The Australian Museum (AM) is committed to protecting your personal information, in accordance with the NSW Privacy and Personal Information Protection Act 1998 (Privacy Act) and other applicable Privacy legislation (Privacy Laws). This Privacy Statement outlines how AM deals with your personal information when you engage with us via AM's websites, Apps and other software, our public Wi-Fi and when you visit the Museum. This Privacy Statement may change from time to time.

This Privacy Statement is governed by the AM's Privacy Management Plan (PMP) which is the overarching document which outlines how AM complies with the Privacy Act and the standards outlined in the Privacy Act's Information Protection Principles (IPPs). In the event that there is any inconsistency between this Privacy Statement and AM's Privacy Management Plan, the Privacy Management Plan will prevail to the extent of any inconsistency.

1. Collecting your personal information – what, how and why

The AM collects your personal information when you engage with us in the following ways:

1.1. When you visit the Museum in person

1.1.1. Contact Tracing – from 1 June 2020, NSW Health requires the AM to collect the name, address, email and contact phone number of all visitors (including contractors, volunteers and function guests) to the Museum for the purpose of contact tracing in the event that case(s) of COVID-19 are confirmed at, or suspected to have related to, the AM premises. Personal information collected by the AM will be used for this purpose only and the AM will destroy this personal information after 28 days of collection in line with its data management policies.

1.1.2. Purchasing tickets – when you purchase tickets in person at the Museum, we may collect your personal information (including payment method) for the purposes of processing your purchase, contacting you if there are any issues with your purchase or the event and for demographic analysis (on an anonymous basis). We may also ask for your email address in order to send you a post-visit survey to help us improve our products and services.

1.1.3. Attending AM events – when you book or attend events organised by the AM and its partners, we may collect your personal information for research purposes, photographic consent forms, contacting you if there are any changes or special information for the event, for demographic analysis (on an anonymous basis) or to create an interest-based database for future marketing purposes. We may also ask for your email address in order to send you a post-event survey from the AM or our event partners to help us improve our products and services.

1.1.4. Conducting research – when you attend the Australian Museum for research purposes, such as using the AM Library, you will be required to sign-in on arrival and provide your name and contact details to the AM for the purposes of ensuring the safety and security of all personnel and AM property in accordance with AM’s security policies.

1.1.5. Safety and security – the AM operates closed circuit television (CCTV). Cameras are visibly located throughout the Museum and are in public view as far as possible. Footage is collected in accordance with our security policies and may be provided to law enforcement in certain situations.

1.1.6. Public Wi-Fi – When you use our public Wi-Fi network, we collect the Internet Protocol address (IP Address) of your device and your email address. The AM collects this personal information from you for the purposes of monitoring use of our service in accordance with our terms of use, equitable use and, where you elect to receive them, to receive marketing messages from the AM and its partners.

1.2. When you call the AM telephone numbers

We may collect your personal information when you call us to enquire about any aspect of the AM, including the AM Members Program, accessibility information or other general enquiries. This information assists us in providing more tailored communications and programs that meet your needs.

1.3. When you engage with the AM electronically

The following are the principal ways in which the AM collects your personal information when you (or your parent or guardian on your behalf) interact electronically with us. When you:

  • log onto the AM Website
  • use AM Apps such as FrogID™ or AM Safe - Please refer to the FrogID Privacy Policy webpage for specific information on the mobile App and software data collection
  • use the AM public Wi-Fi network
  • enter competitions or engage with other AM promotional activities
  • sign-up to newsletters
  • make donations to the AM or AM Foundation
  • book or purchase tickets to AM exhibitions or AM events online
  • join the AM Members Program
  • enquire about booking functions at AM venues
  • submit online enquiries, including about accessibility
  • send emails to AM email addresses,

the AM, including its partners or authorised agents, collect your personal information when you use our electronic services to obtain information, transact or engage with us. The personal information that we collect will vary depending on the reason you are interacting electronically with the AM but generally includes your name, your email address, other contact information, billing information where you are purchasing goods or services from us and may include health information where your query relates to accessibility information.

Some fields are marked as mandatory which means that if you choose not to provide your personal information, the AM will not be able to provide the service or product to you. Non-mandatory fields ask for additional information and you may withhold that information without affecting the main reason for the interaction.

1.3.1. Your personal information may be used to contact you

Your personal information may be used to contact you:

(a) if details of an exhibition or event change

(b) to inform you of additional related products and services which may interest you. You can choose not to receive such additional information and you can manage your preferences online.

(c) If you have booked or attended an AM event, the AM or its event partners may contact you regarding other similar events that you may be interested in. You may unsubscribe by using the unsubscribe link at the bottom of the electronic communication or by contacting the AM or the event partner directly.

(d) if you have signed up to our newsletter to receive information on the AM or its programs or activities, your personal information will be added to the appropriate electronic mailing list. You may unsubscribe by using the unsubscribe link at the bottom of the electronic communication or by contacting the AM

(e) In the event of a suspected or confirmed case of COVID-19 at the AM

(f) in relation to any inquiry or investigation relating to a security matter

1.3.2. Site visit information is also collected automatically

IP addresses are used to administer the website and to diagnose problems. An Internet Protocol address (IP Address) is the unique address of a computer or mobile device. We use it to track your session, with the information used for statistical purposes eg. numbers and frequency of visitors to the website.

When you visit our website to read pages, download information or interact with us electronically, the following information is automatically collected - the user's server address, the user's top level domain name (eg .com, .gov, .au etc), the date and time of the visit to the site, the duration of your visit, the pages accessed and documents downloaded, the previous referring site visited and the type of browser used. No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the Internet Service Provider's logs.

