The Club is committed to safeguarding club member’s privacy and ensuring the confidentiality and security of the personal information we may collect from you.
To comply with legal requirements and to run our business effectively, it is necessary for us to collect certain personal information from members and other individuals and organisations we associate with. At the minimum, this may include information such as member’s names, addresses and contact details. Additional information may be required, depending on the nature of your dealings with the Club.
We will only use or disclose your personal information for the primary purpose it was collected for, unless you have consented to the information being used for a secondary purpose.
The Club takes all reasonable measures to protect personal information from loss, unauthorised access, destruction, misuse, modification or disclosure. However, despite concerted efforts, the Club takes no responsibility for the unauthorised use of personal information.
- how and when the club collects personal information;
- how the club uses and discloses personal information;
- how the club keeps personal information secure, accurate and up-to-date;
- how an individual can access and correct their personal information; and
- how the club will facilitate or resolve a privacy complaint.
1.1 What is Personal Information?
- Personal information is defined under the Privacy Act 1988 to mean information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is reasonably identifiable, from the information or opinion.
- Some examples of personal information are your name, residential address, email address, bank details, photos and opinions on your likes and dislikes that can identify you (see paragraph 3.2 below).
2.1 What is Sensitive Information?
- Sensitive information is a subset of personal information.
- It means information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.
2.2 Collection of Sensitive Information
- In general, we attempt to limit the collection of sensitive information we may collect from you, but depending on the uses you make of our products this may not always be possible and we may collect sensitive information from you in order to carry out the services provided to you.
- The type of sensitive information we may collect from you or record about you is dependent on the services provided to you by the club and will be limited to the purpose(s) for which it is collected.
- We do not use sensitive information to send you Direct Marketing Communications (as defined in paragraph 9 below) without your consent.
- We will not collect sensitive information from you without your consent.
2.3 Consent to collection of certain types of sensitive information
We may collect certain types of sensitive information where you have consented and agreed to the collection of such information.
We will obtain your consent at (or around) the point in time in which we collect the information.
The main type of sensitive information that we may collect (if any) will usually relate to your:
- criminal record (if any);
- special food or dietary requirements due to medical, cultural or religious reasons;
- biometric identification, such as finger print scans;
- membership of political organisations and political opinions;
- racial origin and religious beliefs, to the extent these are ascertainable from any photographic identification (such as a driver’s licence or passport);
- gambling habits;
- philosophical beliefs, if applicable; and
- health or medical information,
but only if the sensitive information is necessary for, or incidental to, the purposes of collection set out in paragraph 4.4
3.1 We will only collect personal information that is necessary for us to provide our products and services to you. This depends ultimately upon the purpose of collection and we have set out the general purposes of collection at clause 6 below.
3.2 The type of information includes (but is not limited to) the following:
- your contact information such as full name (first and last), e-mail address, current postal address, delivery address (if different to postal address) and phone numbers;
- For employees and appointees of the club only - details relating to your employment (if applicable) or your previous employment, which shall include, but is not limited to, obtaining your tax file number and superannuation details;
- your date of birth;
- your social media details;
- proof of your identity (including, but not limited to, driver’s licence, passport, birth certificate);
- any sensitive personal information listed in paragraph 2.3;
- if applicable, emergency contact details;
- details required as part of your club membership or visitation, including but not limited to the information required under the members and visitor’s registers;
- whether you participated in any activity or event organised by the club;
- use of POS (point of sale terminals) to purchase goods;
entry and activity on the club’s website, including;
- The user’s server address;
- The user’s domain name (e.g. .com, .gov, .net, .au etc.)
- The date and time of the visit and the pages accessed or downloaded.
NB: No attempt will be made to identify users or their browsing activity except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the ISP’s logs.
- photographs or video footage taken at our premises, which may include you;
- details of any enquiries or complaints made by you;
- your opinions, statements and endorsements collected personally or via surveys and questionnaires, including but not limited to your views on the products and services offered by the club; and
- if you are requesting products or services from us or we are purchasing goods or services from you, then any relevant payment or billing information (including but not limited to bank account details, direct debit, credit card details, billing address, repayment information and invoice details).
