The Heide Privacy Statement aims to provide you with information on:
- What information we collect and how
- Why and how we use that information
- Accessing your information
WHAT INFORMATION WE COLLECT AND HOW
The information we collect from you depends on how and why you have interacted with us. Heide may request, collect and record information in either electronic or hard copy format.
We collect anonymous and personal information from or about you in a variety of circumstances. For example, when you:
- attend the gallery spaces located at 5 and 7 Templestowe Road, Bulleen (the Museum)
- buy a ticket to attend the Museum online
- apply for membership with the Museum
- make a purchase from our retail shop
- make a booking at Heide Cafe
- complete a visitor or market research survey or customer feedback questionnaire
- request information from us (via email, telephone, post, website or an app)
- make a donation to the Museum
- entering a competition
- visit Heide’s website
- visit Heide’s social media platforms
- use a Heide app or digital interactive product
- provide recordings of yourself and others (such as photos, videos, and drawings)
- participate in the Museum’s learning and/or public programs
- make an enquiry or complaint
- apply for employment or to become a volunteer with the Museum
The types of contact, registration, purchase or donation information you may be asked for, include:
- Email address
- Home or postal address
- Phone number
- Heide Membership number (if you are a Member)
- Official identification (such as a driver’s licence)
- Subscription preferences or interests
- Financial information (such as credit card details) from you in order to receive payment from you for donations, services or products that you order.
Where practical and reasonable to do so, Heide will obtain personal information direct from the individual to whom it pertains, although at times we may collect information about a person from someone else, for example where a membership is being purchased as a gift
We also collect information on an optional basis about your preferences (such as types of seminars or events you may be interested in attending) and other demographic and profile data (such as postcode, age range), so that we can tailor the information we provide to you according to your preferences. We sometimes provide this information to our sponsors and supporters on an aggregated basis (that is, without identifying any individual).
On occasion, we collect information about potential donors, sponsors or members from information that is publicly available (such as the Who’s Who publication). We use this information to help us develop our donor, sponsorship and membership programs.
As a user or potential user of the Heide website, Heide may seek and collect information from you for transactions undertaken, marketing and internal reporting purposes. Heide will not collect any personal information about visitors to the website except when they knowingly provide it or as otherwise described in this statement. For example, Heide will collect personal information from users to its website when they register to receive e-mail notifications or Heide e-Newsletters.
When you follow or interact with our social media platforms (e.g. a post using a Heide-related handle, tag or comment) we will collect your social media username, profile and the content you post, tag or comment on. Heide may re-post something via its own social media profile. Please note that any posts you make directly on Heide social media platforms, including our Facebook, Twitter or Instagram accounts, may be publicly available. We recommend that you become familiar with the privacy settings and terms of your social media account/s.
Heide does not collect any information about your racial or ethnic origin, political opinions or membership, religious or philosophical beliefs, trade association or union membership, sexual preferences or criminal record, unless:
- you have given us specific consent to do so, or
- where we are required by law to do so, or
- it is necessary to prevent a serious and imminent threat to the life or health of a person, or
- it is necessary for the establishment, exercise or defence of a legal claim.
CLICK STREAM DATA
Click stream data is information about the path that a user takes while using the web. Heide collects click stream data to measure and evaluate site use for statistical, marketing and reporting purposes and as a basis for making ongoing site improvements for users. When you visit the Heide website, we record your visit and log information about your visit. Some of the information we log includes:
- your server’s address
- your top-level domain name (for example .com, .gov, .net, .au, .uk, etc.)
- times and dates of visits to the site
- pages accessed and files downloaded
- your operating system
- the type of browser you are using; and
- the address of the site that has referred you to Heide
We use this information to help us improve visitors’ online experience and the collection of this type of information is common on most websites. A summary form of this information is sometimes shared with our stakeholders. Heide does not identify or record specific individual user details such as the names and addresses of users.
COOKIES AND OTHER TRACKING DATA
Cookies are small data files sent from a website and stored on your computer or device. They allow the website to remember your details within a session, and to facilitate transaction functions. Cookies are also used by Heide for site improvement and analysis purposes, as they provide information about user behaviour on our website. This information is also used to analyse how well our information is reaching our users, and to improve the relevance of promotional information.
