VICTORIAN HERITAGE DATABASE AND VIC HERITAGE APP

WEBSITE/APP PRIVACY STATEMENT

Introduction

The Heritage Council of Victoria (Heritage Council) is committed to protecting the privacy of your personal information according to the principles set out in the Privacy and Data Protection Act 2014 (Vic). This is an important aspect of the way the Heritage Council creates, organises and implements its business activities.

This privacy statement sets out how the Heritage Council handles/applies the Information Privacy Principles to personal information collected as you access and interact through the Victorian Heritage Database Website (VHD Website) and the Victorian Heritage iPhone Application (Vic Heritage App). 

This privacy statement also outlines how the VHD website and Vic Heritage App interacts with linked third party websites and web applications, however this privacy statement does not apply to third party websites and web applications (as these are externally controlled). 

Please be aware that if you access other websites using links from the VHD Website or Vic Heritage App you will be subject to the terms and conditions of the website you visit, including any level of privacy protection offered. 

The Heritage Council recommends you familiarise yourself regularly with any applicable third party terms and conditions (including any privacy policy or statement).

The Heritage Council may update this privacy statement from time to time. Any changes will be published on the VHD Website http://vhd.heritagecouncil.vic.gov.au.


About the Heritage Council

The Heritage Council of Victoria (Heritage Council) is an independent statutory body which identifies and protects places and objects of cultural heritage significance to the State of Victoria, to ensure Victoria’s diverse cultural heritage is enjoyed, managed and protected for current and future generations.

Pursuant to the Victorian Heritage Act 1995 a statutory function of the Heritage Council is to promote public understanding of Victoria’s cultural heritage and develop and conduct community information and education programs. This function underpins the collection and sharing of user generated content about Victoria’s heritage places and objects through the VHD website and Vic Heritage App.

Collection of personal information

If you choose to create a VHD account on the VHD website or through the Vic Heritage App for the following purposes:
•    Save a shortlist of searches/records for future use
•    Create edit and submit your own heritage tours
•    Contribute content (text or images)

The following types of Personal information are collected:
•    your name
•    your email address
•    Content (text notes and electronic image files) that you choose to contribute, including any forum topics or replies that you submit
•    metadata relating to any electronic communications that you send, such as your electronic address, time and date sent, time and date received, unique message identification, message type, message length, etc.

IP Address Information

In order to assist us to improve our service the VHD Website collects anonymous information through web servers for statistical purposes.  This includes information such as the number, date and time of visits to the website and frequently visited website pages.

Please note that the VHD web server access logs record IP addresses, but these cannot be associated with any particular registered user.  IP addresses are not recorded or stored by the VHD website, nor does the VHD website record when users have last logged in.

Cookies

The VHD Website uses cookies for certain services to assist the Heritage Council to make your online experience easier and more efficient.  Cookies are not used by the Heritage Council to identify you or record any of your personal information.

For instance, session cookies are used for logged in users to enable the website to remember your preferred settings for subsequent visits.  If a you select the 'remember me' function when logging in the session cookie is stored on your system indefinitely or until you manually logs out.

A cookie is a small data file that is shared between a web server and a user's browser. Cookies can provide various types of information, depending on how they are used. This may include information about a user's identity and website visiting patterns and preferences.

You may set your browser to identify the presence of cookies, and to give you the option of accepting or rejecting them. However, a website or web application may not function fully if you disallow cookies.

User Location Data

The VHD Website has a ‘find places near me’ function which optionally requires you to share your location in order to deliver a location-based service.  The ‘Show places near me’ function on the map does not retain any user location information for any period of time.

The W3C Geolocation API Specification has been implemented for the GPS Location Services function:
•    Users are asked permission to use their location
•    Only users estimated geolocation points, latitude and longitude are used
•    The geolocation is only used to find Places near to the user, and not used or passed to any external sources.
•    These geolocation points are not stored permanently anywhere within the website.

Please be aware when using location tracking capabilities on any mobile device, that potentially sensitive personal information can be inferred about an individual knowing only their mobility trace. Even where no mobile numbers or personal details are associated with location information, such supposedly anonymous data can often be linked back to individuals.

Accordingly, the Heritage Council recommends you turn GPS off on your mobile device when not using it.

Use and disclosure of personal information

The Heritage Council will use or disclose personal information that we collect from you only:
•    For the primary purpose for which it was collected (VHD administration)
•    For a related secondary purpose for which you would reasonably expect
•    With your consent
•    For uses required or authorised by law; or
•    For any other purpose permitted under the Privacy and Data Protection Act 2014

Subject to the requirements of the Privacy and Data Protection Act 2014 the Heritage Council may need to disclose personal information which it collects to:
•    The Heritage Council’s service providers which provide website, archival, auditing, professional advisory, mail house, delivery, technology, research, utility, security, electronic payment or application processing services
•    Organisations acting on your behalf, for example your solicitor or interpreter.

Data Security

The Heritage Council has implemented technology and security policies to protect the personal information which it collects through this web presence.

Please be aware that there are inherent risks which you accept when transmitting information across the internet:
•    Any personal information or content which you post may be accessible to third parties who may use it for unauthorised purposes.
•    You acknowledge and agree that the Heritage Council is not responsible for any such use or disclosure, as we cannot ensure or warrant the security of any information transmitted.

The Heritage Council will take reasonable steps to remove personal information from its system where it is no longer required for the purpose for which it was collected or any other purpose (including archiving) permitted in accordance with Privacy and Data Protection Act 2014

However please note that even where the Heritage Council removes your information, it may remain on external servers indefinitely.