3.4 If we receive unsolicited personal information about or relating to you and we determine that such information could have been collected in the same manner if we had solicited the information, then we will treat it in the same way as solicited personal information and in accordance with the APPs.
3.5 If we determine that such information could not have been collected in the same manner as solicited personal information, and that information is not contained in a Commonwealth record, we will, if it is lawful and reasonable to do so, destroy the information or de-identify the information.
3.6 When you engage in certain activities, such as entering a contest or promotion, filling out a survey or sending us feedback, we may ask you to provide certain information, which you may withhold or provide at your own discretion. It is optional for you to engage in these activities.
3.7 Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory data or any other information we require in order for us to provide our services to you, we may be unable to provide or effectively provide our services to you.
3.8 If you use our website, we may utilise "cookies" which enable us to monitor traffic patterns and to serve you more efficiently if you revisit our website. A cookie does not identify you personally but may identify your internet service provider or computer. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
4.1 If you wish to do so, when making enquiries or dealing with the club you may elect not to identify yourself or use a pseudonym. This may be particularly prevalent where individuals wish to participate in a blog or enquire about a particular campaign.
4.2 Your decision to interact anonymously or by using a pseudonym may affect the level of services we can offer you. In many cases, it may be impracticable to deal with or disclose information to individuals who fail to disclose their identity.
4.3 In certain matters, the club may be required or authorised to deal with only those individuals who have identified themselves. In cases where failing to disclose your identity will affect the level of service we can offer you, we will inform you of such and advise you of any additional options which may be available to you.
4.4 Notwithstanding clauses 4.1-4.3, various liquor and gaming laws require that an individual must identify themselves on each occasion they enter the club’s facilities. Patrons who also wish to become members must identify themselves and will be required to do so, each time they are requested to whilst attending the premises.
5.1 The club adopts their own identifier system for each individual, which is the numbered receipt issued in return for any membership dues.
5.2 Identifiers for other individuals or organisations who provide information to the club, are ascertained by account numbers, supplier codes or other distinguishing information provided.
5.3 The club does not adopt any government related identifiers as it’s own.
5.4 All government related identifiers, applied to an individual or an organization are only used by the club for their prescribed circumstances, as required by Government bodies or agencies.
5.5 The club will take all steps necessary to ensure that the government related identifiers are not disclosed to any other individuals or organisations other than those listed above.
6.1 We will only use or disclose your personal information for the primary purposes for which it was collected or as consented to and/or as set out below.
6.2 You consent to us using and disclosing your personal information to facilitate a purpose in connection with:
- If required, the verification of your identity, including the verification of your date of birth, if applicable;
- Facilitating membership or visitation requirements (for example, entry into the Register of Members which is available for public inspection by other members);
provision of our products and services to you, which shall include but is not limited to:
- the administration and management of our products and services, including charging, billing, credit card authorisation and verification, checks for financial standing, credit-worthiness (including but not limited to undertaking an assessment for credit loss and obtaining credit references, if applicable), fraud and collecting debts; and
- to offer you updates, or other content or products and services that may be of interest to you;
to facilitate the administration, management and improvement of the club, including but not limited to:
- the use of your personal information collected in accordance with paragraph 3.1 in the administration and management of the club;
- communications between member clubs (being those clubs which are members of Clubs Queensland), including but not limited to reciprocal arrangements and sharing of industry news;
- the management, governance and administration of the club, including but not limited to any management and governance meetings of the club;
- if applicable, any requirement to include you in various registers maintained by the club including, but not limited to, the register of excluded persons;
- facilitating medical assistance in the event of a medical emergency, or to provide you with medical treatment as requested by you;
- your participation in any activity or event organised by the club or a third party organisation;
- your ability to attend other member clubs in Australia or New Zealand;
- co-ordinating, managing and maintaining good order and security of the club and our premises, which shall include but is not limited to protecting the rights and safety of other parties on our premises;
- investigating and reporting information to third parties regarding any accidents or incidents that may have occurred on our premises;
- the improvement of our services (including to contact you about those improvements and asking you to participate in surveys about our products and services);
- the maintenance and development of our products and services, business systems and infrastructure;
- marketing and promotional activities by us, our related bodies and Market2Market and other like companies (including by direct mail, telemarketing, email, SMS and MMS messages) such as our customer loyalty programs and newsletters;
- to provide customer service functions, including handling customer enquiries and complaints;
- to offer you updates, or other content or products and services that may be of interest to you;
- our compliance with applicable laws;
- the transfer, and matters in connection with a potential transfer, of the club to another entity; and
- any other matters reasonably necessary to continue to provide our products and services to you.
