Privacy Policy
The Council of Trustees of the National Gallery of Victoria (NGV) is committed to managing the Personal Information it collects, stores, manages and disposes of in compliance with relevant legislation.
Application
This Policy applies to all Personal Information, including Sensitive Information and Health Information, generated or held by the NGV, which directly or indirectly identifies an individual.
All NGV employees, volunteers, work experience students and interns must comply with this Policy in relation to the use of all Personal Information and Health Information including collection, storage, management and disposal.
Context
This Policy is informed by the legislative requirements of the:
- Public Records Act 1973 (Vic)
- Health Records Act 2001 (Vic)
- Freedom of Information Act 1982 (Vic)
- Privacy and Data Protection Act 2014 (Vic)
Where a requirement of the Privacy and Data Protection Act 2014 with respect to the handling of Personal Information is inconsistent with a provision in another Act, that other provision prevails.
Key Principles
- The NGV will only collect Personal Information that is necessary for the achievement of its organisational and strategic objectives and for the purpose of exercising its functions and lawful powers.
- The NGV will appoint an NGV Privacy Officer. The NGV Privacy Officer is responsible for coordinating responses to any privacy issues raised by members of the public or employees and advising employees about their privacy responsibilities.
- The NGV will take reasonable steps to ensure that individuals are aware that Personal Information may be collected, the reasons for the collection, and provide information on how people can contact the NGV Privacy Officer.
-
The NGV may collect Personal Information related to the following functions and services:
- the employment and engagement of staff, volunteers and contractors;
- dealings with visitors or potential visitors, including ticket sales, comments, participation in market research, evaluation, competitions and promotions, education, public programs;
- fundraising and membership;
- NGV governance;
- stakeholder management;
- Collections, research and exhibitions;
- commercial management;
- general operations.
Personal Information relating to some of these functions and services may be collected in electronic form, for example through the NGV's website when creating an online account with the NGV for purchasing tickets, memberships or subscribing to e-News.
- The NGV will collect Personal Information in a lawful and fair manner. Where practical and reasonable to do so, the NGV will obtain personal information direct from the individual to whom it pertains, although at times we may collect information about a person from someone else, for example where a membership is being purchased as a gift.
- The NGV will not use Personal Information for purposes other than those for which it was collected unless prior consent has been obtained. Personal Information will not be disclosed to third parties without consent from the individual to whom it pertains. In certain circumstances, the NGV may need to disclose Personal Information. This will only occur as provided for by the Privacy and Data Protect Act 2014, for example if the NGV is required to disclose Personal Information by law.
- The NGV will take reasonable steps to ensure the Personal Information is accurate and complete.
- Individuals have a right to seek access to their Personal Information or make corrections. Contact should be made to the NGV FOI Officer (foi@ngv.vic.gov.au).
- The NGV will not assign individuals with another organisation’s Unique Identifier unless it is necessary to carry out an organisational requirement or is required by law.
- Where lawful and appropriate, the NGV will provide individuals with the option of remaining anonymous when entering into transactions with the NGV.
- The NGV will provide secure information storage systems and procedures for the management of both physical and electronic information to minimise the risk of misuse, loss, unauthorised access, modification or disclosure, in accordance with data security standards issued from time to time by the Victorian Commissioner for Privacy and Data Protection.
- Records containing Personal Information will be disposed of in accordance with approved disposal schedules under the Public Records Act 1973.
- Unless compelled otherwise by law the NGV will not transfer Personal Information outside Victoria unless it reasonably believes the recipient is subject to a law or binding obligation which imposes restrictions on the use of that information that are substantially similar to the Information Privacy Principles.
- The NGV will endeavour to ensure that Contracted Service Providers or Third Parties with whom it engages are bound to comply with the requirements of the Privacy and Data Protection Act 2014.
- Any Health Information held by the NGV will be treated in accordance with the Health Records Act 2001.
