This Policy is located on Our website and can be accessed via the following link:
We will make a copy of this policy available to anyone, on request.
Act means the Privacy Act 1988 (Cth)
Events Business means that part of Our business in which We provide conference and other event management services for Our clients.
GDPR means the European Union General Data Protection Regulation.
Personal Information means information which identifies (or can reasonably be used to identify) an
individual and includes “personal data” as defined in the GDPR.
Privacy Principle means an “Australian Privacy Principle”, as set out in the Act.
It is the responsibility of all Leishman Associates staff to comply with privacy laws (where applicable) and this policy. We will conduct periodic training for Our staff. Privacy training will be included in the induction of all new staff.
We will, where legally required and otherwise when commercially and legally possible, reasonable and appropriate, require Our contractors to agree to comply with this policy and with the provisions of applicable privacy laws.
The kinds of Personal Information We collect, the way We collect it and Our purpose of doing so, depends on a variety of circumstances, including the nature of Our interaction with that person. The individuals from/about whom We collect information fall into the following main categories:
For Our Association Management Business
The fact of a person’s membership of an association may comprise sensitive information.
We usually collect names, addresses, phone numbers and email details of staff members of Our clients, participants in the events We manage (including delegates, sponsors, exhibitors, media representatives and others) and of any external suppliers of goods or services with whom We interact in providing Our services.
If We are engaged to make bookings for travel and accommodation, We will collect personal information, which may include sensitive information (see below) and passport details where We are required to make bookings for international travel, or visa applications.
We may collect credit card information if that is the means by which an individual is to pay Us or Our client.
If an individual is to pay for attendance or other participation in a conference/event, We may also collect that person’s credit-card details, or other particulars, as may be necessary to process payments.
Payments made to Us by credit card are subject to, and compliant with, Payment Card Industry (“PCI”) security protocols and We do not retain or store credit card details.
Individuals will need to check with hotels and other providers of accommodation to determine their policies and procedures for retention, storage and use of credit card information.
We may also collect Sensitive Information in the following instances:
For Our Association Management Business
Generally, We collect Personal Information so that We can interact with the individual and/or their business, and, by doing so, provide professional conference and event management services for Our client (the conference/event host) and to manage their conferences and events.
We collect Personal Information for the purposes of managing Our commercial relationship with Our clients, suppliers, conference delegates and other attendees and with other participants, such as sponsors and exhibitors. This enables Us to accept payments, allow admission to, and participation, in conferences or other events, and to manage the delivery of goods and services to the individuals during conferences/events.
If We are engaged to make bookings for travel and accommodation for individuals, We will collect their personal information, which may include sensitive information (see below).
In some cases, for example where We are engaged to make bookings for international travel, or obtain visas, We may ask the individual to provide Us with passport details and other informationneeded for those purposes.
In the case of sponsors and exhibitors, the collection of Personal Information enables Us to manage the delivery of their entitlements and benefits and to manage their participation in the event.
We also collect and retain Personal Information so We can let individuals know of any relevant news on Our current and future events and activities that may be of interest to them.
Where We collect Sensitive Information, it is usually for the purpose of arranging the supply to that individual of culturally-sensitive or health-sensitive services, and goods including food and beverage.
We may also collect health information to ensure that individuals have appropriate access to and egress from venues, facilities and other places at which the event is to take place, or that are connected to the event’s social programme or related activities.
Collection of health information may also enable Us to manage health issues and to help prevent the spread of disease, such as COVID-19. We may collect (and disclose to health authorities) health information to prevent entry of persons with communicable disease to the Event and/or to enable contact tracing during or after the event.
In some instances, We may be required by law or public health order to collect and disclose such health information, to comply with Our obligations under work health and safety laws, or to comply with a duty of care.
We may retain Your Personal Information and send You information (including by electronic means) about events hosted by Our clients that We consider You may be interested to participate in.
You have the right at any time to ask that We stop contacting You for marketing purposes. We will comply with any such request.
In the case of attendees at the conferences and events We manage, We usually collect Personal Information direct from attendees, from Our client or from an external or contracted supplier of conference registration services.
Such Personal Information will usually be supplied to Us by electronic means, such as emails, or by attendees themselves when they submit on-line registration forms (usually contained in the event websites that We manage) to register their wish to attend, or to participate as a sponsor, exhibitor,
speaker, or in some other capacity.
In some instances, individuals may register others to participate in or attend events, such as other staff of their business, or as guests at dinners and other social functions.
We may also collect Personal Information about an individual from Our client, the host of the relevant event that We are managing, if they provide Us with contact information of:
We hold the Personal Information We collect in a variety of ways, including on Our electronic (computer) database (which may be stored “in the cloud”) and, in some cases also on file in hard copy.
We have adopted various security measures to protect this information from unauthorised access (see below).
We will only disclose personal information collected by Our Association Management Business, if it is reasonably expected by the individual and reasonably necessary for the performance of Our services. In all other circumstances We will obtain the consent of the individual before disclosure.
Our Events Business:
When We manage a conference or event for a client, We usually do so as agent for and on behalf of Our client. Accordingly, We will usually provide Personal Information collected in the course of managing their conferences and events to Our clients.
If an individual is attending a conference or event We are managing, We usually disclose that person’s Personal Information to sponsors of, and exhibitors at, that event.
We may use on-line platforms, such as “Events Air” to assist with registration and other aspects of Our management of events. Personal information collected from individuals may be entered and stored on those platforms. The providers of those platforms may have access to personal information entered and stored, although usually that would be limited to situations where We have requested technical support.
