Privacy statement & policy

PRIVACY STATEMENT 

1 OBJECTIVE

Moorilla Estate Pty Ltd (ABN 34 120 281 656), trading as (among other things) “the Museum of Old and New Art (Mona)” “Moorilla”, “Mona Foma”, “Dark Mofo”, “Mona Pavilions” and “Art Processors” (we, our or us) is committed to respecting your privacy and your personal information. This statement sets out how we collect, use and disclose your personal information. It also sets out some key parts of our Privacy Policy which may be viewed at mona.net.au/privacy-policy.

2 COLLECTING YOUR PERSONAL INFORMATION

2.1 Collecting personal information

We will, if it is reasonable or practicable to do so, collect personal information directly from you. Sometimes you may not be aware that we have collected your personal information. If we collect your personal information, we will take reasonable steps to notify you of the collection.

2.2 Collecting personal information from other sources

Sometimes we collect personal information about you from other sources where it is necessary to do so.  Examples of other sources that we may collect personal information from include, but are not limited to:

(a) our related entities; 

(b) our business partners; and

(c) our contracted external service providers.

2.3 Collection required by law

We may also collect your personal information if the collection of the information is required or authorised by law or a court/tribunal order.

3 PURPOSES FOR COLLECTING PERSONAL INFORMATION 

3.1 Purposes

We collect, hold, use and disclose your personal information for the purpose it was collected and related purposes, including:

(a) to provide you with products and services;

(b) to promote or advertise products and services provided by us, our related entities, and our business partners;

(c) to promote or advertise products or services offered by third-party organisations who are, in some way, directly related to us through events or sponsorship;

(d) for direct and indirect marketing purposes (including surveys);

(e) for internal data analysis, statistical and reporting purposes;

(f) for data analysis, statistics and reporting conducted by third-party organisations;

(g) for data analysis conducted by our related entities and business partners;

(h) to issue a reimbursement/refund (if applicable);

(i) to amend, cancel or otherwise contact you in relation to your booking;

(j) to identify you;

(k) to give you information about the products and services we, our related entities or our business partners provide;

(l) to deal with any enquiries or feedback you may have;

(m) to manage and respond to request for information;

(n) for security purposes;

(o) to comply with any applicable laws, regulations or codes of practice; and

(p) for any other purpose for which you have given your consent.

If you have given your express consent, we may also use your personal information to:

(a) process process automatic, ongoing payments to your credit card as part of Moorilla’s wine club options: Wine Buying Program, Annual Dozen and Exhibit 6;

(b) store your credit card details through third-party sites to secure accommodation at the Mona Pavilions, including deposits and full balances (The Booking Button, Room Master), or via the Moorilla Wine Buying Program (Braintree);

(c) create a running sheet and / or calendar your event or function at Mona

(d) process a deposit using your credit card details to secure your venue hire at Mona, before taking the full amount when specified;

(e) process a deposit using your credit card details to secure transport hire through Mona Roma (our business partner Derwent Cruises Pty Ltd trading as Navigators) before taking the full amount when specified;

(f) contact you for survey purposes, if you have given your consent at the Front of House upon entry to Mona, the Museum of Old and New Art;

(g) select you for employment or suitability for participation in events.

3.2 Direct marketing

If you don't want to receive any more direct marketing material from us, you can contact our Data Privacy Officer at any time in accordance with paragraphs 6 and 7 of this statement.

4 WHAT HAPPENS IF YOU DON'T PROVIDE YOUR PERSONAL INFORMATION?

If you do not provide us with your personal information we may not be able to:

(a) verify your identity;

(b) process your sale;

(c) fulfil your delivery;

(d) complete your order; or

(e) respond to your enquires or requests.

5 USE AND DISCLOSE OF PERSONAL INFORMATION 

5.1 Disclosing your personal information

We will not use or disclose personal information we hold about you that was collected for a particular purpose for another purpose, unless:

(a) you have consented to the use or disclosure of the information for another purpose; or

(b) the use or disclosure is otherwise permitted under the Privacy Act 1998 (Cth).

