Tickets

Privacy Policy

Policy updated on 9 December 2024

  1. Scope
  2. Application
  3. What Information is Collected
  4. How Information Is Collected
  5. Cookies
  6. Why Information is collected
  7. How Will Information Be Used
  8. How to Opt Out
  9. Who Will Information Be Shared With
  10. Storage, Retention and Security
  11. Your Rights and Controls
  12. Privacy Complaints
  13. Privacy Officer
  14. Definitions

1. Scope

This Privacy Policy explains how we collect, use, disclose, store, secure and dispose of Personal Data. We collect Personal Data in person, by phone, text, email, or through our Platforms (collectively the Collection Points). If you use any of our Goods or Services, access our Platforms, or interact with us, this Privacy Policy is for you.

We have adopted the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (the Privacy Act). A copy of the Australian Privacy Principles may be found on The Office of the Australian Information Commissioner (OAIC) website at www.aoic.gov.au.

To the extent that it applies, we also comply with the obligations under the General Data Protection Regulation (the GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016).

For the meaning of other capitalised terms used in this Privacy Policy please refer to the Definitions.

2. APPLICATION

This is the Privacy Policy of Moorilla Estate Pty Ltd and the Museum of Old & New Art (known as Mona). This Privacy Policy applies to all Personal Data generated or held by Mona, Moorilla Estate, Mona Pavilions and our related corporate entities, including DarkLab Pty Ltd, Dark Mofo and Moo Brew Pty Ltd. It does not include Art Processors Pty Ltd who have their own privacy policy.

We have an appointed Mona Privacy Officer. The Mona Privacy Officer is responsible for coordinating responses to any privacy issues raised by members of the public or employees and advising employees about their privacy responsibilities.

 

3. WHAT INFORMATION IS COLLECTED

Information that we collect includes Personal Information, Sensitive Information and Usage Information.

Personal Information is information or an opinion that directly or indirectly identifies an individual. Examples of information which we may collect that can be considered personally identifying (either alone or in
combination) include your:

  • name, title, postal address, email address, phone numbers, date of birth;
  • photo identification (e.g. driver’s licence), gender;
  • images, photographs, video;
  • banking details, payment details, transaction history;
  • subscription preferences, interests;
  • social media information; and
  • work experience, interview notes.

Sensitive Information is a subset of Personal Information and can include a person’s health information as well as information or an opinion about such things as someone's racial or ethnic origin, sexual orientation, political
opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, or criminal record. Sensitive information will only be collected and used by us with your consent and where the information is reasonably necessary for one or more of our functions or activities, or where required or authorised by law.

Usage Information is anonymous aggregate data that is automatically collected through our Collection Points and in connection with our Goods or Services. Examples of Usage Information that we collect includes information that identifies your device, your operating system, your IP address, and dates and times that you access and use the Collection Points. This information is used to resolve any technical issues that may arise, provide a personal experience, or for statistical analysis to help us to improve our Goods and Services. Usage Information, whilst for the most part anonymous, can be cumulatively used to directly or indirectly identify you.

Usage Information that can be used to identify you in any way, together with your Personal Information and Sensitive Information, is collectively referred to in this Privacy Policy as Personal Data.

 

4. HOW INFORMATION IS COLLECTED

We may collect Personal Data in many ways, including by telephone and email, by interviews, correspondence, via our Platforms, via websites, from media and publications, from other publicly available sources, and from third parties.

We collect Personal Data directly from you in relation to the following functions and services, when you:

  • use our Goods or Services, including as a visitor or potential visitor, via tickets sales, comments,
    participating in market research, evaluation, competitions and promotions, education, and public
    programs;
  • make a purchase from us or from any of our related entities or official business partners;
  • access, browse, use, or interact with us via our Collection Points and Third Party Sites;
  • use a Mona app (including the ‘O’) or digital interactive at an exhibition;
  • make a social media post;
  • sign up, or subscribe, to any of our mailing lists, memberships or clubs;
  • enter a competition, giveaway, fundraiser or promotion organised by us;
  • complete a survey or questionnaire provided by us;
  • engage with us in collections, research and exhibitions;
  • engage with us a stakeholder, contractor or for general operations;
  • attend any of our exhibitions, events or Sites;
  • are applying for a job, work placement or volunteer opportunity;
  • have an enquiry or complaint; or
  • appear on our CCTV footage.

