fbpx

PRIVACY POLICY

EASTS LEAGUES CLUB

Privacy Policy

Last updated: May 21, 2025

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy has been created with the help of the Terms Feed Privacy Policy Generator.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  • Application means the software program provided by the Company downloaded by You on any electronic device, named Easts Leagues Club Membership App
  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Easts Leagues Club, 40 Main Ave, Coorparoo QLD 4151.
  • Country refers to: Queensland, Australia
  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Application.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Photographs and Closed-Circuit Television

The Company employs a closed-circuit television (CCTV) system in all internal and external areas of the premises to enhance the safety and security of our property. CCTV footage is integral to our security system and is stored for a minimum of 28 days. In the event of an incident, footage is retained for a minimum of one year after the retention period, unless law enforcement or other relevant authorities request access to it. If requested by the relevant authority, the CCTV footage must be archived.

In situations where an incident occurs on the premises, CCTV footage for the duration leading up to, during, and following the event must be archived. If no incident is detected, the CCTV footage is automatically deleted within 30 days of the retention period.

The Company may also take photographs of guests or members attending the premises for marketing and advertising purposes. Unless the Company is informed otherwise, guests and members are deemed to have given express consent to the use of any photographs for the aforementioned purposes, without compensation.

Direct Marketing

By using the Company’s services, you acknowledge and consent to the use of your personal information, including any email address you provide, for the purpose of providing information and informing you of Company products, services, events, or any other direct marketing activity (including third party products, services and events), which is deemed to be of interest to you. Furthermore, if it is reasonable to expect that the Company would send you Direct Marketing Communications (given the prior transaction or communication history between yourself and the Company. You expressly authorise us to disclose your personal information to other organisations that may also use your personal information for sending you Direct Marketing Communications.

 

Should you wish to cease receiving Direct Marketing Communications, you may request that the Company refrain from sending you any further information about products and services and that your information is not disclosed to other organisations for that purpose. You may exercise this option at any time by:

  • using the ‘unsubscribe’ feature included in the email;
  • replying with a text message sent from the Company with the word ‘STOP’; or
  • by contacting the Company.

Cookies

Internet cookies are small blocks of data that are placed on the hard drives of users during the data exchange that occurs when a browser points to a website. These cookies enable a website to store information on a user’s machine and retrieve it later. It is important to note that cookies can only store information that is explicitly provided by the user or visitor, or information that the website already knows about the user, such as their IP address.

The Company’s website utilises cookies for the purpose of identifying unique visitors to the site for statistical purposes. This visitor number will be held in a cookie on the user’s device for a fixed period of time, typically 30 days. Additionally, the cookie will store the user’s IP address.

The Company may also use Google Analytics to gather statistics on the usage of its website. Google Analytics employs cookies to collect information for the purpose of providing statistical reports. Information generated by the cookie regarding the user’s use of the website will be transmitted to and stored by Google on servers located outside of Australia. It is important to note that Google does not record or receive any identifying information.

To market its products and services, the Company uses third-party marketing platforms, such as Google Ads, Facebook, and Instagram. These platforms may serve ads to users on their own websites or on partner websites and apps. The use of these marketing platforms enables the Company to advertise and communicate with users based on profiles developed from their use of the Company’s website, personal information provided by the user, and their response to advertising messages.

Additionally, the Company may use third-party audience data from Google Analytics, such as age, gender, and interests to provide advertising that is tailored to the user’s preferences. No personally identifiable information is recorded or provided to these third parties. However, information generated by the cookie regarding the user’s use of the website may be transmitted to vendors and stored on servers outside of Australia.

The Company contracts with third-party service providers to market its products and services. These providers are obligated to protect any personal data with the same level of protection as that provided by the Company.

Most browsers can be configured to accept or reject cookies. Users have the option to adjust their browser settings to reject cookies or receive notifications when they are being used. It is important to note that rejecting cookies may result in a loss of some website functionality.

Cross Border Disclosure

Your personal information may be transferred and stored outside Australia, including to cloud-based storage entities and overseas data and website hosting facilities, if the Company has entered into contractual arrangements with third-party service providers to assist with providing services to you. Personal information may also be processed by staff or other third parties operating outside Australia who work for the Company or contracted suppliers, agents, partners, or related companies.

By submitting your personal information, you expressly agree and consent to the disclosure, transfer, storing, or processing of your personal information outside Australia. By providing this consent, you understand and acknowledge that countries outside Australia may not always have the same privacy protection obligations as Australia regarding personal information. The Privacy Act 1988 requires the Company to take reasonable steps to ensure that any recipients of your personal information outside Australia do not breach the privacy principles contained within the Privacy Act 1988. The Company acknowledges the importance of protecting personal information and has taken reasonable steps to ensure that third parties use your information securely and in accordance with the terms of this Privacy Policy.

Should you not consent to the disclosure, transfer, storing, or processing of your personal information outside of Australia, please contact the Company to discuss this matter further.

Data Quality and Security

The Company has implemented measures to safeguard your personal information. While all reasonable precautions have been taken to ensure information security, it is important to note that the Internet is not entirely secure. The Company is committed to taking reasonable steps to:

  • Ensure the accuracy, completeness and currency of personal information collected, used or disclosed;
  • Protect personal information from loss, unauthorized access, modification, disclosure and physical harm using both physical and computer security measures; and
  • Destroy or permanently de-identify personal information when it is no longer required for its intended purpose.

 

The accuracy of personal information is largely dependent on the accuracy of the information provided by members. Therefore, it is encouraged you:

  • Notify the Company of any errors in your personal information; and
  • Inform the Company of any changes to your personal information.

