National Lotteries and Newsagents Association Ltd
Privacy and Cookies Policy
Last revised and updated on 3 March 2020
The key sections of this policy are listed below:
- Collecting Personal Information
- Use of Personal Information
- Disclosure of Personal Information
- Access to Personal Information
- Security of Personal Information
- Contact us
Personal Information is any information or opinion (recorded in any form) about an identified individual or an individual who is reasonably identifiable, whether true or not.
NLNA complies with the privacy principles under the Australian Privacy Act 1988 (Cth) (as may be amended from time to time) (Privacy Act).
Collecting Personal Information
The information we collect
We only collect Personal Information about you that is necessary to perform our functions and activities.
The categories of Personal Information which NLNA may collect and hold will depend on the type of products or services that it provides to you. We may collect the following types of Personal Information:
- contact information (including full name, email address, mailing address and telephone/mobile phone number);
- location information (e.g. GPS location);
- demographic information (including age and gender);
- information provided in connection with the use or purchase of any products or services supplied by NLNA (e.g. billing and account information, including payment card and bank account information);
- information about transactions with us (e.g. purchase history, redeeming offers and earning points) and use of our products and services; and
- information provided by you through NLNA related communication channels such as social networking sites managed or owned by NLNA, telephone and/or email support, customer service, customer surveys, prize draws, competitions, promotions, special events or other offers.
We also automatically collect certain information about your device, including information about your web browser, IP address, device IDs, time zone, and some of the cookies that are installed on your device.
When you use a NLNA System, the relevant server may cause a small data file called a “cookie” to be saved to your computer’s memory.
For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
As is common on the internet, we may track usage patterns on the NLNA Systems. Your identity cannot reasonably be ascertained from this information. Each time you visit the NLNA Systems, the relevant web server makes a record of your visit. Specifically, it records:
- your IP address;
- your internet provider;
- your browser type;
- the date and time of your visit;
- pages viewed;
- any search items entered; and
- referring/exit pages.
We may use “web beacons”, “tags” and “pixels” on the NLNA Systems from time to time. Web beacons, tags, and pixels are electronic files used to monitor your behaviour and collect data about how you browse the NLNA Systems. For example, web beacons can be used to count the users who visit the NLNA Systems or to deliver a cookie to the browser of a visitor viewing a site.
How we collect information
We may collect Personal Information in a number of ways, including:
- directly from you (e.g. when you provide information online, by phone, in application forms or in agreements);
- from an associated entity of NLNA including the Victorian Association for Newsagents;
- from our own records of how you use NLNA Systems;
- from social networking sites managed, used or owned by NLNA;
- from publicly available sources of information such as market research providers; and
- from third party companies such as credit reporting agencies and our business partners.
If you do not provide the Personal Information requested, we may not be able to provide the products or services you require, or the level of service on which we pride ourselves.
Sensitive information is a specific type of personal information that includes health information and information about an individual’s race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual preferences and criminal history.
The privacy principles under the Privacy Act impose greater obligations on us regarding any collection, use or disclosure we make of your sensitive information. We will only collect your sensitive information where it is reasonably necessary for or directly relates to our functions or activities and if:
- you have expressly consented to us doing so; or
- we are required to do so by law.
Use of Personal Information
Any Personal Information we collect about you will be used for the purposes for which it was collected and for related purposes that would reasonably be expected by you. These purposes will generally be to facilitate the relationships we have with you, to comply with our legal obligations, and to pursue our legitimate business interests. Specifically, this may include any one or more of the following:
- to communicate with you;
- to enable you to access and use the NLNA Systems;
- to operate, protect, administer and manage the NLNA Systems (including collecting and processing payments and completing transactions);
- to carry out credit checks and obtain credit reports;
- to screen for potential risk or fraud;
- to research and develop our products and services, and to gain an understanding of your needs in order for us to provide you with better products and services;
- to maintain and develop our business systems and infrastructure;
- to provide you with information, marketing or promotional messages or advertising which we believe may be of interest to you, including information on our products or services and information on third parties (who may or may not have a relationship with us);
- to improve and optimise our products and services (for example, by generating analytics about how our users browse and interact with the NLNA Systems, and to assess the success of our marketing and advertising campaigns); and
- to consider any employment application you may make (where applicable).
With your consent or on your request and as described above, we may use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you.
When you provide us with information about yourself, you will usually be given the option to let us know that you do not want that information to be used for direct marketing purposes, whether by ourselves or by any third party. If you do not take up that option, you are deemed to have agreed to the use of your information for direct marketing. You can change your mind about your preferences in respect of direct marketing by contacting us using any of the contact details set out below. In addition, if you receive direct marketing from us, you will be reminded in that communication that you are able to request a change to your preferences and we will respect your request.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by Facebook and Google using the links below:
FACEBOOK – https://www.facebook.com/settings/?tab=ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
If you opt out from targeted advertising, you may see advertising that is not relevant to you.
Do Not Track
At present, there is no industry standard for recognizing “Do Not Track” browser signals, so please note that we do not alter the data collection and use practices on the NLNA Systems when we see a “Do Not Track” signal from your browser.