Google Analytics is a service which transmits digital traffic data to Google servers. Google Analytics does not identify individual users. Heide uses reports provided by Google Analytics to help understand digital traffic and usage.
Some of our apps, such as the Heide App, may also use Bluetooth and Location Services on your phone or device in order to provide you with location-specific services or information, and to provide Heide with feedback on the use of the app, to help us improve our services. You can control the app’s access to your device’s Bluetooth and Location Services in your device’s settings.
PROTECTING CHILDREN AND THEIR PRIVACY
Heide’s website and mobile app are intended for use by people of all ages but please be aware that some exhibition content explores confronting themes and may show partial or full nudity. We ask that persons under the age of 18 have a parent or guardian supervise access to our site and verify any registration or data submission. We strongly encourage parents and guardians to talk to their children about their use of the Internet and Apps and the information they disclose.
LINKS TO OTHER THIRD PARTY SITES
The Heide website may contain links to other websites that are not operated or controlled by Heide. Heide takes reasonable care in linking websites, however any links are provided for convenience only and may not be current. Links to external websites do not constitute an endorsement or a recommendation of any material on those sites or of any third party products or services offered by, from or through those sites. This website privacy statement does not extend beyond the Heide website. Use of external links provided by this website is at your own risk. When linking to other sites, you should familiarise yourself with their website privacy statements.
To enable us to provide and manage the information, product or service you have requested, the Heide may need to make your information available to a third party. Where possible, Heide will endeavour to ensure that these third parties follow similar standards and obligations to those required of Heide under the Privacy and Data Protection Act 2014, and that they only use your information for the specific purpose and service they are providing to you or Heide.
Heide commonly engages third parties to facilitate or provide the following services:
- Mass email communications (such as e-Newsletter)
- Online purchases and bookings (including exhibition tickets, public programs, online memberships, online donations and purchases from the Heide Store)
- Visitor research
- Food, beverage and commercial hire services
- Heide functions or events at third party locations
- IT management and storage
- Security services
- Financial transactions (including online transactions)
- Customer Relations Management
- Analysis of website and other digital traffic and use
- Development of interactives and apps
- Administration of competitions
- Heide may also partner with other organisations to deliver exhibitions, programs or events (for example, performances, a series of talks, lectures or symposiums).
OTHER USE AND DISCLOSURE OF INFORMATION
Heide treats personal information that we collect from you in the same way that we treat our other confidential information. Heide will not sell to anyone, the information that we collect about you.
Heide will not disclose to a third party, the information which we collect about you, except where it is necessary to conduct our business (i.e. mail house or financial institution), and then only if the third party:
- first enters into appropriate confidentiality undertakings with us, or
SECONDARY USE OF INFORMATION
We may use or disclose personal information which we collect from you for a purpose (the ‘secondary purpose’) which is different from the primary purpose of collection, if:
- the secondary purpose is related to the primary purpose, and
- you would reasonably expect us to so use or disclose such information.
For example, if we collect information about your attendance at a particular event, we may use that information to provide you with promotional materials about a similar event in the future. However, if we do this, we will always give you an opportunity to ‘opt-out’ (that is, to request not to receive any such promotional materials in the future).
We can also use or disclose personal information for a secondary purpose if it is permitted under the Information Privacy Principles (of the Information Privacy Act 2000). For example:
- where you have given us specific consent to do so, or
- where we are required by law to do so, or
- it is necessary to prevent a serious and imminent threat to the life or health of a person, or
- as a necessary part of an investigation of unlawful activity.
Heide may use your personal information to provide you with promotional material about Heide or on any of the services offered by Heide. As noted above, if you do not wish to receive this type of promotional material Heide will always give you an opportunity to ‘opt-out’ or you can contact Heide whose details are listed below at any stage in the future so that Heide can remove your name from Heide’s marketing lists.
WHO WE DISCLOSE PERSONAL INFORMATION TO
Other than as set out in this Privacy Statement or as authorised by you, Heide will not disclose any of your personal information to any other organisation unless the disclosure is required by law or is otherwise permitted by the Australian Privacy Principles.
