Last updated May 2020
Destination NSW (ABN 52 890 769 976) (‘DNSW’) is the lead government agency for the New South Wales (NSW) tourism and major events sectors. Destination NSW is committed to maintaining your privacy and is bound by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APP’s) and regulations, which control how we collect, use, disclose and store personal information. Destination NSW also adheres to the General Data Protection Regulation (‘GDPR’). The GDPR is designed to protect all European Union citizen data privacy, including how the information is handled, disclosed and used. Destination NSW will take all reasonable steps to ensure that itself and all associated service providers do not breach privacy laws in relation to the information, and agree to protect the privacy and security of your personal information, including ensuring that it is used only for the purpose for which it was disclosed.
1. What is the Role of Destination NSW
Our role is to market Sydney and NSW as one of the world’s premier tourism and major events destinations; to secure major events; to work in partnership with Business Events Sydney to win major international conventions and incentive travel reward programs; to develop and deliver initiatives that will drive visitor growth throughout the State; and to achieve the NSW Government’s goal of doubling overnight expenditure by 2020 and tripling overnight expenditure within the State’s visitor economy by 2030.
Destination NSW is based in Sydney, New South Wales, Australia and has offices in the USA, South Korea, New Zealand, India, Germany, United Kingdom, Singapore and Japan.
2. Privacy Legislative Framework
Destination NSW will collect, store, use and disclose Personal Information in accordance with the Privacy and Personal Information Protection Act 1998 (NSW) (including the Information Privacy Principles (IPPs)) (PPIPA), Privacy Act 1988 (including the Australian Privacy Principles (APPs)) (Privacy Act) and any other relevant laws and codes of practice in operation from time to time including the Regulation.
Australian and New South Wales Legislation
When you interact with Destination NSW and use Destination NSW’s websites, mobile websites or mobile applications, your privacy is protected by the PPIPA and Privacy Act.
General Data Protection (GDPR) Regulation
The European Union General Data Protection Regulation (the ‘Regulation’) contains new data protection requirements that will apply from 25 May 2018. These will harmonise data protection laws across the European Union and replace existing national data protection rules. The introduction of clear, uniform data protection laws is intended to build legal certainty for businesses and enhance consumer trust in online services.
The Regulation applies to the data processing activities of Destination NSW in the European Union as:
- We have operations in the European Union namely United Kingdom, Germany and France.
- Offer goods and services or monitor the behaviour of individuals in the European Union – via our websites and representative offices. Destination NSW promotes New South Wales as a tourism destination and also holds roadshows and famils in the European Union.
3. What is Personal Information or Personal Data?
Personal Information is defined by Australian and New South Wales Legislation and Privacy Principles as namely information or any opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.
Personal Information is also defined by the Regulation in which we provide particulars namely:
- any information relating to an identified or identifiable natural person (Article 4 of the Regulation - a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, cookie ID, ID card number, location data, advertising identifier on phones, IP address, an email address or a telephone number
- any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a home address, a photo, an email address, bank details, posts on social networking websites, or medical information.
Examples of data not considered personal data:
- a company registration number
- an email address such as firstname.lastname@example.org
- anonymised data
4. Why Destination NSW collects Personal Information?
Destination NSW will only collect Personal Information for a lawful purpose which is reasonably necessary for, or directly related to our function or activities as a NSW Government agency and for obtaining feedback about the effectiveness of our services.
Destination NSW will not collect any more information than is necessary for it to fulfill these functions, unless required by law.
Destination NSW, in carrying out its functions and activities, collects Personal Information directly from you through its website, for various purposes that relate to the development and promotion of tourism and events in New South Wales. Destination NSW’s functions are listed in the Destination NSW Act (2011): legislation.nsw.gov.au/acts/2011-21.pdf
The provision of your Personal Information on Destination NSW’s website is voluntary and you can opt out at any time.
However, if you choose not to provide your Personal Information we may not be able to forward the material that you are requesting or provide you with one of the numerous services available through this website. You can choose to remain anonymous or use a pseudonym.
Destination NSW conducts a large part of its operations over the Internet and via email.
As part of its functions, Destination NSW conducts market research surveys, offers access to publications, processes thousands of requests for tour brochures or information, provides avenues for the booking of holidays or facilities, provides opportunities for tourism operators to market and promote their services, distributes industry based publications, conducts many exciting competitions and collects information on the types of holidays or events that you, the consumer, would like to see more of in the future so that we can help the NSW tourism industry grow.
5. What Information can we collect*:
- your name;
- your gender;
- postal address;
- email address;
- telephone number(s);
- your occupation;
- your country of residence;
- your age or date of birth;
- your identification details such as those in your driver’s licence or passport;
- the information you provide us when preparing an event application along with the content of any declarations made in connection with that application; and
- any information you provide to us in enquiries or through correspondence.
*This list is not exhaustive.
Does my Personal Information leave Australia?
We may transfer your personal information to people working in Destination NSW outside of Australia, including in the United States, United Kingdom, India, China, Hong Kong, Japan, New Zealand, France, Germany and other Destination NSW international offices. We will only do this if the recipient of the information is subject to laws that are equivalent to the Australian Privacy Principles.
6. How does Destination NSW Collect Personal Information?
Destination NSW’s collection of Personal Information is performed in an open manner and where consent is obtained.
Destination NSW will ensure that any Personal Information collected is relevant to Destination NSW’s purpose, is accurate, complete and up-to-date.
Destination NSW will collect information directly from you, unless it is reasonably impracticable to do so.
Your Personal Information is being collected when*:
- you submit an application form with Destination NSW containing Personal Information,
- provide Personal Information via email,
- complete a new supplier form,
- undertake a market research survey,
- enter into a contract with Destination NSW,
- when you apply for a job with Destination NSW,
- request program assistance from Destination NSW,
- consented to on a form,
- make an enquiry to Destination NSW, or
- enter into a competition run by Destination NSW
It is up to you as to whether you wish to provide some or all of this information, however if you do not provide any or all of the information required, we may not be able to effect our services to you, or respond to your request, application, proposal or query efficiently.
The history of the telephone call, including details such as your name, the time, your enquiry and communication with Destination NSW will be recorded and stored either electronically or via hard copy.
Information from Other Sources
Destination NSW may use social media platforms and other interactive online forums or platforms through which we promote and provide our services. We may collect your personal information when you interact with us or mention Destination NSW in public forums while using platforms such as Facebook, Instagram, Twitter and YouTube.
Photography and Videography
Destination NSW may commission photographers to attend events, famils and activations in order to photograph the event, family and activation and the general environment. This will include images and footage of patrons and participants for the purpose of using them in our promotional or marketing material (including any publication) in the future.
In some circumstances, images or footage may constitute as personal information. The image or footage may be reproduced on our websites, or reproduced in communications via hard or soft copy. The terms and conditions of all our activations, famils and events include the use of images and footage for these purposes. It should be noted that Destination NSW is not responsible for any activities of the media or other patrons in relation to the display or communication of any footage or images at any event, family or activation.
Email addresses are recorded when an email message is sent to Destination NSW or when a user subscribes to an online mailing list.
These email addresses are stored electronically in accordance with standards and authorities under the State Records Act 1998 (NSW). An email address is only used for the purpose for which it is provided and is not added to any unauthorised mailing list or disclosed to other organisations unless you request that this to be done.
If you have subscribed to one of Destination NSW’s online mailing lists, you can easily remove your email details from the list by unsubscribing. Each mailing list provides clear instructions on how to unsubscribe.
“Pixels” means the use of use of pixels (1 x 1 pixel images that allow services to tell companies how many people have visited their site). When you take a certain action on our website, a request is sent to the server to download the tracking pixel attached to the content you’re interacting with. It’s an invisible process to you but the data collected will help us and our Sponsors build better digital ad and content experiences for you. All information collected is de-identified and we will never collect or disclose any personal information.
There are risks associated with the transmission of information over the Internet and you should therefore make your own assessment of the risks in the provision of your information to Destination NSW’s website.
This website contains numerous links to other organisation’s web pages. Destination NSW is not responsible for the information handling practices or privacy policies of those other organisations. Destination NSW can of course provide you with an alternative means of dealing with it, or transacting business with it, if you feel uncomfortable with the electronic transmission of information.
