Privacy Policy

This Privacy Policy applies to all personal information collected by Tasracing Pty Ltd (“Tasracing”). All references to “we”, ”us” and ”our” in this Privacy Policy refer to Tasracing.

PURPOSE

This Privacy Policy explains how we collect, hold and use personal information.

SUMMARY

We value the privacy of your personal and sensitive information.

We are committed to protecting the information we collect, hold and use by complying with our obligations under the Personal Information Protection Act 2004 (Tas) (“PIP Act”), the Australian Privacy Principles (Principles) contained in the Privacy Act 1988 (“Privacy Act”), and the European Union Regulation 2016/679 – General Data Protection Regulation (“GDPR”).

DEFINITIONS

Personal information” is information or an opinion relating to an individual who is identified or reasonably identifiable (including names, addresses, telephone numbers and email addresses).

Sensitive information” is a subset of personal information that is generally afforded a higher level of privacy protection. Examples include information about an individual’s racial or ethnic origin, health or genetics, membership of a political association or professional or trade union or criminal record.  This phrase is defined in the Privacy Act.

WHY WE COLLECT PERSONAL INFORMATION

We will not collect your personal information unless collection of such information is reasonably necessary to enable us to carry out one or more of our functions and/or activities.  Our principal functions are set out in the Racing (Tasracing Pty Ltd) Act 2009 (Tas) (“Tasracing Act”) and Racing Regulation Act 2004 (Tas) (“Racing Regulation Act”).

These functions and activities generally include:

  • The organisation and administration of racing activities and the racing industry in Tasmania;
  • Promoting Tasmanian racing locally, nationally and internationally;
  • Establishing online accounts for website users and running competitions;
  • Promoting the development of an efficient and effective racing industry;
  • Corporate governance, strategic direction and funding of racing in Tasmania;
  • Providing advice to the Minister and making appropriate policy recommendations for the development of racing;
  • Race programming and allocation of race days;
  • Handling complaints and enquiries;
  • Conducting tenders and entering contracts; and
  • Managing other services we provide under the Tasracing Act or Racing Regulation Act or other applicable legislation; and
  • Other incidental functions.

By agreeing to our terms and conditions, users of our website consent to us using and disclosing personal information for the purpose of fulfilling the above functions.

Without limiting the generality of the previous paragraph, by agreeing to our terms and conditions, users consent to us taking and using images and audio and video recordings of users and, if applicable, their horses/greyhounds for marketing purposes without any obligation to pay users compensation for such use.

WHAT PERSONAL INFORMATION IS COLLECTED

We hold electronic and paper records containing personal information which can broadly be divided into two classes:

  • personal information relating to employees; and
  • personal information relating to our business and service delivery functions and activities.

This personal information includes:

  • identity and contact information, such as name, postal or email address, telephone numbers;
  • social media handles;
  • date of birth;
  • details of horses/greyhounds owned;
  • images and audio and video recordings from race days; and
  • financial details in certain circumstances.

We may also collect sensitive information where it is necessary to do so and typically only information regarding health or medical matters.

HOW WE COLLECT AND STORE PERSONAL INFORMATION

Collection

If we collect personal information about a person, we will take reasonable steps to notify them.

We collect personal information directly from you including by telephone, mail, email and online.

We may also collect personal information indirectly from publicly available sources or from third parties, such as applicants or complainants, in the course of managing complaints, data breach notifications, reviews or investigations.

We also collect personal information through our websites or social networking services (e.g. Facebook and Twitter) as well as in performing our functions under relevant legislation.

We will only collect personal information from third parties where the following requirements are met:

  • the means by which we obtain the information is lawful and fair; and
  • it is unreasonable or impracticable to obtain the information from the person who is the subject of the information.

We note that sensitive information is only collected where you consent or where the collection of the information is required or authorised by law.

Storage

Personal information that is collected from our websites is stored in the Amazon Web Services (AWS) server in Australia. We also use Mailchimp and SendGrid to manage our mailing lists, and Braintree in relation to electronic transactions. You can access the privacy policies for these companies on their websites.

We have processes in place to ensure the security of your personal information. We may store your personal information in paper or electronic form, or in the cloud.

Only certain employees have access to personal information held by us, in order to protect the information from misuse, modification and unauthorised access.

If we no longer require any information for any purpose for which the information may be used or disclosed, we will take reasonable steps to destroy the information.

Erasure

You have the right to require us to erase personal information which relates to you if one of the following applies:

  • the personal information is no longer necessary for the purposes for which it was collected;
  • you withdraw your consent to the processing;
  • the personal information is unlawfully processed within the meaning of the GDPR; or
  • you exercise your right to object to the processing of any personal information stored by us which relates to you, and we are unable to demonstrate compelling legitimate grounds for the processing which override the interest and rights of you for the establishment, exercise or defence of a legal claim.

If we hold personal information about a person that we no longer need, we will take reasonable steps to destroy or de-identity the information.

USE AND DISCLOSURE OF PERSONAL INFORMATION

We use information in the furtherance of and in connection with the performance of our functions, activities and legislative powers.

