(Last updated March 2019)
The Group abides by the Australian Privacy Principles (“APPs”), which provide a scheme in relation to the collection, disclosure, use and storage of personal information. The Group's objective is to handle information responsibly and provide you with some control over the way information about you is handled.
The Privacy Act provides for exemptions:
a. in relation to employee records (being records relating to a current or former employment relationship between the Group and the individual); and
b. from coverage in relation to the journalism activities of the Group (as explained further at section 3).
Where these exemptions apply, they will take precedence over this Policy.
1. Collection of Personal Information and other data
Personal information is information or opinion about an individual, or an individual who is reasonably identifiable (whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form). The nature of personal information collected by the Group comprises information such as an individual's name, address, phone number, fax, e-mail address, birth date and gender, as well as interests and information about your viewing of our programs and services, your transactions with us and with some of our business partners.
The purposes for collecting such information include to arrange, conduct and promote the Group’s media activities (including but not limited to production, broadcasting and publishing), understand our audiences and provide you with requested products and services. You may object to us using your personal information for any of these purposes at any time by emailing firstname.lastname@example.org
The Group may collect personal information about you in a number of ways. These include, but are not limited to situations in which you set up an account with a company within the Group (for example a magazine or newspaper subscription), request to receive products or services from the Group, provide products or services to the Group, enter a competition or voting forum, utilise the Group’s services (including, but not limited to IPTV services, websites, mobile phone apps, blogs and online forums), complete a survey or questionnaire, or when you communicate with the Group by telephone, fax, writing, email, or any other electronic means.
When you are using a service we provide to you over the internet (for example a website, mobile phone app or digital edition of one of the Group’s publications), we may use technology (including third party technology such as Google Analytics) to collect information as to your activities on such services associated with the Group including your IP Address and/or the type of operating system you use and/or the domain name of your Internet Service Provider, software and hardware attributes and the web-page you request.
The Group also uses third party proprietary measurement software (such as OzTAM, Nielsen and Google Analytics) on our websites and apps which enables us to collect audience ratings information and anonymous viewing data which assists us to understand how visitors engage with our websites and apps. To learn more and for information on how to opt out of such activities see here.
The Group or its agents will generally collect personal information from you directly. For example, the Group may collect personal information when you subscribe to one of the Group’s publications, log on to a website or service by providing us with your email address and password, complete a survey, become a member, attend a function or event, enter a competition, make a purchase, provide a resume or enter an agreement. There may be other occasions when the Group sources personal information from third parties, such as from Facebook or Google when you log on to a website or service using your Facebook ID or Google ID, or from recruitment agencies when you apply for a position with us via a recruitment agency.
You may choose to deal with the Group anonymously or under a pseudonym where lawful and practicable (i.e. provided we are still able to provide the relevant service or do business with you without that information). For example, it might not be practical to deal with you anonymously if we need to process a payment, delivery goods or services or send personalised communications to you.
2. Use & Disclosure of Personal Information and other data
The Group may use your personal information and other data for the purpose for which it was initially collected, namely to arrange, conduct and promote the Group’s media activities (including but not limited to production, broadcasting and publishing), establish and administer your access to our websites and services, provide you with requested products and services (and renewals thereof), as well as all purposes necessary and incidental to the provision of goods or services by the Group or by anyone on behalf of the Group.
In addition, the Group may use your personal information and other data for purposes related to the initial purpose of collection if that other purpose would be within your reasonable expectations. Related purposes include analysing your personal information for the purpose of identifying and displaying content which may be of interest to you, referring you to products and services and/or production and broadcast activities and/or media activities that may be of benefit or interest to you, displaying targeted advertising based on those interests, improving our services, conducting research, contacting you, internal auditing and administration, adding your name to a guest list or invitation list, assisting the Group to carry out auditing, administration, or product enhancement, or providing marketing information to you (as explained further in section 6 below).
Without limiting the foregoing, this may involve matching data with third party data held by our business partners using the safe haven environment of a data service provider), or using data to create an anonymous link to third party data held by our business partners and ad network companies and placing that link in Cookies for the purpose of the Group and its business partners and ad network companies tailoring information you may be more interested in and sending you targeted advertising when you use websites or other services over the internet, including those supplied to you by the Group as well as by third parties unaffiliated with the Group. This is known as online behavioural advertising or interest-based advertising and information on how to opt out of such activities can be found here.