The listed websites may utilise cookies to enhance the user’s experience of the site. A cookie is a small text file that is sent back to your computer’s hard drive from a host website. Cookies record your preferences in relation to your use of a site and provide other information that allows us to recognise you in the future. The cookies on the listed websites do not read the information on your hard drive nor do they make your computer perform any unauthorised actions or make your computer send information to any other computer via the Internet.
You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether or not to allow it. However, if you decide to not accept cookies, some of Destination NSW’s web pages may not display properly or you may not be permitted to access certain information. When you access any of the pages on the website, we automatically record information that identifies, for each page accessed:
- the IP (Internet Protocol) address of the machine which has accessed it
- your top-level domain name (for example .com, .gov, .au, .uk etc.)
- the address of your server
- the date and time of your visit to the site
- the pages accessed and documents downloaded
- the previous site visited
- the type of browser and operating system you have used.
The information collected during each visit to our website is aggregated with similar logged information and published in reports in order for Destination NSW to manage its website services and identify patterns of usage of the sites. This will assist us in improving Destination NSW’s sites and the services offered on them.
Destination NSW will not disclose or publish information that identifies individual computers, or potentially identifies sub-groupings of addresses, without consent or otherwise in accordance with the PPIPA.
“Data matching” means the bringing together of at least two data sets that contain Personal Information, and that come from different sources, and the comparison of those data sets with the intention of producing a match. Destination NSW may from time to time utilise Google’s Customer Match technology (a data matching tool) to provide a service to you whereby offers are geared to your personal preferences. Accordingly, Destination NSW may share your Personal Information with Google’s Customer Match platform in order to undertake data matching. In the course of data matching, your Personal Information remains protected through the use of a one-way hashing mechanism that cannot be encrypted. Personal Information that Destination NSW shares with Google, including email addresses, will be hashed against Google’s database of hashed users, without Google ever seeing the unhashed data. By continuing to use this site, you consent to Destination NSW sharing your Personal Information with Google for data matching purposes. If you would not like Destination NSW to use your Personal information for data matching, you can request such by contacting DNSW on +61 02 9931 1111. For more information on Google’s Customer Match platform visit: support.google.com/adwords/answer/6334160
7. How will your Personal Information be stored?
This data is stored internally, at Destination NSW offices and held securely and accessible by Destination NSW staff only. Information is stored using Microsoft Systems and software.
Attendee data is accessible by affiliated suppliers, in connection with the activity they are undertaking.
Destination NSW takes all reasonable steps to:
- protect the security and integrity of any Personal Information held, be it stored in electronic or hard copy format.
- Ensure that the quality of Personal Information is as reasonable in the circumstances and that the Personal Information that Destination NSW collects is accurate, up-to-date and complete.
- As are reasonable in the circumstances, ensure that the Personal Information that Destination NSW uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant.
- Ensure that you have access to and ability to correct Personal Information.
How long will your Personal Information be stored?
Destination NSW will store your information as per the mandatory data retention laws in Australia, or as otherwise required by law. If your personal information is sensitive, the retention time will be as appropriate. Should you provide consent for a longer retention period, we will hold your data in line with your consent.
Once it is no longer necessary to retain the information, we will dispose of it in a secure manner.
8. Processing and Use of Personal Information within Destination NSW
Destination NSW will only use, communicate or handle Personal Information for the primary purpose for which the information was collected, or in circumstances where you consent to other use of your Personal Information. This includes processing for:
- the performance of a contract including access to/consultation of a contacts database containing personal data
- compliance with a legal obligation.
- protect the vital interests of the data subject or of another natural person.
- the performance of a task carried out in the public interest or in the exercise of official authority vested in Destination NSW.
- the purposes of the legitimate interests pursued by Destination NSW or by a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular if the data subject is a child.
- sending promotional emails, information, promotions, conduct of competitions and announcements.
- sending information about Destination NSW and its third party tourism and event stakeholders.
- posting/adding a photo of a person on a website.
- sending surveys for you to undertake in relation to your experience with our services.
- marketing, media and promotional purposes.
- storing IP addresses or MAC addresses.
- responding to a query or request.
- processing your application.
In the event you do not wish to receive such marketing and promotions communications, or you do not wish for your information to be used, you may opt-out using the unsubscribe mechanism contained in the communication or by contacting us via the contact details at the bottom of this policy.
