AMDA FOUNDATION LIMITED – PRIVACY POLICY

AMDA Foundation Limited (ABN 63 091 147 787) is an Australian not-for-profit corporation established to promote the development of aviation and Australia’s industrial, manufacturing and information/communications technology resources in the fields of aviation, aerospace, maritime, defence and security.

AMDA achieves this goal by delivering Australia’s most prominent and respected world-class biennial airshows and events as platforms for interaction between industry, defence, government, academia and the Australian public.

AMDA Foundation Limited respects the privacy of individuals and is committed to its obligations under the Privacy Act 1988 of the Commonwealth of Australia (Privacy Act), the Australian Privacy Principles (APP) and the General Data Protection Regulation of the European Union (GDPR).

In this Privacy Statement, ‘us’ ‘we’ or ‘our’ means the AMDA Foundation Limited.

We collect personal information about individuals for the following purposes:

  • to verify your identity and to assist us to provide, develop and improve our goods and services to you, such as conducting our events and activities, extending and processing invitations to attend or participate in our events and activities, managing admission to our events and activities, marketing and sales, debtor and creditor transactions, sponsorship, promotions, direct marketing and corporate membership administration;
  • to enable you to access and use our website and services;
  • to operate, protect, improve and optimise our website, goods and services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
  • to send you marketing and promotional messages and other information that may be of interest to you;
  • for our internal administration purpose;
  • to comply with our legal obligations, address any issues or to resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
  • we may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information to enable them and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the services that you receive.

Individuals are not obliged to give us their personal information. However, if they choose not to provide us with all or part of the personal information requested, we may not be able to extend or process invitations to them to attend or participate in our events or activities, admit them to attend or permit them to participate in our events or activities, register them as team members, provide them with a full range of our goods and services, or inform them about the events and activities conducted by us, the goods and services offered by us or the goods and services of other organisations.

We take reasonable steps to ensure that the information we hold about individuals is accurate, complete and up to date and we invite individuals to contact us to correct any inaccurate information. We also provide individuals with access to the information we hold about them in accordance with our Privacy Policy, the APP and the GDPR. We take all reasonable steps to protect the security of the personal information we hold.

We are committed to respecting your privacy. We will protect you with regard to the processing of your personal data and we will comply with the rules relating to the free movement of personal data. Our purpose is to protect your fundamental rights and freedoms, and your right to the protection of personal data.

Our Privacy Policy sets out how we collect, use, store and disclose your personal information. By providing personal information to us, you consent to the collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may update our Privacy Policy from time to time when our information handling practices change. Updates will be publicised on our website and through our email lists. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

Your personal information includes any information or opinion about you, or from you which is reasonably identifiable. For example, this may include your name, age, gender, postcode, contact details, identification number, location data, online identifier or any reference which is specific to your physical, physiological, genetic, mental, economic, cultural or social identity

Our Privacy Obligation

We are committed to our obligations under the Australian Privacy Principles (APP) and the General Data Protection Regulation (GDPR) to protect the privacy of individuals.

  • APP – A copy of the Privacy Act, Privacy Principles and guidance from the Office of the Australian Information Commissioner are available from the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.
  • GDPR – A copy of the Regulation (EU) 2016/679 (GDPR), the privacy principles and guidance from the European Parliament and of the Council are available from the website at www.eur-lex.europa.eu.

What personal information do we collect?

We may collect the following types of personal information:

  • Name, gender, age or date of birth;
  • mailing address, street address or billing address;
  • email address;
  • telephone number and other contact details;
  • exhibits, events and activities preferences and interests;
  • details of previous participation in our events and activities or similar events and activities held by another party;
  • purchasing or transaction history;
  • payment and banking details, including credit card information;
  • your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
  • details of goods and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those goods and services and respond to your enquiries;
  • any additional information relating to you that you provide to us directly through our website or app, paper forms at our exhibitions or exhibition order forms or indirectly through your use of our website, app or online presence or through other websites or accounts from which you permit us to collect information;
  • information you provide to us through customer surveys; or
  • any other personal information that may be required to facilitate your dealings with us.

How do we collect personal information?

We only collect specified and explicit personal data for legitimate purposes to the extent that permits identification of data subjects and is necessary for our purpose. Such personal data will be kept in an appropriate way to ensure security of your privacy.

We will only process your personal data where we have a legal ground to do so, for example when you have given your consent to process it, when it is necessary for the performance of a contract, when required for compliance with a legal obligation, when it is necessary to protect your vital interest, when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller and finally, when it is necessary for the purposes of legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. We will ensure that your personal data is processed lawfully, fairly and in a transparent manner.

We may collect these types of personal information either directly from you, or from third parties. We may collect this information in a number of ways, including:

  • When you visit and/ or register on our website or app;
  • When you enter a competition or promotion;
  • When you attend our events and activities;
  • When you respond to a survey;
  • When you join our mailing list;
  • When you submit an exhibition order with us;
  • When you communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites;
  • When you interact with our sites, services, content and advertising;
  • from third parties, such as our related entities, business or commercial partners; or
  • from publicly available sources of information.

