PRIVACY POLICY

Last Updated: 2 June 2026

The Hills Are Alive Group Pty Ltd (ACN 153 158 543) ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act) and all relevant 2024–2026 legislative amendments.

1. COLLECTION OF PERSONAL INFORMATION

We only collect personal information that is reasonably necessary for, or directly related to, our functions and activities as a festival and event management company. 

The types of information we may collect include:

  • Identity Information: Full name, date of birth, and gender (required for age-restricted 18+ event compliance and identity verification).

  • Contact Information: Email address, billing address, delivery address, and telephone number.

  • Transaction and Financial Information: Payment details, credit card numbers, and purchase history. Note: Complete credit card information is encrypted and processed via our secure third-party payment gateways; we do not permanently store complete credit card numbers on our servers.

  • Correspondence: Records of any communications you have with us via email, phone, social media, or support channels.

Sensitive Information

We do not generally collect "sensitive information" (e.g., health information, dietary requirements, or biometric data) unless it is volunteered by you to safely facilitate event attendance (such as medical access requests) or where explicit, separate consent is obtained.

2. HOW WE USE YOUR INFORMATION

We collect and use your personal information for purposes primary to our business operations, including:

  • Fulfilling ticket sales, processing transactions, and delivering entry credentials.

  • Providing essential event updates, safety communications, and customer support.

  • Verifying your identity for entry into age-restricted areas or licensed venues.

  • Improving our website, services, and overall festival experience based on user metrics and direct feedback.

  • Administering legitimate promotions, contests, and surveys.

Marketing Communications & Opting Out

We will only use your personal information for secondary direct marketing purposes (such as newsletters, special offers, or lineup announcements) if you have explicitly opted in to receive such communications. 

You can withdraw your consent and opt out at any absolute time by clicking the "unsubscribe" or "update preferences" links found at the bottom of our emails, or by contacting us directly at thefarmer@thehillsarealive.com.au.

3. AUTOMATED DECISION-MAKING & ALGORITHMS

To ensure operational efficiency, event safety, and to protect against financial crime, we utilise automated computer systems and algorithmic tools. 

We disclose that automated processing may be used for:

  • Fraud Prevention: Automated assessment of ticket purchases to flag, restrict, or cancel transactions exhibiting fraudulent patterns or scalping behaviors.

  • Targeted Direct Marketing: Algorithmic segmenting of marketing data to match previous attendees with specific music genres, festival locations, or artists.

Note on your rights: Where automated processes are deployed, we ensure robust internal human oversight to review contested outcomes. If an automated decision has significantly impacted your ability to purchase a ticket or access our services, you have the right to request a manual human review by emailing our privacy team.


4. STORAGE, TECHNICAL SECURITY, AND RETENTION

We take our legislative obligation to protect your data seriously. We implement reasonable, up-to-date technical and organisational measures to protect your personal information from misuse, interference, loss, unauthorized access, modification, or disclosure.

Encryption: Sensitive transaction data entered on our website is encrypted using industry-standard Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology.

Access Control: Internal data access is strictly limited to authorized personnel who require the information to perform their specific business duties.

Data Retention and Destruction: We do not retain personal information indefinitely. In compliance with APP 11.2, your personal data will be securely destroyed or permanently de-identified when it is no longer reasonably required for our business purposes or legal verification.

While we implement strict technical safeguards, no internet-based system can be completely infallible. If a data breach occurs that is likely to result in serious harm to you, we will immediately initiate our Data Breach Response Plan and notify you alongside the Australian Information Commissioner in accordance with the Notifiable Data Breaches (NDB) scheme.


5. DATA SHARING AND THIRD PARTIES

We will not sell, rent, or trade your personal information. We only share your information with third parties in the following limited circumstances:

Service Providers: Essential business partners who assist in operating our platform, including ticketing agencies (e.g., Humanitix, Moshtix), payment gateway providers, email marketing software, and on-site event security. These providers are contractually bound by strict confidentiality and are prohibited from using your data for any unauthorized purpose.

Legal Requirements: Where we are permitted or required by law to disclose information, such as responding to a valid subpoena, court order, or formal request from Australian law enforcement or regulatory authorities.

Business Transfers: In the event of a corporate merger, restructuring, or sale of company assets, customer data may be transferred to the acquiring entity, subject to this identical Privacy Policy.

6. COOKIES AND TRACKING TECHNOLOGIES

Our website utilizes cookies and similar tracking identifiers to analyze web traffic, optimize site performance, and customize your browsing experience. You can modify your internet browser settings to reject cookies, though doing so may limit your access to certain transactional features on our platform.

7. ACCESS, CORRECTION, AND YOUR PRIVACY RIGHTS

You have explicit rights under the Australian Privacy Principles regarding the information we hold about you. This includes the right to:

  1. Access: Request a copy of the personal information we hold about you.

  2. Correction: Request that any inaccurate, outdated, incomplete, or misleading information be amended immediately.

  3. Deactivation/Deletion: Request that your account or personal profiles be removed from our active systems.

To protect your privacy, we will require you to verify your identity before granting access or making corrections to your records. We will respond to all access and correction requests within a reasonable timeframe (typically under 30 days) at no cost to you.

8. COMPLAINTS AND CONTACT DETAILS

If you have any questions about this Privacy Policy, wish to exercise your rights, or believe we have breached the Australian Privacy Principles, please direct your inquiry to:

Privacy Officer

The Hills Are Alive Group Pty Ltd  

Email: thefarmer@thehillsarealive.com.au  

We take all privacy complaints seriously. Our team will investigate your concern and provide a written response within 30 days. If you remain unsatisfied with our resolution, you have the right to lodge a formal complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.