This Privacy Statement is governed by the AM's Privacy Management Plan (PMP) which is the overarching document which outlines how AM complies with the Privacy Act and the standards outlined in the Privacy Act's Information Protection Principles (IPPs). In the event that there is any inconsistency between this Privacy Statement and AM's Privacy Management Plan, the Privacy Management Plan will prevail to the extent of any inconsistency
1. Collecting your personal information – what, how and why
The AM collects your personal information when you engage with us in the following ways:
1.1. When you visit the Museum in person
1.1.1. Contact Tracing – from 1 June 2020, NSW Health requires the AM to collect the name and contact phone number (email address is optional) of all visitors (including contractors, volunteers and function guests) to the Museum for the purpose of contact tracing in the event that case(s) of COVID-19 are confirmed at, or suspected to have related to, the AM premises. Personal information collected by the AM will be used for this purpose only and the AM will destroy this personal information after 28 days of collection in line with its data management policies and NSW Health directives.
1.1.2. Purchasing tickets or goods– when you purchase tickets in person at the AM or buy goods in our AM Shop, we may collect your personal information (including payment method) for the purposes of processing your purchase, contacting you if there are any issues with your purchase or the event and for demographic analysis (on an anonymous basis). We may also ask for your email address in order to send you a post-visit survey to help us improve our products and services.
1.1.3. Attending AM events – when you book or attend events organised by the AM and its partners, we may collect your personal information for research purposes, photographic consent forms, contacting you if there are any changes or special information for the event, for demographic analysis (on an anonymous basis) or to create an interest-based database for future marketing purposes. We may also ask for your email address in order to send you a post-event survey from the AM or our event partners to help us improve our products and services.
1.1.4. Conducting research – when you attend the AM for research purposes, such as using the AM Library, you will be required to sign-in on arrival and provide your name and contact details to the AM for the purposes of ensuring the safety and security of all personnel and AM property in accordance with AM’s security policies.
1.1.5. Safety and security – the AM operates closed circuit television (CCTV). Cameras are visibly located throughout the Museum and are in public view as far as possible. Footage is collected in accordance with our security policies and may be provided to law enforcement in certain situations.
1.2. When you call the AM telephone numbers
We may collect your personal information when you call us to enquire about any aspect of the AM, including the AM Members Program, accessibility information or other general enquiries. This information assists us in providing more tailored communications and programs that meet your needs.
1.3. When you engage with the AM electronically
The following are the principal ways in which the AM collects your personal information when you (or your parent or guardian on your behalf) interact electronically with us. When you:
- log onto the AM Website
- use the AM public Wi-Fi network
- enter competitions or engage with other AM promotional activities
- sign-up to newsletters
- make donations to the AM or AM Foundation
- book or purchase tickets to AM exhibitions or AM events online
- buy goods from the AM Online Shop
- join the AM Members Program
- enquire about booking functions at AM venues
- submit online enquiries, including about accessibility
- send emails to AM email addresses,
the AM, including its partners or authorised agents, collect your personal information when you use our electronic services to obtain information, transact or engage with us. The personal information that we collect will vary depending on the reason you are interacting electronically with the AM but generally includes your name, your email address, your password (if you have an account with us), other contact information, billing and shipping information where you are purchasing goods or services from us and may include health information where your query relates to accessibility information.
Some fields are marked as mandatory which means that if you choose not to provide your personal information, the AM will not be able to provide the service or product to you. Non-mandatory fields ask for additional information and you may withhold that information without affecting the main reason for the interaction.
1.3.1. Your personal information may be used to contact you
Your personal information may be used to contact you:
(a) if details of an exhibition or event change
(b) to communicate with you in relation to a purchase you have made via the AM’s Online Shop
(c) to inform you of sales and promotions or additional related products and services which may interest you. You can choose not to receive such additional information and you can manage your preferences online.
(d) If you have booked or attended an AM event, the AM or its event partners may contact you regarding other similar events that you may be interested in. You may unsubscribe by using the unsubscribe link at the bottom of the electronic communication or by contacting the AM or the event partner directly.
(e) if you have signed up to our newsletter to receive information on the AM or its programs or activities, your personal information will be added to the appropriate electronic mailing list. You may unsubscribe by using the unsubscribe link at the bottom of the electronic communication or by contacting the AM
(f) to participate in market research to assist the AM to improve its products and services. You can choose not to receive such communications and you can manage your preferences online.
(g) In the event of a suspected or confirmed case of COVID-19 at the AM
(h) in relation to any inquiry, investigation relating to a security matter or as required by law.
1.3.2. Site visit information is also collected automatically
IP addresses are used to administer the website and to diagnose problems. An Internet Protocol address (IP Address) is the unique address of a computer or mobile device. We use it to track your session, with the information used for statistical purposes eg. numbers and frequency of visitors to the website.
When you visit our website to read pages, download information or interact with us electronically, the following information is automatically collected - the user's server address, the user's top level domain name (eg .com, .gov, .au etc), the date and time of the visit to the site, the duration of your visit, the pages accessed and documents downloaded, the previous referring site visited and the type of browser used. No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the Internet Service Provider's logs.
This site visit data is anonymous information, aggregated for analysis, with identifiable characteristics removed: this aggregate data may be provided to other people. Recording usage patterns helps us to identify popular areas of our site, and helps us work to improve and develop the site.
For security reasons, we use software programs to monitor network traffic and identify unauthorised attempts to upload or change information, or otherwise cause damage. It is a criminal offence to interfere with computers or data.
Cookies are small files that a website can store on a user's computer and are used for keeping the "state of a user session" i.e. remembering who you are from a page requesting information to supplying it. The cookies that are used by the AM websites do not collect any personal information and we do not combine information collected through cookies with other personal information to tell us who you are.
