Privacy policy
1. Preliminary
Business Events Sydney Pty Ltd ACN 002 630 364, an Australian registered company ("BESydney", "we", "our", "us") collects, uses and stores Personal Data in the manner set out in this Privacy Policy.
Where your personal information is protected by the GDPR, we will process that personal data in accordance with the GDPR. Where your Personal Data is protected by other law, for example the Australian Privacy Act 1988 (Cth), BESydney will process your personal data in accordance with that law, as well as extending you the same or similar rights as contained in the GDPR and set out in this Privacy Policy (unless it is unlawful or impractical to do so).
Our contact details are:
Name: Business Events Sydney Limited (ACN 002 630 364)
Address: Level 20, 100 William Street Sydney NSW 2011
Phone: 02 9332 5200
For Privacy Issues Email: info@besydney.com.au
For Customer Service: info@besydney.com.au
Where you are based in the European Union and your Personal Data has been collected pursuant to the terms of the GDPR, in addition to contacting us directly, you may also contact our EU Representative with any queries or requests regarding your Personal Data. Pursuant to Article 27 of Europe’s General Data Protection Regulation (GDPR), Business Events Sydney Limited has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by sending an email to privacy@edpo.brussels, using EDPO’s online request form, or writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.
Where you are based in the United Kingdom and your Personal Data has been collected pursuant to the terms of the UK General Data Protection Regulations (GDPR), in addition to contacting us directly, you may also contact our UK GDPR Representative with any queries or requests regarding your Personal Data. Pursuant to Article 27 of UK GDPR, Business Events Sydney Limited has appointed European Data Protection Office (EDPO) as its GDPR representative in the UK. You can contact EDPO regarding matters pertaining to the GDPR by using EDPO’s online request form, or by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.
The primary function of BESydney is to market and promote Sydney as a destination for Events particularly for the international market. Our processes include identifying organisations who may be interested in holding Events in Sydney, aiding and assisting organisations who wish to hold Events by providing customised bidding services, and partnering with hotels, venues and other service providers and suppliers in Sydney, who can provide goods or services to organisations running Events. Our processes involve the collection and use of Personal Data in order for us to achieve these outcomes, however BESydney is committed to protecting the privacy of our clients, customers, partners and our members. We understand that people with whom we engage are concerned about their privacy, and the confidentiality and security of any Personal Data that is provided to us.
Words that are capitalised in this Privacy Policy, such as “Personal Data” are defined in clause 8 of this policy.
2. Basis for collection
Where we intend to use your Personal Data, we will do so on the following basis:
(a) Contractual services
We may need to collect and use your Personal Data to enter into a contract with you for the delivery of our services, or in the performance of our services the subject of a contract that we have entered into with you.
(b) Legitimate Business Purposes
Where we are not processing your Personal Data to enter into a contract with you, we may still process your Personal Data where we consider you will not be detrimentally impacted by our processing, that processing is in accordance with what you would reasonably expect in the context of our use of your Personal Data, and where it is necessary to fulfil our legitimate interests. This may include, for example, use of your Personal Data to progress a bid for an Event aligned to your professional interests to be held in Sydney.
(c) Legal compliance
There are certain situations in which we may be required to process your Personal Data in order to comply with the law, for example if we are subject to an order of the Court requiring such processing.
(d) Consent
In circumstances where we request your explicit consent we will provide an explanation of the nature of the processing to which you are consenting. You can withdraw your consent at any time by contacting BESydney using the contact information contained in section 1. Where your Personal Data has been collected under the GDPR, you may also contact our EU Representative.
3. Anonymity
Due to the nature of the services provided by BESydney it is generally impractical for us to deal with you without knowing your name and your contact details. However, where it is practical for us to do so, we shall provide you with the option to deal with us anonymously or by using a pseudonym.
4. Collection of information
4.1 How we collect information
We collect information in a variety of ways, including through our website, through communications that we receive from you (whether electronic or otherwise), or when you otherwise voluntarily provide us with your Personal Data (for example, by providing one of our staff members with your business card).
