privacy policy

PLEASE READ THIS PRIVACY POLICY CAREFULLY. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY, PLEASE DO NOT BROWSE, ACCESS OR USE OUR SITES; MAKE A PURCHASE; ATTEND OR PURCHASE A TICKET TO OUR FESTIVALS OR EVENTS; OR OTHERWISE ENGAGE WITH OUR PRODUCTS AND SERVICES.

Operated by Finelytuned Productions Pty Ltd (ABN 63 117 280 305)
Effective date: 23 September 2025

Who we are and how this policy applies

Finelytuned Productions Pty Ltd (ABN 63 117 280 305) (referred to as Finely Tuned, we, us or our) operates events, products and services under a number of brands, including THE WORKS.

This Privacy Policy explains how we collect, use, disclose and protect information in connection with:

• our events and festivals (including tickets and on‑site operations);
  

• our website at www.finelytuned.com.au and any official THE WORKS microsites, ticketing pages or social channels we control (theworks.live); and
  

• your interactions with us in person, by phone or email (collectively, the Services).
  

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where it applies to you (for example, if you are in the EU/EEA), we also comply with the EU General Data Protection Regulation (GDPR).

Please read this policy carefully. If you do not agree with it, please do not browse or use the Sites, make purchases, attend our events, or otherwise use the Services.

Changes to this policy

We may update this policy from time to time. Changes take effect when posted here. Your continued use of the Services means you accept the updated policy, unless the law requires us to seek your consent.

Types of information we collect

Personal Information is information that identifies you or from which you are reasonably identifiable—for example: name, age/date of birth, phone number, address, email, photographs/video in which you are identifiable, and (in some cases) payment details (e.g., card token or payment account details processed via secure third‑party gateways).

Sensitive Information is a special category of Personal Information (e.g., health information, racial/ethnic origin, political opinions, union/association membership, religion/philosophy, sexual orientation, or criminal record). We only collect Sensitive Information with your express consent and only when it is reasonably necessary for a specific activity (for example, accessibility or welfare considerations for an event).

Usage Information refers to technical and analytics data collected when you use the Sites (e.g., device identifiers, IP address, browser and operating system, pages viewed, timestamps, and referring URLs). On its own this data is typically de‑identified, but where it can identify you (on its own or combined with other data) we treat it as Personal Data.

In this policy, we use Personal Data to refer collectively to Personal Information and any Usage Information that identifies you.

How we collect Personal Data

We generally collect Personal Data directly from you, including when you:

• contact us by email, phone or in writing;
  

• fill in forms on the Sites (e.g., ticket registrations, competitions, giveaways, merch orders);
  

• subscribe to newsletters or other marketing communications;
  

• purchase a ticket, register for access, transfer a ticket or are registered as the recipient of a transferred ticket or a minor pass (including where a parent/guardian provides details on behalf of a child);
  

• are photographed, filmed or otherwise recorded at our events.
  

It is your choice to provide information. Where lawful and practicable, you may interact with us anonymously or using a pseudonym. However, we may be unable to provide some Services (e.g., ticketing, entry management, customer support) without necessary Personal Data.

We also collect Personal Data from third parties where lawful, including:

• ticketing and resale merchants, event partners and production contractors;
  

• marketing platforms, analytics providers and mailing list services;
  

• recruitment agencies (for job applicants);
  

• sponsors and promotional partners;
  

• government entities and law enforcement (where required/authorised by law).
  

If we collect Personal Data about you from a third party in circumstances where you may not reasonably know it, we will take reasonable steps to notify you of the collection and the circumstances.

Cookies and similar technologies

We use cookies, pixels and similar technologies on the Sites to operate and improve them. These may include:

• Strictly necessary cookies – essential for core site features;
  

• Performance cookies – analytics and error tracking;
  

• Functionality cookies – remember choices to personalise your experience;
  

• Targeting/advertising cookies – deliver relevant advertising.
  

Cookies may be session‑based or persistent. You can control cookies in your browser settings. If you disable some cookies, parts of the Sites may not function properly. Where cookie‑derived data can identify you, we will seek consent if required by law.

Why we collect and use Personal Data

Our primary purpose is to operate our business and provide the Services. We also use Personal Data to:

• provide and manage access to the Sites and event platforms;
  

• process transactions you request, and issue invoices/receipts;
  

• verify identity, manage age restrictions and protect event safety;
  

• respond to your enquiries and provide customer support;
  

• communicate important information about the events you are attending (e.g., entry, safety, transport, schedule changes);
  

• develop, test and improve our events, products, Sites and systems;
  

• run competitions, promotions and giveaways;
  

• prevent, detect and investigate fraud, security breaches and other unlawful activity;
  

• comply with legal and regulatory obligations; and
  

• for other purposes you would reasonably expect in connection with the Services, or as permitted/required by law.
  