5.2 Disclosing your personal information to third parties

Sometimes we may disclose personal information about you to third parties. Examples of third parties that we may disclose your personal information to include, but are not limited to:

(a) our related entities (including Moo Brew Pty Ltd and The O (Art Processors Pty Ltd);

(b) our business partners (including Mona Roma (Derwent Cruises Pty Ltd trading as Navigators);

(c) our contracted external service providers (including digital service providers, booking service providers and payment processing service providers); and

(d) any other person where you have given your consent.

5.3 Disclosing your personal information overseas

In some circumstances we may need to disclose your personal information to overseas recipients for data storage. These recipients are likely to be located in New Zealand and the USA. As data storage can be assessed from various countries via an internet connection, it is not always practicable for us to know what country your personal information may be held in.  As such, disclosure may sometimes occur in countries other than those listed.

6 ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION

You have certain rights to access and correct personal information we hold about you.

You can find out how to access personal information we hold about you and how to correct that information by:

(a) reading our Privacy Policy available at mona.net.au/privacy-policy; or

(b) contacting our Data Privacy Officer on +61 (3) 6277 9900, or email on privacy@mona.net.au, and asking for a copy.

7 COMPLAINTS

Please let us know if you have any queries or concerns about a privacy issue.

You can find out about how to make a complaint and how we deal with complaints by:

(a) reading our Privacy Policy below; or

(b) contacting our Data Privacy Officer on + 61 (3) 6277 9900 or email on privacy@mona.net.au.

 

 

PRIVACY POLICY

1. AIM

Moorilla Estate Pty Ltd (ABN 34 120 281 656) trading as (among other things) “the Museum of Old and New Art (Mona)”, “Moorilla”, “Mona Foma”, “Dark Mofo”, “Mona Pavilions” and “Art Processors” ("we, our or us") has developed this Privacy Policy to convey our commitment to the protection of your personal information and our commitment to complying with our obligations under the Privacy Act 1988 (“Privacy Act”), including Australian Privacy Principles ("APPs"), effective from March 12 2014.

2. POLICY

This policy outlines how we manage and secure your personal information.  It also describes the kinds of personal information that we hold and for what purposes, and how that information is collected, held, used and disclosed.  This policy outlines how you can access and correct your personal information, opt out of receiving marketing material and how you can make a privacy complaint.

This policy is easy to access and is available on our website at mona.net.au/privacy-policy.  You may request a copy of the policy by contacting the Data Privacy Officer in accordance with section 13 of this policy.

Please read this policy carefully before you provide us with any personal information. 

We will review this policy from time to time.  We encourage you to check our website regularly as any updated policy will be available on our website.

3. TYPES OF INFORMATION THAT WE COLLECT AND HOLD

We may collect and hold the following types of personal information about you, including, but not limited to:

  • identification information including your name and contact details;
  • dietary requirements;
  • your credit card details; and
  • any other information that we consider to be reasonably necessary.

'Personal information' is defined in the Privacy Act to mean "information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.

We may collect personal information about you because the collection of the information is required or authorised by law or a court/tribunal order.

If we collect personal information about you that we did not ask for, we will check whether we could have collected that information ourselves.  If we could have collected the information, we will handle it in the same way we handle other information we collect from you.  If:

  • we could not have collected the personal information; and
  • the information is not contained in a Commonwealth record,

we will destroy the information or de-identify the information provided it is lawful and reasonable to do so.

4. DATA COLLECTION

We collect your personal information so that we can perform our functions and activities.  We will, if it is reasonable and practicable to do so, collect personal information directly from you.

We may collect your personal information when you initiate one or more of the following transactions:

  • Use/purchase products and services from us or from any of our related entities;
  • Use/purchase products and services from our business partners including Mona Roma (MR-0, MR-1 and Mona Roma) operated by Derwent Cruises Pty Ltd trading as Navigators (http://navigators.net.au/policy/navigators-privacy-statement.pdf);
  • Enter your email address on the O to retrieve personalised tour information, collected by the Art Processors Pty Ltd – the O records your path within Mona, the artworks you view and any ratings you provide;
  • Sign up, or subscribe, to the mailing lists of Mona the Museum of Old and New Art, Moo Brew, Moorilla, Mona Market (MoMa), Mona Blog, Mona Foma, Dark Mofo, the Odeon Theatre, and the Mona Blog;
  • Sign up, or subscribe, to Moorilla’s Wine Club options through the Cellar Door.