- If an individual has a complaint about the conduct of the NGV in relation to the collection, storage, use or disclosure of Personal Information or Health Information, they may send details of the complaint in writing to the NGV Privacy Officer (privacy@ngv.vic.gov.au). The NGV Privacy Officer will investigate alleged breaches of the Privacy and Data Protection Act 2014.
- If an individual has a complaint about the conduct of the NGV in relation to the collection, storage, use or disclosure of Personal Information or Health Information, they may send details of the complaint in writing to the NGV Privacy Officer (privacy@ngv.vic.gov.au). The NGV Privacy Officer will investigate alleged breaches of the Privacy and Data Protection Act 2014.
Definitions
Information Privacy PrinciplesInformation Privacy Principles means any of the Information Privacy Principles set out in Schedule 1 of the Privacy and Data Protection Act 2014.
Personal InformationUnder the Privacy and Data Protection Act 2014 “Personal Information” means information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent or can reasonably be ascertained, from the information or opinion.
Examples of information that may be personally identifying either alone or in combination are:
- Name
- Photograph
- Title
- Email Address
- Telephone or fax numbers
- Driver's license number
- Video
- Gender
- Ethnicity
- Banking details, such as branch location, account number and funds available
- Date of birth
- Interview notes
- Employee security pass number
- Employee logon ID
- A performance appraisal report on a staff member
Under the Health Records Act 2001 “Health Information” includes information or an opinion about (i) the physical, mental, or psychological health (at any time) of an individual; or (ii) a disability (at any time) of an individual” where the Health Information is also personal information.
Examples of information that may be personally identifying either alone or in combination are:
- Health diagnosis
- Information on special needs to access collections
- A performance appraisal report on a staff member
Under the Health Records Act 2001 "Health Information" includes information or an opinion about (i) the physical, mental, or psychological health (at any time) of an individual; or (ii) a disability (at any time) of an individual” where the Health Information is also personal information.
Examples of information that may be personally identifying either alone or in combination are:
- health diagnosis
- information on special needs to access collections
- a performance appraisal report on a staff member.
Under the Privacy and Data Protection Act 2014 a Contracted Service Provider means a person or body who provides services under a State contract.
Third PartyUnder the Privacy and Data Protection Act 2014 a Third Party means a person or body other than the organization holding the information and the individual to whom the information relates.
Unique IdentifierUnder the Privacy and Data Protection Act 2014 a Unique Identifier means an identifier (usually a number) assigned to an individual uniquely to identify that individual for the purposes of the operations of the organisation but does not include an identifier that consists only of the individual's name.
Breach of Policy
In the case where this, or related policies, are breached resolution will be according to the NGV Performance and Discipline policy.
Further Information
- NGV IT Acceptable Use Policy
- NGV Performance and Discipline Policy
- NGV Protected Disclosure Procedures
- NGV Records Management Policy
- NGV Electronic Information Security Policy
- NGV Enterprise Agreement
- Code of Conduct for Victorian Public Sector Employees
- NGV Privacy Statement
Further information about the Privacy and Data Protection Act 2014 (Vic) is available on the website of The Office of the Victorian Information Commissioner at www.ovic.vic.gov.au.
Approval
Approved by the Council of Trustees 15 December 2015
Next Review
3 years
Privacy Statement
The National Gallery of Victoria is committed to protecting the privacy of our visitors, and those who use our digital media (such as our website, apps, social media or interactives), or interact with us in other ways. We understand that people are concerned about their privacy and the confidentiality and security of any information that is provided.
The NGV Privacy Statement aims to provide you with information on:
- What information we collect and how
- Why and how we use that information
- Accessing your information
What information we collect
The information we collect from you depends on how and why you have interacted with us. The NGV may request, collect and record the following kinds of information in either electronic or hard copy format:
1. Contact and registration informationThe types of contact and registration information you may be asked for, include:
- Name
- Email address
- Home or postal address
- Phone number
- NGV Membership number (if you are a Member)
- Official identification (such as a driver’s licence)
- Subscription preferences or interests
2. Other personal information
In addition to the contact and registration information listed above, when you interact with us, you might provide information such as:
- Your opinion
- Information specific to your interaction or experiences with the NGV (for example, if you are making a complaint)
- Recordings of yourself and others (such as photos, videos, and drawings)
- Banking information (if you are making a purchase or donation)
- Transaction history
- Social media information (such as your social media username and profile, or a post where you’ve used an NGV-related handle, tag or comment)
- Other personal information (for example, your work experience if you apply for a job with us)
3. Cookies and other tracking data
The NGV’s website and apps use cookies and Google Analytics to enable us to monitor, analyse and improve our digital services.
Cookies are small data files sent from a website and stored on your computer or device. They allow the website to remember your details within a session, and to facilitate transaction functions. Cookies are also used by the NGV for site improvement and analysis purposes, as they provide information about user behaviour on our website. This information is also used to analyse how well our information is reaching our users, and to improve the relevance of promotional information.
Google Analytics is a service which transmits digital traffic data to Google servers. Google Analytics does not identify individual users. The NGV uses reports provided by Google Analytics to help understand digital traffic and usage.
Some of our apps, such as the NGV App, may also use Bluetooth and Location Services on your phone in order to provide you with location-specific services or information, and to provide the NGV with feedback on the use of the app, to help us improve our services. You can control the app’s access to your phone’s Bluetooth and Location Services in your phone’s settings.
How we collect this information
We may request, collect and record the types of information listed above when:
-
You have an enquiry or complaint
The most common way for people to contact us with an enquiry or complaint is by emailing us; filling in an online or hardcopy form; sending us a hardcopy letter; by telephone, or speaking to one of our staff; or on occasion, via one of our social media platforms.
-
You are registering, or making a booking, with us to receive a product or service
This can include, but is not limited to, purchasing an NGV Membership (for yourself or as a gift for someone else); subscribing to our eNews service; creating an online account with us to purchase exhibition tickets from our website; making a group or school booking.
-
You are entering an NGV competition
From time to time, the NGV holds competitions. Entry into each competition may vary, and may include, but is not limited to, completing an online competition form; using a designated hashtag on a selected social media platform; or becoming an NGV Member during the promotional period.
-
You are using an NGV app or digital interactive
The NGV often provides digital interactives or apps as part of an exhibition or general Gallery experience, for visitors to use. Our interactives and apps will often provide you with the opportunity to share something with another person. For example, where the interactive or app allows you to create something (like a photo, drawing or short video), we will often provide you with the opportunity to send a copy of your creation to yourself or another contact, via email. Depending on the interactive or app, your creation might also be included as part of a display (for example, on a screen in the exhibition space). Some apps, such as the NGV App, may require access to Bluetooth and Location Services on your phone, in order to provide location specific services or information, and provide usage feedback to the NGV.
-
You are making a social media post
The NGV uses various forms of social media to engage with the public, and for promotional purposes. You may choose to connect with the NGV via social media by posting directly on one of our social media profiles (for example, commenting on an NGV Instagram post), or through the use of tags, handles or comments on your own account. The NGV may re-post something via its own social media profile. Please note that any posts you make directly on NGV social media channels, including our Facebook, Twitter or Instagram accounts, may be publicly available. We recommend that you become familiar with the privacy settings and terms of your social media account/s.
-
You are using the NGV website
The NGV uses cookies and Google Analytics to monitor, analyse and improve our digital services.
-
You are making a purchase or donation
This can include, but is not limited to, purchasing a product from our NGV Design Store (usually for online purchases where postage is involved, but there may be other instances where you might need to provide personal information); purchasing a ticket to an exhibition or program online or via telephone; hiring an audio guide for one of our exhibitions; purchasing an NGV Membership; or making an online donation to support us.
-
You are applying for a job, internship, work placement or volunteer opportunity
This includes ‘cold calling’, if you submit a resume/CV or portfolio unsolicited. The NGV may also contact a third party for information about you (for example, your nominated referee).
