Privacy Policy

Grapevine Gathering Festival Pty Ltd ACN 31 624 469 432 https://www.grapevinegathering.com.au/ “us”, “we” or “our”) and/or our subsidiaries or affiliates use, collect, store and disclose information supplied to us in connection with our products or services, whether that be through attending our events, interacting with our website located at [https://www.grapevinegathering.com.au/] and associated online platforms (the “Sites”), or by contacting us in person, by phone, or over email (we will refer to the foregoing collectively as the “Services”). 

This Privacy Policy details how we comply with the Privacy Act (1988) (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”) set out in Schedule 1 of the Privacy Act, and to the extent that it applies, the EU General Data Protection Regulation 2016/679 (GDPR)

We may update this Privacy Policy from time to time at our sole discretion. Any variations become effective on posting the updated privacy policy to https://www.grapevinegathering.com.au/privacy and we shall have no obligation to provide you with individual notice of such changes. Your continued use of our products and services following the publication of any amended Privacy Policy shall signify your acceptance of that amended Privacy Policy, except where we are otherwise required by law to seek your direct consent.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY, PLEASE DO NOT BROWSE, ACCESS OR USE OUR SITES; MAKE A PURCHASE; ATTEND OR PURCHASE A TICKET TO OUR FESTIVALS OR EVENTS; OR OTHERWISE ENGAGE WITH OUR PRODUCTS AND SERVICES. 

SPECIAL CONDITION: COVID-19 CONTACT TRACING

You acknowledge that there is currently a respiratory illness outbreak caused by a novel coronavirus (“COVID-19”) that is impacting various regions globally. Different States and Territories around Australia are managing the ongoing risks of COVID-19 by requiring businesses to collect Personal Information about their customers for the purpose of “contact tracing”. Contact tracing is the process of identifying people who may have come into contact with a positive case of COVID-19, and assists authorities with taking measures to help prevent the spread of COVID-19 (such as issuing directions to identified persons to get tested and/or self-isolate). 

As a condition of entry into the our festivals and events, we may collect the following information from you in accordance with any applicable in force government direction or order for the purpose of contact tracing:

  • Your full legal name;
  • Your contact details (e.g. phone number and/or email address);
  • Your postcode.

We may also require you to provide confirmation that:

  • you do not have COVID-19, and are not awaiting test results for COVID-19 or otherwise have reason to suspect that you have contracted COVID-19;
  • you have not knowingly been in contact with a person who has tested positive for COVID-19 in the last fourteen (14) days;
  • you have not returned from international travel in the last fourteen (14) days;
  • you have not visited a COVID-19 ‘hotspot’ (as advertised on the relevant State or Territory’s health department website) in the past fourteen (14) days;
  • you are not experiencing cold or flu-like symptoms, including:
  • a cough
  • fever
  • shortness of breath
  • sore throat
  • sneezing and runny nose
  • temporary loss of smell.

This information will be collected from you directly, or from a parent or guardian where you are under the age of 18.

A direction or order may provide for the submission of contact tracing information to a government authority directly through an authorised mobile application or web check-in service (“Check-In Tool”). If you choose to use a Check-In Tool, your disclosure of Personal Information will be governed by the terms of the operator responsible for the Check-In Tool. We disclaim all liability in connection with your use of a Check-In Tool. If you have any concerns about the privacy practices of any Check-In Tool operator, we encourage you to reach out to them directly.

We will keep all Personal Information collected for the purpose of contact tracing separate from other data, and will restrict access to such information to our staff on a ‘need-to-know’ basis. We will only disclose Personal Information to relevant health authorities or other persons as required under any applicable direction or order. When we are no longer required to keep such information, we will take reasonable steps to anonymise or otherwise delete such information.

Types of information we collect

Personal Information” means information that can be used to personally identify you, such as your name, age or date of birth, telephone number, address, email address, photographs or videos where you are personally identifiable, and in some circumstances financial information such as your credit card, direct debit or Paypal account information. If the information we collect personally identifies you or you are reasonably identifiable from it, the information will be considered Personal Information.

Sensitive Information” is a special type of Personal Information that relates to health information, political beliefs, ethnicity, membership of a professional or trade association, gender, sexual preferences, philosophical beliefs, or criminal record. We will not collect Sensitive Information except with your express consent, and then only if collection of such information is necessary for a particular activity or function.

Usage Information’ means anonymous aggregate data that is automatically collected through your use of the Website. This includes information that identifies your device, your operating system, your IP address and dates and times that you access and use the Sites. 

We recognise that Usage Information, whilst for the most part anonymous, can be cumulatively used to directly or indirectly identify you. Usage Information that can be used to identify you in any way, together with your Personal Information, shall collectively be referred to in this Privacy Policy as “Personal Data”.

How we collect your Personal Data

We collect your Personal Data directly from you, unless it is unreasonable or impractical to do so. 

We do this in a number of ways, including:

  • when you contact us by email, telephone or in writing; and
  • when you fill out a form on our Sites when completing an application or order;when you enter a competition or giveaway;
  • when your subscribe to our mailing lists or other direct marketing communications;
  • when you purchase a ticket, register for event access, transfer ticket registration, are registered as the recipient of a transferred ticket or are registered as the holder of a minor pass or registered as the child of a parent of legal guardian attending an event in respect of our festivals or events via one of our third-party ticket merchants or ticket resale merchants;
  • recording or photographing you at our festivals or events.

It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself when interacting with us. Please be aware that it is necessary for us to collect your Personal Data to enable us to provide the Services to you. As such, if you do not wish to provide your Personal Data, we may not be able to provide the Services to you .

Circumstances where we collect Personal Data about you from sources other than you directly include where:

  • you have consented for a third party to share information with us;
  • where we are authorised by law to collect the information from a third party;
  • where it is unreasonable or impracticable to collect the information from you personally. 

If we collect your Personal Data from third parties in circumstances where you may not be aware that we have collected such Personal Data, we will take reasonable steps to notify you of the collection and circumstances surrounding the collection. 

We may also collect Personal Data from third parties including our contractors and business partners, advertisers, mailing lists, recruitment agencies and government entities.

COOKIES

We may collect Usage Data through cookies, pixel tags and other tracking technologies (collectively Cookies). Cookies are small packets of data that are downloaded onto your device when you access a website. Cookies hold specific information that help a  Website ‘remember’ your actions and preferences over time. These are the types of Cookies that we may use to operate the Sites:

  • Strictly Necessary Cookies – these Cookies are essential to ensure that the Sites work correctly, and record information that allows you to move around the Sites and navigate their features;
  • Performance Cookies – these Cookies collect information about how you use the Sites, such as how often you access the Sites and if you encounter any errors;
  • Functionality Cookies – these Cookies allow the Sites to remember the choices you make to provide a more personalised experience;
  • Targeting/Advertising Cookies – these Cookies deliver targeted advertising to you based on your interests and use of the Sites.

Cookies can stay on your device temporarily (“Session Cookies”) or until you manually delete them (“Persistent Cookies”). Data collected by Cookies does not identify you, but it does identify your device. Where such data can be cumulatively used to personally identify you, we will seek your consent to collect and process such information. You can disable Cookies at any time in your browser. If you disable Cookies, we cannot guarantee that the Sites will be available to you in a fully functional form.

Why we collect your Personal Data

The primary purpose for which we collect information about you is to enable us to perform our business activities and functions and to provide the Services to you.

Other legitimate purposes that you agree we can collect, hold, use and disclose your Personal Data for include but are not limited to the following:

  • to provide you with access to the Sites;
  • to approve transactions you wish to make;
  • to send you invoices and receipts;
  • to respond to requests submitted by you;
  • to enhance our products and services;
  • to verify your identity;
  • for our administrative, planning, product/service development, quality control and research purposes, or those of our contractors or external service providers;
  • to provide you with information about any festivals or events for which you have registered as an attendee whether by purchasing a ticket, registering for access, being registered as the holder of a ticket or minor pass, by having a ticket transferred to you or by any other means by which you may be registered as an attendee;
  • to contact you with information which we think you may find interesting, only where you have opted in to receiving such communication and until you withdraw such consents;
  • to run competitions, promotions, and giveaways;
  • to comply with legal and regulatory requirements;
  • to prevent, detect and investigate potential illegal activities, security breaches and fraud; and/or
  • as otherwise required or permitted under any applicable law.

For the avoidance of doubt, we will only use your Personal Data for purposes that you would reasonably expect us to use your Personal Data for in connection with operating and providing the Services to you, or where we are required by law to collect your Personal Data. We will not sell, rent, or license your email address or any of your Personal Data unless we have otherwise obtained your express consent to do so.

We recognise your right under the Spam Act 2003 (Cth) and the GDPR to opt out from direct marketing, and as such these consents can be modified at any time by emailing us at cheers@grapevinegathering.com.au, or by clicking ‘unsubscribe’ on any direct marketing communications. 

Please note certain non-marketing related correspondence from us, including messages relating to payment, will be automatically sent to you by virtue of your use of the Services and you may not have the option to unsubscribe from receiving this correspondence. 

Who we disclose your Personal Data to

You agree and consent that we may disclose your Personal Data to:

  • our directors, officers, employees, contractors, consultants and agents 
  • external service providers for the operation of our business, and our professional advisers such as accountants and solicitors, marketing agencies, financial service providers, payment gateways, e-commerce platforms and technical support;
  • our Related Bodies Corporate (as that term is defined in the Corporation Act 2001 (Cth) and other entities owned or controlled by our directors and officers;
  • our existing or potential agents, business partners or joint venture entities or partners, including our third-party ticket merchants and ticket resale merchants;
  • our sponsors or promoters (as advertised on our Sites from time to time);
  • specific third parties authorised by you to receive information held by us;
  • the police, any relevant authority or enforcement body, or your Internet Service Provider or network administrator, if we have reason to suspect you have committed a breach of our terms and conditions or have been engaged in unlawful activity, and we reasonably believe disclosure is necessary;
  • as required or permitted by any law (including the Privacy Act).

