Leishman Associates Privacy Policy


This Policy is located on Our website and can be accessed via the following link: Privacy Policy – Leishman Associates (leishman-associates.com.au) We will make a copy of this policy available to anyone, on request.


Leishman Associates understands that privacy is an important issue for individuals. As a small business (as defined in the Privacy Act), We may not be legally bound to comply with the Australian Privacy Principles. Nonetheless, We have adopted this Privacy Policy to declare Our policies and procedures in the handling of Personal Information. We wish to assure individuals that We will take reasonable steps (as outlined in this document) to protect the privacy of Personal Information that We collect. In cases where We collect information about an individual within the European Union, the GDPR may apply. This Privacy Policy aims to comply both with the Act (even if the Act does not apply to Us) and the GDPR, where the GDPR is applicable. In any particular case, We will be happy to provide further detail of Our treatment of Personal Information, subject to Our obligations of confidentiality, the privacy of others, and the sensible restraints of security. Also, We aim to continuously improve Our management of privacy and this policy may change over time.


In this Policy, the following words and expressions have the following respective meanings:
Act means the Privacy Act 1988 (Cth)
Association Management Business means that part of Our business that concerns assisting professional and other associations with various aspects of their management and communications.
Events Business means that part of Our business in which We provide conference and other event management services for Our clients.
GDPR means the European Union General Data Protection Regulation.
Leishman Associates means Leishman Associates Pty Ltd (ABN 22 103 078 897). References to “We” “Our” and “Us” and cognate expressions are references to Leishman Associates.
Personal Information means information which identifies (or can reasonably be used to identify) an individual and includes “personal data” as defined in the GDPR.
Privacy Principle means an “Australian Privacy Principle”, as set out in the Act.
Sensitive Information includes Personal Information concerning (or that implies) an individual’s health status, illness or disability, philosophical, religious or ethnic background, membership of a professional or trade association.


It is the responsibility of all Leishman Associates staff to comply with privacy laws (where applicable) and this policy. We will conduct periodic training for Our staff. Privacy training will be included in the induction of all new staff. We will, where legally required and otherwise when commercially and legally possible, reasonable and appropriate, require Our contractors to agree to comply with this policy and with the provisions of applicable privacy laws.


If We consider that We need the consent of an individual in relation to Personal Information, We will not put undue pressure on the individual to give that consent. We will make reasonable endeavours to ensure that individuals can make an informed and voluntary decision.


The kinds of Personal Information We collect, the way We collect it and Our purpose of doing so, depends on a variety of circumstances, including the nature of Our interaction with that person. The individuals from/about whom We collect information fall into the following main categories:
  • clients or staff of clients who may be acquiring or proposing to acquire Our services, including from both Our Event Management Business and Our Association Management Business;
  • members of the associations to which We provide services in connection with Our Association Management Business;
  • individuals who attend the conferences and other events that We manage for Our clients;
  • sponsors and exhibitors as well as media and other stakeholders who support and participate in the conferences and events that We manage; and
  • suppliers of goods and services to Us and Our clients, including venues, the suppliers of accommodation and travel and tour providers.
In the case of those individuals who wish to participate in conferences or events under Our management, as an attendee or delegate, sponsor, exhibitor or speaker, We will normally collect Personal Information direct from the individual, via an on-line registration form that the individual submits via the conference/event website or “portal”. We may also collect Personal Information from such individuals in paper form or by email. In some cases, We may receive Personal Information about such persons from Our client, the host of the event. In the case of those individuals who are members of the associations to which We provide services in connection with Our Association Management Business, We will normally collect Personal Information either direct from the individual, or from Our client association. The method of collection may vary from electronic to paper methods or by phone in some cases.

What information do We collect?