6.3 We may also use or disclose your personal information and in doing so we are not required to seek your additional consent:
- when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose;
- if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
- if we have reason to suspect that unlawful activity has been, or is being, engaged in; or
- if it is required or authorised by law.
6.4 In the event we propose to use or disclose such personal information other than for reasons in 6.1, 6.2, and 6.3 above, we will first seek your consent prior to such disclosure or use.
7.1 We may disclose your personal information to other organisations. Examples of organisations and/or parties that your personal information may be provided to include:
- other member clubs;
- Clubs Queensland and its related bodies;
- if applicable, Clubs Australia and Club New Zealand, and member clubs of Clubs Australia and Clubs New Zealand;
- offshore service providers, if any;
- related entities and subsidiaries of the club;
- third parties, such as trade suppliers, club sponsors, Market2Market, and like companies; and
- our contractors and agents, including but not limited to our professional advisors such as accountants, solicitors and auditors or other companies who assist us in providing our products and services to you.
8.1 We use closed circuit televisions (CCTV) at certain locations throughout our premises (e.g. entry and exit) and surrounding areas. The CCTV is integral to our security system and CCTV images are stored for a minimum “retention period” of 28 days (unless an incident is identified, in which case the images are retained for a minimum period of one year after the retention period unless they are given to the relevant authority (e.g. police). The CCTV footage must be archived if requested by the relevant authority.
8.2 If an incident occurs at the venue, CCTV footage for the period leading up to, during and following the incident must be archived and where no incident has been identified, the CCTV footage is automatically deleted within 30 days after the minimum retention period.
8.3 As indicated in paragraph 3.2(l), we may take photographs of you attending our premises, and we may wish to use them for marketing and advertising purposes. Unless you advise us otherwise, you expressly agree and consent to the use of any photographs, which may include you, for the aforementioned purposes, without compensation.
9.1 You expressly consent to us using your personal information, including any email address you give to us, to provide you with information and to tell you about our products, services or events or any other direct marketing activity (including third party products, services, and events) (Direct Marketing Communications) which we consider may be of interest to you.
9.2 Without limiting the application of clause 9.1, if it is within your reasonable expectations that we send you Direct Marketing Communications (given the transaction or communication you have had with us), then we may also use your personal information for the purpose of sending you Direct Marketing Communications which we consider may be of interest to you.
9.3 You expressly consent to us disclosing your personal information to other organisations (including but not limited to organisations such as those listed in paragraph 7.1) that may also use your personal information for sending you Direct Marketing Communications.
9.4 If at any time, you do not wish to receive any further Direct Marketing Communications from us, or others under paragraph 9.3, you may ask us not to send you any further information about products and services and not to disclose your information to other organisations for that purpose. You may do this at any time by:
- using the “unsubscribe” facility included in the email;
- replying with a text message sent from the club with the word STOP; or
- by contacting us via the details set out at the end of this document.
10.1 Any personal information that you provide to us may be transferred to, and stored at, a destination outside Australia, including but not limited to New Zealand and the United Kingdom, where we may utilise overseas data and website hosting facilities or have entered into contractual arrangements with third party service providers to assist us with providing our goods and services to you. Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or related companies.
10.4 If you do not agree to the transfer of your personal information outside Australia, please contact us via the details set out at the end of this document.
11.1 We have taken steps to help ensure your personal information is safe. You will appreciate, however, that we cannot guarantee the security of all transmissions or personal information, especially where the Internet is involved.
