1About This Policy
1.1This Privacy Policy explains how Digital Education Systems Pty Limited, ABN 46 685 560 963, collects, holds, uses, discloses, protects and otherwise manages personal information through Steampunk Australia and the International Steampunk Art Prize 2026.
1.2In this Policy:
- Digital Education Systems, Steampunk Australia, we, us and our mean Digital Education Systems Pty Limited;
- Competition means the International Steampunk Art Prize 2026;
- personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable;
- entrant means a person who submits or attempts to submit an entry;
- voter means a person who participates or attempts to participate in public voting; and
- user means a visitor to our website, social media pages, entry system, voting system or related services.
1.3This Policy applies to personal information collected through:
- the Steampunk Australia website;
- the Competition entry form;
- the Competition voting system;
- email and other direct communications;
- Steampunk Australia social media accounts;
- interviews and promotional activity;
- complaints and investigations;
- prize verification and payment; and
- related administrative systems.
1.4This Policy is intended to reflect the Australian Privacy Principles where they apply and to provide a transparent privacy framework even where a small-business exemption or another exception may apply.
1.5Additional privacy rights may apply to people in other jurisdictions.
1.6This Policy does not override mandatory legal rights.
2Our Identity And Contact Details
2.1The organisation responsible for the information covered by this Policy is:
Digital Education Systems Pty Limited
ABN 46 685 560 963
Trading as Steampunk Australia
Postal address: PO Box 2420, Canberra ACT 2601, Australia
Privacy email: steampunkau2026@gmail.com
General contact email: steampunkau2026@gmail.com
2.2For the Competition, Digital Education Systems Pty Limited is ordinarily the organisation determining the purposes and means of processing entrant and voter information.
2.3Some service providers may independently control information they collect under their own terms, including social media platforms, payment providers and analytics providers.
3Information We May Collect
3.1The types of personal information collected depend on how a person interacts with us.
Entrant information
3.2We may collect:
- legal name;
- artist name or public display name;
- email address;
- country, state, province or region;
- age or confirmation that the entrant is at least 18;
- pronouns where voluntarily provided;
- artist biography;
- website and social media links;
- artwork title, description, medium, dimensions and date;
- photographs, videos, audio and digital artwork files;
- images of the entrant where voluntarily supplied;
- entry date and time;
- declarations and consents;
- communications with us;
- complaint information; and
- accessibility requests.
Verification and process information
3.3Where verification is required, we may collect:
- work-in-progress photographs;
- sketches and drafts;
- source and layer files;
- raw photographs;
- file metadata;
- version histories;
- software and tool information;
- photographs of a studio or physical artwork;
- recordings or screenshots of the creative process;
- written explanations;
- video-call information;
- evidence of authorship; and
- information concerning possible AI use.
Winner information
3.4If a person is a finalist or provisional winner, we may collect:
- proof of identity;
- proof of age;
- proof of residence;
- signature;
- bank account or payment information;
- payment-provider identifiers;
- taxation information where legally required;
- sanctions-screening information;
- prize acceptance information; and
- interview scheduling information.
Voter information
3.5We may collect:
- email address;
- verification status;
- selected entry;
- vote date and time;
- IP address;
- browser and device information;
- cookie or security-token information;
- approximate geographic information derived from technical data;
- rate-limiting and fraud indicators; and
- communications about a vote.
Website and technical information
3.6We may collect:
- IP address;
- browser type;
- operating system;
- pages viewed;
- referral source;
- timestamps;
- session information;
- cookie identifiers;
- device information;
- server logs;
- error logs; and
- security events.
Communications
3.7When a person contacts us, we may collect:
- their name;
- contact details;
- the contents of the message;
- attachments;
- social media profile information;
- call or meeting details; and
- information necessary to respond.
3.8We do not intentionally request sensitive information such as health information, political opinions, religious beliefs, sexual orientation or criminal records unless:
- the person voluntarily provides it;
- it is reasonably necessary for a lawful purpose; and
- collection is permitted by law.
3.9Entrants should not include unnecessary sensitive information in artist biographies, statements or correspondence.
4Information About Other People
4.1A person must not provide personal information about another person unless they are authorised to do so.
4.2Entrants submitting images or recordings of identifiable people must have appropriate permission.
4.3Collaborative entries must ensure that all collaborators understand the information being provided.
4.4Where an entrant supplies another person’s information, the entrant should provide that person with access to this Policy.
4.5We may contact the other person to verify consent where reasonably necessary.
5How We Collect Information
5.1We may collect information directly when a person:
- completes an entry form;
- submits a vote;
- sends an email;
- submits a complaint;
- contacts us through social media;
- participates in an interview;
- supplies verification evidence;
- accepts a prize;
- subscribes to communications; or
- otherwise interacts with us.
5.2We may collect information automatically through:
- website logs;
- cookies;
- analytics;
- security systems;
- vote-verification systems; and
- anti-fraud controls.
5.3We may receive information from:
- judges;
- Competition administrators;
- contractors;
- social media platforms;
- payment providers;
- identity or sanctions-screening services;
- people making complaints;
- public websites;
- publicly available portfolios; and
- professional advisers.
5.4When investigating originality or AI use, we may compare an entry with publicly available images, search results, prior publications, portfolios and other relevant sources.
5.5We will not knowingly obtain information through unlawful hacking or unauthorised access.
6Why We Collect And Use Information
6.1We may collect and use personal information to:
- receive and administer entries;
- confirm eligibility;
- communicate with entrants;
- display entries;
- administer judging;
- operate public voting;
- prevent duplicate or fraudulent votes;
- investigate AI use, plagiarism or misconduct;
- select and verify finalists and winners;
- pay prizes;
- publish finalist and winner information;
- operate online exhibitions;
- conduct interviews and promotional features;
- respond to enquiries and complaints;
- protect our systems and users;
- enforce Competition Terms;
- keep legal, tax and audit records;
- improve future competitions;
- understand website usage;
- comply with legal obligations;
- establish, exercise or defend legal claims; and
- send marketing where lawful consent has been obtained.
6.2We will not use private identity documents or payment information for unrelated advertising.
6.3Entry in the Competition does not automatically constitute consent to receive unrelated marketing.
6.4Administrative communications may still be sent because they are necessary to administer the Competition.
7Publication Of Entry Information
7.1The Competition is a public art competition.
7.2The following information may be published:
- artist name;
- country or general location;
- artwork title;
- artwork images, video or audio;
- artist biography;
- artist statement;
- public website or social links;
- finalist or winner status;
- interview material; and
- public comments supplied for publication.
7.3We will not ordinarily publish:
- home address;
- private email address;
- telephone number;
- identity document;
- bank information;
- private legal name where an artist name is used;
- exact IP address; or
- confidential process evidence.
7.4Entrants should assume that published artwork and profile material may be:
- viewed internationally;
- indexed by search engines;
- shared on social media;
- copied by members of the public;
- archived; and
- retained in screenshots or caches outside our control.
7.5We cannot guarantee removal of copies made by third parties.
8Legal Bases For International Processing
8.1Where a jurisdiction requires a stated legal basis, we may rely on:
- performance of the Competition agreement;
- consent;
- legitimate interests in operating, securing and promoting the Competition;
- compliance with legal obligations;
- protection of legal rights; and
- other lawful grounds available under applicable law.
8.2Our legitimate interests may include:
- administering a fair art competition;
- verifying authorship;
- preventing fraud;
- maintaining security;
- promoting finalists and winners;
- maintaining a historical archive; and
- responding to disputes.
8.3Where processing is based solely on consent, a person may withdraw consent, subject to processing already carried out and any other lawful basis that continues to apply.
8.4Withdrawal from public exhibition may affect the ability to remain in the Competition.
9Disclosure Of Information
9.1We may disclose personal information to:
- Competition judges;
- administration contractors;
- website and hosting providers;
- database providers;
- cloud-storage providers;
- email providers;
- analytics providers;
- cybersecurity and fraud-prevention providers;
- identity-verification providers;
- banks and payment providers;
- accountants, insurers and auditors;
- lawyers and professional advisers;
- radio, media and promotional contractors;
- social media and video platforms;
- government agencies, regulators, courts and law-enforcement bodies where required or permitted; and
- another party with the individual’s consent.
9.2Judges will generally receive the information required to judge and verify entries.
9.3Judges are not ordinarily given bank details, full identity documents or unrelated private information.
9.4Service providers may use information only as permitted by their contract, instructions or their own lawful terms.
9.5We do not sell personal information.
9.6We do not exchange entrant email addresses for money or commercial benefit.
9.7We may publish aggregated or de-identified statistics that do not reasonably identify individuals.
10Overseas Disclosure And Storage
10.1Because the Competition is international and uses online services, personal information may be accessed, stored or processed outside a person’s country.
10.2Information may be processed in Australia and in countries where our service providers, judges, contractors or platforms operate.
10.3The likely overseas processing locations are Australia, and the countries in which Google operates its Gmail and related services.
10.4Overseas privacy protections may differ from those in Australia.
10.5We will take reasonable steps appropriate to the circumstances to protect information and to use reputable providers.
10.6Public entry information is intentionally made accessible worldwide.
10.7Private information will not be made public merely because it is processed overseas.
11Social Media
11.1Social media platforms collect and process information under their own privacy policies.
11.2When a person comments, reacts, sends a message or shares an entry through social media, the platform may collect information independently of us.
11.3We do not control the platform’s advertising, tracking, retention or recommendation systems.
11.4People should review the privacy settings and policies of the platforms they use.
12Cookies And Similar Technologies
12.1Cookies and similar technologies may be used for:
- website operation;
- session management;
- security;
- vote verification;
- fraud prevention;
- preferences;
- analytics; and
- performance monitoring.
12.2Essential security and voting cookies may be necessary for the service to operate.
12.3Non-essential analytics or advertising cookies should be managed through an appropriate consent mechanism where required.
12.4Blocking cookies may affect voting, login, verification or website functionality.
12.5We may use truncated or pseudonymised technical identifiers where practical.
13Direct Marketing
13.1We may send newsletters or promotional messages only where:
- the recipient has expressly consented;
- consent can lawfully be inferred; or
- another lawful exception applies.
13.2Competition entry consent and marketing consent will be separated.
13.3Marketing consent boxes should not be pre-ticked.
13.4Marketing messages will identify the sender and provide a functional unsubscribe method.
13.5Unsubscribe requests will be actioned within the period required by law.
13.6A person may continue receiving necessary Competition administration messages after unsubscribing from marketing.
13.7We will not send a marketing message merely asking a person to reverse an earlier unsubscribe where doing so would be unlawful.
14Security
14.1We take reasonable administrative, technical and physical steps to protect personal information.
14.2Measures may include:
- access controls;
- passwords and multi-factor authentication;
- encrypted transmission;
- secure hosting;
- backups;
- software updates;
- malware protection;
- logging and monitoring;
- limited staff access;
- contractor confidentiality requirements; and
- incident-response procedures.
14.3No internet transmission or storage system is completely secure.
14.4People should not send passwords, unnecessary identity documents or banking security codes by ordinary email.
14.5Identity and payment information will be requested only when reasonably necessary.
14.6Where practical, copies of identity documents will be deleted after verification unless retention is legally required.
15Data Breaches
15.1A data breach may occur where personal information is lost or subject to unauthorised access, modification or disclosure.
15.2We will assess suspected breaches.
15.3We may:
- contain the incident;
- investigate its cause and scope;
- secure affected systems;
- notify service providers;
- seek professional advice;
- notify affected individuals;
- notify the Office of the Australian Information Commissioner; and
- notify another regulator where legally required.
15.4Notification decisions will be made in accordance with applicable law and the likely risk of harm.
16Retention
16.1We retain information only for as long as reasonably required for the purposes stated in this Policy, legal obligations, dispute management and legitimate archiving.
16.2Indicative retention periods are:
- unsuccessful entrant contact and administrative information: up to two years after the Competition closes;
- finalist and winner records: up to seven years or longer where legally required;
- judging scores and material integrity records: up to seven years;
- voting and fraud-prevention logs: generally 12 to 24 months;
- raw identity documents: deleted after verification where no longer legally required;
- AI or authorship process evidence: generally up to 12 months after final resolution, unless required for a continuing dispute;
- complaint and legal records: up to seven years after closure of the matter;
- accounting and prize-payment records: for the legally required recordkeeping period;
- marketing subscription information: until unsubscribe, suppression or loss of lawful basis; and
- public finalist and winner exhibition material: potentially indefinitely as part of the historical Competition archive.
16.3Public archival material may be retained after private entry records are deleted.
16.4Where deletion is not practicable, information may be securely restricted or de-identified.
16.5Backup copies may remain temporarily until overwritten through ordinary backup cycles.
17Access To Personal Information
17.1A person may request access to personal information we hold about them.
17.2Requests should be sent to the privacy email address.
17.3We may request reasonable proof of identity.
17.4We will respond within a reasonable period.
17.5Access may be refused or limited where permitted by law, including where access would:
- unreasonably affect another person’s privacy;
- reveal confidential judging information;
- compromise security or anti-fraud systems;
- prejudice an investigation;
- disclose legally privileged information; or
- otherwise be unlawful.
17.6Where access is refused, we will provide reasons where required and lawful.
17.7We will not charge for making an access request.
17.8A reasonable charge may apply for providing access where permitted by law, but it will not be excessive.
18Correction
18.1A person may request correction of inaccurate, out-of-date, incomplete, irrelevant or misleading personal information.
18.2We may ask for evidence supporting a requested correction.
18.3We will take reasonable steps to correct information where appropriate.
18.4A request to alter historically accurate Competition results is not necessarily a correction request.
18.5If we decline to make a correction, we may note the person’s requested statement where legally required.
19Deletion And Withdrawal Requests
19.1A person may request deletion of personal information.
19.2We will consider the request under applicable law and our legitimate recordkeeping needs.
19.3We may retain information where necessary to:
- comply with law;
- maintain tax or accounting records;
- prevent fraud;
- resolve complaints;
- establish or defend legal claims;
- maintain accurate winner history; or
- protect Competition integrity.
19.4Deletion of essential entry information before judging is complete may require withdrawal or disqualification because the Competition can no longer be administered.
19.5We will take reasonable steps to remove public information we control when required, but cannot guarantee removal from search caches, archives, social media shares or third-party copies.
20Rights of People in the EEA, United Kingdom and Similar Jurisdictions
20.1Where applicable law provides these rights, a person may request:
- access;
- correction;
- deletion;
- restriction;
- objection;
- data portability;
- withdrawal of consent; and
- review of certain automated decisions.
20.2We do not intend to make final winner or disqualification decisions solely through automated processing.
20.3Automated tools may assist with spam, security or fraud detection, but material decisions should involve human review.
20.4A person may complain to their local data-protection authority where that right applies.
20.5Rights may be subject to lawful exceptions.
21Children
21.1The Competition is restricted to people aged 18 and over.
21.2We do not knowingly accept entries or votes from children.
21.3If we learn that information has been submitted by an ineligible child, we may delete it and invalidate the entry or vote.
21.4Artwork depicting an identifiable child may require parent or guardian permission.
22Anonymity And Pseudonyms
22.1People may browse most public Competition information without identifying themselves.
22.2Entrants may use an artist name publicly.
22.3We require sufficient accurate identity and contact information to administer entries, prevent fraud and pay prizes.
22.4Anonymous entries and votes cannot ordinarily be accepted.
23Complaints
23.1Privacy complaints should be sent to:
Privacy Officer
Digital Education Systems Pty Limited
ABN 46 685 560 963
Email: steampunkau2026@gmail.com
Postal address: PO Box 2420, Canberra ACT 2601, Australia
23.2A complaint should describe:
- what happened;
- the information involved;
- relevant dates;
- the outcome requested; and
- any supporting evidence.
23.3We aim to acknowledge a privacy complaint within five business days.
23.4We aim to provide a substantive response within 30 calendar days.
23.5Complex matters may require more time.
23.6If a person is dissatisfied and Australian privacy law applies, they may be able to complain to the Office of the Australian Information Commissioner.
23.7People outside Australia may also have a right to contact their local privacy or data-protection regulator.
24Changes To This Policy
24.1We may update this Policy to reflect:
- legal changes;
- technology changes;
- new service providers;
- altered Competition processes;
- privacy risks; or
- business changes.
24.2The current version will be published with an effective date.
24.3Material changes affecting existing entrants will be notified where reasonably practicable.
24.4We will not retrospectively use personal information for a materially unrelated purpose without an appropriate lawful basis.
25Contact
Digital Education Systems Pty Limited
ABN 46 685 560 963
Trading as Steampunk Australia
Privacy Officer: Evan Connell, Senior Software Developer, Digital Education Systems
Privacy email: steampunkau2026@gmail.com
Postal address: PO Box 2420, Canberra ACT 2601, Australia
General website: steampunk.au