We may use or disclose personal information for the purpose for which it was collected and for other purposes permitted by the Privacy Act, including where:

  • you have consented;
  • you would reasonably expect us to use or disclose the information for that other purpose, in circumstances where it is related to the purpose for which it was collected; or
  • use or disclosure is authorised by law or a court/tribunal order.

We may use or disclose personal information that is not sensitive information to third parties for the purposes of direct marketing services related to the racing industry. Any individual will be able to opt-out of such direct marketing at any time if they choose by clicking on the relevant link at the footer of the emails received from us or by contacting our Privacy Officer (contact details below).

We will not disclose or use sensitive information for purposes other than which it was collected unless you expressly consent to the use or disclosure or where you would reasonably expect us to use or disclose the information for that other purpose, in circumstances where it is directly related to the purpose for which it was collected.

When personal information is disclosed to third parties, appropriate care is taken to ensure the information is protected from misuse.

It is not likely that we will disclose information to overseas recipients other than for the purpose of secure storage on the cloud.

However, if we do disclose your personal information to a third party which is located overseas, we will take reasonable steps to ensure that the overseas recipient handles your personal information in accordance with the standards required under the Privacy Act.

ACCESSING PERSONAL INFORMATION WE HOLD

You can access your own personal information by contacting our Privacy Officer (details below).  We will respond within a reasonable period after the request is made.

We will not charge you for making a request for access to personal information unless the request is particularly complex or requires detailed searching of our records.

If you believe there are errors in the personal information that we hold about you, you can ask us to correct that information. We will consider any request by you to change or correct personal information and advise of any action taken in accordance with the requirements of the Privacy Act and the PIP Act.

You can also:

  • request that we restrict the processing of your personal information; and
  • object to our processing of your personal information (your right to object is outlined above under ‘Erasure’).

In certain circumstances we may refuse or deny you access to information in part or in full.  These circumstances include where:

  • We believe that giving access may pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
  • We believe that giving access may have an unreasonable impact on the privacy of other persons;
  • We believe that giving access may prejudice us in legal proceedings or negotiations;
  • We believe that giving access may reveal information connected with a commercially sensitive decision making process;
  • Giving access would be contrary to law; or
  • The request for access is frivolous or vexatious.

COOKIES

Cookies are pieces of information that a web site transfers to your computer’s hard disk for record keeping purposes. The cookies simply operate as a unique identifier, which helps us to know what our users find interesting and useful on our website.

Data collected from website use does not identify the user, allowing you to remain anonymous in our data collection.

We may also use cookies in order to serve digital advertising to our users after they have left our website.

Most web browsers are set to accept cookies, however, if you do not wish to receive any cookies, you may set your browser to refuse them.

ANONYMITY

As a general rule, we require people to identify themselves by their legal name because it would be impracticable to deal with them otherwise.

SECURITY

We will take reasonable steps to protect personal information from the following:

  • misuse, interference and loss; and
  • unauthorised access, modification or disclosure.

We will manage suspected data breaches in accordance with the requirements of Part IIIC of the Privacy Act and our Mandatory Data Breach Notification Response Plan.

If we become aware of reasonable grounds to believe that an eligible data breach as defined in the Privacy Act may have occurred, we will assess whether an eligible data breach has occurred as soon as possible and, in any event, within Thirty (30) days.

If we determine that an eligible data breach has occurred, we will notify any affected person and the Information Commissioner in accordance with the requirements of the Privacy Act. We will take reasonable steps to contain the spread of any personal information that is subject to an eligible data breach. The steps we take will depend on the nature and extent of the eligible data breach. We will take reasonable steps to assist affected persons to mitigate any harm caused by an eligible data breach.

We will implement appropriate policies and procedures, including cybersecurity measures, to reduce the risk of data breaches. We will conduct regular reviews of our data breach policies and procedures to ensure that they are consistent with best practice in our industry. Following any eligible data breach, we will conduct a review of our policies and procedures and take appropriate steps to address the cause(s) of the data breach.

Where multiple organisations are involved in an eligible data breach, we are not required to notify you if another organisation has done so. In this case, we may still notify you if we consider this necessary to assist you to mitigate harm caused by the eligible data breach.

COMPLAINTS

If you are concerned about a possible interference with your privacy or a breach of this Privacy Policy, please contact our Privacy Officer (details below).  All complaints must be made in writing.

All complaints will be addressed confidentially and within a reasonable time from receipt by our Privacy Officer.

If you are not satisfied with our response to your complaint, you can refer the matter to the Office of the Australian Information Commissioner (OAIC).  Generally, you will be required to enquire with us prior to the OAIC addressing your complaint.

More information is available at: https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint

CONTACT US

If you require any further information regarding this Privacy Policy or how we collect, hold and use your personal information, please contact our Privacy Officer at:

Privacy Officer
Tasracing Pty Ltd
PO Box 730
GLENORCHY  TAS  7010
privacy@tasracing.com.au

This Policy is to be reviewed and endorsed by the Audit and Risk Committee (ARC) every three years, or when there is a significant change to the external environment or internal organisational structure.  The ARC is responsible for approving this Policy.

Version 3 – August 2024