback about the way we handle your Personal Data, or wish to make a privacy complaint, please contact our Privacy Officer.
If you are not happy with the outcome of the Privacy Officer’s investigation or we have not replied to you within a reasonable time, then you can raise you concern with the Office of the Australian Information Commissioner (“OAIC”) (for more information please see www.oaic.gov.au) or with the European Data Protection Supervisor (for more information, please see https://edps.europa.eu).
Mona, Museum of Old and New Art
655 Main Road, Berriedale
+61 (3) 6277 9900