We do not sell your Personal Data.

Legal bases under the GDPR (where applicable)

If the GDPR applies to you, our lawful bases generally include: consent (e.g., marketing, certain cookies, specific health information), performance of a contract (e.g., ticketing and entry), legitimate interests (e.g., site security, event operations, analytics, limited direct marketing), and legal obligations (e.g., incident reporting, financial record‑keeping). In rare safety situations we may rely on vital interests.

Direct marketing

We will send you marketing communications only where permitted (e.g., with your consent or as otherwise allowed by law). You may opt out at any time by using the “unsubscribe” link in the message or emailing [email protected]. Note that transactional or essential service messages (e.g., ticket confirmations, operational updates, safety notices, payment emails) are not marketing and you may continue to receive them.

When we disclose Personal Data

We may disclose Personal Data to:

• our directors, officers, employees, contractors, consultants and agents;
  

• event operations suppliers and professional advisers (e.g., production, security, medical, accountants, lawyers, marketing agencies, payment gateways, e‑commerce platforms, IT/hosting and support providers);
  

• our Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)) and other entities we control or that are under common control;
  

• ticketing and resale merchants and event partners involved in your transaction or attendance;
  

• sponsors or promoters identified for a specific event or activation;
  

• third parties you authorise us to share information with;
  

• law enforcement, regulators, courts or other authorised third parties where required or permitted by law, or where we reasonably believe disclosure is necessary to investigate or address unlawful activity, security or safety risks.
  

We take reasonable steps to ensure these recipients handle Personal Data in accordance with this policy and applicable privacy laws. You may withdraw consent to certain disclosures by emailing [email protected], noting this may affect our ability to provide some Services.

International transfers

We may transfer Personal Data to recipients located outside Australia (for example, cloud hosting or service providers). Where the destination country is not recognised by the European Commission as providing adequate protection, we will implement appropriate safeguards (such as standard contractual clauses) and take reasonable steps to ensure privacy protections are in place in line with the Privacy Act and, where applicable, the GDPR.

How long we keep Personal Data

We retain Personal Data for as long as needed for the purposes described above, to comply with our legal obligations (e.g., tax and record‑keeping), resolve disputes and enforce agreements. When Personal Data is no longer required, we will take reasonable steps to destroy or de‑identify it.

Your rights

Australia (APPs)

You may request access to, or correction of, your Personal Information held by us. We will respond within a reasonable period and may ask for information to verify your identity. If we refuse your request (for example, where an exception applies), we will tell you why and how to complain.

EU/EEA (GDPR) – where applicable

You may have the right to:

• access your Personal Data and receive a copy;
  

• request correction of inaccurate or incomplete data;
  

• request deletion (erasure) of data in certain circumstances;
  

• object to or restrict processing in certain circumstances (including direct marketing);
  

• withdraw consent at any time (where processing is based on consent); and
  

• data portability (receive certain data in a structured, commonly used and machine‑readable format).
  

To exercise any rights, contact [email protected] with the subject line ATTN: PRIVACY OFFICER. We will respond in accordance with applicable law.

Children and minors

Where a parent or legal guardian provides information about a minor (e.g., for a minor pass), they confirm they are authorised to do so and consent to our handling of that information in accordance with this policy.

External links and third‑party services

Our Sites may link to or embed third‑party sites and services (including ticketing and resale merchants). Their privacy practices are not covered by this policy, and we are not responsible for how those third parties collect or use your information. We encourage you to read their privacy policies.

Security and incident response

We use technical and organisational measures (for example, access controls, encryption, firewalls and staff training) designed to protect Personal Data from unauthorised access, disclosure, alteration or loss. No method of transmission or storage is completely secure. If a data breach occurs that is likely to cause serious harm, we will assess and—where required—notify the Office of the Australian Information Commissioner (OAIC) and affected individuals. Where the GDPR applies, we will notify the relevant EU supervisory authority and, where required, affected individuals.

Contact us

Finelytuned Productions Pty Ltd
Attn: Privacy Officer
1/15 Francis Street, Bondi Beach NSW 2026
Email: Hello@theworks.live

If you believe your privacy has been breached or you have questions about this policy, please contact us using the details above. We will respond within a reasonable time.

If you are not satisfied with our response, you may contact the OAIC (Australia) or, if the GDPR applies to you, your local EU data protection authority.

Important notes

• We will only use your Personal Data for purposes you would reasonably expect in connection with the Services, or as required/permitted by law.
  

• We do not sell, rent or license your Personal Data.
  

• You can opt out of marketing at any time. Transactional and service messages may still be sent as part of providing the Services.