2. Storing your personal information
When you interact with us electronically, your personal information is either stored in secure AM databases or, depending on the products or services you require, it may be held by our third party service providers. The AM has in place information security requirements aimed at minimising risks of unauthorised access to, and loss, misuse or wrongful alteration of, your personal information. We require our third party service providers to have in place high standards of data security to protect your personal information.
The information will be used only for the purpose you supplied the information to the AM for, or for a directly related purpose. Your personal information will not be added to a mailing list, unless that is the purpose for which you have provided the personal information. The information you provide will not be used for any other purpose without your consent.
3. Disclosure and security
The Australian Museum may be required on occasion to disclose your personal information to third parties.
When you purchase goods in the AM Shop or online via the AM Online Shop, the AM provides shipping address information to our preferred delivery service provider. Your credit card information is used to complete the transaction. If you seek a refund or exchange for different value in accordance with the Terms, you may be asked to provide the same credit card details to process that transaction.
When you donate to the AM through any of the AM’s channels, or give information to the AM for any other purpose, the personal information you provide will be entered into a database. Our database is a customer relationship management system which enables us to process your transaction and communicate with you in the ways you nominate.
We may need to provide third party contractors and service providers who provide our ticketing services, present exhibitions, provide associated services or other events at the AM with access to your personal information in order to assist us to operate our business or to provide a service to you (“Event Related Parties”). This enables the Event Related Parties to complete your transaction and understand the demographics of those who attended the event. Event Related Parties may send you marketing or research material. Event Related Parties may be located overseas.
If the AM engages such contractors and service providers to handle your personal information, these entities are responsible for complying with applicable laws governing how personal information is to be handled and we require these organisations and service providers agree to keep your information secure, use it only for the purpose for which it has been provided, handle it in accordance with our directions and return it to us or destroy all copies of it when they have finished, unless they are required by law to retain it.
The AM may anonymise and aggregate your personal information. We may do this for use and disclosure of the anonymous data to determine audience preferences to improve our offering or research demographic trends. We may share this anonymised data with our trusted partners to assist them in research or marketing products and services to you that are likely to be relevant to your interests and preferences.
We may also share with certain media agencies, publishers and partners, such as Facebook, Google and Twitter, anonymous unique identifiers ('hashed data’) allocated to you. This identifier may be associated with information collected when you engage with us, for example by subscribing to our e-newsletters, visiting our websites or digital platforms, using our approved agencies, buying a ticket, making a booking, or calling, emailing, faxing or mailing us. This is so that we can together provide you with customised content when you visit certain websites and provide other visitors to those websites with customised advertising.
Otherwise, the AM will only disclose personal information if this is required by law, for example under the Government Information (Public Access) Act 2009 (NSW), permitted under this Privacy Statement, or permitted under the NSW Privacy and Personal Information Protection Act 1998 (NSW) or the Health Records and Information Privacy Act 2002 (NSW).
The AM will not sell or receive payment for licensing or disclosing your personal information.
Names and email addresses of AM staff appearing on this website are provided with their knowledge and assent.
3.1. External links
This site contains links to other sites. The AM is not responsible for the privacy practices or the content of such websites.
The AM uses 2048 bit encryption in areas where payment is required (e.g. purchasing online tickets and goods from the AM Online Shop).
Your details and order information will only be used to fulfil your order and to advise on the status of your order.
Credit card data is among the most sensitive data collected by websites. When you purchase tickets from us, your credit card information is sent, securely, directly from your browser to our secure payment partners. Credit card numbers do not get routed to our servers and are not recorded in our database.
The AM websites and platforms have security measures in place to protect against loss, misuse and alteration of information under our control. However no data or email transmission over the Internet is 100% secure and while we do our best to ensure the security of our site, the AM does not guarantee 100% security of any information that you disclose online - you do so at your own risk.
Where we require you to have an account with us, the password for your account is stored in our database in an encrypted form. If you lose or forget the password we cannot recover it for you, but you can reset your password. Even though the password is safely stored you should follow password best practices, and:
- not choose something that is easy to guess
- not choose a password that you have used elsewhere
- reset your password regularly
- not disclose your password to any other person
- you should log off our website and shut down your browser when your visit is complete
Remember that you are responsible for maintaining the confidentiality of your password and for all uses of your password, whether or not authorised by you.
If you do not wish to use the Internet to interact with us, the AM can be contacted by telephone on +61 (0)2 9320 6000 or mail - 1 William Street, Sydney NSW 2010.
4. Access, correction & concerns
4.1. Accessing and correcting your personal information
The personal information you provide can only be accessed by authorised persons such as you (via logging into your account with us), people authorised by you to act on your behalf (such as parents and legal guardians) or law enforcement in the event of an incident.
The AM will take reasonable steps to ensure your personal information is accurate, complete and up to date. You have the right to request access and correction of your personal information at any time. Should you wish to access or amend this information, please contact :
1 William Street
SYDNEY NSW 2010
or via email: firstname.lastname@example.org
There are some circumstances under the NSW Privacy and Personal Information Protection Act 1998 (NSW) when we are not obliged to provide access to the personal information we hold. If one of these situations applies to your request we will let you know. If you wish to opt out of receiving any communications or be removed from any databases, please contact the AM via the website feedback form.
4.2. Privacy concerns
If you have any queries or concerns about the way the AM has collected, stored, used or disclosed your personal information you should write to us as soon as possible and we will investigate the matters you raise. If you are unhappy with the response you receive from us in response to a complaint you can raise the matter with the NSW Information and Privacy Commission by writing to email@example.com.
Further information on NSW Privacy Laws can be found at Information Privacy Commission NSW.