We may also collect your personal information when:

  • you fill out a paper or electronic form;
  • you make an enquiry;
  • you request information;
  • you provide feedback;
  • you give us paper correspondence;
  • you participate in a competition or promotion run by us;
  • you send us electronic correspondence;
  • you give us information over the telephone, via fax or post;
  • you access our website;
  • we supply products and/or services to you;
  • via CCTV footage. 

Sometimes we collect personal information about you from other sources where it is necessary to do so.  This may happen where:

  • you have consented to the collection of the information from someone else;
  • we are required or authorised by law to collect the information from someone else; or
  • it is unreasonable or impracticable to collect the information from you personally.

Examples of other sources that we may collection personal information from include, but are not limited to:

  • our related entities; and
  • our business partners, including but not limited to Mona Roma (MR-0, MR-1 and Mona Roma) operated by Derwent Cruises Pty Ltd trading as “Navigators”; and
  • our contracted external service providers.

We do not usually collect sensitive information (e.g. race, religion, ethnicity, health information, etc) about you. Unless the collection of sensitive information is permitted under the Privacy Act, we will only collect sensitive information with your consent where that information is reasonably necessary for our functions.

The kinds of Internet-specific information we may collect from you includes:

  • your Internet Protocol address (“IP address”);
  • Cookies; and
  • Google Analytics information such as how often you visit a site, what page you visit, what links you click, your geolocation, your browser, your operating system and what other sites you visited prior to ours.

Further information in relation to each of the above dot points, is outlined in section 9 of this policy.

We may collect information about you when you interact with us through social media channels.  Please note that we will only interact with you on confidential matters via a secure forum.

When we receive personal information directly from you, we will take reasonable steps to notify you of the collection and the circumstances surrounding the collection.  Sometimes we collect your personal information from third parties or you may not be aware that we have collected your personal information.  If we collect information that can be used to identify you, we will take reasonable steps to notify you of the collection and the circumstances that surround the collection.

5. PURPOSES OF COLLECTION

We collect, hold, use and disclosure your personal information for the purpose it was collected and related purposes including:

  • For direct and indirect marketing purposes (including surveys);
  • to promote or advertise products or services directly associated with us, our related entities and our business partners including, but not limited to, Mona Roma (Derwent Cruises Pty Ltd trading as Navigators), the O (Art Processors Pty Ltd) and Moo Brew Pty Ltd;
  • To promote or advertise products or services offered by third-party organisations who are, in some way, directly related to us through events or sponsorship;
  • For internal data analysis, statistical and reporting purposes;
  • For data analysis, statistics and reporting conducted by third party organisations such as Enterprise Marketing and Research Services (EMRS);
  • For data analysis conducted by our related entities or business partners including Mona Roma (Derwent Cruises Pty Ltd trading as Navigators) and the O (Art Processors Pty Ltd);
  • To amend, cancel or otherwise contact you in relation to your booking;
  • To issue a reimbursement/refund (if applicable)
  • To identify you;
  • To give you information about the products and services we, our related entities or our business partners provide;
  • To provide you with products and services;
  • To deal with any enquiries or feedback you may have;
  • To manage and respond to requests for information;
  • For security purposes;
  • To comply with any applicable laws, regulations or codes of practice;
  • For any other purpose for which you have given your consent.

Furthermore, if you have given your express consent, we may use your personal information to:

  • Process automatic, ongoing payments to your credit card as part of Moorilla’s wine club options: Wine Buying Program, Annual Dozen and Exhibit 6;
  • Store your credit card details through third-party sites to secure accommodation at the Mona Pavilions, including deposits and full balances (The Booking Button, Room Master), or via the Moorilla Wine Buying Program (Braintree);
  • Create a running sheet and / or calendar your event or function at Mona;
  • Process a deposit using your credit card details to secure your venue hire at Mona, before taking the full amount when specified;
  • Process a deposit using your credit card details to secure transport hire through Mona Roma (our business partner Derwent Cruises Pty Ltd trading as Navigators) before taking the full amount when specified;
  • Contact you for survey purposes, if you have given your consent at the Front of House upon entry to Mona, the Museum of Old and New Art;
  • Select you for employment or suitability for participation in events.

