ICMS Australasia is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing data securely and transparently. This privacy notice sets out, in line with GDPR, the types of personal data that we collect and process about our event participants and stakeholders. It also sets out how we use that information and other relevant information about your data.

Who we are

ICMS Australasia is a Professional Conference organiser who manages international and national conferences and exhibitions for clients in the science, academic, medical and government sectors. Our contact details are as follows:

ICMS Australasia

Level 9, 234 George Street, Sydney, NSW, 2000
Level 2, 120 Clarendon Street, South Melbourne, VIC, 3205
72 Merivale Street, South Brisbane, QLD, 4101
Email: info@icmsaust.com.au

Data protection principles

In relation to your personal data, we will:

  • Process it fairly, lawfully and in a clear, transparent way
  • Collect your data only for specified and specific purposes
  • Only collect the minimum information we need to meet the purpose
  • Only use it in the way that we have told you about
  • Ensure it is correct and up to date
  • Keep your data for only as long as we need it
  • Process it securely, reducing the risk of it being lost or stolen Your rights in relation to your data
  • The law on data protection gives you certain rights in relation to the data we hold on you. These are:
  • The right to be informed. This means that we must tell you how we use your data and this is the purpose of this privacy notice.
  • The right of access. You have a right to access the data that we hold on you. To do so, you should make a subject access request.
  • The right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you can require us to correct it.
  • The right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
  • The right to restrict the processing of the data. For example, if you believe that the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
  • The right to portability. You may transfer the data that we hold on you for your own purposes.
  • The right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests.
  • The right to regulate any automated decision-making and profiling of personal data. You have a right not to be subjected to automated decision-making in a way that adversely affects you.
  • Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data you had previously given us consent to use. There will be no consequences for withdrawing your consent.

Sharing your data

  • Your data will be shared within the Company where it is necessary for staff to undertake their duties in provision of the Services to you.
  • Your data will be shared with Down Syndrome Australia and Down Syndrome International, in order to undertake duties relating to the delivery of the Congress.
  • We also share some of your data with the following third parties: hotel providers, catering companies.

How we collect your data

We collect personal data about you through a variety of different methods including:

  • Direct interactions: You may provide data when filling in forms on the website (or otherwise) by communicating with us by post, phone, email, or otherwise, including when you:
  • Make a booking
  • Request marketing material to be sent to you
  • Give us feedback
  • Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources including analytics providers such as Google based outside the EU, identity and contact data from publicly available sources such as LinkedIn.

Why we process your data

There are six lawful reasons for processing your data, which are:

  • You give consent for us to process your data
  • It is necessary to fulfil a contractual obligation with you
  • There is a regulatory obligation on us to do so
  • It is in the legitimate interest of the company to do so
  • It is your vital interest to do so

What data we collect about you

Personal data means any information capable of identifying an individual. It does not include anonymized data. We may process certain types of personal data about you as follows:

  • Identity data may include your first name, maiden name, last name, title and gender.
  • Contact data may include your billing address, email address and telephone numbers.
  • Financial data may include your credit card details.
  • Transaction data may include details about payments between us and other details of purchases made by you.
  • Technical data may include, internet protocol address, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access out website.
  • Profile data may include registrations for your events, your dietary requirements, preferences, feedback and survey responses.
  • Usage data may include information about how you use our website.
  • Marketing and communications data may include your preferences in receiving marketing communications form us and our third parties and your communication preferences.

GDPR Compliance

Data is collected via EventsAIR. ICMS Australasia Pty LTD has a Statement of GDPR Compliance Certificate. This Certificate confirms that EventsAIR, as used by the Data Controller, meets the security, technical and organisational measures, outlined below, required for a Data Processor under GDPR.

  • Dedicated, private-use SQL database
  • Database Encryption at Rest and Backup
  • 100% Data processing Isolation
  • Dedicated Web Application Firewall (WAF) constantly scanning for Top 10 threats (OWASP)
  • Monthly Vulnerability Scans
  • Annual Independent Penetration Test
  • ISO/IEC27001:2013 Information Security Management Standards (provided by Microsoft Azure)
  • PCI DSS Level 1 Compliance
  • Documented and audited policies, processes and security controls in place
  • Continuous log monitoring and alerting including breaches
  • Encrypted Data Backup every 5 minutes
  • Geo-redundant Encrypted Data Storage