Privacy Policy

Perth Regional Tourism Organisation Inc. trading as Destination Perth "PRTO", "we", "us", "our") respects your privacy and is committed to protecting your personal information in accordance with the following legislative instruments (which may not bind us) Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), Privacy and Other Legislation Amendment Act 2024 (Cth), the Spam Act 2003 (Cth), and, where applicable, any state-specific privacy principles that apply to us.

This policy sets out the manner in which PRTO collect, use and disclose personal information and outlines choices for you to access, update or otherwise take control of any personal information held about you.

By submitting information to us, you consent to its collection, use and disclosure by us in accordance with this Privacy Policy.

We may update this Privacy Policy from time to time to reflect changes in law, our practices or operations. Updates will be published on our website with the effective date listed.

If you have queries relating to the policy, please contact the staff of PRTO by email via admin@destinationperth.com.au.

2.1 General

We collect and use your information to:

• operate, maintain, and improve our website, member portal, social media and services
• analyse usage patterns and audience engagement
• manage online advertising
• create and send permission-based marketing communications, special offers, and event information in accordance with the Spam Act 2003 (Cth)
• manage competitions, promotions, and surveys
• identify new customers
• provide information and services that may be of interest to you based on your agreement to opt in to receive this information

2.2 Member portal

When you agree to become a member, we will collect and use your information to:

• verify your identity and eligibility for membership benefits
• provide access to member-only content, resources, and tools
• manage your membership status and renewals
• enable participation in events or promotions restricted to members
• communicate important updates and opportunities
• send marketing communications in compliance with the Spam Act
• monitor portal usage for security and improvement

We will only collect, use, and disclose information that is reasonably necessary for these purposes or otherwise permitted by law.

3.1 Non personal information

When you visit our website, official social media accounts or member portal, we may automatically collect non-personal information for statistical, research, and security purposes, including:

• server address and IP address
• persistent session ID (PSID)
• top-level domain name (e.g. .com, .gov, .au)
• date and time of visit
• pages visited and documents downloaded
• referring website address
• browser type and version
• information collected through cookies, pixels, spotlight technology, or transparent GIFs

You can configure your browser to refuse cookies; however, some site or portal features may not function as intended. If you delete cookies from your computer's web browser, you may remove the opt-out preference that you have set for this website/organisation. This may also occur if the opt-out cookies set, expire.  

We may also collect aggregated analytics and usage statistics through third-party services such as Google Analytics, Meta Insights, and TikTok Analytics.

No personally identifiable information is collected by Google Analytics from our website by the use of cookies, however you can opt-out of Google Analytics anonymous user profiling.

3.2 Personal information

When you interact with us via our website, social media, member portal, competitions, surveys, newsletters or otherwise ‘opt in’ to receive information from us, we may collect personal information you provide directly including:

• Full Name
• Contact details (email, phone, postal address)
• Country or state of residence
• Organisation details (business name, ABN, role)
• Preferences, feedback, and survey responses
• Member portal login credentials and usage records

4.1 Use of information

1. Marketing use
   
   From time to time, PRTO may use your personal information for promotional purposes such as sending email eNewsletters, special offers and invitations to events in accordance with clause 7 of this Privacy Policy.
    
2. Analytics/data
   
   From time to time, PRTO may use non-personal information such as IP addresses or server addresses to analyse visitor behaviour and gather broader demographic information. IP addresses are not linked to any other personally identifiable information.

4.2 Disclosure of personal information

We may disclose your personal information:

• To our partners, sponsors, and affiliates, only where you have been informed, and have expressly consented (opted in);
• To service providers assisting with operations such as hosting, email delivery, analytics, or promotional campaigns;
• Where required or authorised by law, including under any state-specific privacy principles; and
• In joint promotions with third parties, only where you have been informed, and have expressly consented (opted in).

If information sharing occurs under any state-based responsible information sharing framework, PRTO will comply with applicable requirements governing such sharing. Disclosure of non-personal information.

PRTO may share general demographic information with third parties, but this information is not linked to any personal information that can identify you or another individual person. No personal information is disclosed in this manner.

4.3 International disclosure

Some of our technology providers and partners may be located outside Australia. If we disclose your personal or non-personal information overseas, we will take reasonable steps to ensure recipients handle it in accordance with the APPs, any applicable state-specific privacy principles, and equivalent international safeguards (e.g., GDPR).

5.1 Information storage

The length of time for which such information is stored may vary according to the purpose for which it has been collected.

We store personal information in a combination of secure electronic systems and cloud-based services. Electronic data may be hosted on servers located in Australia or overseas, depending on the services we use. We take reasonable steps to ensure that any third-party service providers store and process personal information in compliance with the APPs and any applicable state-specific privacy principles.

5.2 Data security

We implement reasonable organisational, technical, administrative, and physical safeguards to protect personal information, including for example:

• encrypted transmission (SSL/TLS) of data over the internet
• role-based access controls and authentication requirements
• encrypted password storage for accounts and portals
• regular system updates, monitoring, and security audits
• secure disposal and destruction of records when no longer required

5.3 Member Portal

We use role-based access and authentication measures. Members must keep login credentials confidential. PRTO will never request your password via unsolicited communication. We will not disclose your membership or portal data without consent, except:

• where necessary to provide services (e.g., hosting, IT support)
• where required or authorised by law, including under any state-specific privacy principles
• in aggregated, de-identified form for reporting

5.4 External breaches

While PRTO takes all reasonable steps to protect personal information, we cannot guarantee the security of data transmitted over the internet or stored by third-party service providers. To the maximum extent permitted by law, PRTO is not liable for unauthorised access, disclosure, loss, or misuse of personal information caused by circumstances beyond our reasonable control.

5.5 Notifiable data breaches

If PRTO becomes aware of an eligible data breach (as defined in the Privacy Act 1988 (Cth)) that is likely to result in serious harm to individuals, we will:

• promptly investigate and assess the breach
• notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with legal obligations
• provide guidance to affected individuals on steps they can take to mitigate harm

We will follow any applicable state-specific mandatory reporting obligations of notifiable information breaches if and where required.

You have the right to request access to the personal information we hold about you and to request:

• corrections if it is inaccurate, incomplete, or out of date; or
• removal from our records (the right to be forgotten).

Requests can be made by:

• email: admin@destinationperth.com.au
• online form: Contact Us page on our website

We will respond within a reasonable timeframe, in accordance with the APPs and any applicable state-specific privacy principles.

7.1 Compliance with SPAM Act

PRTO complies with the Spam Act 2003 (Cth) when sending commercial electronic messages, including email, SMS, and instant messaging including to:

• only send commercial messages with your consent (express or inferred as permitted by law)
• clearly identify PRTO as the sender and include our contact details in all marketing
• include a functional, free unsubscribe option
• only market to individuals under 15 with verified parental or guardian consent, and only with age-appropriate content
• maintain records of consents and unsubscribe actions for compliance

7.2 Option to opt-out

You may opt out of receiving marketing communications at any time by:

• clicking the "unsubscribe" link in our emails
• replying "STOP" to SMS communications
• contacting us via:
  • email: admin@destinationperth.com.au
  • online form: Contact Us page on our website

Once you opt out, we will remove you from the relevant list within 5 working days.

8.1 Interaction on official social media accounts

PRTO maintains official accounts on various social media platforms to share information and engage with the community, including:

• Facebook - https://www.facebook.com/DestinationPerth/ 
• Instagram - https://www.instagram.com/destinationperth/ 
• TikTok - https://www.tiktok.com/@destinationperthofficial
• YouTube - https://www.youtube.com/destinationperth 

When you interact with PRTO such as liking, commenting, sharing, messaging, or following we may collect personal information you make available.

8.2 Use of information from social media

We may use information from social media interactions to:

• respond to enquiries and messages
• monitor and improve engagement and content relevance
• conduct social media campaigns, competitions, or promotions
• identify trends and community sentiment
• deliver targeted advertising (only where permitted and in compliance with the Privacy Act, any state-specific privacy principles, and the Spam Act)

8.3 Platform specific privacy policies

Social media platforms are not controlled by PRTO and are subject to their own privacy policies and terms of use. You are encouraged to review those policies to understand how your data is handled by those entities.

8.4 Public posting

Content you send or post on PRTO’s social channels including tagging, sharing or direct messaging may be visible to others and may be re-shared by PRTO.  

9.1 Target audience

Our website, social media and membership portal are primarily intended for users aged 18 and over. We recognise children may access our content, particularly for tourism or educational purposes.

We do not knowingly collect personal information from individuals under 15 without parental or guardian consent, unless permitted by law.

9.2 Parent/guardian consent and request

For users under 15, we require a parent or guardian to:

• provide or approve personal information
• approve participation in competitions or newsletters
• approve member portal account creation

Parents/guardians may request access to, correction of, or deletion of their child’s personal information at any time.

Where PRTO collects or processes personal information of individuals located outside Australia, we will comply with the relevant international privacy frameworks to the extent they apply, including but not limited to:

• EU/UK GDPR (General Data Protection Regulation)
• California CCPA/CPRA (California Consumer Privacy Act/Privacy Rights Act)
• Brazil LGPD (Lei Geral de Proteção de Dados)
• Canada PIPEDA (Personal Information Protection and Electronic Documents Act)
• Singapore PDPA (Personal Data Protection Act)
• APEC Cross-Border Privacy Rules