Privacy Policy

SafeWork NSW Privacy Collection Statement – 23rd World Congress on Safety and Health at Work

This Privacy Collection Statement was published on 22 September 2021 and last updated on 25 August 2022.  

SafeWork NSW is part of the NSW Department of Customer Service (SafeWork NSW, we or us) and is a co-organiser of the 23rd Congress on Safety and Health at Work being held in Sydney at the International Convention Centre in 2023 (the Congress). For the purposes of the General Data Protection Regulation (EU) 2016/679 (EU GDPR) and the EU GDPR as incorporated in the UK (UK GDPR) (together, the “GDPR”), SafeWork NSW is the controller of your personal information (also referred to in the GDPR as “personal data”).  

This Privacy Collection Statement describes how SafeWork NSW will handle personal information we collect from you or which you provide to us as we carry out our obligations as a co-organiser of the Congress. This Privacy Collection Statement also applies when you visit the public pages on the website for the Congress, being the website available at https://www.safety2023sydney.com/ (Congress Website). 

We may update or modify this Privacy Collection Statement from time to time. The amended document will be posted to the Congress Website and will operate from the time it is posted. 

This Privacy Collection Statement explains how we use, store and share the personal information we collect about you, how you can exercise your rights in respect of that information and the procedures we have in place to safeguard your privacy. 

We comply with all applicable laws which relate to the protection of individuals with regards to the processing of personal information including the Privacy and Personal Information Protection Act 1998 (NSW), the Health Records and Information Privacy Act 2002 (NSW) and the GDPR (together, the Privacy Laws). 

The Congress is being co-organised by SafeWork NSW, the International Labour Organization (ILO) and the International Social Security Association (ISSA). This Privacy Collection Statement does not apply to any personal information which the ILO or the ISSA collects from you. Please refer to the applicable privacy statement of the ILO or ISSA for further information in respect of how those organisations handle your personal information. 

What information do we collect in our general dealings with you? 

SafeWork NSW will collect the personal information we need to carry out the Congress and to provide you with services in relation to the Congress. The types of personal information we may collect from you in our general dealings with you in relation to the Congress may include: 

• your name; 

• your title and pronouns; 

• your contact details (i.e. your email address and phone number); 

• the email address of the individual who booked / paid for your registration; 

• your gender; 

• your age group; 

• your postal address including city and country; 

• whether you identify as an Indigenous person or are of Aboriginal or Torres Strait Islander origin; 

• your position / job title including your level of seniority; 

• the organisation you work for; 

• the sector you work in; 

• if you are a student, your student ID details which may include the university you attend and your course; 

• if you are submitting abstracts and fellowship applications, your membership of a society / organisation, biography and headshot photo; 

• if you are reviewing abstracts, your prior experience of the work health and safety industry and reviewing abstracts and the languages you are able to review in; 

• your dietary or accessibility requirements; 

• your preferences and/or interests in relation to the Congress (for example, whether you are interested in attending, presenting, exhibition / trade display opportunities, sponsorship opportunities, fellowship programs etc.); 

• your attendance at World Congress social events, 

• whether you have previously attended a World Congress on Safety and Health at Work; and 

• how you heard about the Congress. 

When do we collect your personal information? 

We collect your personal information when you engage with us in relation to the Congress, including: 

• when you visit the Congress Website; 

• when you register your interest in the Congress with us; 

• when you register to receive information from us in relation to the Congress; 

• when you register to attend the Congress; and 

• when you contact us in relation to the Congress, whether by phone, email or in person at the Congress. 

SafeWork NSW usually collects personal information directly from you or someone you authorise to act on your behalf. However, we may also collect information about you indirectly, including from: 

• our agents or contractors in connection with the Congress; and 

• the ILO, the ISSA or a previous host of the World Congress on Safety and Health at Work. 

Our legal basis for processing your personal information 

When we process your personal information we are required to have a legal basis for doing so. There are various different legal bases upon which we may rely, depending on what personal information we process and why. Under the GDPR the legal bases we may rely on include: 

• consent: where you have given us clear consent for us to process your personal information for a specific purpose; 

• contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract; 

• legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations); and 

• legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests).  

Where we have determined, acting reasonably and considering the circumstances, that we are able to rely on legitimate interests as the lawful basis on which to process your personal information, we have stated this below and set out our legitimate interests. We have reached this decision by carrying out a balancing exercise to make sure our legitimate interest does not override your privacy rights as an individual.  

Why do we collect your personal information? 

SafeWork NSW will collect your personal information so that we can provide you services in relation to the Congress. Please read the following sections for further details on what personal information we collect, the purposes for the processing / why we collect your personal information, the lawful basis for processing and the periods for which your personal information will be stored. 

