Skip to content
English
  • There are no suggestions because the search field is empty.

SpacetoCo Privacy & Responsible Information Sharing (PRIS) — Information for Council Clients

SpacetoCo is committed to responsible data management and supports the councils and government organisations we work with in meeting their compliance obligations. This page provides information about Western Australia's Privacy and Responsible Information Sharing Act 2024 (the PRIS Act), what it means for councils that use SpacetoCo, and how we are approaching our responsibilities as a platform provider.

What is the PRIS Act?

The Privacy and Responsible Information Sharing Act 2024 (WA) is Western Australian legislation that introduces the first dedicated privacy framework for WA public sector entities, including local governments.

The Act sets out 11 Information Privacy Principles (IPPs) governing how personal information is collected, used, stored, shared, and disposed of. It also establishes a framework for responsible information sharing between public entities.

Key dates: Substantive privacy obligations take effect 1 July 2026. Mandatory data breach reporting begins 1 January 2027. As of 1 July 2025, the Office of the Information Commissioner is operational to support preparations.

Who does the PRIS Act apply to?

The PRIS Act primarily applies to WA public sector entities — including local councils. As public entities, councils will be directly subject to the Act's Information Privacy Principles from 1 July 2026.

Private companies like SpacetoCo are not automatically bound by the PRIS Act. However, contracted service providers can become subject to the Act's obligations if a State services contract explicitly includes a clause to that effect.

This means the scope of SpacetoCo's obligations under the PRIS Act will depend on the terms of individual council contracts, rather than the Act applying to us by default.

How SpacetoCo approaches privacy

SpacetoCo handles personal information on behalf of the councils and organisations that use our platform. This includes information about space hirers, booking history, payment details, and communications.

Our approach to data management is built on the following principles:

  • We collect only the information necessary to operate the booking platform and provide services to hosts and hirers.
  • Personal information is stored securely and access is limited to authorised users.
  • We do not sell personal data to third parties.
  • We support councils in accessing and exporting their data.
  • We maintain incident response procedures to detect and respond to data breaches.

SpacetoCo is also subject to the Commonwealth Privacy Act 1988 and the Australian Privacy Principles (APPs), which provide a baseline framework for how we handle personal information across our platform.

What this means for council clients

As councils prepare for the PRIS Act's commencement on 1 July 2026, we understand they will be reviewing the data practices of their service providers, including platforms like SpacetoCo.

We are supportive of this process and encourage councils to:

  • Review the data that SpacetoCo collects and processes on their behalf.
  • Consider whether existing contract terms adequately address PRIS compliance requirements.
  • Raise any questions about our data handling practices with their SpacetoCo account manager.

What data does SpacetoCo hold on behalf of councils?

When a council uses SpacetoCo as their booking platform, the following categories of personal information may be collected and stored:

  • Hirer contact details (name, email address, phone number).
  • Booking records and transaction history.
  • Payment information (processed via third-party payment providers).
  • Communications between hirers and venue hosts.
  • Account profile information provided by hirers.
Data security

SpacetoCo takes the security of personal information seriously. Our security practices include:

  • Encrypted data transmission using HTTPS.
  • Secure cloud infrastructure with access controls.
  • Regular security reviews and monitoring.
  • Staff access is limited to what is required for their role.

SpacetoCo holds the following independent security certifications:

  • ISO 27001 — the internationally recognised standard for information security management systems.
  • UK Cyber Essentials — a UK government-backed scheme covering foundational cyber security controls.

All SpacetoCo platform data is hosted on Amazon Web Services (AWS) infrastructure located in Australia, ensuring your data remains within Australian jurisdiction.

Get in touch

If you have questions about this page, the PRIS Act, or how SpacetoCo handles data on behalf of your council, please contact us:

  • Email: info@spacetoco.com
  • Through your dedicated SpacetoCo account manager.

This page is intended as general information for council clients and does not constitute legal advice. SpacetoCo recommends that councils seek independent legal advice regarding their own PRIS Act obligations. SpacetoCo is working behind the scenes to ensure up-to-date compliance with this legislation for all of its partner hosts, including adding a collection statement in the checkout. 

Last updated: July 2026