For Our Association Management Business
We usually collect names, addresses, phone numbers and email details of the members of Our association clients, as well as particulars of their financial status as a member and category of membership. We may also collect information concerning the attendance of members at events hosted by Our association client. The fact of a person’s membership of an association may comprise sensitive information.
For Our Events Business

We usually collect names, addresses, phone numbers and email details of staff members of Our clients, participants in the events We manage (including delegates, sponsors, exhibitors, media representatives and others) and of any external suppliers of goods or services with whom We interact in providing Our services.
If We are engaged to make bookings for travel and accommodation, We will collect personal information, which may include sensitive information (see below) and passport details where We are required to make bookings for international travel, or visa applications.
We may collect credit card information if that is the means by which an individual is to pay Us or Our client.
If an individual is to pay for attendance or other participation in a conference/event, We may also collect that person’s credit-card details, or other particulars, as may be necessary to process payments.
Payments made to Us by credit card are subject to, and compliant with, Payment Card Industry (“PCI”) security protocols and We do not retain or store credit card details.
Individuals will need to check with hotels and other providers of accommodation to determine their policies and procedures for retention, storage and use of credit card information.
We may also collect Sensitive Information in the following instances:

  • health information, where that may be relevant to:
    • the supply of food and beverage to individuals with special dietary needs, at events We manage;
    • access to and egress from venues and other facilities and places at which the event takes place or that are connected to the event’s social programme or activities;
    • travel and accommodation bookings and visa applications that We may make for individuals; and
    • the prevention of the spread of disease, such as COVID-19.
  • information concerning an individual’s religious, ethnic or philosophical background or allegiance, where that is relevant to food and beverage supplied to those individuals at events We manage, or where it is relevant to other cultural aspects of those events; and
  • where We are managing a conference or other event for a trade or professional association, information pertaining to an individual’s membership of the association is itself sensitive information as defined in the Act.

Purposes and use of collection of Personal Information

For Our Association Management Business
Generally, We collect Personal Information so that We can interact with the individual and/or their business, manage various aspects of their membership of the relevant association and, by doing so, provide Our professional association management services for Our client.
For Our Events Business

Generally, We collect Personal Information so that We can interact with the individual and/or their business, and, by doing so, provide professional conference and event management services for Our client (the conference/event host) and to manage their conferences and events.
We collect Personal Information for the purposes of managing Our commercial relationship with Our clients, suppliers, conference delegates and other attendees and with other participants, such as sponsors and exhibitors. This enables Us to accept payments, allow admission to, and participation, in conferences or other events, and to manage the delivery of goods and services to the individuals during conferences/events.
If We are engaged to make bookings for travel and accommodation for individuals, We will collect their personal information, which may include sensitive information (see below).
In some cases, for example where We are engaged to make bookings for international travel, or obtain visas, We may ask the individual to provide Us with passport details and other information needed for those purposes.
In the case of sponsors and exhibitors, the collection of Personal Information enables Us to manage the delivery of their entitlements and benefits and to manage their participation in the event.
We also collect and retain Personal Information so We can let individuals know of any relevant news on Our current and future events and activities that may be of interest to them.
Where We collect Sensitive Information, it is usually for the purpose of arranging the supply to that individual of culturally-sensitive or health-sensitive services, and goods including food and beverage. We may also collect health information to ensure that individuals have appropriate access to and egress from venues, facilities and other places at which the event is to take place, or that are connected to the event’s social programme or related activities.
Collection of health information may also enable Us to manage health issues and to help prevent the spread of disease, such as COVID-19. We may collect (and disclose to health authorities) health information to prevent entry of persons with communicable disease to the Event and/or to enable contact tracing during or after the event.
In some instances, We may be required by law or public health order to collect and disclose such health information, to comply with Our obligations under work health and safety laws, or to comply with a duty of care.

We may retain Your Personal Information and send You information (including by electronic means) about events hosted by Our clients that We consider You may be interested to participate in. You have the right at any time to ask that We stop contacting You for marketing purposes. We will comply with any such request.

How do We collect Personal Information?

