Privacy Policy

Gluttony Privacy Policy

Last updated: 28 January 2026

Who we are: Gluttony Food & Wine Festival Pty Ltd (ABN: 25140470882)

Post: PO Box 3627, Norwood SA 5067

Why this policy exists We’re required to have a clearly expressed, up‑to‑date privacy policy that explains how we manage personal information and how you can exercise your rights. We must make it free and easy to find (usually on our website).

Gluttony has adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au

1) Scope

This policy applies to all personal information we collect in connection with all Gluttony events and activities (including Adelaide Fringe events within the Gluttony hub), our websites, forms, competitions, and customer service—online and in person. It covers the topics required by APP 1.4. [oaic.gov.au]

2) The kinds of personal information we collect

Identification and contact details (e.g., name, email, phone, postal address).
Demographics (e.g., age range), preferences (e.g., show/venue interests).
Transaction details related to purchases (e.g., bar sales, ticket or merchandise purchases).
Communications with us (enquiries, complaints, feedback).
Online data: device/usage data, IP address, browser/OS, pages visited, referral source, cookies, and pixel/analytics events (see “Cookies & Tracking”).

Sensitive information (e.g., health information, accessibility needs) is collected only with consent or where permitted by law and only if reasonably necessary for our functions

3) How we collect personal information

Directly from you: online forms, newsletter sign‑ups, competitions, customer support, venue entry, and point‑of‑sale interactions.
Ticketing agencies: We may receive personal information from, and may disclose personal information to, ticketing platforms used by Gluttony and by participating artists and producers for the purposes of ticket sales, event management, customer service, and attendee communication.
These providers may vary from season to season. We ensure all such providers handle personal information in accordance with the Australian Privacy Principles and our contractual requirements.
Third‑party service providers: payment processors, email/SMS platforms, surveys, CRM, and analytics tools.
Automatically via cookies, pixels and analytics when you visit our websites (see “Cookies & Tracking”).
We take reasonable steps to notify you at or before collection (or as soon as practicable after) about key matters, especially during in‑person collection.

4) Why we collect, use, and disclose personal information (purposes)

To operate Gluttony events and venues, fulfil purchases, verify tickets and manage entry.
To provide customer support and respond to enquiries.
To send service and transactional messages (e.g., event changes).
Direct marketing (with opt‑out): newsletters, updates, offers, audience surveys, and interest‑based advertising (see “Direct Marketing”). [oaic.gov.au]
To run competitions, surveys, research and service improvements (including data analytics and reporting). [oaic.gov.au]
To comply with laws (e.g., financial recordkeeping) and handle complaints/disputes.

5) Direct marketing & your choices

We may use your details to send you newsletters, updates or offers. You can opt out at any time using the “unsubscribe” link or by contacting us. When we use personal information for direct marketing—whether collected from you or from a third party—we will provide a simple, free opt‑out and, on request, disclose our information source unless unreasonable or impracticable.

6) Cookies, pixels & analytics (online tracking)

We use cookies, analytics, and third‑party tracking pixels to understand site usage, measure campaigns and tailor content. We configure pixels to minimise personal information, avoid sending sensitive information, and disclose our use in this policy and collection notices. You can manage cookies via your browser settings and opt out of marketing emails at any time; pixel‑based advertising opt‑outs may also be available through platform settings. [oaic.gov.au]

We conduct periodic reviews of tracking tools and take steps to ensure use remains appropriate and compliant. [oaic.gov.au]

7) Disclosing personal information (third parties)

We may disclose personal information to:

Service providers supporting our operations (hosting, IT, ticketing, payments, email/SMS, analytics, survey tools, logistics, professional advisers).
Event partners and artists/producers only where appropriate and consistent with this policy.
Government regulators or law enforcement as required or authorised by law.

8) Cross‑border disclosures (overseas recipients)

We use Microsoft 365 for email, file storage and collaboration. Our tenant is hosted in Australian data centres, where core data such as emails, documents and SharePoint/OneDrive content is stored.

As Microsoft is a global service provider, some supporting services or technical operations may be handled from or accessed in other countries, including the United States. [

Where this occurs, we take reasonable steps to ensure Microsoft handles personal information in line with the Australian Privacy Principles.

9) Security and retention

We take reasonable technical and organisational steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure.

We only keep personal information for as long as it is needed for our functions or to meet legal requirements. When it is no longer required, we take reasonable steps to destroy it or de‑identify it, unless we are required to retain it (for example, financial and tax records).

10) Accessing and correcting your information

You can request access to the personal information we hold about you and request corrections if it is inaccurate, out‑of‑date, incomplete, irrelevant or misleading. We will respond within a reasonable period (usually within 30 days), explain any refusal in writing, and will not charge you to make a request (reasonable access fees may apply). [oaic.gov.au], [oaic.gov.au]

Practical guidance and timeframes are drawn from OAIC’s APP 12/13 guides for organisations.

11) Notifiable Data Breaches (NDB)

If a data breach is likely to result in serious harm, we will notify affected individuals and the OAIC as required, including recommended steps individuals should take, consistent with the NDB scheme. Our internal Data Breach Response Planfollows OAIC guidance.

12) Children and young people

We do not knowingly collect personal information from children under 15 without the consent of a parent or guardian (for example, for competitions or special programs). We design notices to be understandable by young people and their guardians.

13) Automated decision‑making

We do not currently use automated decision systems that significantly affect individuals’ rights or interests. If that changes, we will update this policy and include the additional information required by APP 1 amendments commencing 10 December 2026.

14) How to contact us

Email: info@gluttony.net.au
Post: Attn: Privacy Officer, Gluttony, PO Box 3627, Norwood SA 5067
What to include: your name, contact details, and a description of your request or complaint.

15) Complaints

If you believe we’ve breached the APPs, please contact us first. We’ll respond within a reasonable time. If you’re not satisfied, you can complain to the OAIC. See oaic.gov.au for how to lodge a complaint. [oaic.gov.au]

16) Changes to this policy

We’ll update this policy if our practices change or if the law changes. The latest version will always be available on our website.