In addition to disclosing your personal information to other users where authorised by you, Heide may disclose the information of users, including you, to its business partners, but only on terms requiring them to comply with this statement. If you do not wish to receive promotional information, you can contact Heide at any stage in the future so that your name can be removed.
Heide may also disclose your information to other persons in order to give effect to legally binding agreements between you and Heide. For example, if you have agreed to pay for a particular item, Heide may give your details to the provider so that they can bill you. Heide may also disclose your personal information to its website host and technology service providers in certain limited circumstances, for example, when the website experiences a technical problem, to ensure that it operates in an effective and secure manner. Otherwise, Heide will not disclose any of your personal information to any other organisation unless the disclosure is required by law or is otherwise permitted by Australian Privacy Principles.
UPDATING, STORAGE AND SECURITY OF PERSONAL INFORMATION HELD BY HEIDE
Heide aims to keep your personal information secure and up to date. Any personal information that is collected via the website or which is held on Heide’s computer systems is protected by safeguards including physical, technical including firewalls, Secure Socket Layer (SSL) encryption and procedural methods. We also comply with the Payment Card Industry Data Security Standard (PCI DSS).
Personal information that is held by Heide in hard copy is stored securely on its premises and is only disclosed or used for the purposes described in this Privacy Statement.
You can update your profile information in relation to receipt of Heide e-Newsletters at any time by logging onto the website and following the appropriate links.
Heide’s website provides for communications with other users within the Heide Blog. Comments within the blog constitute communication between users that is stored on the Heide website.
Other personal information provided voluntarily by you in response to surveys, competitions etc. is archived on a regular basis and treated as confidential information.
SECURITY OF INFORMATION
Heide will take all reasonable steps to protect the personal information that we hold from misuse and loss, and from unauthorised access, modification or disclosure.
The inherent nature of the internet means that the security of any transmission of information to us using the internet cannot be guaranteed.
However, once the information reaches our control it is protected by our computer network’s firewall, which is designed to prevent unauthorised access to our computer network.
Please note some third party platforms that you might use to engage with us (for example, Facebook, Instagram, Shopify, eWay) are not under our control. If you have concerns about using these platforms, we encourage you to carefully consider their terms and conditions and other relevant policies.
If you have reason to believe that your interaction with us is no longer secure please contact Heide’s Privacy Officer at firstname.lastname@example.org.
YOUR RIGHT TO ACCESS AND CORRECT INFORMATION
INTEGRITY OF INFORMATION
We will take all reasonable steps to ensure that your personal information which we collect, use or disclose is accurate, complete and up to date.
YOUR RIGHT OF ACCESS
You have the right to access personal information that Heide holds about you. If the information we hold about you is inaccurate, incomplete or out of date, you can ask us to modify our records.
If you request access to your personal information, we will grant your request unless providing you with access would unreasonably impact upon the privacy of others or is not otherwise permitted under the Australian Privacy Principles.
A request for access can be done in any of the following ways:
telephone: 03 9850 1500
write to: Privacy Officer
Heide Museum of Modern Art
7 Templestowe Road, Bulleen Victoria 3105
Freedom of information requests should be made in writing, describing the documents requested. An application fee of $22.70 is required and other charges may apply to Freedom of Information requests, to find out more please refer to Freedom of Information Online, Victoria. Charges other than the application fee may be waived if the request is a routine request or for access to a document related to the applicant’s personal affairs. The application fee can be reduced or waived if the applicant would be caused hardship because he/she had to pay the fee.
OUR RIGHT TO REFUSE
We reserve the right to refuse your request if:
- you have not paid our prescribed fee for accessing the information, or
- we consider your request to be frivolous or vexatious, or
- to do so is likely to prejudice an investigation of possible unlawful activity, or
- to do so will be unlawful, or
- we are otherwise legally entitled to do so (whether under the Australian Privacy
Principles, or generally by law).
REASONS FOR REFUSAL
If we refuse your request to either access your personal information, or modify our records about you we will provide you with the reasons for our refusal.
STATEMENT OF CLAIM
If you consider that the personal information which we hold about you is inaccurate, incomplete or out of date, and we refuse your request to modify our records, we will post a statement of your claim at the place where we hold your personal information.
Heide staff use of and access to personal information held by Heide