Our Association Management Business
We usually collect Personal Information about individuals direct from the individual, by phone or email, or in person, in face-to-face meetings, through online platforms and surveys, as well as directly from Our client, usually by electronic means.
Our Events Business

In the case of attendees at the conferences and events We manage, We usually collect Personal Information direct from attendees, from Our client or from an external or contracted supplier of conference registration services.
Such Personal Information will usually be supplied to Us by electronic means, such as emails, or by attendees themselves when they submit on-line registration forms (usually contained in the event websites that We manage) to register their wish to attend, or to participate as a sponsor, exhibitor, speaker, or in some other capacity.
In some instances, individuals may register others to participate in or attend events, such as other staff of their business, or as guests at dinners and other social functions.
We may also collect Personal Information about an individual from Our client, the host of the relevant event that We are managing, if they provide Us with contact information of:

  • their members, in cases where Our client is an association; and/or
  • persons who have participated in previous events hosted by Our client, whether as a delegate, sponsor, exhibitor, supplier, or in some other capacity.


We hold the Personal Information We collect in a variety of ways, including on Our electronic (computer) database (which may be stored “in the cloud”) and, in some cases also on file in hard copy.
We have adopted various security measures to protect this information from unauthorised access (see below).


Our Association Management Business:

We will only disclose personal information collected by Our Association Management Business, if it is reasonably expected by the individual and reasonably necessary for the performance of Our services. In all other circumstances We will obtain the consent of the individual before disclosure.

Our Events Business:

When We manage a conference or event for a client, We usually do so as agent for and on behalf of Our client. Accordingly, We will usually provide Personal Information collected in the course of managing their conferences and events to Our clients.
If an individual is attending a conference or event We are managing, We usually disclose that person’s Personal Information to sponsors of, and exhibitors at, that event.
We may use on-line platforms, such as “Events Air” to assist with registration and other aspects of Our management of events. Personal information collected from individuals may be entered and stored on those platforms. The providers of those platforms may have access to personal information entered and stored, although usually that would be limited to situations where We have requested technical support.
We will also disclose Personal Information to third parties as the individual would reasonably expect in the provision of Our services. For example, where it is necessary or desirable to ensure that an individual receives appropriate goods or services at an event, We will disclose relevant Personal Information (including, if necessary, Sensitive Information) to suppliers that We or Our client/host engage to provide those goods or services.
The circumstances will determine what information will be disclosed – but We will make reasonable endeavours to ensure that only the information that is necessary or desirable is disclosed.
Some suppliers may need an individual’s Personal Information to provide appropriate goods or services. We may, for example, engage conference registration desk services, ushers and event “hosts”, who may have access to Personal Information.
We may also engage third parties to assist with the development, maintenance or hosting of conference and event websites, databases and other information technology utilised at the conference or event. Those suppliers may have access to personal information We collect, but We will, wherever commercially possible and reasonable, contractually require those suppliers to comply with privacy laws.
If an individual pays for accommodation, We may disclose that person’s credit card details to the hotel or other supplier of accommodation. Those details may be retained by those hotels and suppliers of accommodation as provided in their respective privacy policies and as notified in their privacy collection statements. They may also retain Your credit card information in order to ensure full payment is made for room hire and other goods and services provided to You. We encourage all individuals to request and review the privacy policies and collection statements issued by hotels and other suppliers of accommodation.
In some cases, We may need to pass on Sensitive Information, where this is necessary to arrange the supply of culturally sensitive goods or services to the individual or for health reasons. For example, We may need to advise a venue, or food and beverage supplier, if the individual has special dietary requirements that may be based on religious or philosophical beliefs, or that arise (for example) because the individual has a particular food allergy.
In the case of health information related to communicable disease such as COVID-19, We will disclose it to public health authorities where We are required to do so under law or public health order or regulation, or when the individual consents. We may also disclose it where required to comply with Our work health and safety obligations or with a duty of care.
Additional disclosure – applicable to Association Management Business and Our Events Business:
We may from time to time out-source management of certain “in-house” functions, such as:

  • development and management of Our own website and databases;
  • the provision, to Our clients, of reports and other information on the events and projects We manage;
  • marketing; and/or
  • book-keeping and accounting.

