Privacy policy


From time-to-time, Common Arts Victoria will need to collect personal information and data to carry out its functions. These functions include, but are not limited to: membership applications, internal and external communications, surveys, ticket sales, meeting minutes, conflict resolution, event photos, and evaluation.

The collection of personal information and data must be done so in line with the relevant laws (see below). Personal information and data are often sensitive, and maintaining safe and secure storage and handling practices is paramount.


To articulate Common Arts Victoria’s policy in relation to compliance with the principles contained within the Privacy and Data Protection Act 2014, the Privacy Act 1988, and the Australian Privacy Principles (APP) 2014.

This privacy policy covers all personal information and data the organisation holds. This includes information the organisation has collected from people through its events, over the phone and over the internet. It also includes opinions about individuals whose identity is either apparent or could be reasonably ascertained from the opinion.


This policy applies to anybody in the organisation collecting or accessing data.


  • ‘The Act’: The Privacy and Data Retention Act 2014, which is the governing legislation for Common Arts Victoria in this area.
  • ‘The APP’: The Australian Privacy Principles 2014.
  • ‘The organisation’: Common Arts Victoria.
  • ‘The policy’: The Common Arts Victoria Privacy Policy.


1. Collection

The organisation will collect information and data that is required to carry out its functions outlined in the Associations Incorporation Reform Act 2012, as well as information and data that is required to operate as per its Rules.

Individuals will be notified whenever personal information and data is being collected. This includes situations in which the organisation collects information or data from third parties.

Individuals will be told the purpose for which their personal information and data is being collected.

If the organisation collects sensitive information (as defined under the Act), it will be treated with security and confidentiality. The organisation will ensure that it is not collected for any purpose other than those for which the organisation has obtained the individual’s consent, unless the law requires otherwise, or other exceptional circumstances prevail as described under the Act.

Where an individual chooses not to provide requested information, the organisation will advise that individual of what impact this non-disclosure may have. For example, withholding certain information may limit the organisations’ ability to provide relevant services to individuals.

2. Use & Disclosure

The organisation will only use personal information for the purpose for which it was collected, or a secondary related purpose in accordance with the Privacy and Data Protection Act (e.g. where the person has consented or where it would reasonably be expected for this to occur), or as required by law.

As the organisation is committed to protecting the privacy of individuals, the organisation will view unauthorised disclosure of, or access to, personal information by the membership or contractors, as a serious breach of this policy. Appropriate action (which may include disciplinary or legal action) may be taken in such cases.

3. Sensitive Information

The organisation will only collect sensitive information about an individual following consent from the individual, or where it is required under law.

4. Anonymity

Where lawful and practicable, the organisation will give people the option of not identifying themselves, or providing information that could be used to identify them, when supplying information to the organisation.

5. Unique Identifiers

The organisation will only assign a number to identify a person if the assignment is reasonably necessary to carry out its functions efficiently.

The organisation will not use as an identifier for an individual a unique identifier that has been assigned by another organisation (such as a driver license number, Medicare number or Tax File Number) unless it is reasonably necessary to carry out its functions.

6. Data Quality

The organisation will use its best endeavours to ensure that the personal information it collects, uses or discloses is accurate, complete and up to date.

7. Data Security

The organisation will maintain a secure system for storing personal information. Information systems and operational policies and procedures are in place to protect personal information from misuse and loss from unauthorised modification or disclosure. The organisation will dispose of personal information where it is no longer necessary to fulfil the purposes for which the information was collected or as required by law.

8. Access & Correction

Individuals have a right to seek access and make corrections to personal information held by the organisation about them. All requests for access and correction should be made to the secretary via our contact form.

Supporting documentation

  • Data Retention Policy
  • Guidelines on access to members registry
  • Membership form


The organisation will make the policy available upon request. It will also provide a webpage address to an online version whenever the organisation collects data.


These guidelines will be reviewed two years after formal approval by the Committee.

Date approved: 11 October 2021 Date to be reviewed: 11 October 2023