We will take reasonable steps to ensure that these third parties are aware of our Privacy Policy and are bound by Australian privacy laws. 

You can withdraw your consent for us to share your Personal Data with third parties at any time by emailing cheers@grapevinegathering.com.au, but please note that withdrawal of such consents may affect your ability to access and use the Services.

What are your rights to your Personal Data 

You have a general right to access any Personal Data about you that is held by us, unless a valid exception applies.. You can request access to your own Personal Data by emailing us at cheers@grapevinegathering.com.au

We cannot modify or alter your Personal Data. You acknowledge that it is your responsibility to maintain the truth, accuracy, and completeness of your information and your failure to do so may inhibit our ability to provide the Services. You agree that you remain solely responsible for maintaining the truth, accuracy, and completeness of your information at all times, and we shall have no liability to you or any third party arising from your failure to do the same. If you believe that Personal Data we hold about you is incorrect, incomplete or inaccurate, you may request that we amend it by emailing us at cheers@grapevinegathering.com.au.

In accordance with the GDPR, we acknowledge the right of EU subjects to:

  • have their data erased that is no longer being used for a legitimate purpose;
  • request a copy of all Personal Data held about you by us in a readable format, along with supplementary information to verify that such Personal Data is being processed lawfully; and
  • request restricted processing of your Personal Data whilst any complaints or concerns are being resolved.

To erase, request or restrict processing of your Personal Data, please email cheers@grapevinegathering.com.au with the subject ATT: PRIVACY OFFICER.

External Links

Our Sites may contain links or plugins to other third party websites or applications, including to our third-party ticket merchants or ticket resale merchants. Please note that this Privacy Policy does not cover the privacy practices of any third party site. We do not have access to, or control over, the technologies that third party sites may use to collect information about you. We disclaim all liability in connection with the services of any third party sites integrated or otherwise linked to our Services. If you have any concerns about the privacy practices of a third party site, we encourage you to reach out to them directly.

Security

We protect your Personal Data through technical security measures i.e. firewalls, encryption that limit the risk of loss, disclosure, unauthorised access and modification. No security measures are, however, 100% secure so we cannot guarantee the security of your information or data at any time. To the extent permitted by law, we accept no liability for any breach of security, or direct hacking of our security measures, or any unintentional disclosure, loss or misuse of any information or data or for the actions of any third parties that may obtain any information or data.

Notwithstanding the above, we acknowledge our obligation to report any data breach that is likely to risk the rights and freedoms of natural persons to the Australian Information Commissioner and, where our data breach involves the information of EU subjects, report to the European Data Protection Supervisor. We will also inform you, where possible, if your data has been breached in the circumstance where it poses a risk of serious harm or your rights and freedoms.

We also train our personnel who may have access to your Personal Data about this Privacy Policy and our obligations under the Privacy Act, APPs and GDPR. For more information on our internal policies, email us at cheers@grapevinegathering.com.au.

Overseas Disclosure

We may, in the course of providing any products or services to you, disclose Personal Data to overseas countries that are deemed by the EU Commission as having an ‘adequate’ level of Personal Data protection. Where we transfer data to a third party in a country where no adequacy decision has been made, we will take reasonable steps to ensure that the person or entity handling your data in those countries are bound under contract to meet the requirements of the Privacy Act, APPs and GDPR (as applicable). 

Contact

Thank you for taking the time to read our Privacy Policy. If you have any questions regarding our Privacy Policy, you can reach our privacy officer at. 
Grapevine Gathering Pty Ltd
Att:Privacy Officer 

15 Dover St, 
Cremorne VIC 3121
cheers@grapevinegathering.com.au
 

If you believe your privacy has been breached by us, or have any questions or concerns about our Privacy Policy, please contact us using the details above. We will treat your requests or complaints confidentially. We Grapevine Gathering Festival Pty Ltd ACN 31 624 469 432 https://www.grapevinegathering.com.au/ “us”, “we” or “our”) and/or our subsidiaries or affiliates use, collect, store and disclose information supplied to us in connection with our products or services, whether that be through attending our events, interacting with our website located at [https://www.grapevinegathering.com.au/] and associated online platforms (the “Sites”), or by contacting us in person, by phone, or over email (we will refer to the foregoing collectively as the “Services”). 