11.2 Notwithstanding the above, we will take reasonable steps to:
- make sure that the personal information we collect, use or disclose is accurate, complete and up to date;
- protect your personal information from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and
- destroy or permanently de-identify personal information if it is no longer needed for its purpose of collection.
11.3 However, the accuracy of personal information depends largely on the information you provide to us, so we recommend that you:
- let us know if there are any errors in your personal information; and
- keep us up-to-date with changes to your personal information (such as your name or address).
11.4 The club undertakes an annual review of it’s member’s details. Prior to renewing a member’s membership, we will provide you with the current details we hold on the system. If there are errors in these details, we urge you to advise the club and we will update them accordingly.
11.5 Personal information which is held by the club will be destroyed, when the club receives:
- A request from an individual that their membership be terminated;
- Notification of the death of a member or a person for which the club holds personal information for; or
- Notification that a membership has lapsed and is not renewed within the six-month grace period.
12.1 We have taken steps to help ensure your personal information is safe. You will appreciate, however, that we cannot guarantee the security of all transmissions or personal information, especially where the Internet is involved.
12.2 If the club suspects that there has been a data breach they will take immediate steps to contain the extent of the breach and limit any further access to the information.
12.3 Once the data breach has been contained, the club will then assess the breach and investigate how the incident occurred within thirty (30) days. Once the club has the relevant information, they will make an evidence-based decision as to whether serious harm is likely.
12.4 If it is deemed that serious harm is likely, the club will both notify the individual whose data has been breached and the Australian Information Commissioner. The notification will include recommendations as to the steps which should be taken in response to the breach.
12.5 Where a breach occurs, the Club will review the circumstances surrounding the breach and take action to prevent any further breaches.
13.1 The club holds physical documents and files which contain personal information in restricted access areas. All files are accessible, strictly by approved personnel.
13.2 Electronic personal information may be stored on servers that are owned and controlled by the club. The servers will be password protected and feature a secured login.
13.3 All ‘back-up” stores are held off site and maintained by contracted IT Service Providers.
13.4 If the club wishes to do so, personal information may also be stored in a secure web-based application on a data server, which is owned and operated by a third party (e.g. cloud sharing services). The club will take reasonable steps to ensure that any third party providers comply with the APP’s.
13.5 At such time that the club does not require your personal information (and is not obligated to keep records by law), the club will take all reasonable steps to ensure that the information is de-identified and destroyed.
14.1 You are entitled to have access to any personal information relating to you which we possess, except in some exceptional circumstances provided by law. You are also entitled to edit and correct such information if the information is inaccurate, out of date, incomplete, irrelevant or misleading.
14.2 If you would like access to, or if you would like to correct any records of personal information we have about you, you are able to access and update that information (subject to the above) by contacting us via the details set out at the end of this document.
14.3 Prior to accessing any confidential information, you may be required to produce acceptable photographic identification. Failure to comply with this requirement, may result in your request for information being denied.
14.5 Prior to providing you with the information, the club may charge a reasonable fee to cover any and all administration costs.
16.1 We have put in place an effective mechanism and procedure to resolve privacy complaints. We will ensure that all complaints are dealt with in a reasonably appropriate timeframe so that any decision (if any decision is required to be made) is made expeditiously and in a manner that does not compromise the integrity or quality of any such decision.
16.2 If you have any concerns or complaints about the manner in which we have collected, used or disclosed and stored your personal information, you can tell us by contacting the Privacy Officer and Compliance Manager.
To ensure confidentiality, please clearly mark your correspondence to the attention of the Privacy Officer and Compliance Manager.
16.3 In order to resolve a complaint, we:
- will liaise with you to identify and define the nature and cause of the complaint;
- may request that you provide the details of the complaint in writing;
- may request that you provide any and all supporting documentation;
- will keep you informed of the likely time within which we will respond to your complaint; and
- will inform you of the legislative basis (if any) of our decision in resolving such complaint.
16.4 We will keep a record of the complaint and denote any action taken in a privacy register.