privacy policy

1. Introduction and Scope

Sydney Dramaturgical Company Pty Ltd operates under the 9-digit ACN (Australian Company Number) 686 235 629 and ABN 33 686 235 629. Sydney Dramaturgical Company Pty Ltd] (“Sydney Dramaturgical,” “we,” “us,” or “our”) operates the website sydneydramaturgical.com and provides dramaturgical consultation, research, writing, and related services. This Privacy Policy describes how we collect, use, disclose, and otherwise process information about you when you access or use our website and any related content, communications, or services that link to this Privacy Policy (collectively, the “Services”).

You may interact with the Services through web browsers, mobile devices, email communications, and any social media platforms we operate. This Privacy Policy applies to information collected in connection with those interactions, regardless of the device or platform used.

Unless otherwise stated, [Legal Entity Name] is the entity responsible for the processing of personal information collected through the Services and is the “controller” (or, under Quebec law, the “person carrying on an enterprise”) for purposes of applicable data protection laws. Our principal place of business is 91-95 Liverpool Street, Sydney NSW 2000.

This Privacy Policy applies to users located in Australia, Canada, the United States, and elsewhere. Depending on your location, you may have additional rights under applicable privacy laws, including the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”), Quebec’s Act respecting the protection of personal information in the private sector (commonly known as “Law 25”), Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), the New York Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”), the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), the EU/UK General Data Protection Regulation (“GDPR”), and other similar laws. Additional jurisdiction-specific disclosures are provided in Section 15.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you should not access or use the Services.

This Privacy Policy does not apply to information collected by third parties, including analytics providers, social media platforms, payment processors, or other websites or services that may be accessed through links or integrations on the Services. We encourage you to review the privacy policies of those third parties.

2. Information We Collect About You

We collect information about you in a variety of ways depending on how you interact with the Services. This information may include personal information that identifies you directly or indirectly, as well as information about your device or usage of the Services.

2.1 Information You Provide Directly

You may provide personal information to us when you voluntarily interact with the Services, including when you contact us, request a consultation, subscribe to email communications, register for a workshop or event, or otherwise communicate with us. The categories of personal information we may collect directly from you include:

• Identity and contact information, such as your name, email address, postal address, telephone number, and the organisation or production you are associated with.
• Communication content, such as the contents of messages, enquiries, scripts, treatments, or other materials you choose to send us in connection with our Services.
• Booking and engagement information, such as details about projects, scheduling preferences, and any background information you provide to enable us to deliver the Services.
• Payment information, where applicable, processed through our third-party payment provider. We do not store full payment card details on our own systems.
• Social media information, such as profile information or identifiers when you interact with us through social media platforms or social features associated with the Services.

You can interact with most of the Services without creating an account. Where you choose not to provide certain information, we may be unable to provide the requested Services.

2.2 Information Collected Automatically

When you access or use the Services, we and our service providers may automatically collect certain information using cookies and similar tracking technologies. This information may include:

• Device and technical information, such as IP address, browser type, operating system, device identifiers, language preferences, and general location information derived from your IP address.
• Usage and interaction information, such as pages viewed, links clicked, referring and exit pages, time spent on pages, and interactions with content.
• Log and performance data, including error logs and performance metrics related to the operation of the Services.

This information is collected to help us operate, maintain, secure, analyse, and improve the Services.

2.3 Information We Receive from Third Parties

We may receive information about you from third parties in connection with your use of the Services. This may include:

• Analytics providers, such as Google Analytics, which provide aggregated or event-level information about how users interact with the Services.
• Email and form service providers, which assist us in delivering newsletters or receiving enquiries submitted through the Services.
• Payment processors, which provide transaction confirmation and limited information about completed payments (we do not receive full card numbers).
• Social media platforms, when you interact with our content or pages on those platforms, in accordance with your privacy settings and the policies of the relevant platform.

The information we receive from third parties may be combined with other information we collect about you, subject to applicable law.