If you do not provide us with your personal information, we may not be able to:

  • verify your identity;
  • process your sale;
  • fulfil your delivery;
  • complete your order; or
  • respond to your enquiries or requests

Under no circumstances will we sell or purchase personal information.

6. USE AND DISCLOSURE OF DATA

We will not use or disclose personal information we hold about you that was collected for a particular purpose for another purpose, unless:

  • you have consented to the use or disclosure of the information for another purpose; or
  • the use or disclosure is otherwise permitted under the Privacy Act (e.g. you would reasonably expect us to use or disclose the information for another purpose or the use or disclosure of the information is required or authorised by law or a court/tribunal order).

Sometimes we may disclose personal information about you to third parties.  Examples of third parties that we may disclose your personal information to include, but are not limited to:

  • our related entities (including Moo Brew Pty Ltd and The O (Art Processors Pty Ltd);
  • our business partners (including Mona Roma (Derwent Cruises Pty Ltd trading as Navigators);
  • our contracted external service providers, including but not limited to:
  • Okta, a universal service directory, that enables authentication of users across all entry points for financial transactions online (including, but not limited to, registration and login processes for: The O tour information, Museum entry tickets and transport bookings, Festival tickets, Online Mona Shop orders, Online Cellar Door orders and other online transactions of a secure nature which require authentication and trust to be cross checked in real time upon a customer's engagement (initial or returning) in a login process needing authorisation before a transaction can be fulfilled;
  • Okta, single sign-on authentication service, for use in logging into all Mona, Mona Foma, Dark Mofo, including the retrieval of your O tour, Moorilla, and other related online entry points;
  • Braintree, a payment gateway enabling credit card, PayPal, and other payment methods for the online Mona Shop and online Cellar Door;
  • Magento, an e-commerce engine facilitating online shopping and delivery of physical goods from the online Mona Shop and online Cellar Door;
  • Shippit, a freight and tracking engine facilitating freight and delivery of physical goods from the online Mona Shop and the online Cellar Door, and enabling tracking and notification services for individual customers;
  • H&L, provides POS and IT systems for Mona, including communicating order and member details when applicable—from Magento-based transactions (for the online Mona Shop and Cellar Door), through to Greentree, Mona's ERP and accounting system;
  • Rackspace, Sydney, hosting and providing underlying infrastructure, firewalls and security for Mona applications and web services which are public-facing;
  • BookBook, a reservation system used for facilitating bookings in The Source Restaurant - Credit card details are not stored with this provider.
  • Attendium, to store first and last names, and sometimes place of work, to facilitate VIP access to Mona, Dark Mofo and Mona Foma events.
  • Aegres, in order to fulfill Moorilla Estate Pty Ltd's digital functions, including unlimited access to:
  • Employee emails with the extensions @mona.net.au, @moorilla.com.au, @mofo.net.au and @moobrew.com.au;
  • Computer files (through backups);
  • Data stored on file servers locally at Mona including, but not limited to, accounting systems, POS, security systems, CCTV footage;
  • Data stored on Google Systems and Mona webportal-based systems;
  • Visitor data via the O;
  • Phone system data including but not limited to call log history, voicemail and extension numbers;
  • Network traffic from Mona computers/network connected devices and computers/network connected devices on Mona networks.
  • Deepend, in order to provide digital services pertinent to the functioning of our websites and, therefore, providing goods and services;
  • Campaign Monitor, in order to provide information on goods and services;
  • Mail2, in order to provide information on goods and services;
  • eWAY, in order to process credit/debit card transactions through our online stores;
  • TasVacations, in order to incorporate usinto Tasmanian travel experiences.
  • Tessitura, in order to facilitate all ticketing operations for us, our related entities and our business partners and to act as our central customer relationship management database - Server based in USA.
  • The Booking Button, specific to purchasing Mona Pavilions through our website or over the phone - Server based in USA.
  • RoomMaster, specific to purchasing Mona Pavilions through our website or over the phone - Server based overseas.
  • EventPro. No credit card information is stored within this system.
  • Greentree. No credit card information is stored within this system; and
  • Any other person where you have given your consent.