It is your choice to provide us with Personal Data by engaging in activities with us. Wherever lawful and practicable, we will provide you with the option of remaining anonymous when entering into transactions with us. However, if you do not wish to provide your Personal Data this may limit our ability to provide you with Goods and Services and may limit your ability to enjoy the Goods or Services.

We collect Personal Data in a lawful and fair manner. Where reasonable and practicable to do so, we will collect your Personal Data directly from you. However, in some circumstances we may be provided with information from other sources, e.g. when a transaction is being purchased as a gift or gift card.

Other instances of where this may happen include where:

  • you have consented to our collection of the information from a third party;
  • we are required or authorised by law to collect the information from a third party;
  • it is unreasonable or impracticable to collect the information from you personally; or
  • the information is contained in a Commonwealth Record (as defined in the Archives Act 1983
    (Cth)).

5. COOKIES

Cookies are small packets of data that are downloaded onto your device when you access a website. Cookies hold specific information that help us ‘remember’ our users and guests’ actions and preferences over time.

We use necessary cookies to make Mona’s websites work better for visitors. We also use preference, statistical and marketing cookies. Please read our Cookie Policy for more information.

6. WHY INFORMATION IS COLLECTED

We will only collect Personal Data for purposes related to our core functions and to help us provide you with a better service. We use your information for these types of things:

  • to deliver to you our Goods and Services and provide you with information about them;
  • to enable you to engage with our products, events, exhibitions, festivals and services;
  • for subscribers, to send you emails with news, offers and marketing promotions, about our products,
    events, exhibitions, festivals and services;
  • to personalise your experience and our marketing communications;
  • to understand your experience and/or expectations as a visitor, so we can improve our services and
    the experiences we provide; and
  • to deal with your requests, complaints and enquiries.

We may also use and, if necessary, disclose your Personal Data for any appropriate secondary purposes closely related to these primary purposes, in circumstances where you would reasonably expect such use or disclosure, or where you have consented to the secondary use or disclosure.

Our collection of Personal Data, including why we need it and how we’ll use it, will be in accordance with this Policy or otherwise explicitly stated before we collect it.

We will not sell, rent, or license your Personal Data.

7. HOW WILL INFORMATION BE USED

We may use and disclose your Personal Data for the following purposes, including but not limited to:

  • providing you with Goods or Services, e.g. emailing your ticket orders;
  • confirming your identity, e.g. when tickets are non transferable or you wish to make a change to
    your booking;
  • processing payments for Goods or Services;
  • communicating with you in relation to your use of the Goods or Services, e.g., if there is a
    schedule change or necessary information to convey;
  • issuing a reimbursement/refund (if applicable), e.g. in the unfortunate case that an event is
    cancelled;
  • enabling your participation in our events, e.g. restricted entry events;
  • facilitating and enabling the creation of online user accounts;
  • direct and indirect marketing purposes (including surveys) (unless and until you ‘opt out’);
  • internal data analysis, statistical and reporting purposes;
  • preventing, detecting, and investigating potential illegal activities, security breaches and fraud;
  • complying with applicable laws, regulations, and codes of practice, e.g. when age restrictions
    apply;
  • selecting you for employment;
  • where we are required by law to disclose information; and
  • other purposes for which you have given your consent.

 

8. HOW TO OPT OUT

We recognise your right under the Spam Act 2003 (Cth) and the GDPR to opt out from direct marketing. You can opt out at any time by unsubscribing from our direct marketing communications. You may unsubscribe from our direct marketing communication by selecting the ‘unsubscribe’ link on any email.

However, certain non-marketing related correspondence, including our messages relating to payment, will be automatically sent to you by virtue of your use of the Collection Points and you may not have the option to unsubscribe from receiving this correspondence.

 

9. WHO WILL INFORMATION BE SHARED WITH

Our Goods or Services may contain plug-ins and links to third party sites to enhance your user experience, including social media platforms, e-commerce platforms, ticket merchants, and external payment gateways (e.g. Facebook, Shopify, Moshtix and Tessitura) (known as Third Party Sites). These examples are not exhaustive and are subject to change from time to time. For other Third Party Sites integrated or otherwise linked to our Goods or Services, please contact us in writing.