3. How We Use Your Information and Why

We use personal information for the purposes described below. The specific ways in which we use personal information depend on how you interact with the Services and the nature of the information involved.

3.1 Providing and Operating the Services

We use personal information to operate, maintain, and provide the Services, including to:

• Respond to enquiries, consultation requests, and other communications you send to us
• Provide dramaturgical, research, writing, and related professional services that you have requested
• Arrange and administer workshops, events, or meetings you sign up for
• Send administrative communications, including invoices, receipts, scheduling confirmations, and policy updates
• Ensure the Services function correctly across devices and browsers

3.2 Analytics, Research, and Service Improvement

We use personal information to understand how users interact with the Services and to improve our content, layout, functionality, and performance. This includes:

• Analysing page views, traffic patterns, and engagement metrics
• Monitoring and diagnosing technical issues
• Evaluating the effectiveness of content and site features

3.3 Direct Marketing and Communications

Where you have provided your contact information and (where required) opted in, we may use it to:

• Send newsletters, programme announcements, or information about our Services
• Notify you of updates to content, features, or policies
• Respond to questions, requests, or feedback

You may opt out of marketing communications at any time, as described in Section 11. We do not use your information for third-party advertising, remarketing, profiling for advertising purposes, or interest-based advertising.

3.4 Security, Fraud Prevention, and Legal Compliance

We use personal information to protect the Services and our users, including to:

• Detect, prevent, and respond to security incidents, fraud, and misuse
• Enforce our terms, policies, and legal rights
• Comply with applicable laws, regulations, legal processes, and lawful requests from authorities

3.5 Automated Decision-Making

We do not use your personal information to make decisions about you based solely on automated processing that produce legal or similarly significant effects. If this changes, we will update this Privacy Policy and, where required by law (including Quebec’s Law 25 and the Australian Privacy Act), inform you, explain the reasoning, and provide you with the right to make observations or contest the decision.

4. Legal Bases for Processing

Where required by applicable law, including the GDPR and similar regimes, our legal bases for processing personal information include:

• Your consent, which you may withdraw at any time without affecting the lawfulness of processing carried out before withdrawal.
• Performance of a contract with you, or steps taken at your request prior to entering into a contract (for example, to provide consultation services you have requested).
• Compliance with legal obligations to which we are subject.
• Our legitimate interests, such as operating, securing, and improving the Services, where those interests are not overridden by your rights and freedoms.

Under Quebec’s Law 25 and Australia’s Privacy Act, we collect, use, and disclose personal information only for purposes that have been identified to you (or that are reasonably necessary for or directly related to those purposes), and only with your consent where required.

5. How We Share Your Information

We may disclose personal information to third parties in the circumstances described below.

5.1 Service Providers

We may share personal information with vendors and other service providers who perform services on our behalf and at our direction. These include:

• Website hosting and infrastructure providers
• Email delivery, newsletter, and contact-form providers
• Analytics providers (such as Google Analytics)
• Payment processors
• Security, fraud prevention, and technical support providers
• Accountants, bookkeepers, and professional advisers

These service providers are authorised to use personal information only as necessary to provide services to us and are subject to contractual obligations designed to protect personal information.

5.2 Collaborators

Where you have engaged us in connection with a production, project, or commission, we may share limited personal information with collaborators (such as producers, directors, writers, or commissioning organisations) to the extent necessary to deliver the engagement. We will only do so as you have authorised, or as is reasonably necessary in the circumstances.

5.3 Business Transfers

We may disclose personal information in connection with, or during negotiations of, any merger, sale of assets, financing, acquisition, dissolution, reorganisation, or similar corporate transaction involving all or a portion of our business or assets.

5.4 Legal and Regulatory Disclosures

We may disclose personal information if we believe that such disclosure is necessary or appropriate to:

• Comply with applicable laws, regulations, legal processes, court orders, subpoenas, or lawful requests from authorities
• Enforce our terms, policies, and agreements
• Protect the rights, property, or safety of [Legal Entity Name], our users, or others

5.5 Aggregated or Deidentified Information

We may share aggregated or deidentified information that cannot reasonably be used to identify you for purposes such as analytics, research, and reporting.