We also collect Personal Data from publicly available databases, our associates that are known or may be known to you, websites and social media platforms, such as LinkedIn, Facebook and your employer’s website.
The Personal Data which may be collected by BESydney includes:
(a) your full name;
(b) your email address;
(c) phone and facsimile number;
(d) your occupation;
(e) details about your business and/or employer including company name and organization type;
(f) the department in which you are employed and your title;
(g) additional information about your company such as business activities, number of employees and industry;
(h) information that you provide to us voluntarily and directly, including in any enquiry made to us; and
(i) your IP address.
All of this information is processed for the purposes specified in clause 5.2.
4.2 Our website
Whenever you visit our website, our servers automatically record information for statistical purposes about your usage of our website, such as:
(a) the type of browser used;
(b) the referring URL;
(c) the IP address;
(d) the number and type of pages viewed;
(e) the date and time of visits;
(f) the exit URL.
This information remains anonymous and we do not link it to any other Personal Data unless you have either registered as a member of BESydney or logged on as a member of BESydney at the time of use. Accordingly, if you have not identified yourself on the website, such as by registering as a member or logging on as a member, we will not link a record of your usage of our website to you personally.
4.3 Contact Us Form
The “Contact Us” form on our website requires you to provide us with your personal information to enable us to provide you with the information or assistance that you have requested. In particular you may be asked to provide information of the nature described in clause 4.1. If you do not provide the information requested, we may not be able to provide you with an adequate response, or the assistance or service you have requested.
4.4 Website Enquiry
The enquiry functionality on our website enables you to directly contact one of our partners or members via an email/contact form, so that they can then contact you directly. If you complete a contact enquiry on our website, then we may collect any or all of the information specified in clause 4.1.
By completing and submitting the enquiry form, you acknowledge and agree that your Personal Data will be provided to the third-party suppliers you have selected, and in addition a record of this enquiry will be recorded in our CRM system. You also acknowledge that such disclosure is reasonably necessary in order for us to provide you with the services that you have required by way of making the website enquiry.
4.5 Newsletter subscribers (via website)
If you subscribe to our newsletter via our website, then we will collect sufficient information from you to enable us to forward you our newsletters as they are produced. If you do not provide the requested information we may be unable to provide you with our newsletters. The information we collect is used for the purposes described in this Privacy Policy.
4.6 Cookies
(a) We utilise "cookies" which enable us to monitor traffic patterns and to serve you more efficiently if you revisit our website. A cookie does not identify you personally, but it does identify your computer. You can set your browser to disable cookies or to notify you when you receive a cookie and provide you with an opportunity to either accept or reject it in each instance. If you disable cookies, you may not be able to access certain areas or features on our website.
(b) Information collected via cookies may be used by us and third-party vendors to:
(i) support Google Analytics for Display Advertising, including Remarketing and Google Display Network Impression Reporting to advertise our services online;
(ii) optimize, personalize and serve ads based on your past visits to our website;
(iii) report uses of ad services, and interactions with ad impressions and how they are related to visits to our website.
You can customize or opt out of Google Analytics for Display Advertising using the Ads Settings for your Google account.
4.7 Third Party Advertisements
We may allow third parties, including authorized service providers, advertising companies and ad networks to serve advertisements on our website. Any information that these third parties collect via cookies is completely anonymous and is non-identifiable.
4.8 Use of Google Analytics
Our website uses Google Analytics, a web analysis service operated by Google Inc. (“Google“). Google Analytics uses cookies (text files) which are sorted on your computer and which allow for analysis of your visits to be conducted. Information concerning your visit produced through cookies (including IP address) will be transferred to and stored on a server in the USA operated by Google. Google will analyse this information to produce a report for the operator on website usage and online usage of associated services. Google may also transfer this information to third parties either where this is required by law or where third parties are contracted by Google to process data. Google will not allow your IP address to be linked to any other personal data. You can prevent cookies being installed on your computer by changing your browser settings; however, if you choose to do this, your visit to our website and use of some functionality may be impaired.
