1. Privacy Policy purpose

1.1 Overview

This Privacy Policy:

• contains the NFSA Privacy Policy as a standalone policy for publication;

• may contain extensions of the NFSA Privacy Policy concerning specific personal information (eg NFSA Website Privacy Statement; NFSA Video On Demand Privacy Policy; NFSA Privacy Collection Notices) for publication;

• sets out how the NFSA will comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs) and other relevant instruments in its management of personal information.

1.2 Privacy Contact Officer

The NFSA Privacy Contact Officer for privacy enquiries, applications to access or correct personal information and complaints is identified in the NFSA Privacy Policy as the Director, Procurement and Legal.

1.3 Contents of the NFSA Privacy Policy

1.4 Extensions to the NFSA Privacy Policy

NFSA Website Privacy Statement

NFSA Video On Demand Privacy Policy

NFSA Privacy Collection Notices

2. Introduction

2.1 Purpose

This Privacy Policy outlines how the National Film and Sound Archive of Australia (the NFSA) handles 'personal information' and 'sensitive information' in accordance with its obligations as an APP entity under the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act).

Some terms defined in legislation are identified using inverted commas (' ').

2.2 Scope

This Privacy Policy applies to the personal information we handle in accordance with our organisational functions and activities.

It does not apply to the personal information that is contained in the national collection of programs and related material (ie names and other identifiable information that appears in our audiovisual collection).

2.3 Personal information and sensitive information definitions

'Personal information' means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• whether the information or opinion is true or not; and
• whether the information or opinion is recorded in a material form or not.

'Sensitive information' includes:

• 'personal information' that is information or an opinion about an individual's racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices or criminal record;
• health or genetic information about an individual;
• genetic information about an individual that is not otherwise health information;
• biometric information that is to be used for the purpose of automated biometric verification or biometric identification; and
• biometric templates.

3. Personal information handling practices

3.1 Why we collect personal information 

The NFSA collects personal information to perform our functions and powers under the National Film and Sound Archive of Australia Act 2008 (Cth) (NFSA Act). This includes to:

• develop, preserve, maintain, promote and provide access to a national collection of programs and related material;
• support and promote the collection by others of programs and related material in Australia;
• support, promote or engage in:
  • the preservation and maintenance of programs and related material that are not in the national collection; and
  • the provision of access to programs and related material that are not in the national collection;
• support and promote greater understanding and awareness in Australia of programs; and
• undertake any other function conferred on it by any other law of the Commonwealth.

We also collect personal information to conduct activities that are necessary or related to our functions and powers, such as:

• accept gifts, devises, bequests and assignments;
• act as trustee of money, programs or other property vested in the NFSA on trust;
• act on behalf of the Commonwealth or an authority of the Commonwealth in the administration of a trust relating to programs or to matters connected with programs; and
• do anything incidental to our functions.

3.2 The kinds of personal information the NFSA collects and holds

The kinds of personal information that the NFSA collects and holds depends on the relevant activity being undertaken. We collect personal information in the following contexts:

• from the public undertaking visits and experiences provided onsite at the NFSA in Canberra, including tour organisers and education groups;
• from consumers and the general public;
• from website visitors including NFSA Player;
• from donors and lenders to the collection;
• from partners in the Galleries, Libraries, Archives and Museums (GLAM) sector;
• from commercial and non-commercial partners and industry groups; and
• from volunteers and job applicants.

3.3 How the NFSA collects personal information

The NFSA collects personal information by lawful and fair means. We collect personal information directly from you, for instance when you register to an event, or when you request access to our collection. 

In certain circumstances we may collect information about you from publicly available sources or from third parties such as organisations that partner with us, when you register for a screening or event with them. The NFSA may also infer information about you through your interactions with our services. 

The primary ways we collect personal information are set out in our Privacy Collection Notices and outlined below.

3.4 Collection of sensitive information

The NFSA may collect accessibility information and dietary information as part of organising events and facilitating site visitation, which constitutes health information. We only collect this information with your consent to provide you with the required assistance for your visit. 

The NFSA does not directly collect any other sensitive information from you. However, some sensitive information such as your ethnicity or your sexual orientation can be inferred from your interactions with our services – for example, if you attend particular events or engage with particular kinds of content in our catalogue.

3.5 How the NFSA holds personal information

The NFSA holds personal information about you in our corporate systems, Customer Relationship Management (CRM) system, media and asset management systems, and ticketing system. Our third-party providers host your data in Australia.

Our CRM allows us to link personal information about you that is collected through different touchpoints, such as event purchases, donations, online form submissions and website visitation.