5.6 No Sale of Personal Information

We do not sell your personal information for money, and we do not share it for cross-context behavioural advertising or targeted advertising as those terms are defined under California and other U.S. state privacy laws.

6. Cookies and Other Tracking Technologies

6.1 What Are Cookies and Similar Technologies

Cookies are small text files that are placed on your device when you visit a website. Other tracking technologies, such as pixels, web beacons, tags, and local storage, operate in a similar manner by collecting information about your browser, device, or usage of the Services. These technologies may be session-based (which expire when you close your browser) or persistent (which remain on your device for a set period of time or until deleted).

6.2 How We Use Cookies

We use cookies and similar tracking technologies for the following purposes:

• Strictly necessary purposes, such as enabling core site functionality, maintaining security, and ensuring the Services operate correctly.
• Analytics and performance, to understand how users interact with the Services and to improve content and functionality (e.g., Google Analytics).
• Functional purposes, to remember your preferences and choices.

We do not use cookies for advertising, remarketing, or building advertising profiles.

6.3 Your Choices and Controls

Where required by applicable law (including in Quebec, the European Economic Area, and the United Kingdom), we will request your consent before placing non-essential cookies on your device, and will offer settings that, by default, provide the highest level of confidentiality. You can also manage or disable cookies through your browser settings. Most browsers allow you to delete existing cookies or block future cookies.

Please note that disabling cookies or similar technologies may affect the availability or functionality of certain features of the Services.

6.4 Do Not Track and Global Privacy Control

Some browsers transmit “Do Not Track” (“DNT”) signals. Because there is no uniform standard for interpreting these signals, the Services do not currently respond to DNT signals. In jurisdictions where required by law, we will treat a browser-based Global Privacy Control (“GPC”) signal as a valid request to opt out of any sale or sharing of personal information for that browser or device.

7. International Data Transfers

Sydney Dramaturgical is based in Australia. Depending on the service providers we use, personal information collected through the Services may be transferred to, stored in, or processed in countries other than the one in which you reside, including Australia, Canada, the United States, and countries in the European Economic Area.

Recipients may include cloud hosting providers, email and newsletter providers, analytics providers, and payment processors. The categories of recipients and the countries in which they are located may include, without limitation:

• Website hosting and email infrastructure — [country, e.g., United States / Australia]
• Analytics — Google LLC (United States and other countries)
• Payment processing — [provider name and country]
• Newsletter delivery — [provider name and country]

These countries may have data protection laws that differ from, and may be less protective than, the laws of the country in which you reside. Where we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your personal information in accordance with applicable law. Such safeguards may include reliance on adequacy decisions, the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Agreement, contractual protections required under Quebec’s Law 25, and equivalent mechanisms under the Australian Privacy Principles (APP 8) and PIPEDA.

Before disclosing personal information outside Quebec, we conduct a privacy impact assessment as required under Law 25 to confirm that the information will benefit from adequate protection. By accessing or using the Services, you understand that your personal information may be transferred to and processed in jurisdictions outside of your country of residence.

8. Protecting Your Information

We have implemented administrative, technical, organisational, and physical safeguards designed to protect personal information from loss, misuse, unauthorised access, disclosure, alteration, and destruction. These safeguards are appropriate to the sensitivity of the information we collect and process and include, where relevant:

• Access controls and authentication for our systems and accounts
• Encryption of personal information in transit (for example, via HTTPS) and, where appropriate, at rest
• Secure configuration of hosting infrastructure and regular software updates
• Contractual data protection obligations with our service providers
• Reasonable measures to ensure timely destruction or deidentification of personal information that is no longer needed

These measures are designed to satisfy the security obligations under the Australian Privacy Principles (APP 11), Quebec’s Law 25, PIPEDA, and the New York SHIELD Act’s reasonable security requirements (administrative, technical, and physical safeguards).

