Sydney Harbour Bridge Museum
Book Now
Experiences
Events & Tours
Plan Your Visit
BridgeClimb
Gift Vouchers

Privacy Policy

1. Purpose

In this Privacy Policy, Feliz Puente Pty Ltd (ACN 625 999 877) and its associated entities (trading as “BridgeClimb” and “Sydney Harbour BridgeMuseum”) are referred to as we, our and us.  We are committed to managing your personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) and binding codes issued under the Privacy Act.  Personal information is any information or opinion about a person, who is identified or reasonably identifiable, whether or not that information or opinion is true.

If we change this policy, we will post the revised policy, on our website, with an updated ‘last updated’ date. If we make significant changes to the policy, we may also notify you by other means such as sending an email or posting a notice on our home page. For our team members and contractors, if we change this policy we will notify you by sending you an email or through other internal communication channels.

If you are located in the European Union (EU), you have additional rights under the General Data Protection Regulation (GDPR).  Details of those additional rights and how you may exercise them are set out at the end of our Privacy Policy. 

2. Collection 

2.1 Types of information collected
The personal information collected and maintained by us will depend on our interaction with you. If you are a climber with BridgeClimb or a visitor to the BridgeMuseum, the kinds of information we typically collect include your name, address, contact details, health and safety information, age, emergency contact details, account and newsletter preferences, information collected through the use of photography, camera surveillance (as further described below) and other information relevant to providing you with the services you are, or someone else you know, is seeking. 

Where you book an experience directly through our website, we will also collect credit card or debit card information. 

We may also collect details of your experience or events which you have attended, and details of your preferences or interests, where you have provided such information to us. 

If you are a job applicant, a team member or contractor, the kinds of information we may collect will also include information necessary to administer our potential or actual working relationship, include your name, address, gender, contact details, emergency contact details, bank account and financial details, ABN, tax file numbers, medical information, police checks, current and past employment information, educational qualifications, details of referees or performance records and training. 

We may also collect and hold sensitive information about customers, team members and contractors, including information about your health and any medical conditions, biometric data (for team members), racial or ethnic origin. We will only do this with your consent or where otherwise permitted by law. 

2.2 Method of collection
We generally collect your personal information directly from you through the use of any of our standard forms, through our website, in person, in writing, over the telephone, by email or through social media, such as our official pages on Facebook, Twitter and Instagram or from our LinkedIn page.

In some circumstances, we may also collect your personal information indirectly from third parties because it is unreasonable or impracticable to collect personal information directly from you such as through referees listed on your CV, your next of kin (for example if a parent or guardian is completing a form on behalf of a minor) or from agents through whom you have made bookings. 

We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected. If we receive unsolicited information about you that we do not ask for or which is not directly related to our functions or activities, we may be required to destroy or de-identify that information, provided it is lawful and reasonable to do so.

2.3 Use of CCTV and biometric information
We take photographs and video footage and use CCTV (including audio and visual) for security and to facilitate our photo and video services. We include appropriate signage at our venues to alert you to this, and by remaining at our venues, you consent to this information being collected. If you pre-select photos, you are consenting to us taking those photos and collecting the personal information included in them. 

Our Photo Privacy Policy, which is available on our photo site at www.bridgeclimbphotos.com, sets out further detail. 

Where you are hired as a team member, we may use biometric data to register your time worked. Biometric data uses technology to scan an electronic copy of an individual’s biometric information. Humanforce is our third party supplier that collects and stores this biometric data. Humanforce will only use and disclose biometric data for the primary purpose of registering time worked, unless authorised by the individual. 

2.4 Failure to provide information
You can always decline to give us any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested. If you have any concerns about personal information we have requested, please let us know.

3. Use and Disclosure 

3.1 Purpose of collection
The personal information that we collect and hold about you, depends on your interaction with us.  Generally, we will collect, use and hold your personal information if it is reasonably necessary for or directly related to the performance of our functions and activities and for the purposes of: 

(a) providing our services to you or someone you know;

(b) conducting and facilitating our internal business operations including the fulfilment of any legal requirements; 

(c) to establish, maintain and monitor security, health and safety; 

(d) communicating with you about our products or services (for instance booking confirmations); 

(e) if you have consented to marketing or otherwise permitted by law, informing you about products or services which we think may be of interest to you; 

(f) if you have consented to marketing or otherwise permitted by law, providing you with information about other services that we and other organisations that we have affiliations with, offer that may be of interest to you;

(g) if you have consented to marketing or otherwise permitted by law, providing you with information relevant to your type of business or other area of expertise or interest;

(h) If you have consented to the use of photography, providing you with the photos for purchase through our photo site (in accordance with our separate Photo Site Privacy Policy); 

(i) analysing our services and customer needs with a view of improving, supporting and enhancing our services; or

(j) contacting you to provide testimonial for us. 