We may share your personal information with and disclose your personal information to the following categories of recipients:
a. related companies within the Group;
b. a regulatory authority, government agency or law enforcement body with jurisdiction over our activities;
c. professional advisors (such as our legal advisors and accountants) or auditors for the purpose of providing professional services to us;
d. a third party, if any member of the Group sells all or part of its business or makes a sale or transfer of a substantial part of its assets or is otherwise involved in a re-organization or merger or transfer of all or a material part of its business to that third party, or where a member of the Group ceases to be the licensed distributor of particular products and such distribution is to be taken over by that third party; or
e. third party service providers providing services on our behalf, including:
• marketing agencies, but only to facilitate advertising campaigns for their clients on Seven and its Associated Entities properties, including online banner advertisements and in-app advertisements. These third parties may use your personal information for the purpose of matching with other information to display targeted advertising based upon your interests, location, demographics, purchase intents and lifestyle; and
• suppliers who conduct specialised activities such as website management, share registry services, mail out services, call centre services, data analysis and processing services, insurance broking, vehicle and petrol supply, supply of equipment, engineering services, security services, financial services, credit reporting services and travel and hospitality services. Personal information may be provided to these parties (where contractually required) and to these suppliers in order to enable them to perform the agreed tasks.
The Group may further disclose your personal information without your consent if the disclosure is:
a. required or authorised by law;
b. required in order to investigate an unlawful activity;
c. required by an enforcement body for investigative activities; or
d. necessary to prevent a serious and imminent threat to a person's life, health or safety, or to public health or safety.
3. Collection, Use and Disclosure of records collected in the course of journalism
As a media organization involved in the collection, preparation and dissemination of news, current affairs and information, the journalistic activities and practices of the Group are exempt from the APPs, however the Group is committed to observing standards in relation to privacy in the context of its journalism activities as set out in the following:
a. the Commercial Television Industry Code of Practice, which applies to the Group’s television broadcasting activities; and
4. Legal bases for using your personal information
If you are located in the EU, the General Data Protection Regulation (“GDPR”) requires us to inform you of the legal bases that we rely on to process your personal information. These bases are as follows:
a. to conduct and promote our media activities;
b. to understand our audiences;
c. to provide you with our products and services;
d. to improve and personalise your experience of our products and services (eg: by displaying content which we think might interest you);
e. to show you advertising we think might be relevant to you;
f. to provide marketing information to you (regarding our products and services and those of our business partners);
g. to ensure that our systems run smoothly;
h. to keep our systems secure; and
i. to protect against improper or unauthorised use of our systems.
We don't think that any of the activities set out above will prejudice you in any way. However, you do have the right to object to us processing your personal data on this basis.
We are allowed to use your personal information when it is necessary to do so for the performance of a contract that we have with you. For example, if you have ordered certain services from us, we may need to collect and use your personal information in order to satisfy your order.
Other legal obligations
As well as any obligations to you under a contract, we have other legal obligations that we need to comply with, and are allowed to use your personal information when we need to in order to comply with those other legal obligations.
We are allowed to use your personal information where you have specifically consented. When we seek your consent we will provide you with a full explanation of what we will be doing with your data. You will also have the right to withdraw your consent at any time.
5. International transfers of personal information
In general, your personal information will be stored in Australia.
On some occasions your personal information and other data may be transferred to or processed by service providers in overseas countries including but not limited to the US, or even in ‘the cloud’ (which may involve processing in more than one country) in order for such service providers to perform services on our behalf. The most current list of those countries can be found here.
If there is an international transfer of personal information we will take appropriate steps to ensure that it is carried out in accordance with the applicable privacy laws. The protection of such personal information will be subject to the legal requirements of the jurisdictions where the information is transferred, including lawful requirements to disclose information to government authorities in those countries. If you have any questions about the collection, use, disclosure or storage of personal information, please contact us using the details in section 12 below.
6. Direct marketing
From time to time the Group may use your personal information and other data to identify programs, products and services that may be of interest to you. The Group may use your personal information to send you information regarding the Group's programs, products and services, and those available through the Group's business partners.
From time to time, the Group may also provide your personal information to carefully selected third parties for the purpose of them providing you with information regarding products and services specific to your needs (in which case they will use youre personal information in accordance with their own privacy policies), and to help the Group conduct product enhancement activities.
If you receive a direct marketing communication from a member of the Group and wish to unsubscribe, you may use the unsubscribe function in the communication you receive, or alternatively by contacting email@example.com. We will take prompt steps to ensure that you do not receive any such direct marketing information in future.
7. Personal Information Quality
The Group's objective is to ensure that all personal information collected by the Group is accurate, complete and up-to-date. To assist the Group in achieving its objective, please contact the Privacy Officer if any of your details change. Further, if you believe that the information the Group holds is not accurate, complete or up-to-date, please contact the Privacy Officer on firstname.lastname@example.org in order to have the information corrected.
8. Personal Information Security
The Group is committed to keeping your personal information secure, and we will take reasonable precautions to protect your personal information from unauthorised access, loss, release, misuse or alteration.
We will not keep your personal information for longer than is necessary for the purposes for which we collect it unless we believe that the law or other regulation requires us to preserve it.
In general, we will retain your data for a period of 5 years following our last contact with you, in order, for example, for us to be able to deal with any questions or complaints you may have, even after your relationship with us has ended. Following this period, we will delete or de-identify the personal information that we hold about you from our systems, or put it beyond use.
Your personal information and other data may be stored in hard copy documents, but is generally stored electronically on the Group's software or systems or on those of our third party service providers.
The Group maintains physical security over its paper and electronic data stores, such as locks and security systems. The Group also uses computer and network security technologies such as firewalls, intrusion prevention software, antivirus software, external email filtering and passwords to control and restrict access to authorised staff for approved purposes and to secure personal information from unauthorised access, modification, disclosure, misuse and loss.
Whilst the Group takes all reasonable steps to secure your personal information from loss, misuse and unauthorised access, you acknowledge that all activities in which you intentionally or unintentionally supply information to the Group carries an inherent risk of loss of, misuse of, or unauthorised access to such information. The Group cannot be held responsible for such actions where the security of the personal information is not within the control of the Group, or where the Group cannot reasonably prevent such incident.
Additionally, you acknowledge that the collection and use of your personal information by third parties may be subject to separate privacy policies and/or the laws of other jurisdictions.
9. Access to Personal Information
You may request access to the personal information the Group holds about you.
The procedure for gaining access is as follows:
a. All requests for access to your personal information should be made in writing and addressed to the Privacy Officer.
b. You should provide as much detail as possible regarding the business entity, department or person to whom you believe your personal information has been provided, and when, as well as detail regarding the type of information to which you are seeking access. This will allow the Group to process your request faster.
c. The Group will acknowledge your request within 14 days, and access will usually be granted within 14 days, or if it is more complicated, 30 days. The Group will inform you if this timeframe is not achievable.
d. You will be asked to verify your identity.
e. A fee may apply to such access in the event that a request for access is onerous or time consuming. Such a fee will cover staff costs involved in locating and collating information, and reproduction costs.
f. Depending on the circumstances, you may be forwarded the information by mail or email, or you may be required to personally inspect your records at the appropriate place.
g. You will be given the opportunity to correct any personal information that is no longer accurate.
In some circumstances, the Group may not be in a position to provide access. Such circumstances include the following:
a. access would create a serious threat to safety;
b. providing access will have an unreasonable impact upon the privacy of other individuals;
c. denying access is required or authorised by law;
d. the request is frivolous or vexatious;
e. legal proceedings are underway or anticipated, and the information would not be accessible through the process of discovery in the proceedings;
f. negotiations may be prejudiced by such access;
g. providing access is likely to prejudice law enforcement;
h. providing access is likely to prejudice action being taken or to be taken with respect to suspected unlawful activity or serious misconduct relating to the Group’s functions or activities; or
i. access would reveal a commercially sensitive decision making process.
If the Group denies access to your personal information, it will provide you with reasons in writing.
10. Your other rights
In addition to your right to request access to your personal information and to correct it, you also have the right to:
a. request the erasure of any or all of your personal information;
b. restrict or object to the processing of any or all of your personal information;
c. request the porting or transfer of any or all of your information to another organisation; and
d. (as set out elsewhere) withdraw any consent to processing that you have previously given in respect of any or all of your personal information;
e. lodge a complaint with your local regulatory authority.
Please contact email@example.com with any of these requests and we will respond to your request as soon as practicable.
11. Changes to this Policy
The Group may, without notice, change this Policy from time to time for any reason and will update the Policy accordingly. We ask that you visit our website periodically in order to remain up to date with such changes.
If you believe that your privacy has been infringed or a breach of the APPs has occurred, you are entitled to complain. All complaints should initially be in writing and directed to the Privacy Officer. The Group will respond to your complaint as soon as possible, within 14 working days, to let you know who is responsible for managing your query. The Group will try to resolve the complaint within 30 working days. When this is not possible the Group will contact you to provide an estimate of how long it will take to handle the complaint.
If you believe the Group has not adequately dealt with your complaint, you may complain to the Privacy Commissioner whose contact details are as follows:
Officer of the Australian Information Commissioner (OAIC)
Phone: 1300 363 992
GPO Box 5218 Sydney NSW 2001
Contact details for data protection authorities in the EU are available at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
13. Privacy Officer's Contact Detail
Please address all written correspondence to:
Privacy Officer, c/- Legal Department
Seven West Media Limited
PO Box 777, Pyrmont NSW 2009