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of any communications you send to us and for taking reasonable steps to protect your own information when accessing the Services.

9. Data Breach Notification

If we become aware of a confidentiality incident or data breach involving your personal information, we will assess the incident promptly and, where required by applicable law, notify affected individuals and the relevant regulator. In particular:

• Australia. Where a data breach is likely to result in serious harm to any individual, we will notify the affected individuals and the Office of the Australian Information Commissioner (“OAIC”) as soon as practicable, in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth).
• Quebec. Where a confidentiality incident presents a risk of serious injury, we will promptly notify the Commission d’accès à l’information du Québec (“CAI”) and the affected individuals, and will keep a register of confidentiality incidents, in accordance with Law 25.
• Canada (PIPEDA). Where a breach of security safeguards creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada, and will keep a record of breaches as required by PIPEDA.
• United States (including New York). Where required by the New York SHIELD Act or any other applicable U.S. state breach-notification statute, we will notify affected residents, the relevant state Attorney General, and other authorities required by law.
• Other jurisdictions. We will comply with applicable breach-notification laws in any jurisdiction where affected individuals reside, including the GDPR’s 72-hour supervisory authority notification where applicable.

10. Retention of Personal Information

We retain personal information for as long as reasonably necessary to fulfil the purposes for which it was collected, as described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

The criteria used to determine our retention periods include:

• The nature and sensitivity of the personal information
• The purposes for which the information was collected and used
• Our legal, regulatory, accounting, and tax obligations (for example, certain financial records must be retained for several years under Australian and Canadian law)
• The need to establish, exercise, or defend legal claims
• Security, fraud prevention, and operational requirements

For example, we may retain contact information for as long as you remain subscribed to our communications, and for a reasonable period thereafter. Records relating to engagements and invoices are typically retained for [e.g., seven (7)] years to meet tax and record-keeping obligations. When personal information is no longer required, we take reasonable steps to delete, destroy, or deidentify it.

11. Your Choices, Rights, and Controls

You may have certain choices and rights regarding your personal information, depending on how you interact with the Services and where you are located. These rights are subject to applicable law and may be limited in certain circumstances.

11.1 Marketing Communications

If you have opted in to receive email communications from us, you may opt out of receiving promotional emails at any time by following the unsubscribe instructions included in those emails or by contacting us. Even if you opt out, we may still send you non-promotional communications, such as administrative messages or updates related to the Services or this Privacy Policy.

11.2 General Rights

Subject to applicable law, you may have the right to:

• Request access to personal information we hold about you
• Request correction of inaccurate, incomplete, or out-of-date personal information
• Request deletion or destruction of personal information, subject to legal exceptions
• Withdraw consent where processing is based on consent
• Object to or restrict certain processing
• Request portability of certain personal information in a structured, commonly used, technological format
• Lodge a complaint with a supervisory authority in your jurisdiction
• Be free from discrimination for exercising any of these rights

To submit a request, please contact us using the information in Section 14. We will respond within the timeframe required by applicable law (generally within 30 days under Law 25 and PIPEDA, and within a reasonable period under the Australian Privacy Act). We may need to verify your identity before processing your request. We may deny or limit requests as permitted by law and will explain our reasons in writing.

12. Children’s Privacy

The Services are intended for a general adult audience and are not directed to children. We do not knowingly collect personal information from:

• Children under the age of 13, consistent with the U.S. Children’s Online Privacy Protection Act (“COPPA”)
• Children under the age of 14 in Quebec without parental consent, as required by Law 25
• Children under the age of 16 for purposes of targeted advertising or processing requiring consent under the GDPR (we do not engage in targeted advertising in any event)

Where required, we will also comply with the Australian Children’s Online Privacy Code once it is registered by the OAIC. If we become aware that we have inadvertently collected personal information from a child in circumstances requiring parental consent, we will take steps to delete such information as soon as practicable. If you believe a child has provided personal information to us through the Services, please contact us using the information in Section 14.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements, or for other operational reasons. When we make changes, we will update the “Last Modified” date at the top of this Privacy Policy. If changes are material, we may provide additional notice as required by applicable law, such as by posting a notice on the Services, emailing subscribers, or other reasonable means. Your continued use of the Services after the effective date of any updates indicates your acceptance of the revised Privacy Policy.