This Privacy Policy details how we comply with the Privacy Act (1988) (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”) set out in Schedule 1 of the Privacy Act, and to the extent that it applies, the EU General Data Protection Regulation 2016/679 (GDPR)

We may update this Privacy Policy from time to time at our sole discretion. Any variations become effective on posting the updated privacy policy to https://www.grapevinegathering.com.au/nsw/privacy and we shall have no obligation to provide you with individual notice of such changes. Your continued use of our products and services following the publication of any amended Privacy Policy shall signify your acceptance of that amended Privacy Policy, except where we are otherwise required by law to seek your direct consent.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY, PLEASE DO NOT BROWSE, ACCESS OR USE OUR SITES; MAKE A PURCHASE; ATTEND OR PURCHASE A TICKET TO OUR FESTIVALS OR EVENTS; OR OTHERWISE ENGAGE WITH OUR PRODUCTS AND SERVICES. 

SPECIAL CONDITION: COVID-19 CONTACT TRACING

You acknowledge that there is currently a respiratory illness outbreak caused by a novel coronavirus (“COVID-19”) that is impacting various regions globally. Different States and Territories around Australia are managing the ongoing risks of COVID-19 by requiring businesses to collect Personal Information about their customers for the purpose of “contact tracing”. Contact tracing is the process of identifying people who may have come into contact with a positive case of COVID-19, and assists authorities with taking measures to help prevent the spread of COVID-19 (such as issuing directions to identified persons to get tested and/or self-isolate). 

As a condition of entry into the our festivals and events, we may collect the following information from you in accordance with any applicable in force government direction or order for the purpose of contact tracing:

  • Your full legal name;
  • Your contact details (e.g. phone number and/or email address);
  • Your postcode.

We may also require you to provide confirmation that:

  • you do not have COVID-19, and are not awaiting test results for COVID-19 or otherwise have reason to suspect that you have contracted COVID-19;
  • you have not knowingly been in contact with a person who has tested positive for COVID-19 in the last fourteen (14) days;
  • you have not returned from international travel in the last fourteen (14) days;
  • you have not visited a COVID-19 ‘hotspot’ (as advertised on the relevant State or Territory’s health department website) in the past fourteen (14) days;
  • you are not experiencing cold or flu-like symptoms, including:
  • a cough
  • fever
  • shortness of breath
  • sore throat
  • sneezing and runny nose
  • temporary loss of smell.

This information will be collected from you directly, or from a parent or guardian where you are under the age of 18.

A direction or order may provide for the submission of contact tracing information to a government authority directly through an authorised mobile application or web check-in service (“Check-In Tool”). If you choose to use a Check-In Tool, your disclosure of Personal Information will be governed by the terms of the operator responsible for the Check-In Tool. We disclaim all liability in connection with your use of a Check-In Tool. If you have any concerns about the privacy practices of any Check-In Tool operator, we encourage you to reach out to them directly.

We will keep all Personal Information collected for the purpose of contact tracing separate from other data, and will restrict access to such information to our staff on a ‘need-to-know’ basis. We will only disclose Personal Information to relevant health authorities or other persons as required under any applicable direction or order. When we are no longer required to keep such information, we will take reasonable steps to anonymise or otherwise delete such information.

Types of information we collect

Personal Information” means information that can be used to personally identify you, such as your name, age or date of birth, telephone number, address, email address, photographs or videos where you are personally identifiable, and in some circumstances financial information such as your credit card, direct debit or Paypal account information. If the information we collect personally identifies you or you are reasonably identifiable from it, the information will be considered Personal Information.

Sensitive Information” is a special type of Personal Information that relates to health information, political beliefs, ethnicity, membership of a professional or trade association, gender, sexual preferences, philosophical beliefs, or criminal record. We will not collect Sensitive Information except with your express consent, and then only if collection of such information is necessary for a particular activity or function.

Usage Information’ means anonymous aggregate data that is automatically collected through your use of the Website. This includes information that identifies your device, your operating system, your IP address and dates and times that you access and use the Sites. 

We recognise that Usage Information, whilst for the most part anonymous, can be cumulatively used to directly or indirectly identify you. Usage Information that can be used to identify you in any way, together with your Personal Information, shall collectively be referred to in this Privacy Policy as “Personal Data”.

How we collect your Personal Data

We collect your Personal Data directly from you, unless it is unreasonable or impractical to do so. 

We do this in a number of ways, including:

  • when you contact us by email, telephone or in writing; and
  • when you fill out a form on our Sites when completing an application or order;when you enter a competition or giveaway;
  • when your subscribe to our mailing lists or other direct marketing communications;
  • when you purchase a ticket, register for event access, transfer ticket registration, are registered as the recipient of a transferred ticket or are registered as the holder of a minor pass or registered as the child of a parent of legal guardian attending an event in respect of our festivals or events via one of our third-party ticket merchants or ticket resale merchants;
  • recording or photographing you at our festivals or events.