 

What information we ask for / collect	Purposes for processing of your information	Lawful basis for processing / Storage of personal information
Contact details: your first name, email address, organisation, and role.	Where you have signed up to receive our newsletter, we use this information to provide you with our newsletter from time to time.	As regards GDPR, we rely on consent as the lawful basis for collecting and using your personal information.  We will keep this information for as long as it is necessary.
Contact details: your first and last name, title, telephone number, booker/payee email, your email, and postal address.  Personal details: your gender, your identifying pronouns, if you identify as an indigenous person, if you identify as a person of Aboriginal or Torres Strait Islander origin, your dietary or accessibility requirements, and age.  Employment details: your position / job title, your seniority, the organisation you work for and the sector you work in.  Student details: your student ID details such as the name of the university you attend or your course details.  Congress details: your preferences and/or interests in relation to the Congress, your attendance at World Congress social events, whether you have previously attended a World Congress and how you heard about the Congress.	We use this information to facilitate, process and manage your registration for the Congress.	As regards GDPR, we rely on contract as the lawful basis for collecting and using your personal information as we need to process this information to process your registration for the Congress and provide our services to you.  We will keep this information for as long as it is necessary.
Contact details: your first name, email address, organisation, and role.	Where you have registered for the Congress, we use this information to contact you in relation to the Congress, including sharing event updates with you via email from time to time.	As regards GDPR, we rely on contract as the lawful basis for collecting and using your personal information as we need to process this information to provide you with updates about the Congress and provide our services to you in connection with our contract with you.  We will keep this information for as long as it is necessary.
Contact details: your name, email address and phone number.	Subject to receiving your consent to do so, we use this information to notify you of SafeWork NSW’s and other third parties’ (such as our sponsors’) services, opportunities, products or benefits which are being offered in connection with the Congress. We also use this information to notify you of SafeWork NSW’s and other third parties’ products and services which are relevant to the topic of work health and safety and the tourism industry in Australia. We may do this via various marketing channels, such as email, SMS, online, mail or over the phone.	As regards GDPR, we rely on consent as the lawful basis for collecting and using your personal information.   We will keep this information for as long as it is necessary. If you have unsubscribed from these communications, we will delete your contact details from our marketing list.
Congress details: your preferences and/or interests in relation to the Congress, whether you have previously attended a World Congress and how you heard about the Congress.	We use this information to understand and analyse audience segments in terms of industries, job roles, topics of interest and other information.	As regards GDPR, we rely on legitimate interests as the lawful basis for collecting and using your personal information. Our legitimate interests include developing and increasing our knowledge of the attendees of the Congress.  We will keep this information for as long as it is necessary.
Contact details: your name, phone number, address and email address (including the emails of any co-authors).  Personal details: your title, gender, headshot photo (optional), member of society/organisation (optional), biography (optional) and pronouns (optional).	We use this information to facilitate the submission of your abstract, to contact you in relation to your abstract and generally to manage your role and our relationship with you.	As regards GDPR, we rely on legitimate interests as the lawful basis for collecting and using your personal information.   Our legitimate interests include using the abstracts which are submitted in order to build the programme for the Congress.   We will keep this information for as long as it is necessary.
Contact details: your name, phone number, address and email address.  Personal details: your title, gender, age (optional) and pronouns (optional).	We use this information to facilitate the submission of your fellowship application, to contact you in relation to your application and generally to manage our relationship with you.	As regards GDPR, we rely on contract and legitimate interests as the lawful bases for collecting and using your personal information.   Our legitimate interests in fellowship applications include enabling our commitment to improve equality of access and assisting participants to share a global exchange of knowledge and experience at the Congress.  We will keep this information for as long as it is necessary.
Contact details: your first name, last name, email address, work number, mobile number and address.  Personal details: title, organisation, job position and organisation’s website.	We use this information to facilitate the booking of sponsorship opportunities and to contact you in relation to your application to sponsor or exhibit at the Congress (and if successful, to manage your role as a sponsor or exhibitor at the Congress and our relationship with you).	As regards GDPR, we rely contract and legitimate interests as the lawful bases for collecting and using your personal information.   Our legitimate interests include being able to contact organisations in respect of their sponsorship or exhibit application, and to facilitate, sponsorship opportunities for the Congress.   We will keep this information for as long as it is necessary.
Contact details: your first name, last name and email address, mobile number (optional) and location.  Personal Details: title (optional), organisation, job position and your prior experience of the work health and safety industry and reviewing abstracts and the languages you are able to review in.	If you are applying to review abstracts for the Congress, we use this information to consider and contact you in relation to your application to review abstracts and manage your role as a reviewer of abstracts for the Congress and our relationship with you.	As regards GDPR, we rely on legitimate interests as the legal basis for collecting and using your personal information.  Our legitimate interests include being able to manage and progress abstracts prepared for the Congress and our relationship with you.  We will keep this information for as long as it is necessary.