14. Contact Us and Privacy Officer

If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or our privacy practices, please contact us:

[Legal Entity Name]

Attn: Privacy Officer – Aubrey Wang

Postal address: 3440 Rue Aylmer, Montréal

Email: privacy@sydneydramaturgical.com

Website: https://sydneydramaturgical.com

In accordance with Section 3.1 of Quebec’s Law 25, the person above is designated as the individual responsible for the protection of personal information. We will acknowledge your request promptly and respond within the timeframe required by applicable law.

15. Additional Information by Jurisdiction

This section provides additional disclosures and rights for residents of specific jurisdictions. These disclosures supplement the information contained elsewhere in this Privacy Policy.

15.1 Australia (Privacy Act 1988 and the Australian Privacy Principles)

If you are located in Australia, the following additional information applies.

Open and transparent management of personal information (APP 1)

This Privacy Policy is our APP Privacy Policy. We will provide it free of charge and in an appropriate format on request.

Anonymity and pseudonymity (APP 2)

Where lawful and practicable, you have the option to interact with us anonymously or under a pseudonym. Some interactions (for example, paid engagements, contracted services, or correspondence requiring a response) will require us to know who you are.

Collection, use, and disclosure (APP 3, 5, 6)

We collect personal information by lawful and fair means and only where reasonably necessary for our functions or activities. The kinds of information we collect, the purposes for which we collect it, and to whom we disclose it are described in Sections 2, 3, and 5.

Direct marketing (APP 7)

We will only use your personal information for direct marketing where permitted under APP 7. You may opt out of receiving direct marketing communications at any time by following the unsubscribe link in any marketing email we send or by contacting our Privacy Officer.

Cross-border disclosure (APP 8)

As noted in Section 7, we may disclose personal information to overseas recipients. Before doing so, we take reasonable steps to ensure that the recipient does not breach the APPs in relation to your personal information, including through contractual safeguards.

Access and correction (APP 12 and 13)

You may request access to, or correction of, the personal information we hold about you by contacting our Privacy Officer. We will respond within a reasonable period (generally within 30 days) and will not charge an excessive fee for providing access.

Complaints and the OAIC

If you have a privacy complaint, please contact our Privacy Officer in the first instance. We will investigate and respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:

• Website: https://www.oaic.gov.au
• Phone: 1300 363 992
• Mail: GPO Box 5288, Sydney NSW 2001

Statutory tort for serious invasions of privacy

Since 10 June 2025, individuals in Australia have a statutory cause of action for serious invasions of privacy under the Privacy and Other Legislation Amendment Act 2024. Nothing in this Privacy Policy limits your rights under that statutory tort or any other applicable law.

15.2 Quebec (Law 25) and Canada (PIPEDA)

If you are located in Quebec or elsewhere in Canada, the following additional information applies.

Person responsible for the protection of personal information

As required by section 3.1 of Quebec’s Act respecting the protection of personal information in the private sector, we have designated the person identified in Section 14 as the individual responsible for ensuring our compliance with Law 25. You may contact this person to exercise any of your rights under Law 25 or PIPEDA.

Your rights under Law 25 and PIPEDA

Subject to applicable exceptions, residents of Quebec and other Canadian provinces have the right to:

• Be informed of the existence, use, and disclosure of their personal information and to obtain access to it
• Request correction of inaccurate, incomplete, or ambiguous personal information
• Withdraw consent at any time (subject to legal and contractual restrictions)
• Request that we cease disseminating personal information or de-index a link to personal information where dissemination contravenes the law or a court order or causes serious injury (the “right to de-indexation”)
• Receive computerised personal information they have provided to us in a structured, commonly used technological format, or have it transmitted to another organisation (right to data portability)
• Be informed of, and contest, decisions based exclusively on automated processing (we do not currently make such decisions)
• Lodge a complaint with the Commission d’accès à l’information du Québec (https://www.cai.gouv.qc.ca) or, for federally regulated matters, with the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca)

Confidentiality by default

As required by Law 25, where we offer technological products or services that collect personal information, the settings that ensure the highest level of confidentiality are activated by default (other than browser cookie settings, as permitted by law).

Cross-border transfers

Before communicating personal information outside Quebec, we conduct a privacy impact assessment to ensure that the information will benefit from adequate protection, having regard to the sensitivity of the information, the purposes of use, the protection measures applied, and the legal framework applicable in the recipient jurisdiction, as required by section 17 of Law 25.

Confidentiality incidents

In the event of a confidentiality incident presenting a risk of serious injury, we will promptly notify the CAI and affected individuals, take measures to reduce the risk of injury and prevent similar incidents, and keep a register of incidents in accordance with Law 25.

15.3 United States

If you are located in the United States, the following additional information applies.

New York (SHIELD Act)

As required by the New York Stop Hacks and Improve Electronic Data Security Act, we maintain a data security program that includes reasonable administrative, technical, and physical safeguards designed to protect the private information of New York residents, including:

• Designating one or more employees or contractors to coordinate the security program
• Identifying reasonably foreseeable internal and external risks
• Assessing the sufficiency of safeguards in place
• Training and managing employees and service providers in security practices
• Selecting service providers capable of maintaining appropriate safeguards and requiring those safeguards by contract
• Adjusting the security program in light of business changes or new circumstances

If a breach affects the private information of New York residents, we will notify affected residents and the appropriate New York State authorities in accordance with N.Y. Gen. Bus. Law § 899-aa and § 899-bb.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, regarding your personal information.

Categories of personal information we collect. During the 12-month period preceding the “Last Modified” date of this Privacy Policy, we may have collected the following categories of personal information, as described in more detail in Section 2:

• Identifiers, such as name, email address, postal address, phone number, IP address, and online identifiers
• Customer records information, such as billing and contract information
• Commercial information, such as services purchased or considered
• Internet or other electronic network activity information, such as browsing activity on the Services
• Geolocation data, such as general location derived from IP address
• Professional information, such as the organisation or production you are associated with
• Inferences drawn from the above to provide and improve the Services

We collect this information directly from you, automatically when you interact with the Services, and from third parties such as analytics providers and payment processors.

Sale, sharing, and targeted advertising. We do not sell personal information for money, and we do not share personal information for cross-context behavioural advertising or processing for targeted advertising. We do not knowingly sell or share the personal information of individuals under the age of 16.

Your California rights. Subject to applicable law, California residents have the right to:

• Know the categories and specific pieces of personal information we have collected about them
• Request deletion of personal information, subject to legal exceptions
• Request correction of inaccurate personal information
• Opt out of the sale or sharing of personal information and processing for targeted advertising (not applicable, as we do not engage in these activities)
• Limit the use of sensitive personal information
• Not be discriminated against for exercising privacy rights

To exercise these rights, please contact us using the information in Section 14. We may need to verify your identity before processing your request.

Other U.S. State Privacy Rights

Residents of other U.S. states with applicable comprehensive privacy laws (including, where applicable, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and others) may have rights similar to those described above, including the right to access, delete, or correct personal information, to obtain a copy of personal information in a portable format, and to opt out of certain processing activities. The availability and scope of these rights vary by state and are subject to applicable law. Requests may be submitted using the contact information in Section 14.

— End of Privacy Policy —

‍