4. Use and disclosure of personal information

4.1 General use and disclosure

The NFSA uses and discloses personal information collected only for the primary purposes for which it was collected, as described above and in our Privacy Collection Notices. Our functions and activities include:

• Providing you with NFSA services such as on-site events, tours and programs
• Providing access to the national collection
• Providing access to digital content and NFSA Player
• Processing online ticketing to events
• Answering general enquiries
• Handling your account and newsletter subscription, and allow for authentication, where applicable
• Donor liaison, sponsorship and fundraising activities
• Recruiting and managing staff and volunteers
• Corresponding and engaging with you through newsletters and social media
• Marketing activities including optimising our digital products, audience tracking and analytics to drive engagement with our offerings
• Performing analytics to improve our visitor and online experiences, including personalisation
• Recording user feedback on services and activities including surveys and evaluations
• Establishing ownership of intellectual property rights
• Archival research and interpretation
• Managing applications for grants, fellowships and scholarships (including internships and 'in-residence' programs)
• Managing footage from closed-circuit cameras in our Acton site. 

Based on information we have collected about you, we may provide you with content relating to our functions and activities, or event suggestions. If you wish to opt out, please use the provided link or contact our Privacy Contact Officer at privacy@nfsa.gov.au.

The NFSA shares personal information with third-party providers such as our ticketing platform, digital platforms, survey providers and analytics providers. We conduct security and privacy assessments on all of our third-party providers that collect personal information to ensure their compliance with the Privacy Act. 

The NFSA may disclose personal information to event partners and organisers. On rare occasions, we may need to disclose your personal information when it is required or authorised by law or a court/tribunal order. 

The NFSA will only use or disclose your personal information for one of the above purposes or with your consent. 

4.2 Disclosure of personal information to overseas recipients

When you communicate with us through social media, such as Facebook and Instagram, the social media provider and its partners may collect and hold your personal information overseas.

5. Data quality

The NFSA takes reasonable steps to ensure the quality of the personal information we collect and disclose is accurate, up-to-date and complete. This includes:

• Implementing system tools to detect errors and duplicates
• Allowing you to access and correct your own personal details in our corporate systems
• Where practicable, validating data before use and respecting all opt-out requests.

6. Security

The NFSA protects the personal information we hold and will promptly deal with any accidental or unauthorised use or disclosure of personal information. We take the following steps to protect personal information:

• The NFSA manages its online services and IT systems in accordance with the Australian Government Protective Security Policy Framework and the Australian Government Information Security Manual.
• Third-party providers who handle personal information about the NFSA’s staff, users or other individuals are ordinarily bound contractually to comply with the Privacy Act and may themselves have statutory obligations as APP entities.
• Staff, contractors and third-party providers are required to comply with the Privacy Act to fulfill their obligations under the following (as applicable):
  • Public Service Act 1999
  • Public Service Regulations 1999
  • Australian Public Service (APS) Values
  • APS Code of Conduct
  • Commonwealth Supplier Code of Conduct.

7. NFSA websites – NFSA Website Privacy Statement

The NFSA has a separate privacy statement explaining the privacy aspects of visiting our websites, web analytics, cookies and email. 

View the NFSA Website Privacy Statement

8. Your rights

8.1 Access to and correction of personal information

You have the right to request access to or correction of personal information that the NFSA holds about you. Please contact our Privacy Contact Officer at privacy@nfsa.gov.au or by using the contact information listed under Section 11 at the end of this NFSA Privacy Policy. 

This right of access is subject to the relevant exemptions in the Freedom of Information Act 1982 (Cth) and any Act of the Commonwealth. The NFSA will respond to your request within 30 days after the receipt of the request, to grant the request or to give written reasons for any refusal to grant access to or correction of the information.

Where you have purchased tickets or created an account with us, you can access and update your details within the relevant platform, subject to available platform functionality at that time. 

9. Complaints

You can complain about the way the NFSA collects or handles your personal information by contacting our Privacy Contact Officer using the details provided at Section 11 below.

If the NFSA receives a complaint about how your personal information has been collected or handled, we will determine the actions to be taken in relation to your complaint. The NFSA will respond to your complaint or suggestion within 30 days of receipt. The NFSA is committed to quick and fair resolution of any complaints and will ensure the complaint is taken seriously.

If you are not satisfied with our response to your complaint, you have the right to lodge a complaint about the NFSA's personal information handling practices to the Office of the Australian Information Commissioner.

10. NFSA Privacy Policy updates

In accordance with APP 1 this NFSA Privacy Policy will be reviewed every 12 months to ensure that it is up to date.

11. How to contact the NFSA Privacy Contact Officer

You may contact our Privacy Contact Officer to:

• obtain access to your personal information that we may hold;
• make a complaint about a breach of your privacy;
• query how your personal information is collected, used or disclosed;
• request a free copy of this NFSA Privacy Policy; or
• ask questions about this NFSA Privacy Policy.

The NFSA Privacy Contact Officer may be contacted via the details below:

Privacy Contact Officer (Director, Procurement and Legal)
National Film and Sound Archive of Australia
Post: GPO Box 2002, Canberra ACT 2601
Email: privacy@nfsa.gov.au
Telephone: 02 6248 2000 (Toll free within Australia: 1800 067 274)