4.9 Members
If you apply to become a member then as part of the registration process, we collect information about you in order to provide you with the full benefits of membership. We collect non-identifying information as well as Personal Data from you directly when you first register and also from time to time thereafter if you provide us with additional information.
4.10 Event Surveys
After an Event has been held, the University of Technology Sydney, on behalf of BESydney, may survey both the organisers and attendees of an event in order to obtain their feedback. The survey data is collected and retained by the University of Technology Sydney in order for them to collate that data. The survey can be completed anonymously. However, a prize is offered to those participants who complete the survey, and in order for that prize to be delivered, the name and contact details of the individual will need to be provided.
4.11 Publicly available websites
Sometimes we obtain person information from publicly available databases, such as association websites, university websites, employer websites and social networking sites such as LinkedIn, and Facebook. We collect this information for our legitimate business purposes and in order for us to make contact with you, usually about an Event, or a proposed Event, or for one of the purposes set out in clause 5.2.
4.12 Third parties
We sometimes collect Personal Data from organisations or people that are known to you. This information is collected:
(a) in the pursuance of our legitimate business purposes so that we can contact you about Events or proposed Events, or to provide you with information in which we believe you may have an interest. Where information is collected in this manner, then we shall contact you as soon as practicable to notify you that we have collected your Personal Data and the reasons why; or
(b) For the purpose described in paragraph 5.2(a). Where Personal Data is collected for this purpose, we collect only your name and the name of your employer or business.
5. Purposes of collecting, holding, using and disclosing personal information
5.1 Collection
Where it is reasonable or practical to do so, we will endeavour to only collect Personal Data from you.
Where it is not reasonable or practical to collect Personal Data from you, where we have received unsolicited Personal Data, or where Personal Data has been collected and processed in accordance with clauses 4.11 and 4.12, then we shall notify you as soon as practicable after we have processed the Personal Data to:
(a) tell you why we have processed the Personal Data;
(b) advise you of your rights to deal with the Personal Data as set out in this Privacy Policy, including requesting access, rectification and erasure of such Personal Data; and
(c) to give you the opportunity to opt out of receiving any further communications from us.
5.2 Purposes of collecting Personal Information
We will only collect Personal Data that is reasonably necessary to:
(a) identify and progress business event opportunities, through our research and business development activities, to build:
(i) profiles of various industry sectors;
(ii) relationships with key influencers within those sectors; and
(iii) a comprehensive database of intelligence around those industry sectors;
(b) provide bidding services to clients and potential clients who wish to host a business event in New South Wales;
(c) support event organisers who have confirmed business events to be hosted in Sydney or New South Wales through connectivity with key stakeholders;
(d) build and maintain a network of connected stakeholders from government, associations, academia and corporate sectors who will actively participate in, or benefit from business events hosted in Sydney or New South Wales;
(e) profile Sydney and New South Wales as a pre-eminent business events destination;
(f) acquire and maintain a membership base for the company, including processing applications for membership and providing membership services;
(g) undertake industry research and statistical analysis (including market segmentation and customer value analysis);
(h) perform internal research and for statistical purposes (including market segmentation and customer value analysis);
(i) enable us to forward to you other information or material which you have requested or we believe may be of interest to you;
(j) enable your employment at BESydney
(k) deal with any enquiry you may have, or may make to us, including if you were to apply for a job at BESydney;
(l) to deliver funding/grant programs on behalf of key stakeholders; and
(m) achieve the purposes described in clause (a) – (k) above.
If you are a client of BESydney or you are a member of the organising committee of a client who will be holding an Event, or you request BESydney to do so, then your contact information and details about the proposed Event may be provided to members of BESydney in order for them to assist you with goods and services that may be required in order to run your Event. Prior to providing this information to members, we will obtain your consent.