-
You are attending a display, exhibition, program or event at the NGV
The NGV may take photographs, film or audio recordings of its displays, exhibitions, programs or events, for reporting, archival and promotional purposes. The NGV also uses closed-circuit television (CCTV) cameras to monitor the safety and security of visitors and works on display.
-
You are completing a visitor survey
The NGV regularly conducts visitor surveys to monitor, analyse and improve our visitor services and experiences. Participation in these surveys is purely voluntary, and visitors can complete the survey anonymously. The NGV only receives aggregated responses to visitor surveys.
Why and how we use this information
We will only collect information from you for purposes related to our core functions, and to help us provide you with a better service. This includes:
-
Enabling you to engage with the NGV and our Collection, displays, exhibitions, programs, events, resources and services
-
Providing you with the information, product or service you have requested
-
Promoting the NGV Collection, displays, exhibitions, programs, events, resources and services
-
Giving you a more personalised experience
-
Understanding your experience and/or expectations as a visitor, so that we can improve our services and the experiences we provide.
The NGV will only use, and if necessary, disclose, your personal information for the main purpose for which it was collected, and any appropriate secondary purposes (as outlined in the Victorian Privacy and Data Protection Act 2014), such as where you have consented to the secondary use or disclosure, or where the NGV considers you would reasonably expect us to use or disclose the information.
Relevant NGV staff and contractors may access the information we collect, but only to the extent necessary to provide services to you on behalf of the NGV.
Depending on how you contact us, you may be able to choose how much information you provide (for example, only an email address). However, the level of information that you provide to us may affect our ability to provide you with the information, product or service that you have requested.
Third Parties
To enable us to provide and manage the information, product or service you have requested, the NGV may need to make your information available to a third party. Where possible, the NGV will endeavour to ensure that these third parties follow similar standards and obligations to those required of the NGV under the Privacy and Data Protection Act 2014, and that they only use your information for the specific purpose and service they are providing to you or the NGV.
The NGV commonly engages third parties to facilitate or provide the following services:
- Mass email communications (such as eNews)
- Online purchases and bookings (including exhibition tickets, online donations and purchases from our NGV Design Store)
- Visitor research
- Food, beverage and commercial hire services
- Security services
- Financial transactions (including online transactions)
- Customer Relations Management
- Analysis of website and other digital traffic and use
- Development of interactives and apps
- Administration of competitions
The NGV may also partner with other organisations to deliver exhibitions, programs or events (for example, a series of talks or musical performances).
At times, the NGV may need to disclose personal information to other State and Federal Government agencies and departments, such as Creative Victoria (for example, to help resolve a complaint). On occasion, the NGV may also be legally required to disclose personal information, for instance to the police, courts or other authorised organisations.
Security
The NGV aims to safeguard your information to the best of its abilities, through a combination of technical, administrative and physical measures. This includes the use of Secure Socket Layer (SSL) encryption to protect information transmitted across the internet. We also comply with the Payment Card Industry Data Security Standard (PCI DSS).
However, if you have reason to believe that your interaction with us is no longer secure (for example, if you feel that your online account has been compromised) please contact the NGV Privacy Officer at privacy@ngv.vic.gov.au.
Please note some third party platforms that you might use to engage with us (for example, Facebook or PayPal) are not under our control. If you have concerns about using these platforms, we encourage you to carefully consider their terms and conditions and other relevant policies.
Accessing your information
To access, update or correct your personal information, please contact the NGV Privacy Officer at foi@ngv.vic.gov.au.
Online accounts
If you have created an online account with the NGV, you can access and update your information by logging in to the NGV website and selecting ‘My Account’. You can also update your eNews subscription interests/preferences, and view your Order History and Membership History, through your online account.
Further information
For more information about Privacy at the NGV, please see our Information Privacy Policy or contact the NGV Privacy Officer at privacy@ngv.vic.gov.au.