We may also generate personal information about our customers from information that we have. For example, by analysing our records of the customer’s previous dealings with us.

Finally, personal data has to be accurate and kept up to date, for that reason we will ensure that any inaccurate personal data (to our knowledge) will be erased or rectified without delay.

Why is your consent important?

Consent is the basis of data processing. For lawful processing of personal data, you have to give us your consent to allow us to process your personal data. For that reason the consent has to be given before we make use of your personal information. When the consent is given in writing, the consent has to be granted in a clear, intelligible and easily accessible form.

Your consent has to be freely given. You have the right to withdraw your consent at any time.

The processing of the personal data of a child will be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing will be lawful only if and to the extent that consent is given or authorised by a person with parental responsibility over the child.

How do we use and disclose personal information?

We may hold, use and disclose your personal information for the following purposes:

  • to verify your identity and to assist us to provide, develop and improve our goods and services to you, such as conducting our events and activities, extending and processing invitations to attend or participate in our events and activities, managing admission to our events and activities, marketing and sales, debtor and creditor transactions, sponsorship, promotions, direct marketing and corporate membership administration;
  • to enable you to access and use our website and services;
  • to operate, protect, improve and optimise our website, goods and services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
  • to provide goods and services to you or to receive goods and services from you;
  • to send you marketing and promotional messages and other information that may be of interest to you;
  • for our internal administration purposes;
  • to comply with our legal obligations, address any issues or to resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
  • we may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable them and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the goods and services that you receive.

Individuals are not obliged to give us their personal information. However, if they choose not to provide us with all or part of the personal information requested, we may not be able to extend or process invitations to them to attend or participate in our events or activities, admit them to attend or permit them to participate in our events or activities, register them as team members, provide them with a full range of our goods and services, or inform them about the events and activities conducted by us, the goods and services offered by us or the goods and services of other organisations.

Do we use your personal information for direct marketing?

We may send you direct marketing communications and information about our events. This may take the form of phone calls, emails, SMS, mail or other forms of communication. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an “unsubscribe” link).

To whom do we disclose your personal information?

We may disclose personal information for the purposes described in this Privacy Policy to:

  • our employees and related corporate bodies;
  • service providers (including providers that host our web servers, manage our IT and/ or those involved in the operation of our business or in connection with providing our goods and services to you);
  • professional advisers, lawyers, accountants, insurers, auditors, dealers, agent, insurers, mailing houses, suppliers and contractors;
  • payment systems operators (e.g. merchants receiving card payments);
  • our sponsors or promoters of any competition that we conduct via our services;
  • anyone to whom our assets or businesses (or any part of them) are transferred;
  • specific third parties authorised by you to receive information held by us;
  • in certain circumstances, to third parties that require information for law enforcement or to prevent a serious threat to public safety; and/ or
  • other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

We require our service providers to keep personal information confidential and not to use or disclose it for any purpose other than performing services for us or on our behalf. You should be aware that some information that you upload to parts of our websites or to our social media pages may be available to be viewed by the public. You should use discretion in deciding what information to upload to such sites.

Transfer of Personal Data

As we are an international business, some information (including personal information) may be transferred to countries outside of Australia in the ordinary course of our business including but not limited to our overseas related bodies corporate and/ or other parties located in:

Austria, Belgium, Canada, China, Czech Republic, Denmark, Estonia, European Union, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, India, Indo-Asia Pacific, Malta, Netherlands, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, Singapore, South America. Turkey, Africa, Pakistan, United Arab Emirates, United Kingdom and United States of America.

We may also disclose personal information outside of Australia to cloud and service providers located outside of Australia. The countries where these disclosures occur are primarily Austria, Belgium, Canada, China, Czech Republic, Denmark, Estonia, European Union, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, India, Indo-Asia Pacific, Malta, Netherlands, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, Singapore, South America. Turkey, Africa, Pakistan, United Arab Emirates, United Kingdom and United States of America.

This list is not exhaustive and may change from time to time depending on who we partner with. We will endeavour to update this list on a periodic basis.

When you provide your personal information to us, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with the APP and GDPR. We will, however, take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the APP and GDPR.

Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organisation shall take place only if, subject to the other provisions of the GDPR, the conditions of Chapter 5 of the GDPR are complied with by the Controller and Processor, including for onward transfers of personal data from the third country or an international organisation to another third country or to another international organisation. This is to ensure that the guaranteed level of protection of natural persons is not undermined. ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller. Union means European Union. Member State means a state that is a member of the Union

When will we transfer your personal data?

a) Transfer on the basis of an adequacy decision. We will transfer personal data to a third country or an international organisation when the Commission has decided that the third country, territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection.
b) We will transfer personal data to a third country or an international organisation only if the Controller or Processor has provided appropriate safeguards, and on the condition that enforceable data subject rights and effective legal remedies for data subjects are available.
c) Specific situations to transfer personal data when one of the following conditions applies:

    • when you have explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequate decision and appropriate safeguards;
    • when the transfer is necessary for the performance of a contract between the data subject and the Controller or the implementation of pre-contractual measures taken at the data subject’s request;
    • when the transfer is necessary for the conclusion or performance of a contract concluded between the Controller and another natural or legal person in the interest of the data subject;
    • when the transfer is necessary for important reasons of public interest;
    • when the transfer is necessary for the establishment, exercise or defence of legal claims;
    • when the transfer is necessary to protect your vital interests;
    • when the transfer is made from a register which according to Union or Member State law, is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest exists but only to the extent that the conditions laid down by Union or Member State law for consultation are fulfilled in the particular case.

Using our website and cookies

With the use of cookies, we may collect personal information about you when you use and access our website.

While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit, the type of browser software used, the internet protocol address assigned to your computer and the previous website from which you linked to our website.

We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser. However certain aspects of our website may require the information collected by cookies to function and may not be available or perform optimally if the cookies function is disabled.

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

How we store and secure personal data

We may hold your personal data and information in either electronic or hard copy form in storage facilities owned and operated by us, or those owned and operated by our service providers, including cloud based storage facilities. We have implemented appropriate technical and organisational controls to protect your personal data against unauthorised processing, misuse, interference and loss, as well as unauthorised access, modification or disclosure and against accidental loss, damage or destruction.

The security measures we take include:

  • storing your personal information in a secure environment;
  • pseudonymisation and encryption of personal data;
  • strictly allowing access to the secure physical storage facility by authorised personnel only;
  • ensuring that providers of our cloud based storage facilities have appropriate security measures in place to protect any information stored on such facilities consistent with our Privacy Policy.
  • strictly allowing access to the secure electronic system on which your personal information is stored by authorised personnel only;
  • monitoring and tracking details of any access and/or change to your personal information, including the date and time at which your information is accessed and/or changed, and by whom;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures to ensure secured processing.

We also use several physical, administrative, personnel and technical measures to protect your personal information. However, we cannot guarantee the security of your personal information. Except to the extent liability cannot be excluded due to the operation of statute, we exclude all liability (including in negligence) for any and all consequences of any unauthorised access to your personal information. Please notify us immediately if you become aware of any breach of security.

In the case of a personal data breach, without undue delay and, where feasible, no later than 72 hours after having become aware of it, we will notify the personal data breach to the competent supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons we will communicate in clear and plain language, the personal data breach to you without undue delay, the nature of the personal data breach and will contain at least the information and security measures taken.

When your personal data is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal data. However, most of the personal data is or will be stored in files which will be kept by us for a minimum of 7 years.

Links

Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content in those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

Collection of Sensitive Information

We do not generally collect sensitive information about individuals. If you provide sensitive information to us for any reason, you consent to us collecting, using and disclosing that information for the purpose for which you disclosed it. We will always need your express consent or have a legal ground to process that type of personal data.

Sensitive information includes personal information about a person’s racial or ethnic origin, political opinions or memberships, religious or philosophical beliefs or affiliations, professional or trade association or union memberships, sexual orientation or practices, criminal record or health record.

What rights do you have?

We have set out below all your rights as a data subject concerning your personal data:

a) Information relating to personal data irrespective whether it was obtained directly from the data subject or from a third party. As we collect and hold your personal data, we have an obligation to you to provide our identity and contact details, contact details of the protection office, our purposes and legitimate interests and recipients or categories of recipients of the personal data which are set out in this Privacy Policy.
b) Access to your personal information. You have the right to seek access to the personal information we hold about you and we will provide a copy of the personal data undergoing processing. Sometimes, we may not be able to provide you with full access to all your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.
c) Rectification of your personal information. You have the right to request for us to correct without undue delay any personal information we hold about you which is inaccurate or incomplete. We will take reasonable steps to ensure that it is corrected. You can ask for access to or correction of your personal information by contacting us using our details under the ‘Contact Us’ section below.
d) Erasure of your personal information (“Right to be forgotten”). You have the right to submit a request to us, for us to erase your personal data without undue delay.
e) Restriction of processing. You have the right to obtain a restriction with respect to the processing of your personal data in the event the processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use instead.
f) Data portability. You have the right to receive the personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from us.
g) Object. You have the right to object at any time to the processing of your personal data on grounds relating to your particular situation.
h) Automated individual decision-making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
i) Lodge a complaint. If you are of the opinion that our data processing is not in compliance with GDPR regulation, you have the right to lodge a complaint with a supervisory authority and the right to seek judicial remedy.
j) Compensation and liability. You have the right to receive compensation for any material or non-material damage you have suffered as a result of an infringement of the GDPR.

Making a complaint

If you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below.

Please include your name, email address and/or telephone number and include as much detail as possible in relation to your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, you may refer the issue to the Office of the Australian Information Commissioner (at ) or your national Data Protection Authority.

Contact Us

We take reasonable steps to ensure that the information we hold about individuals is accurate, complete and up to date and we invite individuals to contact us to correct inaccurate information. We also provide individuals with access to the information we hold about them in accordance with the Privacy Policy. We also take all reasonable steps to protect the security of the personal information that we hold.

For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

The Privacy Officer
AMDA Foundation Limited (ABN 63 091 147 787)
PO Box 339
North Geelong Vic 3215
Australia

Telephone: +61 (0)3 5282 0500
Email:
Website: www.amda.com.au