Disclosure of Personal Information
When we disclose your Personal Information
We will generally only use or disclose your Personal Information after obtaining your consent. We will only disclose Personal Information for the purposes to which you have agreed or for related purposes that would reasonably be expected by you.
By using the NLNA Systems and/or indicating your consent via a Privacy Statement, you consent to us disclosing your Personal Information to:
- our employees;
- to our suppliers (including service and content providers), contractors, dealers, agents, and business partners who perform services for us;
- payment system operators (e.g. merchants receiving card payments);
- our existing or potential agents, business partners or partners;
- our member associations being VANA Limited;
- our sponsors or promoters of any competition that we conduct via our services;
- to credit reporting agencies for purposes permitted under applicable laws;
- to our professional advisers, including our accountants, auditors, lawyers and insurers;
- to anyone with whom we enter into, or intend to enter into, a transaction that alters the structure of some or all of our business (e.g. merger, sale, joint venture, assignment, transfer, change of control), for the purpose of facilitating and completing the transaction; or
- as otherwise required or authorised by applicable laws
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we may use Google Analytics to help us understand how our customers use NLNA Systems.
You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/.
You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We use every reasonable step to ensure data is stored onshore (within Australia). However, we cannot guarantee that data never leaves Australian shores due to technical limitations with internet routing systems. However, all data is encrypted in transit.
We will only consciously transfer your Personal Information overseas if:
- we reasonably believe that the recipient of the information is subject to a law or a contract which effectively upholds privacy principles substantially similar to the privacy principles set out in the Privacy Act;
- you have consented to the transfer; or
- we are otherwise required or authorised by law.
By consenting to provide us with Personal Information (whether by using the NLNA Systems, through a Privacy Statement or otherwise), you consent to the disclosure of your Personal Information to third parties who reside outside Australia and, if you are a European Union (EU) citizen, to third parties that reside outside the EU. Where the disclosure of your Personal Information is solely subject to Australian privacy laws (and not subject to the European Union’s General Data Protection Regulation (GDPR)), you acknowledge that we are not required to ensure that those third parties who reside outside Australia comply with Australian privacy laws.
Access to Personal Information
How you can access your Personal Information
You have a right to access your Personal Information. If you would like to do so, please direct your request to the privacy officer by email or post using the contact details below.
Sometimes, we may not be able to provide you with access to all of your Personal Information. This may include where giving access would be unlawful or would have an unreasonable impact on the privacy of other individuals. If we refuse you access, we will tell you why.
We reserve the right to charge a fee for searching for and providing access to your Personal Information (but not for the request itself). We may need to verify your identity as part of this process.
Accuracy of Personal Information
If you think that Personal Information we hold about you is not accurate, complete and up-to-date, you please contact us using the contact details set out below and we will take all reasonable steps to correct the information.
Additional rights if you are overseas
You may have additional rights under your local law applicable to data processing. For example, if the processing of your Personal Information is subject to the GDPR, and your personal information is processed based on legitimate business interests, you have the right to object to the processing (including profiling) on grounds relating to your specific situation. Under the GDPR, you may also have the right to request to have your Personal Information deleted or restricted and ask for portability of your Personal Information.
Security of Personal Information
We understand the importance of protecting your Personal Information. We take all reasonable precautions to protect the Personal Information we hold about you from misuse and loss, and from unauthorised access, modification or disclosure.
We maintain physical security, such as locks and security systems, over our paper and electronic data stores and premises. We also maintain computer and network security, including firewalls, scanning software to detect and block malicious code and certain unsolicited commercial emails, and other security measures (such as identification codes and passwords) to control access to computer systems. We do not guarantee that our safeguards will always work.
Note that we may not receive some email messages sent by you because of our information security software. Please also remember that if you send information to any NLNA System or to us by other electronic means, the internet and other forms of electronic communication are not a secure environment and although all care is taken, we cannot guarantee the security of information you provide to us via electronic means.
Destruction of Personal Information
We will de-identify Personal Information if it is no longer needed for the purposes for which we collected it or for the purposes of meeting legal requirements. We will properly dispose of all paper files, letters, correspondence and any other hardcopy documents that contain Personal Information that is no longer needed.
The NLNA Systems are not intended for individuals under the age of 13.
Contact us about our privacy and information handling practices
If you have any questions or would like further information about our privacy policies or practices, please contact us by contacting our privacy officer by any one of the following means:
- Email: firstname.lastname@example.org
- Telephone: (03) 8540 7000
- Post: Suite 4, 202 Ferntree Gully Road, Clayton, VIC 3168
Data breaches or complaints
If you wish to report a data breach or make a complaint about the way we have collected, used, held or disclosed your Personal Information, please contact us using the contact details listed above.
To assist us in helping you, please gather all supporting documents about the matter of complaint, think about the questions you want answered and decide on what you want us to do.
We will use the information you provide to investigate and respond to your data breach report or privacy complaint. We aim to resolve all complaints as quickly as possible. Some complaints are resolved within weeks, but more complex complaints may take longer. You may withdraw your complaint at any time.