Privacy Policy

Privacy Policy

‍Purpose

This Privacy and Data Collection Policy outlines the Australian Musical Theatre Festival Inc’s (AMTF) handling of personal information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) and other applicable laws.

By engaging with us, you consent to the collection, use, and disclosure of your personal information in accordance with this Privacy and Data Collection Policy.

​Collection of your personal information

We may collect personal information such as name, address, email address, phone number, and other relevant information from individuals who purchase tickets, make donations, sign up for our newsletters, participate in events, or otherwise engage with us. We may also collect personal information such as, but not limited to, age and gender. The nature of personal information collected will always be relevant and proportionate to the purpose it serves.

Website and Digital Platforms

We may collect the following non-personally identifiable information, including but not limited to browser type, version and language, operating system, pages viewed, page access times and referring website addresses via cookies.

Third-party platforms and data handling

AMTF regularly works with partner organisations, venues, and external service providers that may collect or process personal information on our behalf. This includes, but is not limited to, third-party ticketing platforms, donor management systems, event registration services, or venues managing box office operations.

We acknowledge that in these cases, data may be collected through systems not directly owned or controlled by AMTF.

Where this occurs:

• AMTF endeavours to be transparent about the involvement of third parties in the data collection process, including through links to their privacy policies where possible.
• We aim to work only with organisations and service providers that demonstrate robust privacy and data security standards and whose practices align with our own.
• Any personal information shared with or accessed by third-party providers will be limited to what is necessary for the delivery of the specific service.
• We seek to include privacy and data clauses in our agreements with third parties, and to assess privacy risk where data is being handled outside of Australia or in systems outside of our control.

If you have any concerns about how your personal information is handled by third-party platforms, we encourage you to contact us directly and/or refer to the relevant organisation’s privacy policy.

Use of your personal information

We may use personal information for the following purposes:

• To communicate to you about purchases, events, programs, news and other festival opportunities—including personalised content.
• To process donations, tickets, and other purchases.
• To deliver relevant products and services.
• To comply with legal and regulatory requirements.
• To improve our services and programs.

We may also use personal information for other purposes that are consistent with the above.

Security of Personal information

Measures AMTF may take, where relevant and appropriate, to protect personal information from unauthorised access, use, and disclosure may include:

• Encryption: Data to be encrypted where possible both in transit and at rest.
• Multi-Factor Authentication (MFA): MFA required for access to sensitive data, particularly for staff and contractors handling personal information.
• Periodic security audits: Conduct security assessments to test for vulnerabilities in AMTF’s systems.
• Access controls & role-based permissions: Strict access controls, ensuring that only necessary personnel have access to sensitive information.
• Data collection minimisation: A ‘minimum necessary’ approach to collect only essential data required for each specific purpose.
• Staff training: Periodic cybersecurity training for staff, volunteers, or contractors to recognise phishing, social engineering, and other risks.
• Vendor risk assessment: Require third-party providers (e.g. ticketing systems, payment processors) to comply with Australian Privacy Principles (APPs) and conduct regular audits.
• Data processing agreements: Contracts to include clear data security requirements, including obligations in the event of a breach.
• International data transfers: Ensure compliance with international standards, e.g. GDPR, where required.
• Data destruction: Any unsolicited personal information collected will be de-identified and destroyed as soon as practicable.

Breach

In the unlikely event of a data breach (whether within AMTF’s systems or those of our providers), we will take immediate steps to contain the breach, assess the nature and scope of the incident, and mitigate any potential harm. Our priority is to protect the personal information of individuals and uphold our obligations under the Privacy Act. AMTF will:

• Promptly investigate the breach to understand what happened and what information was involved.
• Take necessary steps to prevent further unauthorised access or disclosure.
• Notify affected individuals through their preferred communication channel.
• Notify the Office of the Australian Information Commissioner in line with our obligations.
• Review our systems and processes to prevent similar incidents in future, or review partnerships if the breach is through a third party.

For more information on notifications of data breaches, visit the Office of the Australian Information Commissioner’s website.

Sharing of your personal information

‍We do not sell or rent personal information to third parties.

We may disclose personal information to relevant parties that perform services on our behalf including, but not limited to, handling customer support enquiries, processing transactions, or customer freight shipping. While we may store data on servers that are hosted overseas, we will never knowingly disclose personal information to any recipients that are located overseas.

Those parties will be permitted to obtain only the personal information they need to deliver the relevant service. AMTF takes reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information.

We may disclose personal information to service providers or other third parties located outside of Australia, including in countries that do not have equivalent privacy laws to those in Australia. We will take reasonable steps to ensure that such disclosures comply with the APPs guidelines.

Retention of Personal information

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Changes to this Privacy Policy

AMTF reserves the right to make amendments to this Privacy Policy at any time. If you have objections to the Privacy Policy, you should not access or use the AMTF website.

Accessing Your Personal Information

You have a right to access and correct your personal information that we hold, subject to exceptions allowed by law. If you would like to do so, please let us know. You may be required to put your request in writing for security reasons. AMTF reserves the right to charge an administrative fee for searching for, and providing access to, your information on a per request basis.

Contacting Us and Making Complaints

AMTF  welcomes your comments regarding this Privacy Policy. If you have any questions about this Privacy Policy or would like to make a complaint regarding an apparent breach of this policy, or would simply like further information, please contact us on email: info@amtf.org.au. Any complaints will be handled swiftly by the AMTF Finance, Governance, Risk and Compliance Committee.

‍