Privacy

Textured divide

Arts Capital Privacy Policy

Purpose

Arts Capital Limited, who manages Ainslie+Gorman (A+G), has a duty to responsibly retain and manage private information pertaining to the operations of the business. There is an obligation to maintain and uphold details of residents, hirers, staff, subscribers, ticket holders and others whose details may be classified as private. This policy outlines the processes for managing access to information, including protections for privacy and improper use.

Terms

Private – categorised as personal details of an individual. An individual who works for an organisation or business may also have contact details related to the organisation or business. This is not classified as private.

Individual – a person representing themselves, not affiliated with an organisation or business.

Contact Database – a digital file that contains contact details of many individuals and entities that do business with Arts Capital. It mainly contains business details but also contains personal details which this policy applies to.

Procedures

Under the Privacy Act 1988 (Privacy Act), it is an Australian law that regulates the management, storing and access of personal information about individuals. There are three areas within Arts Capital operations that fall withing this policy:

  • Contact Database
  • Agreements and contracts
  • Subscriber/audience members

Arts Capital employees must ensure appropriate care and information management, and follow this policy in managing private information. All private information must be kept in a secure work environment. If requests for access are made, the request must follow the principles outlined in this policy.

Chain of responsibility

The Board of Directors and the Arts Capital CEO are responsible for the oversight and compliance of private information. They must also abide by this privacy policy.

The Business Manager takes responsibility for the management and access of subscribers and audience details.

The Business Administration team take ownership of the ‘Contact Database’. All Arts Capital staff, when dealing with private information, take responsibility for adhering to the proper storage and filing procedures as outlined by the Arts Capital CEO/Business Manager.

Process

  1. Contact Database

The management of contact details is contained in the ‘Contact Database’/ This file contains all persons involved with and /or doing business with Arts Capital. For the purposes of this policy, we are concentrating on persons who individual details are contained in the Contact Database. All Arts Capital staff may access the Contact Database to view someone’s details to contact them for Arts Capital-related purposes. Only the Business Administration and Marketing Teams may create new contact details and edit existing contacts. When a new contact is made known to an Arts Capital staff member, they are to provide details to one of the above team members to create a new contact in the Contact Database. The Contact Database is stored on the Arts Capital cloud and as with all Arts Capital’s digital files, is secured by a firewall managed by a third party (IT company).

2.  Agreements and Contracts

This policy applies to agreements and contracts that contain private details of signatories. Typically, this will include, but not be limited to, Arts Capital staff contracts, wedding hire agreements and individual resident sub-licence agreements. Signed agreements and contracts that contain private information must be kept in (i) digital format on the Arts Capital cloud following the appropriate filing system, and if an original hardcopy is retained (ii) hardcopy stored in secure filing cabinet managed by the Business Manager onsite.

3. Subscriber/audience information

Privacy

At Ainslie+Gorman we respect your privacy. The following discloses our information gathering and dissemination practices for this website. If you have any questions about this privacy statement, the practices of this site, or your dealings with this website, please contact us.

Information collected

When you browse our website, our system automatically makes a record of your visit and logs the following information for statistical purposes:

  • Your server address (IP address)
  • Top level domain name (.com, .net, .gov etc)
  • The type of browser and operating system you used
  • Date and time of your visit
  • The Previous site visited
  • Which pages you accessed
  • The time spent on individual pages and the site overall
  • Which files were downloaded or links you clicked

No attempt will be made to identify individual users or their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency (e.g. Australia Federal Police) exercises a warrant to inspect our service provider’s log files. This information is analysed to determine the website’s usage statistics.

We do not collect personal information about you unless you voluntarily choose to participate in an activity that asks for information, such as:

  • Sending an email
  • Participating in a survey
  • Undertaking a payment or other transaction
  • Suggesting a link

If you choose not to participate in these activities, your choice will in no way affect your ability to use any feature of this website.

Use of personal information

Any personal information you choose to provide will only be used for the purpose for which it was provided and will not be disclosed to other persons or organisations without your prior consent. The internet is an insecure medium and users should be aware that there are inherent risks transmitting information across the internet. Information submitted unencrypted via email or web forms may be at risk of being intercepted, read or modified.

Other sites

This site contains links to external websites. Arts Capital is not responsible for the privacy practices or the content of such websites. For more information, refer to our disclaimer statement.

Cookies

‘Cookies’ are small pieces of information that are stored by your browser on your computer’s hard drive. We may use cookies to track users as they travel through the site – for instance, we might use cookies to count the total number of unique users who are accessing the site over a particular period. This information will never be shared with a third party and is only used to make our systems and user experience more efficient and accessible.

Request for information – examples

There may be occasion when a customer, resident, artsACT, Arts Capital staff or board member requests someone’s personal details such as a mobile number or personal email address/ According to the Privacy Act, unless a person provides written permission to distribute and use their personal details, Arts Capital staff cannot provide personal details.

Example

If visitors or resident artists wish to obtain an Arts Capital staff member’s personal mobile number, the number is not to be provided by any Arts Capital staff. However, if the Arts Capital staff member in question wishes to provide their mobile number, they may do so directly.

Breach of private information

Should a major data breach (such as cc email instead of bcc for audience or resident engagement) involving private information be made, the following remedial steps must be taken:

  • Recall email (if email breach)
  • Notify the persons affected as quickly as possible, including the reason for the data breach
  • Notify the Office of the Australia Information Commission (OAIC), the Australian Government regulatory body for the Privacy Act.
  • Notify the Arts Capital CEO of the data breach
  • Follow up on the reason for the data breach, ensuring steps are taken to mitigate the data breach from reoccurring. This may involve liaising with the Business Manager and/or Arts Capital CEO.

Should a minor data breach, (such as leaving a hardcopy agreement in a meeting room) involving private information be made, the following remedial steps must be taken:

  • Notify the persons affected as quickly as possible, including the reason for the data breach.
  • Notify your supervisor of the data breach
  • Follow up on the reason for the data breach, ensuring steps are taken to mitigate the data breach from reoccurring. This may involve liaising with the Business Manager and/or A+G Director.

Should a minor data breach (such as leaving a hardcopy agreement in a meeting room) involving private information be made, the following remedial steps must be taken:

  • Notify the persons affected as quickly as possible, including the reason of the data breach.
  • Notify your supervisor of the data breach.
  • Follow up on the reason of the data breach, ensuring steps are taken to mitigate the data breach from reoccurring. This may involve liaising with the Business Manager and/or A+G Director.