fbpx

PRIVACY POLICY

EASTS LEAGUES CLUB

Privacy Policy

Last updated: January 3, 2026

 

Download Privacy Policy here: 2026 Easts Privacy Policy

 

Policy Statement

Easts Leagues Club is committed to protecting the privacy of personal information in accordance with the Information Privacy Act 2009 (Qld) and the Australian Privacy Principles (APPs). The Club recognises the importance of responsible, lawful, and transparent management of personal information in all aspects of its operations.

 

The Club is committed to ensuring that individuals are informed about how their personal information is collected, used, disclosed, stored, and disposed of, and that such information is handled in a manner that is fair, secure, and respectful of individual privacy rights.

 

Easts Leagues Club acknowledges that effective privacy protection is essential to maintaining trust with patrons, members, employees, contractors, and the wider community, and to supporting the Club’s participation in digital systems, surveillance technologies, and electronic communications.

 

Where Facial Recognition Technology (FRT) is utilised, the Club affirms that its use is limited to lawful harm minimisation and regulatory compliance purposes only. The Club is committed to ensuring that FRT is not used for unrelated purposes and that biometric information is handled in a manner consistent with privacy legislation, regulatory guidance, and community expectations.

 

Personal information, including any biometric information, will be managed in accordance with this Privacy Policy and supporting procedures.

 

Introduction

Easts Leagues Club is committed to safeguarding the privacy of its staff, members, patrons, contractors, and other stakeholders, and to maintaining the confidentiality, integrity, and security of personal information collected in the course of its operations.

 

The purpose of this Privacy Policy is to outline the Club’s commitment to managing personal information in accordance with applicable privacy legislation, regulatory requirements, and recognised industry best practice, while ensuring that operational, regulatory, and compliance obligations can be effectively discharged.

 

In order to meet its legal and operational responsibilities, Easts Leagues Club is required to collect certain personal information from individuals and organisations with whom it interacts. At a minimum, this may include identifying and contact information such as names, addresses, and contact details.

 

Depending on the nature of the relationship with the Club, additional personal information may be required to support lawful operations, regulatory compliance, service delivery, safety, and risk management.

 

Personal information is used or disclosed only for the primary purpose for which it was collected, unless the individual has consented to its use for a secondary purpose, or where use or disclosure is otherwise authorised or required by law.

 

The Club recognises that, as a licensed gaming and hospitality venue, it is subject to specific regulatory obligations, including those arising under Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) legislation. Where personal information is collected, used, or disclosed to meet AML/CTF obligations, this is undertaken in accordance with applicable legislation and regulatory guidance.

 

AML/CTF requirements are governed by a separate, standalone AML/CTF Policy and Program, which is referenced throughout this Privacy Policy where relevant.

 

Easts Leagues Club takes reasonable and proportionate measures to protect personal information from loss, unauthorised access, destruction, misuse, interference, modification, or disclosure. The Club is committed to responding appropriately to any unauthorised use or disclosure of personal information and to meeting applicable notification obligations in accordance with privacy legislation and regulatory requirements.

 

Scope

This Privacy Policy applies to all personal information collected, held, used, or disclosed by Easts Leagues Club in the course of its operations.

 

Easts Leagues Club is an applicable organisation under the Privacy Act 1988 (Cth) and is also subject to the Information Privacy Act 2009 (Qld). These Acts govern how the Club collects, uses, stores, secures, and discloses personal information and require compliance with the Australian Privacy Principles (APPs).

 

This Policy outlines the Club’s approach to privacy management and its commitment to compliance with the APPs, including:

  • the types of personal information collected by the Club;
  • the circumstances in which personal information may be collected;
  • the ways in which personal information may be used or disclosed;
  • the Club’s commitment to maintaining the security, accuracy, and integrity of personal information;
  • the rights of individuals to access and seek correction of their personal information;
  • the management of changes to this Privacy Policy; and
  • the process for raising privacy-related enquiries or complaints.

 

This Privacy Policy applies to all staff, members, patrons, contractors, volunteers, and other individuals or organisations whose personal information is collected by the Club, whether directly or indirectly.

 

Nothing in this Policy limits or overrides the Club’s obligations under other applicable legislation, including:

 

Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws. Where personal information is collected, used, or disclosed for AML/CTF purposes, those activities are governed by the Club’s standalone AML/CTF Policy and Program, which operate in conjunction with this Privacy Policy.

 

Easts Leagues Club encourages individuals to read and understand this Privacy Policy and to review it periodically, as it may be updated from time to time to reflect changes in legislation, regulatory guidance, or business operations.

 

General Privacy Protocols

Easts Leagues Club adopts a structured and risk-based approach to the management of personal information to ensure compliance with applicable privacy legislation, regulatory obligations, and recognised industry best practice.

 

Easts Leagues Club adopts the following principles in managing personal information:

 

  • Lawfulness – personal information is collected and handled only where authorised or required by law or where reasonably necessary for legitimate operations.
  • Purpose limitation – personal information is used and disclosed only for lawful purposes connected to the reason for collection.
  • Data minimisation – only the minimum information reasonably required is
  • Security – reasonable safeguards are applied to protect personal
  • Transparency – individuals are informed about how their information is
  • Accountability – privacy responsibilities apply to all persons handling information on behalf of the

 

Collection of Personal Information

The Club collects personal information that is reasonably necessary to:

 

  • Administer membership and employment;
  • Provide services and facilities;
  • Meet regulatory and licensing obligations;
  • Ensure safety, security, and good order; and
  • Comply with legal and governance

 

Personal information may include identifying details, contact information, proof of identity, transactional data, surveillance records, and other information required under gaming, liquor, or AML/CTF legislation.

 

Where practicable, information is collected directly from the individual. Where information is collected from third parties, reasonable steps are taken to ensure lawful collection.

 

Large Prize Payout Identification Requirements

In accordance with the Club’s regulatory obligations, Easts Leagues Club is required to verify the identity of patrons who receive certain high-value winnings.

 

For this reason, when a patron wins a prize or payout exceeding $5,000 AUD, the Club will take a photocopy of the patron’s driver licence or another approved identity document. This copy is collected solely for proof-of-identity verification, and audit requirements associated with large monetary payouts.

 

The copied identification is handled securely and is accessible only to authorised management personnel. It is retained in accordance with compliance record-keeping obligations and securely destroyed once no longer required. This process does not apply to general entry, the Club does not scan, copy, or store identification for any other purpose.

 

Sensitive and Biometric Information

Sensitive information, including biometric information, is subject to heightened protection. The Club collects sensitive information only where:

 

  • Required or authorised by law; or
  • Reasonably necessary for employment, health and safety, security, or regulatory

 

Biometric information, including information generated through Facial Recognition Technology (FRT), is treated as sensitive information and handled in accordance with privacy legislation and regulatory guidance.

 

Use and Disclosure of Personal Information

Personal information is used and disclosed only where:

 

  • It is directly related to the purpose of collection;
  • Required or authorised by law; or
  • Necessary to meet regulatory

 

This may include disclosures to:

  • Regulators and government agencies (including AUSTRAC, OLGR, and law enforcement);
  • Emergency services;
  • Professional advisers and service providers; and
  • Affiliated or reciprocal clubs where

 

AML/CTF-related use and disclosure is governed by the Club’s AML/CTF Policy and Program and is not dependent on consent. For privacy concerns related to AML/CTF compliance or data collection, please contact the Club’s AML/CTF Compliance Officer – Contact Reception for details.

 

Surveillance and Facial Recognition Technology

The Club operates surveillance systems, including CCTV, to support safety, security, and compliance. Where Facial Recognition Technology is used, it is strictly limited to lawful harm-minimisation and exclusion-management purposes, including identifying individuals subject to:

 

  • Self-exclusion;
  • Banning orders; or
  • Lawful venue

 

FRT is not used for marketing, profiling, or commercial purposes.

 

Vix Vision Facial Recognition Technology (FRT) is used solely for harm-minimisation and exclusion-management purposes.

  • General FRT imagery is retained for 36 days, after which it is automatically
  • Where a person is subject to a self-exclusion, venue exclusion, or other lawful ban, their FRT profile and associated data may be retained for up to 5 years, or for the duration of the exclusion (whichever is shorter).
  • Access to FRT data is limited to authorised management personnel for safety, security, and regulatory compliance purposes only.

 

Direct Marketing

The Club may communicate information about services, events, or activities where permitted under privacy laws. Individuals may opt out of marketing communications at any time.

 

Sensitive information is not used for direct marketing.

 

Cross-Border Disclosure

Personal information may be stored or processed using cloud-based or third-party systems, including systems located outside Australia.

 

The Club takes reasonable steps to ensure that overseas recipients handle personal information in a manner consistent with Australian privacy obligations.

 

Data Quality, Retention and Security

The Club takes reasonable steps to ensure personal information is accurate, up to date, and protected against misuse, loss, unauthorised access, or disclosure.

 

Personal information is retained only for as long as required by law or operational necessity and is securely destroyed or de-identified when no longer required.

 

 

Retention Timeframes Easts Leagues Club:

  • CCTV and general FRT imagery: retained for 36 days before automatic deletion
  • Exclusion-related biometric files (flagged persons): retained for up to 5 years or the term of exclusion
  • ID images or scans are retained, as per Large Payout provisions
  • Incident reports and exclusion documentation: retained in accordance with regulatory and licensing

 

Security

Access to FRT data is restricted to authorised management personnel only. Access is logged and monitored in accordance with internal security protocols.

 

“Collection Notice – Surveillance & FRT”:

 

When entering the venue, patrons are notified via signage that CCTV and Facial Recognition Technology operate for safety, security, and exclusion-management purposes.

 

Data Breaches

Easts Leagues Club maintains a framework to identify, assess, and respond to data breaches.

 

Where a data breach is likely to result in serious harm, notifications will be made in accordance with legislative requirements.

 

Access, Correction and Complaints

Individuals may request access to or correction of their personal information, subject to legal limitations.

 

The Club maintains a structured process for managing privacy enquiries and complaints and will respond within reasonable timeframes.

 

Privacy Contact

Privacy Officer, Easts Leagues Club

 

Assistant General Manager – PH: 07 3997 8885

 

Individuals may contact the Privacy Officer for access requests, correction requests, privacy complaints, or questions about surveillance and FRT.

 

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

 

 

Review

This Privacy Policy may be updated to reflect legislative or regulatory changes. Members will be notified of any material changes via Club communications, website notices, and signage within the venue

 

 

Glossary of Terms

 

Term                                             Definition
Personal Information Information or an opinion about an identified or reasonably identifiable individual.
Sensitive Information Personal information requiring higher protection, including health, biometric, and criminal history data.
Biometric Information Information derived from biometric identifiers used for automated identification.
Facial Recognition

Technology (FRT)

 Technology that analyses facial features to identify individuals against

exclusion or reference datasets.
Australian Privacy Principles (APPs) Principles governing personal information under the Privacy Act 1988 (Cth).
AML/CTF Anti-Money Laundering and Counter-Terrorism Financing legislative framework.
Data Breach Unauthorised access, disclosure, or loss of personal information.
De-identification Removal or alteration of information so an individual cannot be reasonably identified.

 

Date of Effect: January 3, 2026

Authorised By: Jan Broodryk

Date Review Due: January 2028

 

Contact Us

If you have any questions about this Privacy Policy, you can contact us: