SMSA is the oldest operating school of arts in Australia. It is a member-owned not for profit organisation and operates the longest running lending library in Australia. In offering its services it collects personal information of members and other persons with which it interacts, and the privacy aspects of that personal information are dealt with in this Policy.
In this Policy, “we”, “us” and “our” is a reference to SMSA, and a reference to “you” is a reference to a prospective, past, or current member of the SMSA, or a non-member using the services of SMSA or attending its activities or events.
By using our website, our library and our services, or otherwise providing us with your personal information, you consent to us collecting, holding, using and disclosing your personal information as described in the Policy. If we are not able to collect, handle, use and disclose personal information about you as set out in this Policy, we may not be able to offer you our services, or with access to our website.
Our Commitment to Privacy
We have created this Policy in order to demonstrate our strong commitment to privacy, and in accordance with the Australian Privacy Principles as governed by the Privacy Act 1988 (Cth) (“the Privacy Act”). This commitment is made voluntarily by SMSA in circumstances where we are exempt from compliance with the Privacy Act.
This Policy is current at 27 November 2023 and will be reviewed from time to time to take account of changes to relevant laws, new technology, changes to our operations and practices and the changing business environment. The most current version of this Policy is available at www.smsa.org.au and can also be obtained by contacting our Privacy Officer at CEO@smsa.org.au.
What personal information do we collect?
We collect both personal information and non-personal information. In this Policy, personal information has the meaning given to it in the Privacy Act.
We may collect personal information about:
- our members, users of our services (including venue hire), and participants in our activities or events (including member-only and public activities or events);
- our suppliers and their employees or contractors;
- our employees, contractors, former employees, former contractors or prospective employees, or contractors; and
- other people who come into contact with us.
General personal information
In general, the personal information we may collect, and hold includes:
- As to members of SMSA – name, date of birth and/or age range, contact details (including email address, mailing address and phone number), and gender identity; and
- As to other persons identified above, and in addition to what is set out at ‘1’ – occupation, company name, employment history, education and qualifications, testimonials and feedback and other information to the extent reasonably necessary for the purposes of that person’s relationship with us and which assists us in relation to conducting our business, providing, and marketing our services and meeting our legal obligations.
We may also collect, and process information provided to us by our browser when you visit our website, for example the website you came from, your location information, IP address, web browser or device type and the time and date of access.
Sensitive personal information
We do not collect from your sensitive personal information as that term is defined in the Privacy Act.
How do we collect and hold information?
The information that we collect depends on the nature of your interactions with us. We may collect personal information from you directly or indirectly, and in some instances from third parties such as Enews and Eventbrite. These interactions may include when:
- you apply to become a member of SMSA or to renew your membership;
- you sign up for, or express an interest in, our services through our website;
- you register for activities and events or complete surveys;
- you engage with us on our website or social media;
- you send an email or other correspondence to us or our employees;
- we collect personal information from a third party.
We may hold your personal information in physical files, electronically (e.g. in a spreadsheet or database), and in some instances through third party storage providers in Australia or overseas. Personal information held electronically on our database is or will be stored in the cloud using Microsoft Azure, with the data to be stored in Australia.
How do we protect your personal information?
We will take reasonable steps to protect personal information held from misuse and loss and from unauthorised access, modification, or disclosure, for example by use of physical security and restricted access to electronic records. Our personnel are required to respect the confidentiality of personal information and the privacy of individuals.
Where we no longer require your personal information or are no longer required to keep your personal information for statutory purposes, we will take reasonable steps to destroy or de-identify it.
Why do we collect, hold, use, and disclose your personal information?
In general, we collect, hold, use, and disclose your personal information for the primary purposes for which it was collected, including:
- to conduct our business;
- to provide and market our services;
- to communicate with you to provide or promote our services, including activities and events;
- to help us manage, develop, and enhance our services, including our website;
- to consider the suitability of prospective employees;
- to comply with our legal obligations; and
- to administer, maintain, support and provide improvements to our services.
We may also use and disclose your personal information for a secondary purpose that is related to a purpose for which we collected it, where you would reasonably expect us to use or disclose your personal information for that secondary purpose.
We may also use or disclose your personal information for another purpose which you consent to or which is required or permitted by law. If at any time you receive material that you did not request or do not want to receive such material any more, you can opt out using the link in our direct marketing communications or please contact Privacy Officer at CEO@smsa.org.au to unsubscribe or update your preferences.
Who do we disclose personal information to?
We disclose your personal information for the purpose for which it was collected:
- to entities who assist us in providing our services (including hosting and data storage providers, Enews and Eventbrite);
- in confidence, to our advisers and insurers on a needs basis only; and
- where the use or disclosure is authorised or required by or under an Australian law or court/tribunal order.
Are we likely to disclose your personal information overseas?
There may be situations that arise (although there are not presently any) where your information may be accessed or stored overseas by other entities who perform functions on our behalf. Where we disclose your personal information to overseas third-party service providers, we will at all times remain responsible for their handling of that information. We take reasonable steps to ensure that your personal information will only be transferred to another country where we reasonably believe the privacy laws provide at least the same level of protection as that provided by the Australian Privacy Principles. We will also take steps to require that those recipients protect that information from unauthorised access, modification, or disclosure, and from misuse, interference, and loss.
How do you access, and correct your personal information?
Subject to the exceptions set out in the Privacy Act, you may seek access to and the correction of your personal information that we hold by:
- Contacting our Privacy Officer at CEO@smsa.org.au.
- Clicking on the unsubscribe link placed at the bottom of general email communications. We will only retain and use personal information for such period as is necessary for the purpose for which it was collected from you, to comply with our legal obligations, to resolve disputes, and to enforce our agreement after which we will take reasonable steps to destroy or de-identify personal information, unless otherwise required by law.
Online Policy and links to other websites
The information collected on our website will depend on your usage of the website and may include some personal details. For example, if a person visits the website to browse or download information, our system will record the date and time of the activities, the information viewed or downloaded. In the event that a person enters information in the process of completing an email or any other on-line forms, we will collect the information submitted.
We use a third-party provider, MailChimp, to deliver our newsletter and other general marketing communication. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our mailings. For more information, please see MailChimp’s privacy notice. You can unsubscribe to our mailings at any time by clicking the unsubscribe link at the bottom of any of our emails or by emailing us.
How you can make a privacy related query or complaint
If you have any questions about privacy-related issues or wish to complain about a breach of your privacy or the handling of your personal information by us, please contact our Privacy Officer at CEO@smsa.org.au.
Any complaint will be investigated by the Privacy Officer, and you will be notified of the making of a decision in relation to your complaint as soon as practicable after it has been made, usually within 30 days.
If we are unable to satisfactorily resolve your concerns about our handling of your personal information, you can contact the Office of the Australian Information Commissioner at the details below:
Mail: GPO Box 5288, Sydney NSW 2001
Tel: 1300 363 992