We will review this policy from time to time. We encourage you to check our website regularly as any updated policy will be available on our website. Please contact our Privacy Officer if you have any questions about this document.
Last update: 19 October 2017
1 Types of information that we collect and purpose of collection
The kinds of personal information we collect and hold about you will depend on the circumstances of collection, including whether we collect the information from you as a mailing list subscriber, purchaser of event tickets or merchandise, job applicant or in some other capacity.
For example, if you are a mailing list subscriber, we only collect your name and email address. If you purchase event tickets or merchandise from us, we collect additional information such as date of birth, address, phone number, information about goods or services ordered, billing and payment details, your enquiries or complaints and your transaction history with us.
For recruitment purposes, we may collect and hold personal information about prospective employees, such as your tax file number, date of birth, driver’s licence number and employment history. We may also need to collect sensitive information about you such as your membership in professional or trade associations and certifications from police checks. Unless the collection of sensitive information is permitted under Privacy Act, we will only collect sensitive information with your consent where that information is reasonably necessary for our functions.
Collecting personal information from you
We collect your personal information when you interact with us directly via our website stltones.com and social media accounts. We also collect your personal information when you purchase event tickets or merchandise from us and when you join competitions or giveaways organised by us.
Collection through social media platforms
When you interact with us using social media platforms, you are also providing personal information to the operators of these social media platforms. Such information is subject to those operators’ policies governing privacy. We are not responsible for the privacy practices and policies of these operators even if you accessed these platforms from our website. We encourage you to read and understand these operators’ privacy policies before providing them with your personal information.
Collecting personal information from other sources
Sometimes we collect personal information about you from other sources where you have consented to the collection of the information from someone else, we are authorised by law to collect the information from someone else or it is unreasonable or impracticable to collect the information from you personally.
If you apply for a position with us, we collect your personal information from third parties such as, recruitment service providers, referees, former employers, educational institutions and, if appropriate, health providers and police.
Examples of other sources that we may collect personal information from are our business partners and related entities which include:
- STL Tones Pty Ltd as the Trustee for STL Tones Trust;
- Unified Music Group Pty Ltd; and
- Red Hill Entertainment Pty Ltd.
At all times this information is collected by lawful means and in a manner that respects your privacy.
If we receive unsolicited personal information about you from a third party and it is clear to us that we should not have received that information, we will destroy or securely delete that information (if it is lawful and reasonable for us to do so).
If we collect your personal information from third parties in circumstances where you may not be aware that we have collected your personal information, and that information can be used to identify you, we will take reasonable steps to notify you of the collection and the circumstances that surround the collection.
2.5 Use of tracking tools
Cookies are text files placed in your computer’s browser to store your preferences. These cookies collect information on how you and other visitors use our website.
Google Analytics is a service which transmits website traffic data. It will not identify individual users and IP addresses with any other data held by Google.
Hotjar is a combination of various online tools that we use to track the behaviour of the people who use and visit our website.
The tracking tools that we use do not contain, use or store any personally identifiable information. We use tracking tools to maintain our site, identify and analyse trends and to obtain broad demographic information. We do not use information transferred through cookies for any promotion or marketing purposes, nor is that information shared with any third parties.
Most browsers are initially set to accept cookies or other tracking tools. If you prefer, you can set your browser to refuse these by selecting the appropriate settings or blockings, deleting or disabling them in your browser or device permits.
3.1 Use and disclosure of personal information
We use personal information for a variety of purposes to effectively conduct our business including:
(a) to administer the supply of products and services to you;
(b) to contact and communicate with you;
(c) to run competitions, promotions and marketing campaigns including direct marketing;
(d) to conduct market research and website development;
(e) for internal record keeping;
(f) to consider applications for current and future employment; and
(g) to comply with legal and regulatory requirements.
We will not use or disclose personal information we hold about you that was collected for a particular purpose for another unrelated purpose, unless:
(h) you have consented to the use or disclosure of the information for another purpose; or
(i) the use or disclosure is otherwise permitted under the Privacy Act.