User Generated Content collected is stored using Amazon CloudFront software run by Amazon S3:
•    The Amazon Web Services (AWS) compliance http://aws.amazon.com/compliance/ and security webpages http://aws.amazon.com/security/ provide details on controls in place at AWS to maintain security and data protection. 
•    A whitepaper on Amazon Web Services – Overview of Security Processes is also available: http://aws.amazon.com/security/security-resources/

Data Quality and Access and Correction

The Heritage Council will take reasonable steps to ensure that personal information is accurate, complete and up to date whenever we collect, disclose or use it.

The Heritage Council relies upon you to:
•    Ensure that any personal information that you provide to, or make available on this web presence is accurate, current, complete and relevant
•    Advise it of any changes to such personal information.

Please note the following in relation to changes to VHD Account Information and User Generated Content (UGC):
•    Users with an account can change their email address, password, first name and last name online.
•    Once submitted and published UGC can only be edited by administrators, however users can choose to delete their UGC (notes and images).
•    Once submitted Tours can no longer be edited by users, however users can choose to delete tours.

To request access or other changes to your personal information please contact the Manager, Heritage Council Secretariat, Heritage Council of Victoria.  Generally informal access will be possible however, in some situations you will be required to make a formal application under the Freedom of Information Act 1982.  E.g. where providing access would compromise another persons' privacy.


Anonymity Options

You can search the VHD anonymously without setting up an account.  If you choose to set up an account this allows you to tag records and save searches for future use.

It also allows Heritage Victoria to contact account holders, this might include verifying information submitted, seeking further information, or advising of proposed VHD updates or known issues.

If you choose to publish User Generated Content (UGC) on the VHD Website you can also choose whether to publish your name alongside the UGC, and whether you wish to be contacted via other individuals.

This is done by optionally selecting the following options each time you submit UGC:
•    Please show my name with this note; and
•    Allow my account to be anonymously contacted.

If you select ‘Allow my account to be anonymously contacted’ another individual can send an email to the author of the UGC, however the other individual will not see the UGC author’s email address. The email will be received by the VHD moderator and if appropriate transmitted to the UGC author’s email account.

Unless the first option ‘Please show my name with this note/image’ is selected, then the default setting is for moderated UGC to display without disclosing the UGC author’s identity.

Unless the second option ‘Allow my account to be anonymously contacted’ is selected, then the default setting if for other individuals not to be able to contact the UGC author.


Transborder Data Flows

Personal information submitted on the VHD website or Vic Heritage App will be transferred outside Victoria, and be disclosed to:
•    SKEX IT Services for the purposes of VHD webhosting.  Your personal information will be physically stored on a data server located in NSW subject to the protections provided in the Victorian Information Privacy Principles.
•    Amazon S3 for the purpose of storage of user generated content (comments and images). Your personal information will be physically stored on a data server located in the United States (US) and may be accessed by US authorities under the USA Patriot Act. By submitting content you agree to transfer the jurisdiction for privacy laws to the US.

User Generated Content collected is stored using Amazon CloudFront software run by Amazon S3:
•    The Amazon Web Services (AWS) Compliance webpage provides details on controls in place at AWS to maintain data protection: http://aws.amazon.com/compliance/ 
•    The Amazon Web Services (AWS) Privacy Policy is available at: http://aws.amazon.com/privacy/

Web statistics data collection and Third Party Cookies – Google Analytics

The VHD website and Vic Heritage App uses Google Analytics to collect and report on the following information about usage statistics on a global level:
•    Server address
•    Top level domain name (e.g. .com, .au, .gov)
•    The date and the time of an individual's visit to the site
•    The pages an individual accessed and downloaded
•    The address of the last site an individual visited
•    An individual's operating system
•    The device an individual is using
•    The type of browser an individual is using.

The information may be automatically recorded for statistical and system administration purposes only, and will not be used by the Heritage Council to identify you or match with any of your personal information, unless otherwise required or authorised by law.

Google have developed the Google Analytics opt-out browser add-on for the Google Analytics JavaScript (ga.js, analytics.js, dc.js).  If you want to opt out of Google Analytics, you can download and install the add-on for your web browser here: https://tools.google.com/dlpage/gaoptout?hl=en.”

For more information about Google analytic cookies, please see:
•    Google's Privacy Policy: http://www.google.com/intl/en/policies/privacy/
•    Google Analytics Help pages: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Third Party Cookies – ShareThis

The VHD website and Vic Heritage App uses social media sharing (via the ShareThis service) to give your the option to share stories on social networks such as Facebook and Twitter. To deliver this service we use share buttons to link to a third party website called ShareThis.

ShareThis uses cookies to collect information about your internet browsing patterns for the purpose of delivering targeted advertising.  We have no control over the cookies that ShareThis sets when you use its services, however you can opt out of ShareThis’s use of your usage information by clicking on the Opt Out button for advertising cookies at the bottom of the ShareThis privacy policy page.
 
By opting out, ShareThis advise they will set an opt-out cookie on your Internet browser, which will prevent your usage information from being matched to any particular Internet browser.

Please note that if you change browsers (including, using a browser on a different computer), delete your cookies, or use multiple browsers (either on the same computer or different computers), you will need to repeat this process for each computer/device and each browser.”

Please consult the ShareThis privacy policy for further details: http://www.sharethis.com/legal/privacy/

Further information and privacy contact details

The Heritage Council of Victoria will be efficient and fair when responding to privacy complaints. 

For further information about the handling of personal information by the Heritage Council, please contact:

The Manager, Heritage Council Secretariat
Heritage Council of Victoria
GPO Box 2392, Melbourne Victoria 3001
Telephone: (03) 9208 3344
Email: heritage.council@delwp.vic.gov.au
For further information about the protection of information (including personal information) held by the Victorian public sector please contact:

Office of the Commissioner for Privacy and Data Protection (Privacy and Data Protection Victoria)
http://www.dataprotection.vic.gov.au/
enquiries@cpdp.vic.gov.au