It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself when interacting with us. Please be aware that it is necessary for us to collect your Personal Data to enable us to provide the Services to you. As such, if you do not wish to provide your Personal Data, we may not be able to provide the Services to you .

Circumstances where we collect Personal Data about you from sources other than you directly include where:

  • you have consented for a third party to share information with us;
  • where we are authorised by law to collect the information from a third party;
  • where it is unreasonable or impracticable to collect the information from you personally. 

If we collect your Personal Data from third parties in circumstances where you may not be aware that we have collected such Personal Data, we will take reasonable steps to notify you of the collection and circumstances surrounding the collection. 

We may also collect Personal Data from third parties including our contractors and business partners, advertisers, mailing lists, recruitment agencies and government entities.

COOKIES

We may collect Usage Data through cookies, pixel tags and other tracking technologies (collectively Cookies). Cookies are small packets of data that are downloaded onto your device when you access a website. Cookies hold specific information that help a  Website ‘remember’ your actions and preferences over time. These are the types of Cookies that we may use to operate the Sites:

  • Strictly Necessary Cookies – these Cookies are essential to ensure that the Sites work correctly, and record information that allows you to move around the Sites and navigate their features;
  • Performance Cookies – these Cookies collect information about how you use the Sites, such as how often you access the Sites and if you encounter any errors;
  • Functionality Cookies – these Cookies allow the Sites to remember the choices you make to provide a more personalised experience;
  • Targeting/Advertising Cookies – these Cookies deliver targeted advertising to you based on your interests and use of the Sites.

Cookies can stay on your device temporarily (“Session Cookies”) or until you manually delete them (“Persistent Cookies”). Data collected by Cookies does not identify you, but it does identify your device. Where such data can be cumulatively used to personally identify you, we will seek your consent to collect and process such information. You can disable Cookies at any time in your browser. If you disable Cookies, we cannot guarantee that the Sites will be available to you in a fully functional form.

Why we collect your Personal Data

The primary purpose for which we collect information about you is to enable us to perform our business activities and functions and to provide the Services to you.

Other legitimate purposes that you agree we can collect, hold, use and disclose your Personal Data for include but are not limited to the following:

  • to provide you with access to the Sites;
  • to approve transactions you wish to make;
  • to send you invoices and receipts;
  • to respond to requests submitted by you;
  • to enhance our products and services;
  • to verify your identity;
  • for our administrative, planning, product/service development, quality control and research purposes, or those of our contractors or external service providers;
  • to provide you with information about any festivals or events for which you have registered as an attendee whether by purchasing a ticket, registering for access, being registered as the holder of a ticket or minor pass, by having a ticket transferred to you or by any other means by which you may be registered as an attendee;
  • to contact you with information which we think you may find interesting, only where you have opted in to receiving such communication and until you withdraw such consents;
  • to run competitions, promotions, and giveaways;
  • to comply with legal and regulatory requirements;
  • to prevent, detect and investigate potential illegal activities, security breaches and fraud; and/or
  • as otherwise required or permitted under any applicable law.

For the avoidance of doubt, we will only use your Personal Data for purposes that you would reasonably expect us to use your Personal Data for in connection with operating and providing the Services to you, or where we are required by law to collect your Personal Data. We will not sell, rent, or license your email address or any of your Personal Data unless we have otherwise obtained your express consent to do so.

We recognise your right under the Spam Act 2003 (Cth) and the GDPR to opt out from direct marketing, and as such these consents can be modified at any time by emailing us at cheers@grapevinegathering.com.au, or by clicking ‘unsubscribe’ on any direct marketing communications. 

Please note certain non-marketing related correspondence from us, including messages relating to payment, will be automatically sent to you by virtue of your use of the Services and you may not have the option to unsubscribe from receiving this correspondence. 

Who we disclose your Personal Data to

You agree and consent that we may disclose your Personal Data to:

  • our directors, officers, employees, contractors, consultants and agents 
  • external service providers for the operation of our business, and our professional advisers such as accountants and solicitors, marketing agencies, financial service providers, payment gateways, e-commerce platforms and technical support;
  • our Related Bodies Corporate (as that term is defined in the Corporation Act 2001 (Cth) and other entities owned or controlled by our directors and officers;
  • our existing or potential agents, business partners or joint venture entities or partners, including our third-party ticket merchants and ticket resale merchants;
  • our sponsors or promoters (as advertised on our Sites from time to time);
  • specific third parties authorised by you to receive information held by us;
  • the police, any relevant authority or enforcement body, or your Internet Service Provider or network administrator, if we have reason to suspect you have committed a breach of our terms and conditions or have been engaged in unlawful activity, and we reasonably believe disclosure is necessary;
  • as required or permitted by any law (including the Privacy Act).

We will take reasonable steps to ensure that these third parties are aware of our Privacy Policy and are bound by Australian privacy laws. 

You can withdraw your consent for us to share your Personal Data with third parties at any time by emailing cheers@grapevinegathering.com.au, but please note that withdrawal of such consents may affect your ability to access and use the Services.

What are your rights to your Personal Data 

You have a general right to access any Personal Data about you that is held by us, unless a valid exception applies.. You can request access to your own Personal Data by emailing us at cheers@grapevinegathering.com.au

Grapevine Gathering Festival Pty Ltd ACN 31 624 469 432 https://www.grapevinegathering.com.au/ “us”, “we” or “our”) and/or our subsidiaries or affiliates use, collect, store and disclose information supplied to us in connection with our products or services, whether that be through attending our events, interacting with our website located at [https://www.grapevinegathering.com.au/] and associated online platforms (the “Sites”), or by contacting us in person, by phone, or over email (we will refer to the foregoing collectively as the “Services”). 

This Privacy Policy details how we comply with the Privacy Act (1988) (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”) set out in Schedule 1 of the Privacy Act, and to the extent that it applies, the EU General Data Protection Regulation 2016/679 (GDPR)

We may update this Privacy Policy from time to time at our sole discretion. Any variations become effective on posting the updated privacy policy to https://www.grapevinegathering.com.au/nsw/privacy and we shall have no obligation to provide you with individual notice of such changes. Your continued use of our products and services following the publication of any amended Privacy Policy shall signify your acceptance of that amended Privacy Policy, except where we are otherwise required by law to seek your direct consent.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY, PLEASE DO NOT BROWSE, ACCESS OR USE OUR SITES; MAKE A PURCHASE; ATTEND OR PURCHASE A TICKET TO OUR FESTIVALS OR EVENTS; OR OTHERWISE ENGAGE WITH OUR PRODUCTS AND SERVICES. 

SPECIAL CONDITION: COVID-19 CONTACT TRACING

You acknowledge that there is currently a respiratory illness outbreak caused by a novel coronavirus (“COVID-19”) that is impacting various regions globally. Different States and Territories around Australia are managing the ongoing risks of COVID-19 by requiring businesses to collect Personal Information about their customers for the purpose of “contact tracing”. Contact tracing is the process of identifying people who may have come into contact with a positive case of COVID-19, and assists authorities with taking measures to help prevent the spread of COVID-19 (such as issuing directions to identified persons to get tested and/or self-isolate). 

As a condition of entry into the our festivals and events, we may collect the following information from you in accordance with any applicable in force government direction or order for the purpose of contact tracing:

  • Your full legal name;
  • Your contact details (e.g. phone number and/or email address);
  • Your postcode.

We may also require you to provide confirmation that:

  • you do not have COVID-19, and are not awaiting test results for COVID-19 or otherwise have reason to suspect that you have contracted COVID-19;
  • you have not knowingly been in contact with a person who has tested positive for COVID-19 in the last fourteen (14) days;
  • you have not returned from international travel in the last fourteen (14) days;
  • you have not visited a COVID-19 ‘hotspot’ (as advertised on the relevant State or Territory’s health department website) in the past fourteen (14) days;
  • you are not experiencing cold or flu-like symptoms, including:
  • a cough
  • fever
  • shortness of breath
  • sore throat
  • sneezing and runny nose
  • temporary loss of smell.

This information will be collected from you directly, or from a parent or guardian where you are under the age of 18.

A direction or order may provide for the submission of contact tracing information to a government authority directly through an authorised mobile application or web check-in service (“Check-In Tool”). If you choose to use a Check-In Tool, your disclosure of Personal Information will be governed by the terms of the operator responsible for the Check-In Tool. We disclaim all liability in connection with your use of a Check-In Tool. If you have any concerns about the privacy practices of any Check-In Tool operator, we encourage you to reach out to them directly.

We will keep all Personal Information collected for the purpose of contact tracing separate from other data, and will restrict access to such information to our staff on a ‘need-to-know’ basis. We will only disclose Personal Information to relevant health authorities or other persons as required under any applicable direction or order. When we are no longer required to keep such information, we will take reasonable steps to anonymise or otherwise delete such information.

Types of information we collect

Personal Information” means information that can be used to personally identify you, such as your name, age or date of birth, telephone number, address, email address, photographs or videos where you are personally identifiable, and in some circumstances financial information such as your credit card, direct debit or Paypal account information. If the information we collect personally identifies you or you are reasonably identifiable from it, the information will be considered Personal Information.

Sensitive Information” is a special type of Personal Information that relates to health information, political beliefs, ethnicity, membership of a professional or trade association, gender, sexual preferences, philosophical beliefs, or criminal record. We will not collect Sensitive Information except with your express consent, and then only if collection of such information is necessary for a particular activity or function.

Usage Information’ means anonymous aggregate data that is automatically collected through your use of the Website. This includes information that identifies your device, your operating system, your IP address and dates and times that you access and use the Sites. 

We recognise that Usage Information, whilst for the most part anonymous, can be cumulatively used to directly or indirectly identify you. Usage Information that can be used to identify you in any way, together with your Personal Information, shall collectively be referred to in this Privacy Policy as “Personal Data”.

How we collect your Personal Data

We collect your Personal Data directly from you, unless it is unreasonable or impractical to do so. 

We do this in a number of ways, including:

  • when you contact us by email, telephone or in writing; and
  • when you fill out a form on our Sites when completing an application or order;when you enter a competition or giveaway;
  • when your subscribe to our mailing lists or other direct marketing communications;
  • when you purchase a ticket, register for event access, transfer ticket registration, are registered as the recipient of a transferred ticket or are registered as the holder of a minor pass or registered as the child of a parent of legal guardian attending an event in respect of our festivals or events via one of our third-party ticket merchants or ticket resale merchants;
  • recording or photographing you at our festivals or events.

It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself when interacting with us. Please be aware that it is necessary for us to collect your Personal Data to enable us to provide the Services to you. As such, if you do not wish to provide your Personal Data, we may not be able to provide the Services to you .

Circumstances where we collect Personal Data about you from sources other than you directly include where:

  • you have consented for a third party to share information with us;
  • where we are authorised by law to collect the information from a third party;
  • where it is unreasonable or impracticable to collect the information from you personally. 

If we collect your Personal Data from third parties in circumstances where you may not be aware that we have collected such Personal Data, we will take reasonable steps to notify you of the collection and circumstances surrounding the collection. 

We may also collect Personal Data from third parties including our contractors and business partners, advertisers, mailing lists, recruitment agencies and government entities.

COOKIES

We may collect Usage Data through cookies, pixel tags and other tracking technologies (collectively Cookies). Cookies are small packets of data that are downloaded onto your device when you access a website. Cookies hold specific information that help a  Website ‘remember’ your actions and preferences over time. These are the types of Cookies that we may use to operate the Sites:

  • Strictly Necessary Cookies – these Cookies are essential to ensure that the Sites work correctly, and record information that allows you to move around the Sites and navigate their features;
  • Performance Cookies – these Cookies collect information about how you use the Sites, such as how often you access the Sites and if you encounter any errors;
  • Functionality Cookies – these Cookies allow the Sites to remember the choices you make to provide a more personalised experience;
  • Targeting/Advertising Cookies – these Cookies deliver targeted advertising to you based on your interests and use of the Sites.

Cookies can stay on your device temporarily (“Session Cookies”) or until you manually delete them (“Persistent Cookies”). Data collected by Cookies does not identify you, but it does identify your device. Where such data can be cumulatively used to personally identify you, we will seek your consent to collect and process such information. You can disable Cookies at any time in your browser. If you disable Cookies, we cannot guarantee that the Sites will be available to you in a fully functional form.

Why we collect your Personal Data

The primary purpose for which we collect information about you is to enable us to perform our business activities and functions and to provide the Services to you.

Other legitimate purposes that you agree we can collect, hold, use and disclose your Personal Data for include but are not limited to the following:

  • to provide you with access to the Sites;
  • to approve transactions you wish to make;
  • to send you invoices and receipts;
  • to respond to requests submitted by you;
  • to enhance our products and services;
  • to verify your identity;
  • for our administrative, planning, product/service development, quality control and research purposes, or those of our contractors or external service providers;
  • to provide you with information about any festivals or events for which you have registered as an attendee whether by purchasing a ticket, registering for access, being registered as the holder of a ticket or minor pass, by having a ticket transferred to you or by any other means by which you may be registered as an attendee;
  • to contact you with information which we think you may find interesting, only where you have opted in to receiving such communication and until you withdraw such consents;
  • to run competitions, promotions, and giveaways;
  • to comply with legal and regulatory requirements;
  • to prevent, detect and investigate potential illegal activities, security breaches and fraud; and/or
  • as otherwise required or permitted under any applicable law.

For the avoidance of doubt, we will only use your Personal Data for purposes that you would reasonably expect us to use your Personal Data for in connection with operating and providing the Services to you, or where we are required by law to collect your Personal Data. We will not sell, rent, or license your email address or any of your Personal Data unless we have otherwise obtained your express consent to do so.

We recognise your right under the Spam Act 2003 (Cth) and the GDPR to opt out from direct marketing, and as such these consents can be modified at any time by emailing us at cheers@grapevinegathering.com.au, or by clicking ‘unsubscribe’ on any direct marketing communications. 

Please note certain non-marketing related correspondence from us, including messages relating to payment, will be automatically sent to you by virtue of your use of the Services and you may not have the option to unsubscribe from receiving this correspondence. 

Who we disclose your Personal Data to

You agree and consent that we may disclose your Personal Data to:

  • our directors, officers, employees, contractors, consultants and agents 
  • external service providers for the operation of our business, and our professional advisers such as accountants and solicitors, marketing agencies, financial service providers, payment gateways, e-commerce platforms and technical support;
  • our Related Bodies Corporate (as that term is defined in the Corporation Act 2001 (Cth) and other entities owned or controlled by our directors and officers;
  • our existing or potential agents, business partners or joint venture entities or partners, including our third-party ticket merchants and ticket resale merchants;
  • our sponsors or promoters (as advertised on our Sites from time to time);
  • specific third parties authorised by you to receive information held by us;
  • the police, any relevant authority or enforcement body, or your Internet Service Provider or network administrator, if we have reason to suspect you have committed a breach of our terms and conditions or have been engaged in unlawful activity, and we reasonably believe disclosure is necessary;
  • as required or permitted by any law (including the Privacy Act).

We will take reasonable steps to ensure that these third parties are aware of our Privacy Policy and are bound by Australian privacy laws. 

You can withdraw your consent for us to share your Personal Data with third parties at any time by emailing cheers@grapevinegathering.com.au, but please note that withdrawal of such consents may affect your ability to access and use the Services.

What are your rights to your Personal Data 

You have a general right to access any Personal Data about you that is held by us, unless a valid exception applies.. You can request access to your own Personal Data by emailing us at cheers@grapevinegathering.com.au

We cannot modify or alter your Personal Data. You acknowledge that it is your responsibility to maintain the truth, accuracy, and completeness of your information and your failure to do so may inhibit our ability to provide the Services. You agree that you remain solely responsible for maintaining the truth, accuracy, and completeness of your information at all times, and we shall have no liability to you or any third party arising from your failure to do the same. If you believe that Personal Data we hold about you is incorrect, incomplete or inaccurate, you may request that we amend it by emailing us at cheers@grapevinegathering.com.au.

In accordance with the GDPR, we acknowledge the right of EU subjects to:

  • have their data erased that is no longer being used for a legitimate purpose;
  • request a copy of all Personal Data held about you by us in a readable format, along with supplementary information to verify that such Personal Data is being processed lawfully; and
  • request restricted processing of your Personal Data whilst any complaints or concerns are being resolved.

To erase, request or restrict processing of your Personal Data, please email cheers@grapevinegathering.com.au with the subject ATT: PRIVACY OFFICER.

External Links

Our Sites may contain links or plugins to other third party websites or applications, including to our third-party ticket merchants or ticket resale merchants. Please note that this Privacy Policy does not cover the privacy practices of any third party site. We do not have access to, or control over, the technologies that third party sites may use to collect information about you. We disclaim all liability in connection with the services of any third party sites integrated or otherwise linked to our Services. If you have any concerns about the privacy practices of a third party site, we encourage you to reach out to them directly.

Security

We protect your Personal Data through technical security measures i.e. firewalls, encryption that limit the risk of loss, disclosure, unauthorised access and modification. No security measures are, however, 100% secure so we cannot guarantee the security of your information or data at any time. To the extent permitted by law, we accept no liability for any breach of security, or direct hacking of our security measures, or any unintentional disclosure, loss or misuse of any information or data or for the actions of any third parties that may obtain any information or data.

Notwithstanding the above, we acknowledge our obligation to report any data breach that is likely to risk the rights and freedoms of natural persons to the Australian Information Commissioner and, where our data breach involves the information of EU subjects, report to the European Data Protection Supervisor. We will also inform you, where possible, if your data has been breached in the circumstance where it poses a risk of serious harm or your rights and freedoms.

We also train our personnel who may have access to your Personal Data about this Privacy Policy and our obligations under the Privacy Act, APPs and GDPR. For more information on our internal policies, email us at cheers@grapevinegathering.com.au.

Overseas Disclosure

We may, in the course of providing any products or services to you, disclose Personal Data to overseas countries that are deemed by the EU Commission as having an ‘adequate’ level of Personal Data protection. Where we transfer data to a third party in a country where no adequacy decision has been made, we will take reasonable steps to ensure that the person or entity handling your data in those countries are bound under contract to meet the requirements of the Privacy Act, APPs and GDPR (as applicable). 

Contact

Thank you for taking the time to read our Privacy Policy. If you have any questions regarding our Privacy Policy, you can reach our privacy officer at. 
Grapevine Gathering Pty Ltd
Att:Privacy Officer 

15 Dover St, 
Cremorne VIC 3121
cheers@grapevinegathering.com.au
 

If you believe your privacy has been breached by us, or have any questions or concerns about our Privacy Policy, please contact us using the details above. We will treat your requests or complaints confidentially. We will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved.

If you are not satisfied with our handling of your Personal Data, or have any other concern over our privacy policy, then you may lodge a formal complaint with the Office of the Australian Information Commissioner (for more information, please see www.oaic.gov.au) or with the European Data Protection Supervisor (for more information, please see https://edps.europa.eu).