Privacy Policy

1) Purpose and Scope

This Privacy Policy outlines how Unified Management Group Pty Ltd (UMG) and its associated subsidiaries—including but not limited to Unified Venue Solutions, Unified Connect, and Unified Guardian—collect, access, use, disclose, and protect personal, business, and system information.

It applies to all technology, systems, and devices that UMG may supply, install, integrate, monitor, or service, including:

  • Point of Sale (POS) systems and payment integrations

  • Audio, Visual, and Lighting systems

  • Security systems (CCTV, access control, alarm monitoring)

  • Networking systems (routers, switches, Wi-Fi, firewalls)

  • Inventory and stock management platforms

  • Accounting and financial management software

  • Employee management and rostering systems

  • Devices used to access systems (servers, terminals, tablets, mobile phones, laptops, kiosks, AV processors, controllers)

  • Cloud platforms, portals, and remote management tools

  • Internal systems used by UMG staff (HR, payroll, communications, performance management)

This policy applies to all individuals whose information UMG may access, including clients, venue staff, contractors, suppliers, patrons, and internal employees.

2) Definitions

  • Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable.

  • Sensitive Information: Includes health information, biometric data, criminal records, and other data requiring heightened protection.

  • Biometric Data: Unique biological characteristics used for identification, such as fingerprints or facial recognition.

  • Subsidiaries: Entities wholly or partially owned or operated by Unified Management Group Pty Ltd.

  • System Data: Technical information generated or stored by devices, platforms, or networks.

3) Our Commitment

UMG acts as a custodian, not the owner, of any client or employee data accessed. We only access, use, or disclose data to the extent required to deliver contracted services, comply with legal obligations, or protect safety. We never sell, monetise, or use system data for unrelated purposes.

UMG complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

4) Information We May Access

Depending on the systems and services engaged, UMG may access the following categories of information:

(a) Business & Operational Data

  • Contracts, purchase orders, invoices, financial records

  • Supplier contact details, product information, and agreements

  • Inventory/stock levels, order history, and supply chain data

(b) Customer & Patron Data

  • Customer names, loyalty accounts, and contact details

  • Sales transactions and purchase history

  • Payment data (UMG may view limited information when troubleshooting POS systems; cardholder data is not stored)

  • CCTV footage, access control logs, and patron movement data

(c) Employee, Contractor & Internal Staff Data

  • Rosters, timesheets, and payroll information

  • Employment records (names, addresses, DOB, TFN, superannuation details)

  • Qualifications, licences, training, and induction records

  • Access card usage and biometric identifiers

  • Internal communications, performance records, and disciplinary documentation

(d) System & Device Data

  • Device identifiers, system logs, and error reports

  • Audit logs from platforms we support

  • Network traffic information during troubleshooting

  • Data stored locally on client or company-owned devices during service

(e) Sensitive Information

  • WHS incident and injury reports (may include health information)

  • Background or criminal record checks (where required by law or role)

  • Biometric access data (fingerprint, facial recognition) used by both clients and staff

5) How UMG Accesses This Information

  • Installation & Configuration: Admin credentials may be required during setup

  • Support & Troubleshooting: Remote or onsite access may be used to diagnose issues

  • Remote Management: Managed services may involve ongoing secure access

  • Data Migration & Upgrades: Temporary handling of datasets may occur

  • Device Servicing: Direct access to devices may be necessary

  • Personnel-Related Access: Internal systems may require access to employee records for HR, payroll, or rostering support

At all times, clients and employees retain ownership of their data. UMG does not claim rights over system, employee, supplier, or customer data.

6) How UMG Uses Information

We use system and personal data only to:

  • Deliver installation, support, and managed services

  • Configure, integrate, and optimise systems

  • Resolve faults, apply patches, and ensure uptime

  • Migrate data between platforms

  • Assist with WHS, compliance, or incident response

  • Fulfil legal, insurance, or regulatory obligations

We do not use data for advertising, data mining, or resale.

7) Third-Party Services

UMG uses trusted third-party providers including Amazon Web Services (AWS), Microsoft Azure, and Cloudflare to host, secure, and deliver services. These providers are contractually bound to comply with Australian privacy laws and do not access or use data for unrelated purposes.

8) Security and Confidentiality

  • All UMG employees and contractors sign confidentiality agreements

  • Access is strictly controlled under a least privilege model

  • Accounts are time-limited and revoked when no longer required

  • UMG devices are encrypted, secured with multi-factor authentication, and remotely wipeable

  • Internal access is monitored and audited

  • Where possible, UMG enables client-side audit logs for transparency

9) Storage & Retention

  • Data accessed during support is not retained unless required for migration, warranty, or legal purposes

  • Temporarily held data is encrypted and deleted once no longer needed

  • All data is stored within Australia, including backups and cloud services

  • CCTV footage, transaction records, payroll files, and inventory databases remain under client or internal department control

10) Data Sharing Between Subsidiaries

UMG subsidiaries may share data internally where required to deliver integrated services, support cross-functional operations, or ensure continuity. All internal data sharing complies with this Privacy Policy and applicable laws.

11) Disclosure of Information

We may disclose information to:

  • Vendors or service partners (e.g. AWS, Azure, Cloudflare) for escalation or support

  • Insurers, auditors, or regulators for compliance

  • Law enforcement or government agencies under lawful direction

We never disclose or sell system data for unrelated commercial gain.

12) Data Breach Response

If system or personal data is involved in a suspected or actual breach:

  1. UMG will immediately investigate and contain the incident

  2. Affected parties will be notified without undue delay

  3. UMG will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act

  4. We will provide recommended steps to minimise risk and impact

13) Responsibilities of Clients and Staff

While UMG applies strict safeguards, clients and staff are responsible for:

  • Ensuring legitimate, authorised access is provided to UMG

  • Maintaining backups, data retention, and internal access policies

  • Informing UMG of sensitive or special data sets requiring heightened safeguards

14) Data Subject Rights

Individuals whose data is accessed by UMG have the right to:

  • Request access to personal information

  • Request correction of inaccurate or outdated records

  • Withdraw consent (where applicable)

  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

15) Cookies and Website Tracking

UMG websites may use cookies and analytics tools to improve user experience. No personally identifiable information is collected without consent. Users may adjust browser settings to manage cookie preferences.

16) Children’s Data

Where services involve minors (e.g. family venues or educational environments), UMG applies additional safeguards and complies with all relevant laws regarding the collection and handling of children’s data.

17) Acceptance of Policy

By engaging UMG services or accessing UMG systems, users acknowledge and accept the terms of this Privacy Policy.

18) Access, Correction, and Complaints

Clients, staff, or contractors may request details of what data UMG has accessed, or ask us to correct or delete temporary records.

Privacy Officer – Unified Management Group Pty Ltd
Email: privacy@unifiedmg.com.au

If unsatisfied, complaints may be lodged with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

19) Updates

This policy is reviewed annually or when significant changes to technology, law, or UMG services occur.