PRIVACY POLICY
Somerset Event Management is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
In this policy “we”, “us” and “our” refer to Somerset Event Management Pty Ltd.
In this policy “you” and “your” refers to our website visitors and service users.
What is Personal Information and why do we collect it?
Organisations sometimes need personal information about you to carry out our work. Australian privacy law sets out what personal information they can collect and what they need to tell you.
Personal information includes a broad range of information, or an opinion, that could identify an individual. Examples of Personal Information we collect can include but is not limited to names, addresses, email addresses and phone numbers.
This Personal Information is obtained in many ways including correspondence, by telephone, by email, via our website www.somersetevents.com.au, from your website, from other publicly available sources.
We collect your Personal Information for the primary purpose of providing our services to you and or providing information to our clients. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.
When we collect Personal Information, we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
We have adopted the Australian Privacy Principles (APPs) set out in the Australian Privacy Act 1998 below and the EU General Data Protection Regulation (GDPR). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. The EU General Data Protection Regulation (GDPR) sets out rules and guidance about how personal information should be treated. And as well as the specifics, the law provides a set of general principles that must permeate all acts of data processing. Somerset Event Management reserves the right to modify or amend privacy and copyright statements at any time, provided those modifications or amendments comply with applicable laws.
Links to other websites
This Privacy Policy applies only to our Site. The Site may contain links to other websites not operated or controlled by us. The policies and procedures described here do not apply to websites or other services that Somerset Event Management does not operate or control. These links from our Site do not imply that we endorse or have reviewed those websites or other services. We suggest contacting those services directly for information on their privacy policies.
When you give us personal information, we will not share that information with third parties without your permission.
Australian Privacy Principles (APPs)
The Australian Privacy Principles (or APPs) are the cornerstone of the privacy protection framework in the Privacy Act 1988 (Privacy Act). They apply to any organisation or agency the Privacy Act covers.
General Data Protection Regulation – GDPR
“General Data Protection Regulation.” GDPR, also known as Regulation (EU) 2016/679, is a European Union law drafted on April 27, 2016 and instituted on May 25, 2018. It replaces the EU Data Protection Directive, which was adopted in 1995. The primary purpose of GDPR is to protect the personal data of residents of countries within the European Union (EU).
The 88-page GDPR document begins by stating the protection of people in regards to their personal data is a fundamental human right. The rules and guidelines within the General Data Protection Regulation are designed to support this premise. It states that all data controllers (organizations that collect and store user data) must protect the data, give users access to the data, and make the data easily transferrable.
GDPR updates the previous Data Protection Directive to be relevant to modern times and technologies. For example:
- Regulation 42 states that data processors (such as websites) must make their identity clear and ask users for consent before storing their data.
- Regulation 49 bans malicious activity in regards to data, such as hacking and denial of service attacks.
- Regulation 83 states that data controllers and processors should mitigate security risks by using encryption.
- Article 33.1 requires organizations to inform their users within 72 hours of when a data breach has been discovered.
Data Access Requests
You may request details of the data we currently hold about you, make amendments, update your consent, or request deletions at any time.