Please note that this Privacy Policy does not cover the privacy practices of Third Party Sites. Please refer directly to the privacy policies and statements of the operator of any Third Party Sites to obtain information regarding their data collection, use, and disclosure policies.

We do not have access to, or control over, the technologies that Third Party Sites may use to collect information about you. We disclaim any and all liability in connection with the services of any Third Party Sites integrated or otherwise linked to our Goods and Services, and we encourage you to reach out to them directly should you have any questions in connection with their services.

Sometimes we need to disclose your Personal Data to third parties. You agree and consent to us disclosing your Personal Data (on a need-to-know basis) to:

  • our directors, officers, employees, contractors, agents, and related corporate entities; our personnel; the owners, lessees and controllers of any venue; and the respective members, directors, officers, employees, volunteers, contractors, agents or associated entities of the foregoing;
  • our business partners (including specifically Derwent Cruises Pty Ltd who operate the Mona
    ferry);
  • our contracted external service providers with whom we have entered into an agreement to help
    us provide the Goods or Services, including but not limited to security officers, e-commerce
    platforms, digital platforms, marketing agencies, payment gateways, technical support and other
    Third Party Sites;
  • our accounting, legal, and other professional advisors;
  • government and regulatory authorities;
  • any third party with your express approval; and
  • where required or authorised by law or otherwise to prevent harm.

We will take reasonable steps to ensure that these third parties are bound by Australian privacy laws. You can withdraw your consent for us to share your Personal Data with third parties at any time by emailing our Mona Privacy Officer, but please note that withdrawal of such consent may affect your ability to access and use our Goods or Services.

We may need to transfer your Personal Data to third parties in overseas countries in the course of providing services to you. These third parties will primarily be in countries deemed by the European Commission as having an ‘adequate’ level of Personal Data protection. If we transfer data to a third party in a country where no adequacy decision has been made, we will endeavour to ensure the third party handling your data in those countries is bound under contract to meet the requirements of the Privacy Act and the GDPR (as applicable).

 

10. STORAGE, RETENTION AND SECURITY

We store Personal Data in physical and electronic form, via the cloud and third party data storage providers. We provide a secure information storage system for both physical and electronic information to minimise the risk of misuse, loss, unauthorized access, modification or disclosure through our procedures and technical security measures. We train all staff who may have access to your Personal Data about this Privacy Policy and our obligations under the Privacy Act and the GDPR.

We will retain your Personal Data for as long as we need it for the purpose for which it was obtained or if we have a valid reason to keep it. Personal Data may be kept by us for up to 6 years or longer if reasonably necessary and permitted by law. How long we retain your Personal Data depends on the type of data, the amount collected, how sensitive it might be, any legal requirements and the purpose for which we collected it.

When your Personal Data is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Data.

You acknowledge however that no security measures are 100% secure, and that we cannot guarantee the security of your information or data at any time. To the extent permitted by law, we accept no liability for any breach of security, or direct hacking of our security measures, or any unintentional disclosure, loss or misuse of any information or data, or for the actions of any third parties that may obtain any information or data.

Notwithstanding the above, we acknowledge our obligation to report any data breach that is likely to result in serious harm to any of the individuals to whom the information relates, to the Australian Information Commissioner. Where a data breach involves the information of EU subjects that is likely to result in a risk to the rights and freedoms of natural persons, we will report to the European Data Protection Supervisor. We will also inform you, where possible, if your information has been involved in a data breach in the circumstance where it poses a risk of serious harm or a risk to your rights and freedoms.

 

11. YOUR RIGHTS AND CONTROLS

Please read this Privacy Policy carefully before you provide us with any personal information. If you do not agree with any part of this Privacy Policy, please do not use our Goods or Services or provide personal information via any of our Collection Points.

You have the right to seek access to the Personal Data we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Data, please contact our Privacy Officer in writing. We will reply to your request within 30 days. We will not charge a fee for your access request, but may charge an administrative fee if needing to provide a hard copy of your Personal Data. In order to protect your Personal Data we may require identification from you before releasing the requested information.

We take reasonable steps to ensure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up-to date, complete or is inaccurate, please advise us as soon as practicable so we can update our records.