 

Who do we share your personal information with? 

The personal information we collect from you when you register to attend the Congress, whether as an attendee, presenter, exhibitor, sponsor or otherwise, will be stored by SafeWork NSW in an event database. 

Your personal information may also be disclosed to our service providers engaged in connection with the delivery of the Congress, such as professional conference organisers. 

Transfer of your personal information outside of the UK or to a non-EU (or non-EEA) country  

If you are based in the United Kingdom (UK) or the European Union (EU) / European Economic Area (EEA), and you provide, or we collect personal information from you, your information may be transferred to us, and stored at, a destination in Australia. 

As referred to in the ‘Who do we share your personal information with’ section above, we may also disclose your personal information to our service providers engaged in connection with the delivery of the Congress who may be based in countries outside of the UK or EU / EEA including Australia. 

Whenever we transfer personal information outside of the UK or to a non-EU (or non-EEA) country, we ensure at least one of the following safeguards is implemented: 

• we will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission (and as recognised by the UK); or 

• we may enter into standard contractual clauses (or equivalent measures) with the third party located outside of the UK or EEA. 

Please contact us using the contact details set out in the "Contacting us" section to request further details or a copy of our appropriate safeguards.  

How long is my personal information retained for?  

We retain your personal information for as long as required for the purposes set out in this Privacy Collection Statement. Once we no longer have a legitimate business need to process your personal information, we follow our applicable procedures and standards and either delete or anonymise your personal information. 

Opting in or out 

At the point we collect information from you, you may be asked to “opt in” to consent to us using or disclosing your personal information. For example, you may be asked to opt-in to receive further information or communications from our advertisers and supporters. 

You will generally be given the opportunity to “opt out” at any time from receiving communications from us or from third parties that send communications to you in accordance with this Privacy Collection Statement. For example, you will be given the option to unsubscribe from e-newsletters and other marketing or promotional material sent by us. You may “opt out” from receiving these communications by clicking on an unsubscribe link at the end of the email or via the other unsubscribe methods we communicate in the message. 

You can also let us know that you would like to “opt out” by contacting us using the contact details set out in the "Contacting us" section. In your request, please indicate that you wish to stop receiving marketing communications from us. 

What information do we collect when you visit the Congress Website? 

When you look at the pages on the Congress Website, our computers automatically record information that identifies the following types of information, for each page accessed: 

• the IP (Internet Protocol) address of the machine which has accessed it; 

• your top-level domain name (for example .com, .gov, .au, .uk etc.); 

• the address of your server; 

• the date and time of your visit to the Congress Website; 

• the pages accessed and documents downloaded; 

• the previous site visited; and 

• the type of browser and operating system you have used. 

Cookies 

In addition to the above types of technical information, the Congress Website uses cookies. If you would like to find out more about our use of cookies, please refer to our Cookie Policy, which explains our use of cookies and other web tracking devices via the Congress Website. 

How do we use the information collected from the Congress Website? 

Please read the following sections for further details on what information we collect from the Congress Website, the purposes for the processing / why we collect your personal information, the lawful basis for processing and the periods for which your personal information will be stored. 

What information we collect	Purposes for processing of your information	Lawful basis for processing / Storage of personal information
Technical information:   the IP (Internet Protocol) address of the machine which has accessed the Congress Website;  your top-level domain name (for example .com, .gov, .au, .uk etc.);  the address of your server;  the date and time of your visit to the Congress Website;  the pages accessed and documents downloaded;  the previous site visited; and  the type of browser and operating system you have used.	The information collected during each visit to the Congress Website is aggregated with similar logged information and published in reports in order for SafeWork NSW to identify patterns of usage of the Congress Website.	As regards GDPR, we rely on legitimate interests as the lawful basis for collecting and using your personal information. Our legitimate interests include that the collection and use of this information will assist us in improving the Congress Website and the services offered on it.    We will keep this information for as long as it is necessary.

 

SafeWork NSW will not disclose or publish information that identifies individual computers, or potentially identifies sub-groupings of addresses, without consent or otherwise in accordance with the Privacy Laws and Data Sharing (Government Sector) Act 2015 and any other applicable laws. 

What exceptions are there to this rule? 

SafeWork NSW will collect, use and disclose more extensive information than stated above in the following circumstances: 

• unauthorised attempts to access files which are not published on the Congress web pages; 

• unauthorised tampering or interference with files published on the Congress Website; 

• unauthorised attempts to index the contents of the Congress Website by other sites; 

• attempts to intercept messages of other users of the Congress Website; 

• communications which are defamatory, abusive, vilify individuals or groups or which give rise to a suspicion that an offence is being committed; and 

• attempts to otherwise compromise the security of the web server, breach the laws of the State of New South Wales or Commonwealth of Australia, or interfere with the enjoyment of the Congress Website by other users. 