The purposes described in 5.2 are the primary purposes of collecting your information (the “Primary Purposes”).
5.3 Holding of Personal Data
(a) Security
We take reasonable steps to protect Personal Data that we hold from:
(i) misuse, interference and loss; and
(ii) unauthorised access, modification or disclosure.
All staff and third party providers with access to Personal Data, including third party data storage providers, are required to comply with appropriate information security industry standards. Although we work to ensure our security systems are current with regard to technological changes, there is always risk associated with the transmission of information via the internet. You acknowledge that we cannot guarantee the security of any data transmission, and as such and data transmission is entirely at your risk. Once we have received your information, we will take reasonable steps to use procedures and security features to try to prevent unauthorised access, modification or disclosure.
(b) Destruction of Personal Data
If:
(i) we hold Personal Data about you; and
(ii) we no longer need the Personal Data for any purpose for which the information was originally processed; and
(iii) we are not required by law, a regulatory authority or a court or tribunal order to retain the information,
we will take reasonable steps in the circumstances to destroy the information or to ensure that the information is de‑identified.
(c) Use and disclosure of Personal Data
We will only process or disclose Personal Data for the Primary Purpose in accordance with the terms of this Privacy Policy.
We will not process or disclose any Personal Data about you for any purpose other than the Primary Purpose (the “Secondary Purpose”) unless both of the following apply:
(i) the Secondary Purpose is related to the Primary Purpose; and
(ii) you would reasonably expect us to use or disclose the Personal Data for the Secondary Purpose; or
(iii) you have consented to the use or disclosure; or
(iv) the use or disclosure of the Personal Data is required or authorised by law, a regulatory authority, or a court or tribunal order.
5.4 Use of AI Models
(a) You acknowledge and agree that we may utilise third-party software and websites that are built on artificial intelligence models (such as Bard or Chat GPT) (AI Models) for processing data for the specified purposes in clause 5.2.
(b) We will ensure that our use of AI Models will be consistent with our privacy obligations under this Policy, the APPs, the GDPR and any contractual obligations between us and our clients or partners.
(c) Disclosure will be made to third-party AI Model providers in accordance with clause 5.5.
(d) When using AI Models we will:
(i) aggregate or de-identify any Personal Data inputs of the AI Models;
ii) avoid the use of sensitive information without your explicit consent; and
(iii) ensure oversight on the use of AI Models by our employees and personnel to verify input and output data.
(e) We will not use AI Models for automated decision making in any of our processes.
5.5 Disclosure to Overseas recipients
If you are a member then certain information about you will be publicly viewable on the members’ section of our website, irrespective of the location of the viewer. By becoming a member, or if you agree to be the contact for a member, you acknowledge that overseas recipients will be able to view information about you.
In order to provide customer support, perform back office functions, store data, undertake fraud prevention tasks or provide services to you we may need to allow our staff or suppliers (who may be located or whose resources may be located Overseas) to access and process your Personal Data. We have implemented security measures to protect the security of your Personal Data. However, as with any transfer of data, there are still risks of data breaches.
Where you are based in the European Union or your Personal Data is otherwise collected in accordance with the GDPR, you acknowledge that there may be instances where your Personal Data is transferred Overseas and to countries and organisations which have not been the subject of an adequacy decision pursuant to the GDPR. Such transfers are necessary for our legitimate business purposes and in order for us to perform our services and process Personal Data in the manner specified in this Privacy Policy. By providing your Personal Data you are explicitly consenting to the international transfer and processing of such data in accordance with this Policy, in full and informed knowledge of the risks associated with such transfers and processing.
In all other circumstances we will only disclose Personal Data to an Overseas recipient if:
(a) you consent to the transfer; or
(b) the disclosure of the information is required or authorised by law, a regulatory authority, or a court or tribunal order.