To help us carry out our business functions, we may disclose personal information about you to third parties, including:
(a) our related entities being STL Tones Pty Ltd, Unified Music Group Pty Ltd and Red Hill Entertainment Pty Ltd;
(b) our business partners in the music, entertainment and marketing industries including Sony and Warner Music;
(c) our external service providers, including mail houses, couriers, payment processors or payment gateway providers and e-commerce website providers;
(d) our professional advisers, such as auditors and lawyers;
(e) an individual’s representatives, including any person who has authority to act on their behalf;
(f) debt collection agencies and credit reporting bodies;
(g) government and regulatory authorities (as required or authorised by law or a court/tribunal order); and
(h) any other person where you have given your consent.
We will take reasonable steps to ensure that these third parties are bound by privacy obligations in relation to your personal information.
We will not sell, gift, rent or trade your Personal Information to anyone.
In some circumstances, we may need to disclose your personal information to third party suppliers and service providers located overseas including PayPal, Shopify, Braintree and Afterpay. We take reasonable steps to ensure overseas recipients of your personal information do not breach the Privacy Act.
Our website contains features or links to websites and services provided by third parties such as social media platforms, e-commerce platforms, online streaming services and external payment gateways. These third-party service providers have their own privacy policies and may disclose your personal information to overseas recipients.
4.1 Opt out from direct marketing
We may use your personal information to send you marketing materials about our products and services, events and promotions. If you do not wish to receive marketing material from us you may:
(a) contact the Privacy Officer in accordance with paragraph 8.1 of this policy; or
(b) opt-out of receiving further marketing material via any opt-out mechanism contained in our marketing correspondence.
5 Protecting personal information
Storing personal information
We store your personal information in different ways, including in physical and electronic form on site and with third party storage providers.
We maintain physical, electronic and procedural security measures to safeguard your personal information and to secure and protect it from misuse and unauthorised access, disclosure or interference by:
(a) physical security measures for access to systems, including restricting access to authorised personnel only, control of access to buildings and use of user identifiers and passwords;
(b) electronic security systems such as firewalls and data encryption, backup and recovery of systems, use of rostering, staff management and finance software, use of secure payment portals and Secure Socket Layer (SSL); and
(c) procedural security measures, including imposing confidentiality obligations on employees, consultants and contractors, providing them with training and requiring them to comply with strict privacy and security policies and procedures including account decommissioning for exiting staff.
5.2 What happens if we no longer need your personal information?
If we no longer need your personal information for any purpose, we will take reasonable steps to destroy or permanently de-identify the information, unless the information is contained in a Commonwealth record or we are required by law, or a court/tribunal order, to retain the information.
You may request access to personal information we hold about you by contacting our Privacy Officer in accordance with paragraph 8.1 of this policy.
We will respond to a request for access within a reasonable time, and give you access in the manner you request, if it is reasonable and practicable to do so, unless an exception in the Privacy Act applies. (For example, if providing this access may disclose information about another person we may need to refuse to grant you access.)
We may need to verify your identity before we give you access to your personal information. Depending on the nature of the request, we may charge you a small fee to access that information.
You may request us to correct any information about you which you think is inaccurate, incomplete or out of date. We will respond to a correction request within a reasonable time. .
If we correct your personal information that we have previously disclosed to another entity, and you ask us to tell the other entity about the correction, we will take reasonable steps to tell the other entity about the correction, unless it is impractical or unlawful to do so.
6.3 Refusal to allow access to, or correction of, personal information
If we refuse to allow you access to your personal information or to correct that information, then we will provide you with the reasons for our decision and will inform you of mechanisms available to complain about the refusal.
You have the option to remain anonymous, or to use a pseudonym when dealing with us where it is lawful and practical to do so. However, without your personal information we may not be able to provide you with our products and services.
If you have any complaints about our privacy practices or would like further information, please contact our Privacy Officer:
Telephone: 0414 422 354
Mail: 51 Wangaratta St, Richmond VIC 3121 Australia
If you are not happy with the outcome of the Privacy Officer’s investigation or we have not replied to you within a reasonable time, then you can raise your concern with:
The Office of the Australian Information Commissioner
Telephone: 1300 363 992
Mail: Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001