7. QUALITY OF DATA

We will take all reasonable steps to ensure that the personal information we collect, hold, use or disclosure is:

  • Accurate;
  • Complete; and
  • Up-to-date.

If you believe that your personal information is not accurate, complete or up-to-date, please contact the Data Privacy Officer in accordance with section 13 of this policy.

8. STORAGE AND SECURITY OF DATA

We store your personal information in different ways, including in physical and electronic form, via cloud and other third party data storage providers.

We will take all reasonable steps to ensure that the personal information we hold about you is protected from loss, misuse, interference, unauthorised access, modification and disclosure by:

  • Storing personal information in paper-based files, which are handled in accordance with the Privacy Act, by trained, authorised staff, and stored for varied periods of time dependent on purpose;
  • Storing personal information in electronic files, which are handled in accordance with the Privacy Act, by trained, authorised staff, stored in secure servers, which in some case may be based overseas;
  • Storing encrypted personal information (including credit card details) in our ticketing system, Tessitura which complies with the payment card industry data security standard;
  • Providing adequate training of all staff with access to personal information
  • Including a privacy clause in future casual, contract, full-time and part-time employment contracts (effective from 12 March 2014);
  • Using best endeavours to ensure all staff are familiar with our Privacy Policy and Privacy Statement;
  • Using best endeavours to ensure all staff with access to personal information have signed, agreed to and understand the Privacy Policy and Privacy Policy Manual;

    Furthermore, personal information derived specifically from the Internet will be protected from loss, misuse, interference, unauthorised access, modification and disclosure by:
  • Using best endeavours to ensure that any files sent as email attachments are password protected and encrypted;
  • Using best endeavours to ensure that any data stored via Google Drive is only shared with appropriately trained staff, rather than the whole organisation;
  • Using best endeavours to ensure any third-parties, our related entities and our business partners with access to personal information collected by us use it only when essential to providing a product or service;
  • Encrypting any data to be exported from one server to another.

In some circumstances we may need to disclose your personal information to overseas recipients for data storage. If so, this information is likely to be stored in New Zealand and the USA. As data storage can be assessed from various countries via an internet connection, it is not always practicable for us to know what country your personal information may be held in.  As such, disclosure may sometimes occur in countries other than those listed.

Where your personal information is disclosed, we will:

  • take reasonable steps to ensure that the overseas recipient does not breach the APPs, unless an exception in the Privacy Act applies; and
  • seek to ensure that information is used, held and disclosed consistently with the Privacy Act and any other applicable laws.

9. INTERNET-SPECIFIC DATA USAGE

Google Analytics
The Mona Museum of Old and New Art, Mona Foma, Dark Mofo and Moorilla websites use Google Analytics, a web analysis service provided by Google. Inc., to help us analyse and prepare reports on their use.

The information collected includes how often users visit a site, what pages they visit, what links they click, what geolocation the visit originated in, what browser they use, what operating system they use, and what other sites they used prior to coming to one of our sites.

Google Analytics collects the IP address assigned to you on the day that you visited one of our websites, rather than any identifying information. The information collected by Google Analytics is governed by Google Analytics' Terms of Service, which can be found here: http://www.google.com/analytics/terms/us.html.

You can opt out of Google Analytics. For more information on how to do so visit http://tools.google.com/dlpage/gaoptout, or you can prevent Google Analytics from recognising you on return visits to this website by disabling cookies on your browser.

Cookies
"Cookies" are pieces of data that are stored on your hard drive/web browsers containing details about your use of our websites. Cookies do not provide us with identifying information about you, they anonymously track usage of our websites, so that we can improve users' experience. You can disable cookies and still use our website, however in doing so, you may be unable to access certain pages.

IP Addresses
We use IP addresses to analyse trends, administer our websites, track use movements on our websites, and gather broad demographic data for aggregate use, which we may share with our related entities, business partners and advertisers. IP addresses are not linked to any information that could identify you.

Linking
Occasionally our websites will link to other websites. We are not responsible for these websites. The other websites are responsible for their own privacy and personal information handling practices.