6. Access and correction
6.1 Access to Personal Data
We will provide you with access to the Personal Data held by us in relation to you except to the extent that denying access is required or authorised by law, a regulatory authority or a court or tribunal order.
6.2 Request for Access
To request access to the Personal Data held by us about you, you must contact us using the contact details provided in clause 1, following which we will contact you within a reasonable time from our receipt of your request and either provide you with that Personal Data, or notify you when we will provide you with your Personal Data. In any event the Personal Data requested will be provided not more than 30 days after our receipt of your request unless we decide not to provide you with access to the Personal Data for the reasons referred to in clauses 6.1(a) or 6.1(b), in which case we will advise you of the reasons for such decision.
6.3 Use of Intermediaries
Where because of any of the reasons described in 6.1 above we are not required to provide you with access to the Personal Data then we will, if it is reasonable to do so, give consideration to whether the use of mutually agreed intermediaries would allow sufficient access to meet our respective needs.
6.4 Costs
We reserve the right to charge you for providing copies of your Personal Data for any further copy of your Personal Data after the first. Those fees and charges will not be excessive and will be determined by us from time to time and we will notify you of those costs prior to providing you with a copy of the Personal Data. We may require those costs to be paid prior to providing you with further copies of your Personal Data.
6.5 Data portability
Insofar as it does not adversely affect the rights and freedoms of others and where you have communicated a request to us:
(a) we will provide you with such Personal Data that we have collected about you in a structured, commonly used and machine-readable format; or
(b) after receiving your request, where technically feasible, we will transmit your Personal Data directly to another data processor or controller.
6.6 Correction of Personal Information
(a) We are obligated to ensure that Personal Data that we are processing is kept accurate and up-to-date. Accordingly, please notify us if any of your Personal Data changes, so that we may update our records.
(b) If at any time you wish to correct any Personal Data held by us, please contact us as specified in clause 1 and we will correct this Personal Data, having regard to the purpose for which it is held, to ensure that the information is accurate, up to date, complete, relevant and not misleading. If we elect not to correct your information due to a relevant law, regulatory authority or court or tribunal order, we will notify you within a reasonable time of the reason for our refusal, and advise you of the mechanisms available for you to complain about our refusal, and such other matters as required by the GDPR, Privacy Act 1988 (Cth) or other applicable law.
(c) If we correct Personal Data about you that we previously disclosed to another party, we will take reasonable steps in the circumstances to give that party notification unless it is impracticable or unlawful to do so.
(d) You have the right to the erasure of your Personal Data. If you wish to have your Personal Data erased, please let us know and we will take all reasonable steps to destroy it, unless we need to keep it in order to comply with a law, regulatory authority or court or tribunal order. Where we have provided your Personal Data to a third party, we will take reasonable steps to ensure that party also deletes your Personal Data.
6.7 Restriction of processing
You may request that we limit or restrict the manner in which we deal with and process your Personal Data. Where we are satisfied grounds for restriction exist, we will only process your Personal Data:
(a) with your consent;
(b) for the establishment, exercise or defense of legal claims against us;
(c) or for the protection of the rights of another natural or legal person.
7. Complaints
7.1 Making a complaint
If you believe that we have used or disclosed your Personal Data in a manner which is contrary to this Privacy Policy or otherwise breaches an applicable law, then you should contact us using the contact information contained in clause 1.
If you are based in the European Union and have a complaint regarding your Personal Data, You may also contact our European Representative using the contact information contained in clause 1 of this Privacy Policy.
Within 30 days of receipt of your complaint we will notify you in writing as to what action we propose to take in relation to your complaint and will provide you with details of what further action you can take if you are not satisfied with our response.
You also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. If you are unsure who your relevant supervisory authority may be, please contact us so that we may provide you with assistance.
8. Definitions
“Events” means congresses, conventions, conferences, incentives and business events;
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the procession of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Overseas” means the transfer of Personal Data to a jurisdiction outside of that in which it was originally collected and processed;
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.