If you are a team member or consultant, we will use your personal information to administer our employment or consulting relationship, including to fulfil our legal obligations in connection with that relationship. 

Except as otherwise permitted by law, we only collect sensitive information about you if you consent to the collection of the information and if the information is reasonably necessary for the performance of our functions, as set out above.

3.2 Laws under which personal information is collected and used
In Australia, we collect personal information to assist us to fulfil our legal and regulatory obligations, including: 

(a) employment law obligations under the Migration Act 1958 (Cth) and the Fair Work Act 2009 (Cth)), and taxation and superannuation law obligations under the Income Tax Assessment Act 1936 (Cth) and Part 25A of the Superannuation Industry (Supervision) Act 1993 (Cth); and 

(b) corporate record keeping obligations under the Corporations Act 2001 (Cth), the Competition and Consumer Act 2010 (Cth) and the A New Tax System (Goods and Services Tax) Act 1999 (Cth).

3.3 Disclosure to third parties and other organisations
Generally, we only disclose your personal information to others for the purposes specified in the section above. We may disclose personal information about you: 

(a) to our related entities such as Hammons Holdings Pty Ltd and other members of the Hammons Holdings Pty Ltd group of companies to facilitate our and their internal business processes; 

(b) to third party service providers, who assist us in supplying our services or who perform functions on our behalf, such as support services, technology hosting and cloud service providers and these service providers may not be required to comply with our privacy policy; 

(c) where required or authorised by law to do so;

(d) to professional service providers (such as our lawyers or auditors) and to regulatory authorities and law enforcement agencies so that we may, for example, comply with our legal obligations;

(e) if you have consented to marketing or otherwise permitted by law, to other organisations with whom we have affiliations so that those organisations may provide you with information about services; 

(f) in relation to our cash back offers; and 

(g) in the context of a corporate transaction, to a potential target, acquirer or merger party where reasonably necessary to complete that transaction.

The recipients of this information will be contracted to work with us and will be subject to providing sufficient evidence of their information security protocols.

3.4 Overseas disclosure
We are likely to disclose your personal information to third parties which are based overseas and assist us with the operation of our business. Currently these third parties (which are located in the USA) provide us with marketing, work management platforms and data storage.  Before disclosing personal information to overseas recipients, we take reasonable steps, in the circumstances, to ensure that the overseas recipients handle the personal information in accordance with the Privacy Act and APPs.  

4. Direct Marketing 

Our direct marketing is conducted via a range of communication channels. We communicate by email and will only send you any advertisement, marketing or promotional material or product information, if you have elected to receive such information. You can change your mind about your preferences in respect of direct marketing at any time by using the unsubscribe information on every such contact, by updating your user profile or account data or by contacting us directly. Our contact details are below.

5. Tax File Numbers 

We collect, use, store and disclose Tax File Numbers only for the purposes required by law.  We are not permitted to use those Tax File Numbers as our own internal identifiers for individuals, and we must comply with the Tax File Number Rule before sharing Tax File Numbers with any third party.

6. Internet Users 

6.1 IP addresses
If you access our website, we may collect additional personal information about you in the form of your IP address. This is predominantly used to assist with the diagnosis of problems or support issues with our services. This information is gathered in aggregate only and cannot be traced to an individual user.

6.2 Links to other websites
Our website may contain links to other websites. These linked sites are not under our control, and we are not responsible for the conduct of companies linked to our website and linked websites are not subject to our privacy policies and procedures. Before disclosing your personal information on any other website, we advise you to examine the terms and conditions of using that website and its privacy statement.