As regards GDPR, we rely on legitimate interests as the lawful basis for collecting, using and disclosing your personal information in the above circumstances. Our legitimate interests include protecting and maintaining the security, safety and reputation of the Congress Website, the web server and SafeWork NSW’s, the NSW Government’s and the Commonwealth of Australia’s information, data and property. 

SafeWork NSW reserves the right to make disclosures to relevant authorities where the use of this Congress Website raises a suspicion that an offence is being, or has been, committed. 

In the event of an investigation, SafeWork NSW will provide access to data to any law enforcement agency that may execute a warrant to inspect our logs in order to comply with our legal obligations. 

Hotjar 

This section explains the details of how Hotjar collects information from your browser and device when you access the Congress Website. 

To improve the experience for our website visitors and the performance of the Congress Website, we use the services of Hotjar to analyse online behaviour on the Congress Website. The Hotjar analysis tools allow the measurement and observation of website visitors whilst the surveys and polls allow our users to have their say. 

The Congress Website has a tracking code to capture specific data related to the user’s interaction with a particular webpage. The sole purpose of passively collecting information is to improve user experience on the Congress Website. 

Types of information that may be collected and processed by Hotjar 

Device-specific data 

The following information (which may include personal information under applicable Privacy Laws) may be collected related to a device and browser: 

• the IP address (captured and stored in an anonymised format as described in the Hotjar Technical Information); 

• device screen resolution; 

• device type (unique device identifiers); 

• operating system; 

• browser type; 

• geographic location (country only);  

• preferred language; 

User interactions 

• Mouse events (movements, location and clicks); 

• Keypresses; 

Log data 

For a sampling of visitors, Hotjar servers automatically record information which is collected from the Congress Website. This data includes: 

• referring domain; 

• pages visited; 

• geographic location (country only); 

• preferred language used to display the webpage; and 

• date and time when website pages were accessed. 

For more info about the cookies Hotjar uses in respect of the Congress Website, please see our Cookie Policy below. 

Is the information stored securely? 

Yes. Information collected is stored in an appropriately secure format and held by SafeWork NSW for archival purposes. When the information is no longer required for the purposes for which it was collected it is deleted or anonymised. 

Who else has access to information within SafeWork NSW? 

The Corporate Services division of the Department of Customer Service captures this information on its own computers and through the use of third-party analytical software such as Google Analytics. Access to the raw data is restricted to a limited number of officers within the Department and our third party service providers for the purpose of analysis and to report on the success of the Congress Website in meeting the Department's communication and access objectives. 

Additional Information 

The supply of your personal information to SafeWork NSW is entirely voluntary. However, if you do not supply your personal information to SafeWork NSW we may not be able to provide you with services in connection with the Congress, including that you may not be able to register to attend the Congress. 

Your Rights 

If you are based in Australia, you can request access to any information we hold about you and ask us to correct it if it is inaccurate. The process for requesting this information is identified in our Privacy Management Plan. 

Where the GDPR applies to you, you also have a number of further rights which are free of charge. In summary, those include rights to: 

• access your personal information; 

• require us to correct any mistakes in your information which we hold; 

• require the erasure of personal information concerning you in certain situations; 

• receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations; 

• object at any time to processing of personal information concerning you for direct marketing; 

• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; 

• object in certain other situations to our continued processing of your personal information; 

• otherwise restrict our processing of your personal information in certain circumstances; and 

• withdraw your consent where we are relying on it to process your personal information. 

In some instances, we may be unable to carry out your request, in which case we will write to you to explain why. 

Privacy complaints about the conduct of SafeWork NSW 

If you are unhappy with the way SafeWork NSW has dealt with your personal information, you can make a complaint – either directly to us or to the NSW Privacy Commissioner (see below). 

Complaints to us should be in writing, addressed to SafeWork NSW, specifying a return address within Australia, and be lodged with SafeWork NSW within 6 months of the time when you first became aware of the conduct you are complaining about. 

Privacy complaints can also be directed to the NSW Privacy Commissioner (www.ipc.nsw.gov.au). The Commissioner does not have power to make orders or to award compensation but will conciliate complaints by assisting parties to reach a decision. 

If you are based in UK or EU, the GDPR also gives you the right to lodge a complaint with a supervisory authority, in particular in the UK or the EU (or EEA) member state where you work, normally live or where any alleged infringement of Privacy Laws occurred. 

The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/. 

Further information about our handling of complaints is available in our Privacy Management Plan. 

Contacting us 

If you would like to know more about how we handle your personal information or have a privacy enquiry you can contact us using any of the following means: 

Name: Sue Stewart, Manager, Privacy and Right to Information 

Email: brdprivacy@customerservice.nsw.gov.au 

Mail:  SafeWork NSW, Locked Bag 2906 Lisarow NSW 2252