In such cases the external service provider may have access to Personal Information that We have collected. In such cases it is Our policy to include, where legally required and otherwise where commercially possible and appropriate, provisions in the contract that oblige the service provider to observe the confidentiality of Personal Information, to comply with Our privacy policy and, applicable privacy laws.
We may also disclose Personal Information to Our professional advisers, such as Our lawyers, accountants and other advisers, in any case where We need to seek advice.
Apart from disclosure to third parties as outlined above, We will not otherwise disclose an individual’s Personal Information to other third parties unless:

  • We have the individual’s consent;
  • making the disclosure is related (in the case of Sensitive Information, directly related) to the primary purpose for which We have collected the information and We deem that the individual would reasonably have expected Us to make the disclosure;
  • We are required to do so by law, in which case We would inform the individual, unless doing so itself is unlawful or would impede or defeat the purpose of the disclosure; or
  • in the case of Our Events Business, We are required to hand over Our management of a conference or event to another professional conference organiser or event manager;
  • We are negotiating a sale of Our business or a substantial part of it, in which case We will disclose the information only if the other party (with whom We are negotiating) agrees to refrain from use of the information until it completes the purchase.

We will never sell an individual’s Personal Information unless We have the individual’s express consent, or the sale is part of a sale of Our business or a part of Our business, as noted above.


In some instances, We may be dealing with an overseas client, or providing services in respect of an event taking place overseas. If We need to disclose Personal Information to any person overseas, We will not do so unless:
  • We are satisfied that privacy laws in the overseas country provide similar protection for the privacy of the individual as applies in Australia under the Act; or
  • We obtain the consent of the individual.


This Website

This website is operated by Us.
We do not collect information that identifies you unless you provide it voluntarily
We will not use your access to this website to ascertain personal information about you, other than that which you voluntarily submit to Us. We refer you to this Privacy Policy and related Privacy Collection Statements for further information about how We manage the personal information that you may provide to Us.


Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit Our website or an event website, We may collect information from you automatically through cookies or similar technology. For further information, visit:

How do We use cookies?

We may use cookies in a range of ways to improve your experience on Our website, including keeping you signed in and understanding how you use Our website.
By using cookies, We do not collect any additional personal information about you that can identify you.

What types of cookies do We use?

There are a number of different types of cookies, however, Our website uses navigational and functionality cookies, known as “session cookies”. These allow Our website to “recognize” your computer and remember your previously selected preferences, acting as a kind of “bookmark” to make your visit to Our website more fluid and efficient.
Session cookies are temporary and are erased when you close your browser at the end of your visit. The next time you visit, Our website will not recognise you and will treat you as a new visitor as We do not implant anything in your browser to let the website know that you have visited before.

How to manage cookies
You can set your browser not to accept cookies, and the above-mentioned website tells you how to remove cookies from your browser. However, in some cases, some of Our website features may not function (or may not function optimally) as a result.
Privacy policies of other websites
If Our website, or an event website contains links to other websites, the privacy policy of the operator of that other website applies. Our privacy policy, this notice, and any privacy collection statements We provide, apply only to Our website and the event websites We manage, so if you click on a link to visit another website, you should read their privacy policy and related privacy statements.


It is not appropriate in this Policy to provide specific details of security measures We have adopted to protect the privacy of Personal information We hold. To do so could compromise those security measures.
To exclude unauthorised persons or intruders from gaining access to the Personal Information We hold We will use an appropriate combination of:

  • physical barriers including locked doors;
  • cctv security cameras;
  • access technology, password systems and encryption where appropriate; and
  • administrative and behavioural protocols for Our staff,

We have acquired and will continue to acquire and maintain (reasonably within Our means) computer technology and other appropriate technology, such as password security protocols and “fire-walls” to prevent or retard unauthorised access into Our computer system. No security system is, however, 100% secure – so We cannot guarantee that unauthorised access will never occur.
If We are the victim of a cyber-attack or other unauthorised access to Personal Information occurs, We will:

  • make all reasonable endeavours to minimise the harm caused to the privacy of individuals’ Personal Information and to prevent similar, further unauthorised incursions; and
  • comply with applicable data-breach notification rules.


We will provide individuals access to the Personal Information which We hold about them, unless the Act (if it applies to Us) would allow Us to deny access to some or all of the Personal Information concerned, or to provide an explanation for a decision instead.
Some circumstances where the Act (if it applies to Us) would allow Us to deny access are where:

  • providing access would unreasonably be to the detriment of the privacy of another individual;
  • the request is frivolous or vexatious;
  • the requested information relates to existing or anticipated legal proceedings between Us and the individual;
  • giving access would reveal Our intentions in relation to negotiations with the individual and prejudice those negotiations; or
  • providing access would be unlawful or if denying access is required or authorised under law.

This is not an exhaustive list of circumstances where We may have or reserve the right to deny access.
When an individual requests access to Personal Information, We will require a written request, to be sent to Us at the address noted below.
We will acknowledge the access request within 14 days and deal with it within 30 days or earlier. Though We may ask, We will not require an explanation of why the request has been made as a condition of giving access. We will not charge a fee for providing access.
If We determine to deny access to the whole or part of Personal Information requested, We may provide a short explanation, but We will not provide detailed reasoning.


If the GDPR applies, We will usually be a “data processor” for its purposes.
If it applies, you have the following rights under the GDPR,

  • The right to access – You have the right to request Us to provide You with copies of Your Personal Information.
  • The right to rectification– You have the right to request Us to correct any information You believe is inaccurate. You also have the right to request Us to complete information You believe is incomplete.
  • The right to erasure – You have the right to request Us to erase Your Personal Information, under certain conditions.
  • The right to restrict processing – You have the right to request that We restrict the processing of Your Personal Information, under certain conditions.
  • The right to object to processing – You have the right to object to Our processing of Your Personal Information, under certain conditions.
  • The right to data portability – You have the right to request that We transfer the Personal Information that We have collected to another organisation, or directly to You, under certain conditions.

If You make a request under the GDPR, You must tell Us that the GDPR is the basis of Your request. We will respond to You within one calendar month. If You would like to exercise any of these rights, please contact us at this email address: jenna@leishman-associates.com.au


We will not use government identifiers such as tax file numbers or Medicare numbers as a means of identifying an individual.


Given the personal nature of Our services, it is not normally appropriate for individuals to remain anonymous in their dealings with Us. If We conduct a survey, We will, wherever possible, give the individual the option of remaining anonymous unless anonymity would defeat the purpose of the survey.


If an individual:

  • has an enquiry about Our management of Personal Information or privacy procedures;
  • wishes to request access to Personal Information;
  • wishes to see a copy of this Policy document; or
  • wishes to make a complaint about Our handling of Personal Information that individual can contact Us by the following means:
    Phone: 61 3 62347844
    Email: jenna@leishman-associates.com.au
    Postal Address: The Privacy and Data Protection Officer, Leishman Associates Pty Limited, 227 Collins Street, Hobart TAS 7000, attention Paula Leishman.


This section 17 is subject to Our promise to respond to GDPR requests as noted in section 12, above.
Complaints about privacy must be made in writing, addressed to Us as provide in section 16 of this policy. This will allow Us to deal with complaints in a professional, sensitive and consistent manner.
We will acknowledge receipt of a request within 30 days of receiving it and We will respond within a further 30 days of that acknowledgement. We will also make reasonable endeavours to deal with the complaint within that time, assuming that We are able to investigate and ascertain the necessary facts within that time. We will notify the individual if We consider that it is likely to take substantially longer.
If We consider that a complaint is bona fide, the complainant will be given an opportunity to discuss the matter with Us.
After consideration of the complaint and consultation with the individual who has submitted it, We will notify the individual what is to be done, if anything, to redress the complaint.
Also, We will assess whether the complaint demonstrates a systemic problem and will make a determination as to how We can address/rectify such issues so they do not recur.

Paula Leishman
Leishman Associates Pty Ltd