Destination NSW will need to comply with certain principles as follows:
Process the data in a manner that is lawful, fair and transparent.
Use the data for legitimate purposes.
Limit the use only to what is necessary.
Process the data in a way that maintains its accuracy.
Store the data for no longer than necessary.
Process the data in a secure fashion.
The GDPR will directly affect the processing of personal data of European Union citizens resident in the European Union, including those in the United Kingdom.
The processing of any personal data belonging to European Union citizens or others resident in the European Union will be subject to the GDPR no matter where the data is stored or processed.
9. Disclosure of Personal Information to third parties
As per the Privacy Act 1988 (Cth) including but not limited to the APP’s, Destination NSW will not disclose your Personal Information to anyone without your consent unless:
- legally required to do so,
- you have consented to a secondary use or disclosure,
- you would reasonably expect Destination NSW to disclose your personal information for a secondary purpose, or it is related to the primary purpose of collection, or, in the case of sensitive information, directly related to the primary purpose,
- a permitted general situation exists in relation to the secondary use or disclosure of the personal information by the APP entity, or
- Destination NSW reasonably believes that the secondary use or disclosure is,
reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body,
It is to be noted that Destination NSW may disclose personal information (other than sensitive information) to any related entity, department, body corporate or Tourism Australia.
10. What are the Exceptions?
The circumstances in which Destination NSW will collect, use and disclose more extensive information than stated above in the following circumstances are:
- unauthorised attempts to access files which are not publically available
- unauthorised tampering or interference with files on the listed websites
- unauthorised attempts to index the contents of the listed websites
- attempts to intercept messages of other users of the listed websites
- communications which are defamatory, abusive, vilify individuals or groups or which give rise to a suspicion that an offence is being committed
- attempts to otherwise compromise the security of the web server, breach the laws of the State of New South Wales or Commonwealth of Australia, or interfere with the use of the listed websites by other users.
Destination NSW reserves the right to make disclosures to relevant authorities where the use of the listed websites raises a suspicion that an offence is being, or has been, committed. In the event of an investigation, Destination NSW will provide access to data to any law enforcement agency that may exercise a warrant to inspect our logs.
Destination NSW may initiate proceedings in relation to any loss or damage suffered as a result of unauthorised use of information or any of the above circumstances.
Disclosure may also occur where it is lawfully authorised or required under any act, other law or statutory agency or foreign body.
Destination NSW does not have any responsibility or liability for privacy policies or practices of third party sites linked from any of Destination NSW’s listed websites.
11. Access, accuracy and amendments – Your Rights
Destination NSW takes all reasonable steps to ensure the Personal Information it collects is accurate, complete and up-to-date. Accordingly and as required by the PPIPA, you can access any of your Personal Information that we hold, except in the circumstances set out in appropriate legislation. If you would like to access or update your Personal Information, or if you would like to know more about the Personal Information that we may hold on you please e-mail us at email@example.com.
Under the Regulation, you have certain rights including:
- Right of Access
- Right of Erasure
- Right to Rectification
- Right to Object
- Rights in relation to automated decision making and profiling
If you wish to exercise these rights or make a complaint in relation to privacy, you may do so by contacting:
The Privacy Commissioner: www.ipc.nsw.gov.au
12. Conclusion and Other
Destination NSW provides this privacy management plan in compliance with the PPIPA (Privacy Management Plan). This Privacy Management Plan sets out how Destination NSW complies with the PPIPA.
Due to the developing nature of privacy principles for online communication, this policy may be modified or expanded in light of new developments or issues that may arise from time to time. The amended policy will be posted to this site and will operate from the time it is posted.
Destination NSW uses Swift Digital, an online marketing platform service provider to send and manage emails. In using this service, the company may collect personal information which may contain email addresses and other information to be used for the distribution of email campaigns and other important information.
All information collected using the Swift Digital service is the property of Destination NSW and is never shared or used by third parties.
Swift Digital maintains your data in compliance with Australia’s Spam Act 2003 (Cth) and Australian Privacy Provisions.
All data is maintained within Australia and never leaves Australian jurisdiction. Where stipulated data is encrypted in transit using SSL connections. All data stored via Swift Digital is encrypted at rest.