This site visit data is anonymous information, aggregated for analysis, with identifiable characteristics removed: this aggregate data may be provided to other people. Recording usage patterns helps us to identify popular areas of our site, and helps us work to improve and develop the site.

For security reasons, we use software programs to monitor network traffic and identify unauthorised attempts to upload or change information, or otherwise cause damage. It is a criminal offence to interfere with computers or data.

1.3.3. We use cookies

Cookies are small files that a website can store on a user's computer and are used for keeping the "state of a user session" i.e. remembering who you are from a page requesting information to supplying it. The cookies that are used by the AM websites do not collect any personal information and we do not combine information collected through cookies with other personal information to tell us who you are.

We use cookies to measure certain visitor patterns, including areas of the website you have visited and the duration of your visits. This research is used to help us understand user habits, so the website can be improved and serve relevant information.

If you prefer not to receive cookies, you can adjust your Internet browser to refuse cookies or to warn you when cookies are being used. Refusal will make some parts of our websites inaccessible, unusable, or behave strangely

2. Storing your personal information

When you interact with us electronically, your personal information is either stored in secure AM databases or, depending on the products or services you require, it may be held by our third party service providers. The AM has in place information security requirements aimed at eliminating risks of unauthorised access to, and loss, misuse or wrongful alteration of, your personal information. We require our third party service providers to have in place high standards of data security to protect your personal information.

The information will be used only for the purpose you supplied the information to the AM for, or for a directly related purpose. Your personal information will not be added to a mailing list, unless that is the purpose for which you have provided the personal information. The information you provide will not be used for any other purpose without your consent

3. Disclosure and security

The Australian Museum may be required on occasion to disclose your personal information to third parties.

We may need to provide third party contractors and service providers with access to your personal information in order to assist us to operate our business or to provide a service to you. If the AM engages such contractors and service providers to handle personal information, we require these organisations and service providers to agree to keep your information secure, use it only for the purpose for which it has been provided, handle it in accordance with our directions and return it to us or destroy all copies of it when they have finished, unless they are required by law to retain it. For example, in purchasing tickets online, the AM will need to disclose personal information to third parties in order to bill and deliver your tickets.

The AM may anonymise and aggregate your personal information. We may do this for use and disclosure of the anonymous data to determine audience preferences to improve our offering or research demographic trends. We may share this anonymised data with our trusted partners to assist them in research or marketing products and services to you that are likely to be relevant to your interests and preferences.

We may also share with certain media agencies, publishers and partners, such as Facebook, Google and Twitter, anonymous unique identifiers ('hashed data’) allocated to you. This identifier may be associated with information collected when you engage with us, for example by subscribing to our e-newsletters, visiting our websites or digital platforms, using our approved agencies, buying a ticket, making a booking, or calling, emailing, faxing or mailing us. This is so that we can together provide you with customised content when you visit certain websites and provide other visitors to those websites with customised advertising.

Otherwise, the AM will only disclose personal information if this is required by law, for example under the Government Information (Public Access) Act 2009 (NSW), permitted under this Privacy Statement, or permitted under the NSW Privacy and Personal Information Protection Act 1998 (NSW) or the Health Records and Information Privacy Act 2002 (NSW).

The AM will not sell or receive payment for licensing or disclosing your personal information.

Names and email addresses of AM staff appearing on this website are provided with their knowledge and assent.

3.1. External links

This site contains links to other sites. The AM is not responsible for the privacy practices or the content of such web sites.

3.2. E-commerce

The AM uses 2048 bit encryption in areas where payment is required (e.g. purchasing online tickets).

Your details and order information will only be used to fulfil your order and to advise on the status of your order.

Credit card data is among the most sensitive data collected by websites. When you purchase tickets from us, your credit card information is sent, securely, directly from your browser to our secure payment partners. Credit card numbers do not get routed to our servers and are not recorded in our database.

3.3. Security

The AM websites and platforms have security measures in place to protect against loss, misuse and alteration of information under our control. However no data or email transmission over the Internet is 100% secure. We do our best to ensure the security of our site.

The password for your account is stored in our database in an encrypted form. If you lose or forget the password we cannot recover it for you, but you can reset your password. Even though the password is safely stored you should follow password best practices, and:

- not choose something that is easy to guess

- not choose a password that you have used elsewhere

- reset your password regularly.

If you do not wish to use the Internet to interact with us, the AM can be contacted by telephone on +61 (0)2 9320 6000 or mail - 1 William Street, Sydney NSW 2010.

4. Access, correction & concerns

4.1. Accessing and correcting your personal information

The personal information you provide can only be accessed by authorised persons such as you (via logging into your account with us), people authorised by you to act on your behalf (such as parents and legal guardians) or law enforcement in the event of an incident.

The AM will take reasonable steps to ensure your personal information is accurate, complete and up to date. You have the right to request access and correction of your personal information at any time. Should you wish to access or amend this information, please contact :

Privacy Officer
Australian Museum
1 William Street
SYDNEY NSW 2010
or via email: privacyofficer@austmus.gov.au

There are some circumstances under the NSW Privacy and Personal Information Protection Act 1998 (NSW) when we are not obliged to provide access to the personal information we hold. If one of these situations applies to your request we will let you know. If you wish to opt out of receiving any communications or be removed from any databases, please contact the AM via the website feedback form.

4.2. Privacy concerns

If you have any queries or concerns about the way the AM has collected, stored, used or disclosed your personal information you should write to us as soon as possible and we will investigate the matters you raise. If you are unhappy with the response you receive from us in response to a complaint you can raise the matter with the NSW Information and Privacy Commission by writing to ipcinfo@ipc.nsw.gov.au.

Further information on NSW Privacy Laws can be found at Information Privacy Commission NSW.