In accordance with the GDPR, we acknowledge the additional rights of EU subjects to:

  • have their data erased that is no longer being used for a legitimate purpose;
  • request a copy of all Personal Data held about them in a readable format, along with supplementary information to verify that such Personal Data is being processed lawfully; and
  • request restricted processing of their Personal Data whilst any complaints or concerns are being
    resolved.

To erase, request, or restrict processing of your Personal Data, please contact our Privacy Officer in writing.

We will update this Privacy Policy from time to time at our sole discretion. Any updates become effective on posting the updated Privacy Policy on our Website, and we shall have no obligation to provide you with individual notice of such changes. We encourage you to check the Website regularly for any updates. Your continued use of our Goods or Services following the publication of any updated Privacy Policy shall signify your acceptance of that amended Privacy Policy, except in cases where we are required by law to seek your consent.

12. PRIVACY COMPLAINTS

If you have any feedback about the way we handle your Personal Data, or wish to make a privacy complaint, please contact our Privacy Officer.

If you are not happy with the outcome of the Privacy Officer’s investigation or we have not replied to you within 30 days, then you can raise your concern with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or with the European Data Protection Supervisor at https://edps.europa.eu.

 

13. PRIVACY OFFICER

Contact our Privacy Officer:
Email: privacy@mona.net.au
Phone: +61 (3) 6277 9900
In writing: Mona, Museum of Old and New Art
655 Main Road, Berriedale
TASMANIA 7011

Next Policy Review date: No less than 3 years from Publication.

 

14. DEFINITIONS

“Australian Privacy Principles” has the meaning given in clause 1. Scope.
“Collection Points” has the meaning given in clause 1. Scope.
“Cookies” has the meaning given in clause 5. Cookies.
“European Commission” means the primary executive arm of the European Union.
“General Data Protection Regulation” or “GDPR” has the meaning given in clause 1. Scope.
“Goods and Services” means the goods and services offered by Mona (including Tickets and access to the Sites
and Platforms) from time to time. For the avoidance of doubt, these Terms apply where any gift voucher or
credit is redeemed for the Goods and Services and even if the Goods and Services are complimentary.
“Mona Privacy Officer” has the meaning given in clause 2. Application and can be contacted through the
details given at clause 13. Privacy Officer.
“Personal Data” has the meaning given in clause 3. What Information Is Collected.
“Personal Information” has the meaning given in clause 3 What Information Is Collected.
“Platforms” means the Website, and any social media pages or channels, applications (including the ‘O’ App),
or online services now known or hereafter invented which are owned and/or controlled by Mona.
“Privacy Act” means the Privacy Act 1988 (Cth).
“Recordings” means where Mona (or any person authorised by Mona) captures your likeness, image, or voice
in any audio recordings, audio-visual recordings (including CCTV footage), and photographs in connection with
your use or access to the Goods and Services.
“Sensitive Information” has the meaning given in clause 3. What Information Is Collected.
“Sites” means venues, premises, vehicles, and/or other transport, owned, operated, occupied, or controlled
by Mona from time to time from which Goods and Services are made available.
“Third Party Sites” has the meaning given in clause 9. Who Will Information Be Shared With.
“The ‘O’ App” means Mona’s museum wayfinding and information app which replaces traditional wall labels
and texts.


“Ticket” means an entry ticket to the Site(s) including (as applicable):

a. Mona organised events such as:

  • i. Mona organised and endorsed concerts (“Event tickets”);
  • ii. Dark Mofo events (“Festival tickets”);


b. Mona museum entry and any separately ticketed experiential artworks or exhibitions, restaurant
bookings or cellar door tastings (Site tickets);
c. Mona organised transport such as ferry and bus transfers (Site tickets);
d. Mona organised and operated tour, exhibition opening, hospitality event or other special events
(“Event tickets”); and
e. Mona organised Ultimate Winery Experiences or Cultural Attractions of Australia packages, for
example, Mona Like a Rockstar, Posh As Day, Wine Meets Art, Dinner with David, and the Turrell
Experience (“Experience Package”),
and includes any other equivalent or replacement for a Ticket e.g. entry pass, wristband, pass out stamps.
“Usage Information” has the meaning given in clause 3. What Information Is Collected.

“Website” means www.mona.net.au, and any other website owned and/or controlled by Mona.