6.3 Cookies
Our website uses cookies. A “cookie” is a small file stored on your computer’s browser, which assists in managing customised settings on the site and delivering content. Examples of information that we collect include: day and time of your visit, whether you have visited our website previously, whether you used a search engine to find us and some geographical information about what country and state you are in. You can set your browser to reject cookies, or to notify you when you receive one in order to accept or reject such receipt in each instance. However, if you change your settings, you may be unable access certain pages or content on our site. 

6.4 Pixels
Our website uses pixels. A tracking pixel is a piece of code generated by the third-party provider that can be placed on an organisation’s website to collect information about a user’s activity. We use this for the purpose of enhancing performance optimisation, and user experience.  This includes, for example, the use of Google Analytics, Facebook and Google ads.

7. Security  

We will take such steps as are reasonable, in the circumstances, to protect your information from risks such as misuse, interference and loss, and from unauthorised access, modification or disclosure. We store your personal information in a combination of hard copy and electronic files. We have systems and procedures in place to safeguard information, including the use of technical measures, such as encrypted servers and organisational measures, such as maintaining physical security in order to prevent unauthorised access to records, documents and materials. 

We determine how long to retain different types of personal information depending on what is necessary for our business operations, taking into account our legal obligations and statutory retention periods. We may need to retain personal information, such as records of financial transactions, for as long as required to comply with our legal and financial compliance obligations as well as our contractual obligations with our service providers. 

We will take steps to destroy or de-identify your personal information where we no longer require it for any purpose for which it may be used or disclosed under the Privacy Act and the APPs. 

Team members who have access to personal information are briefed in our protocols in relation to correct handling of this information.

8. Access to information 

You may request access to, or correction of, the personal information we hold about you, by contacting us using the contact details below. We will provide you with access to the information we hold about you, including for the purpose of correcting or updating that information, unless there is an exception which applies under the Privacy Act and APPs. 

We may decline a request for access to personal information in circumstances prescribed by the Privacy Act, and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint. 

If, upon receiving access to your personal information or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete and up to date. 

If we refuse to correct your personal information, we will give you a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.

9. How to make a Privacy Complaint

If you wish to make a complaint about a breach of the Privacy Act, the APPs or a privacy code that applies to us, please contact us using the details below and we will take reasonable steps to investigate the complaint and respond to you.

We will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.

In most cases, we will investigate and provide a written response to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.

If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Information Commissioner. To lodge a complaint, visit the ‘Complaints’ section of the Information Commissioner’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office.

10. Individual Rights Under the EU GDPR

If you are located in the EU, you have the following additional rights:

  • The right to information – you can request confirmation about the following: whether your personal information is being processed by us; the purpose of processing; the categories of personal information which are processed; the recipients (or types of recipients) who may receive the  personal information; the anticipated retention period of the personal information; and your rights to rectification, erasure, to restrict (or object) to processing and to lodge a complaint with a data protection supervisory authority in the EU. 
  • The right to object to our processing of your personal information for (i) direct marketing purposes; (ii) for scientific, historical research or statistical purposes; or (iii) where our processing is based on legitimate interest grounds or because it is in the public’s interest. We will respond to your objection request within a month. However, there may be some circumstances where we are not required to stop processing your personal information. If this is the case, we will provide you with a written explanation.
  • The right to restrict processing – in some circumstances, you can request us to restrict our use of your personal information in which case we will not use or disclose your personal information while it is restricted. We will respond to your restriction request within a month.
  • The right to erasure – you can request us to erase your personal information where it is no longer required for a purpose for which it was collected or where, for example, you have exercised successfully your right to object to processing. We will respond to your erasure request within a month.  However, where there are legal or other reasons for us to retain your personal information, we will provide you with a written explanation. 
  • The right to data portability – you can request us to provide you with a copy of the personal information you have provided to us. We are required to provide it to you in an electronic format that can be reused easily. You can also request us to transfer your personal information in an electronic format to another entity.

You can exercise any of these rights by contacting us using the contact details below. 

You also have the right to: 

  • access your personal information and request the correction of your personal information (see “Access and Correction of Personal Data” above); and
  • lodge a complaint with a data protection authority if you are unhappy with the outcome of a privacy complaint. The “How to Make a Privacy Complaint” section above explains our complaints handling process.  A list of EU data protection authorities is available at https://ec.europa.eu/

11. Contact Details

If you have any queries or concerns about our privacy policy or the way we handle your personal information, please contact us at:


Subscribe to our newsletter

By signing up, you agree to the privacy and collection statement