We value the privacy of your personal and sensitive information.
Personal information is generally considered information or an opinion relating to an individual, which can be used to identify that individual (including name, address, telephone number and email address).
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. Examples include information about an individual’s racial or ethnic origin; health or medical information; membership of a political association, professional or trade union; criminal record; or genetic information.
We are committed to protecting the information we collect, hold and use by complying with our obligations under the Personal Information Protection Act 2004, the Australian Privacy Principles (Principles) contained in the Privacy Act 1988 (“Privacy Act”), and the European Union Regulation 2016/679 – General Data Protection Regulation (“GDPR”)
Why we collect personal information
We will not collect your personal information unless collection of such information is reasonably necessary to enable us to carry out one or more of our functions and/or activities.
These functions and activities generally include:
- The organisation and administration of racing activities and the racing industry in Tasmania;
- Promoting Tasmanian racing locally, nationally and internationally;
- Establishing online accounts for website users and running competitions;
- Promoting the development of an efficient and effective racing industry;
- Corporate governance, strategic direction and funding of racing in Tasmania;
- Providing advice to the Minister and making appropriate policy recommendations for the development of racing;
- Race programming and allocation of race days;
- Handling complaints and enquiries;
- Conducting tenders and entering contracts;
- Ensuring compliance with regulatory and legislative requirements, including drafting and enforcing the Rules of Racing; and
- Managing other services we provide under the Rules of Racing or applicable legislation.
What personal information is collected
We hold electronic and paper records containing personal information which can broadly be divided into two classes:
- personal information relating to employees; and
- personal information relating to our business and service delivery functions and activities.
This personal information includes identity and contact information such as name, postal or email address, telephone numbers, social media handles and date of birth, as well as financial details in certain circumstances.
We may also collect sensitive information where it is necessary to do so and typically only information regarding health or medical matters.
How we collect and store personal information
We collect personal information directly from you including by telephone, mail, email and online.
We may also collect personal information indirectly from publicly available sources or from third parties, such as applicants or complainants, in the course of managing complaints, data breach notifications, reviews or investigations.
We also collect personal information through our websites or social networking services (e.g. Facebook and Twitter) as well as in performing our functions under relevant legislation.
We note that sensitive information is only collected where you consent or where the collection of the information is required or authorised by law.
Personal information that is collected from our websites is stored in the Amazon Web Services (AWS) server in Australia. We also use Mailchimp and SendGrid to manage our mailing lists, and Braintree in relation to electronic transactions. You can access the privacy policies for these companies on their websites.
We have processes in place to ensure the security of your personal information. We may store your personal information in paper or electronic form, or in the cloud.
Only certain employees have access to personal information held by us, in order to protect the information from misuse, modification and unauthorised access.
If we no longer require any information for any purpose for which the information may be used or disclosed, we will take reasonable steps to destroy the information.
You have the right to require us to erase personal information which relates to you if one of the following applies:
- the personal information is no longer necessary for the purposes for which it was collected;
- you withdraw your consent to the processing;
- the personal information is unlawfully processed within the meaning of the GDPR; or
- you exercise your right to object to the processing of any personal information stored by us which relates to you, and we are unable to demonstrate compelling legitimate grounds for the processing which override the interest and rights of you for the establishment, exercise or defence of a legal claim.
Use and disclosure of personal information
We use information in the furtherance of and in connection with the performance of our functions, activities and legislative powers.
We may use or disclose personal information for the purpose for which it was collected and for other purposes permitted by the Privacy Act, including where:
- you have consented;
- you would reasonably expect us to use or disclose the information for that other purpose, in circumstances where it is related to the purpose for which it was collected; or
- use or disclosure is authorised by law or a court/tribunal order.
We may use or disclose personal information (not sensitive information) to third parties for the purposes of direct marketing services related to the racing industry. Any individual will be able to opt-out of such direct marketing at any time if they choose by clicking on the relevant link at the footer of the emails received from us or by contacting our Privacy Officer (contact details below).
We will not disclose or use sensitive information for purposes other than which it was collected unless you explicitly consent to the use or disclosure or where you would reasonably expect us to use or disclose the information for that other purpose, in circumstances where it is directly related to the purpose for which it was collected.
When personal information is disclosed to third parties, appropriate care is taken to ensure the information is protected from misuse.
It is not likely that we will disclose information to overseas recipients.
However, if we do disclose your personal information to a third party which is located overseas, we will take reasonable steps to ensure that the overseas recipient handles your personal information in accordance with the standards required under the Privacy Act.
Accessing your personal information we hold
You can access your own personal information by contacting our Privacy Officer (details below). We will respond within a reasonable period after the request is made.
We will not charge you for making a request for access to personal information unless the request is particularly complex or requires detailed searching of our records.
If you believe there are errors in the personal information that we hold about you, you can ask us to correct that information. We will consider any request by you to change or correct personal information and advise of any action taken.
You can also:
- request that we restrict the processing of your personal information; and
- object to our processing of your personal information (your right to object is outlined above under ‘Erasure’).
In certain circumstances we may refuse or deny you access to information in part or in full. These circumstances include where:
- We believe that giving access may pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- We believe that giving access may have an unreasonable impact on the privacy of other persons;
- We believe that giving access may prejudice us in legal proceedings or negotiations;
- We believe that giving access may reveal information connected with a commercially sensitive decision making process;
- Giving access would be contrary to law; or
- The request for access is frivolous or vexatious.
Cookies are pieces of information that a web site transfers to your computer’s hard disk for record keeping purposes. The cookies simply operate as a unique identifier, which helps us to know what our customers find interesting and useful on our website.
Data collected from website use does not identify the user, allowing you to remain anonymous in our data collection.
Most web browsers are set to accept cookies, however, if you do not wish to receive any cookies, you may set your browser to refuse them.
All complaints will be addressed confidentially and within a reasonable time from receipt by our Privacy Officer.
If you are not satisfied with our response to your complaint, you can refer the matter to the Office of the Australian Information Commissioner (OAIC). Generally, you will be required to enquire with us prior to the OAIC addressing your complaint.
More information is available at: How do I make a privacy complaint
Tasracing Pty Ltd
PO Box 730
GLENORCHY TAS 7010
This Policy is to be reviewed and endorsed by Tasracing’s Audit and Risk Committee (ARC) every three years, or when there is a significant change to the external environment or internal organisational structure. The ARC is responsible for approving this Policy.
Version 2 – May 2021