Blog
We welcome your participation on our blog (www.monablog.net). An email address is required to leave a comment. We will never share your email address with any third parties, unless it is permitted under the Privacy Act or we are required or authorised by law to do so.

10. ACCESS AND CORRECTION OF DATA

You may at any time request access to personal information we hold about you.  We will give you access to that information unless an exception in the Privacy Act applies.

If you wish to access the data we hold on you, please contact our Data Privacy Officer in accordance with section 13 of this policy. Please note that you will be required to supply sufficient proof of identification, and should you fail to do so, we may not be able to provide you with the information you have requested.

We will respond to a request for access within a reasonable time (usually 30 days), and give you access in the manner you request, if it is reasonable and practicable to do so. 

If we refuse to give you access, we will:

  • take reasonable steps to give you access in a manner that meets out needs as well as yours; and
  • provide you with the reasons for our decision within seven (7) days.

If necessary, access may be given through the use of an agreed intermediary.

If you think that any personal information we hold about you is incorrect, inaccurate, out-of-date, incomplete, irrelevant or misleading, you may request us to correct the information bye contacting Mona’s Data Privacy Officer on  +61 (3) 6277 9900, or email privacy@mona.net.au.

We will take reasonable steps to correct it (having regard to the purpose for which it is held). The corrections will be made to our records and if you ask us to notify any other party to whom we have provided the personal information, we will take reasonable steps to give that notification unless it is impracticable or unlawful to do so.

We will respond to a correction request within a reasonable time (usually 30 days).  We may need to verify your identity before we correct your personal information.

If we refuse to correct the personal information, then we will provide you with the reasons for our decision as required by the Privacy Act.

11. LINKS TO EXTERNAL SITES

We will, at times, post links to external websites on our website for one or more of the following reasons:

  • The information directly relates to us, our related entities or our business partners;
  • The information is likely to be relevant, and of interest, to our followers and subscribers;
  • The link supports our business partners, community, and state;
  • As part of sponsorship.

Disclaimer:

We are not responsible for ensuring externally-linked sites have policies which align with Privacy Act. Of a similar nature, we take no responsibility for ensuring the security of personal information collected by an external site.

12. OPTING OUT OF MARKETING PROMOTIONS

We may use or disclose your personal information (excluding sensitive information) for direct marketing purposes.

We will only use or disclose your sensitive information for the purposes of direct marketing if you have consented to the information being used or disclosed for the purpose of direct marketing.

We may conduct direct marketing via email, in person, when you complete a form and via social media platforms.

If you are receiving marketing information from us, our related entities or our business partners, you have opted to join our mailing list via our website, Facebook, by direct request, or you are personally invited to one of our events.

Should you wish to be removed from our mailing list, you can unsubscribe via the 'unsubscribe' link supplied at the bottom of all electronic direct marketing from info@mofo.net.au, info@moobrew.com.au, darkmofo@mona.net.au, and info@moorilla.com.au.  All of our marketing correspondence will display a clearly visible and user-friendly opt-out/unsubscribe mechanism.

You can also unsubscribe by contacting our Data Privacy Officer in accordance with section 13 of this policy.

If you request to no longer receive direct marketing material, we will process your request within a reasonable period after the request is made.

13. MAKING A PRIVACY COMPLAINT

If you have any issues about the way we handle your personal information or wish to make a privacy complaint, please contact our Data Privacy Officer on +61 (3) 6277 9900 or privacy@mona.net.au. In this event, you will receive a written response within seven (7) days from point of contact.

If you are not happy with the outcome of the Data Privacy Officer’s investigation or we have not replied to you within a reasonable time, then you can raise you concern with  the Office of the Australian Information Commissioner (“OAIC”) on 1300 363 992 or enquiries@oaic.gov.au or GPO Box 5218 Sydney NSW 2001 or www.oaic.gov.au/privacy/making-a-privacy-complaint.

14. CONTACT DETAILS

Mona, Museum of Old and New Art

655 Main Road, Berriedale
TASMANIA 7011
t. +61 (3) 6277 9900
e. info@mona.net.au

Last updated 6 October 2016.