We will also disclose Personal Information to third parties as the individual would reasonably expect in the provision of Our services. For example, where it is necessary or desirable to ensure that an individual receives appropriate goods or services at an event, We will disclose relevant Personal Information (including, if necessary, Sensitive Information) to suppliers that We or Our client/host engage to provide those goods or services.
The circumstances will determine what information will be disclosed – but We will make reasonable endeavours to ensure that only the information that is necessary or desirable is disclosed.
Some suppliers may need an individual’s Personal Information to provide appropriate goods or services. We may, for example, engage conference registration desk services, ushers and event “hosts”, who may have access to Personal Information.
We may also engage third parties to assist with the development, maintenance or hosting of conference and event websites, databases and other information technology utilised at the conference or event. Those suppliers may have access to personal information We collect, but We will, wherever commercially possible and reasonable, contractually require those suppliers to comply with privacy laws.
If an individual pays for accommodation, We may disclose that person’s credit card details to the hotel or other supplier of accommodation. Those details may be retained by those hotels and suppliers of accommodation as provided in their respective privacy policies and as notified in their privacy collection statements. They may also retain Your credit card information in order to ensure full payment is made for room hire and other goods and services provided to You. We encourage all individuals to request and review the privacy policies and collection statements issued by hotels and other suppliers of accommodation.
In some cases, We may need to pass on Sensitive Information, where this is necessary to arrange the supply of culturally sensitive goods or services to the individual or for health reasons. For example, We may need to advise a venue, or food and beverage supplier, if the individual has special dietary requirements that may be based on religious or philosophical beliefs, or that arise (for example) because the individual has a particular food allergy.
In the case of health information related to communicable disease such as COVID-19, We will disclose it to public health authorities where We are required to do so under law or public health order or regulation, or when the individual consents. We may also disclose it where required to comply with Our work health and safety obligations or with a duty of care.
Additional disclosure – applicable to Association Management Business and Our Events Business:
We may from time to time out-source management of certain “in-house” functions, such as:
We may also disclose Personal Information to Our professional advisers, such as Our lawyers, accountants and other advisers, in any case where We need to seek advice.
Apart from disclosure to third parties as outlined above, We will not otherwise disclose an individual’s Personal Information to other third parties unless:
We will never sell an individual’s Personal Information unless We have the individual’s express consent, or the sale is part of a sale of Our business or a part of Our business, as noted above.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit Our website or an event website, We may collect information from you automatically through cookies or similar technology. For further information,
By using cookies, We do not collect any additional personal information about you that can identify you.
There are a number of different types of cookies, however, Our website uses navigational and functionality cookies, known as “session cookies”. These allow Our website to recognize” your computer and remember your previously selected preferences, acting as a kind of “bookmark” to make your visit to Our website more fluid and efficient.
Session cookies are temporary and are erased when you close your browser at the end of your visit. The next time you visit, Our website will not recognise you and will treat you as a new visitor as We do not implant anything in your browser to let the website know that you have visited before.
It is not appropriate in this Policy to provide specific details of security measures We have adopted to protect the privacy of Personal information We hold. To do so could compromise those security measures.
If We are the victim of a cyber-attack or other unauthorised access to Personal Information occurs, We will:
We will provide individuals access to the Personal Information which We hold about them, unless the Act (if it applies to Us) would allow Us to deny access to some or all of the Personal Information concerned, or to provide an explanation for a decision instead.
Some circumstances where the Act (if it applies to Us) would allow Us to deny access are where:
This is not an exhaustive list of circumstances where We may have or reserve the right to deny access.
When an individual requests access to Personal Information, We will require a written request, to be sent to Us at the address noted below.
We will acknowledge the access request within 14 days and deal with it within 30 days or earlier. Though We may ask, We will not require an explanation of why the request has been made as a condition of giving access. We will not charge a fee for providing access.
If We determine to deny access to the whole or part of Personal Information requested, We may provide a short explanation, but We will not provide detailed reasoning.
If the GDPR applies, We will usually be a “data processor” for its purposes.
If it applies, you have the following rights under the GDPR,
If You make a request under the GDPR, You must tell Us that the GDPR is the basis of Your request. We will respond to You within one calendar month. If You would like to exercise any of these rights, please contact us at this email address: firstname.lastname@example.org
We will not use government identifiers such as tax file numbers or Medicare numbers as a means of identifying an individual.
If an individual:
This section 17 is subject to Our promise to respond to GDPR requests as noted in section 12, above.
Complaints about privacy must be made in writing, addressed to Us as provide in section 16 of this policy. This will allow Us to deal with complaints in a professional, sensitive and consistent manner.
We will acknowledge receipt of a request within 30 days of receiving it and We will respond within a further 30 days of that acknowledgement. We will also make reasonable endeavours to deal with the complaint within that time, assuming that We are able to investigate and ascertain the necessary facts within that time. We will notify the individual if We consider that it is likely to take substantially longer.
If We consider that a complaint is bona fide, the complainant will be given an opportunity to discuss the matter with Us.
After consideration of the complaint and consultation with the individual who has submitted it, We will notify the individual what is to be done, if anything, to redress the complaint.
Also, We will assess whether the complaint demonstrates a systemic problem and will make a determination as to how We can address/rectify such issues so they do not recur.
Leishman Associates Pty Ltd