 

The Company conducts an annual review of the membership database, including all personal information. Current details on the system can be provided upon request prior to membership renewal to ensure accuracy.

 

Personal information collected will be destroyed when:

  • A member requests their membership to be terminated;
  • The Company is notified of a member’s death; or
  • A membership has lapsed and is not renewed within a six-month grace period.

Notifiable Data Breaches

If the Company suspects that a data breach has occurred, immediate steps will be taken to contain the extent of the breach and limit further access to the information.

Once the breach has been contained, the Company will assess the breach and investigate how the incident occurred within thirty (30) days. The Company will make an evidence-based decision as to the level of risk once the relevant information has been received.

If the risk is deemed high and serious harm is likely, the Company will notify the member whose data has been breached and the Office of the Information Commissioner Queensland. The notification will include any remedial actions taken by the Company in response to the breach.

Data Breach Response Plan

Step 1: Alert

When a privacy data breach is suspected or known to have occurred, all employees are required to immediately alert senior management from when the breach has been first identified.

The information that should be provided (if known) at this point includes:

  • Time and date of when the breach occurred
  • Description of the breach, including the type of personal information involved
  • Cause of the breach, including how it was discovered
  • Which system(s) are affected
  • Which directorate/faculty/institute is involved
  • Whether corrective action has occurred to remedy or ameliorate the breach

 

Step 2: Assess Potential Impact and Severity

Once senior management has been notified, the following will be investigated:

  • What data has been accessed
  • If personal information is involved
  • If the personal information is sensitive in nature
  • If there has there been unauthorised access to personal information or unauthorised disclosure of personal information or loss of personal information in circumstances where access to the information is likely to occur
  • The type and severity of personal information involved, considering the following:
  • Whether multiple individuals have been affected
  • Whether the information is protected by any security measures
  • The risk of who now has access
  • Whether there is currently or potentially a risk of serious harm to the affected individuals
  • Whether there could be media or stakeholder attention as a result of the breach

 

With respect to the above, serious harm could include physical, psychological, emotional, economic or harm to reputation, and is further outlined in Section 26WG of the Privacy Amendment (Notifiable Data Breaches) Bill.

 

Step 3: Required Actions by Senior Management

Senior management must ensure that immediate corrective action is taken, which may include:

  • retrieving or recovering the personal information
  • ceasing unauthorized access
  • shutting down or isolating the affected system

 

The IT company responsible for the Company’s online security will also be given access to relevant information, including the extent of the breach, and will assist in remediation and data retrieval as required.

The breach must be documented within 48 hours of being notified, and the report must include the following details:

  • description of the breach
  • corrective action taken
  • outcome of corrective actions
  • processes implemented to prevent recurrence
  • recommendation that no further action is required

 

This report must be lodged with the Office of the Information Commissioner Queensland, and the affected individuals should be notified as specified above within 30 days of the breach occurrence.

Storage of Personal Information

The Company employs a comprehensive system to safeguard personal information. Physical documents and files containing personal information are stored in restricted access areas, with access only granted to authorised personnel.

Electronic personal information is stored on servers that are owned and controlled by the Company or cloud storage providers. These servers are encrypted and feature a variety of security measures. All backup servers are maintained off-site by contracted IT service providers.

If deemed necessary, the Company may store personal information in a secure web-based application on a third-party-owned and operated data server. The Company will take reasonable measures to ensure that any third-party providers comply with the Australian Privacy Principles (APPs).

In compliance with relevant laws, the Company will destroy all personal information once it is no longer required, taking reasonable steps to de-identify the information.

Access to and Correction of your Personal Information

You possess the right to access any personal information held by the Company pertaining to you, unless exceptional circumstances authorised by law prevent it. Additionally, you are entitled to rectify and amend any erroneous, outdated, incomplete, irrelevant, or deceptive personal information.

If you wish to access and correct your personal records, communicate your request to the Company. However, before being granted access to any confidential information, you may be requested to present a satisfactory form of photographic identification. Non-compliance with this provision may lead to the denial of your request.

Consent

By visiting the Company premises, using the Company website, or accepting the terms and conditions of a product or service offer, which refer to this Privacy Policy, you hereby agree to be bound by the terms of this Privacy Policy.

The Company reserves the right to modify this Privacy Policy as necessary to meet business requirements. The Company will provide notice of any changes, whether by direct communication or by posting a notice on the website. Your continued use of our products, services, or website or your continued dealings with the Company after such notice shall constitute your agreement to the modified terms. If you do not agree to the continued use of your personal information due to changes in the Privacy Policy, please contact the Company.

Resolving Privacy Complaints

The Company has established an effective mechanism and procedure to address privacy-related complaints. All complaints shall be handled by the Assistant General Manager and reported to the Board as required. Complaints shall be dealt with in a timely and appropriate manner to enable quick decision-making if necessary.

If you have any concerns or complaints regarding the manner in which the Company has collected, used, disclosed or stored your personal information, you may contact the Assistant General Manager who serves as the Company Compliance Manager for the purpose of this document. You may reach the Assistant General Manager at jake@eastsleagues.com.au.

To ensure confidentiality, please label your correspondence as ‘Attention: Assistant General Manager’. In order to resolve a complaint, the Assistant General Manager will:

  • Work with you to determine the nature and cause of the complaint;
  • Request that you submit the complaint details in writing;
  • Request that you provide all supporting documentation;
  • Keep you informed of the anticipated timeframe for a response; and
  • Inform you of the legislative basis (if any) for the decision in resolving the complaint.

The Company shall keep a record of the complaint and any actions taken in a privacy register.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: