We are committed to protecting the privacy of the personal information we collect and receive. We are bound by the Australian Privacy Principles (APP) contained in the Privacy Act 1988 (Cth).
- the kind of information we collect and hold;
- how we collect and hold your personal information;
- why we collect, hold, use and disclose your personal information;
- how you may access and seek the correction of your personal information as held by us;
- how you may complain about a breach of the APPs, and how we will deal with such a complaint; and
- if we are likely to disclose your personal information to overseas recipients and the countries in which such recipients are likely to be located.
YOUR PERSONAL INFORMATION
We only collect personal information (being information that identifies or could reasonably identify an individual) where we consider it to be reasonably necessary for our functions and activities.
We collect personal information to service our customers and to carry out our business including in circumstances when you:
- provide us with personal information when you participate in a promotion, competition, promotional activity, survey, market research or customer behavioural activity, subscribe to our mailing list or interact or follow our social media pages. This information may include, for example, your name, postal address, email address, telephone number, date of birth, age and occupation;
- navigate through our website and access our applications or booking forms, certain information can be passively collected (i.e. gathered without you actively providing the information) using various technologies such as cookies, internet tags or web beacons, and navigational data collection (log files, server logs and clickstream data); and
- provide us with personal information via our stores or head office or when you make a booking in store, by telephone or via our electronic booking system.
The types of information we collect includes:
- your name and gender, your date of birth and age;
- previous booking information;
- contact details (address, phone, fax or e-mail);
- credit card details (stored encrypted); and
- your individual preferences.
- We will only collect Personal Information from you that we reasonably require for one or more of our business functions or activities, and will do so in accordance with the APPs.
The kinds of Personal Information we may collect from you will depend on what type of interaction you have with us.
We may combine your anonymous or personal visitor session information or other information collected through tracking technologies with other personal information collected from you from time to time in order to understand and measure your online experiences and to determine what products, promotions and services are likely to be of interest to you.
By accessing a website via links in an email we have sent and/or by accessing a website where you have identified yourself, you consent to the collection of such information where it is personal information.
In some circumstances, we may collect personal information from third parties such as credit reporting agencies or marketing agencies. Where we do, we will ensure that we act in accordance with relevant Australian laws.
HOW WE COLLECT YOUR PERSONAL INFORMATION
We will solicit your personal information by lawful and fair means directly from you unless it is unreasonable or impracticable for us to do so. We will collect personal information directly:
- by email and through our website;
- in person, over the telephone or by written correspondence;
- on hard copy forms (including booking forms, competition entry forms and surveys);
- electronic systems such as applications;
- through our security surveillance cameras; and
- through diagnostics and other electronic tools to monitor the location of and servicing of your equipment.
We may collect personal information from third parties including:
- your legal representatives;
- direct marketing database providers;
- the Australian Tax Office (ATO);
- the Australian Securities and Investment Commission (ASIC); and
- public sources (phone directories, membership lists, professional and trade associations, ASIC, bankruptcy or court registry searches).
UNSOLICITED PERSONAL INFORMATION
Unsolicited personal information is personal information we receive that we have taken no active steps to collect (such as a job application sent to us by an individual on their own initiative, rather than in response to an advertisement).
We may keep records of unsolicited personal information if the information is reasonably necessary for one or more of our functions or activities. If not, it is our policy to destroy the unsolicited information or ensure that the information is de-identified, provided it is lawful and reasonable to do so.
USING YOUR PERSONAL INFORMATION
The main purposes for which we collect, hold, use and disclose personal information are to provide services and benefits and to provide our products and services to you.
We can use your information to:
- verify your identity if you need help with a forgotten password or you are having login problems with one of our website services;
- help provide any other services that you have requested;
- offer the most relevant information suitable to your and your interests including any marketing, promotional, publicity, direct marketing or market research that we might undertake;
- processing your transactions and bookings you place with us in person or via our websites;
- providing you with our products and services;
- administering and responding to your enquiry or feedback about our products and services;
- delivering or enhancing our services;
- improving the operation or navigation of our websites;
- conducting, and allowing you to participate in, a promotion, competition, promotional activity, survey or market research;
- processing and considering your employment application and conducting reference checks;
- facilitating our internal business operations, including fulfilment of any legal and regulatory requirements;
- promoting and marketing current and future products and services to you, informing you of upcoming events and special promotions and offers and analysing our products and services so as to improve and develop new products and services;
- maintain contact with you about our services; and
- any other purpose directly related to our work and for which you have provided consent (where it is reasonably required by law).
Our website may require subscriptions or registrations or a check in to use certain services, functions or content. You will know what information is being collected via these processes when you complete the relevant forms and provide the required details prior to submitting the application. We will collect data relating to any transactions you carry out through our website and the fulfilment of your booking.
We may also use your data to monitor for any unauthorised use of our website, content or subscriptions to our services.
PURPOSE OF COLLECTION
If we collect information for a purpose (the primary purpose), we will not use or disclose the information for any other purpose (the secondary purpose) unless:
- you would have consented to the use or disclosure of the your personal information; or
- in relation to the use or disclosure of your personal information:
- you would reasonably expect us to use or disclose your information for the secondary purpose and the secondary purpose is directly related to the primary purpose (sensitive information) or related to the primary purpose (not sensitive information); o use or disclosure is required or authorised under Australian law or a court/tribunal;
- a permitted situation exists or a permitted health situation exists; or
- we reasonably believe that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
If we use or disclose your personal information because we reasonably believes that the use or disclosure of your information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body, we will make a written note of the use or disclosure.
DO YOU HAVE TO PROVIDE PERSONAL INFORMATION?
You can refuse to provide personal information. However a refusal may mean that the service you requested is not provided or booking will be refused or forfeited.
SHARING YOUR PERSONAL INFORMATION
We may use and disclose personal information for related purposes to third parties. We may disclose your personal information:
- to government bodies such as ATO, ASIC, Australian Prudential Regulatory Authority and the police or courts (as required by law);
- to professional or government organisations; and
- to our contracted service providers including:
- information technology service providers;
- marketing and communications agencies;
- mailing houses, freight and courier services;
- printers & distributors of marketing material; and
- external advisers (recruiters, auditors & lawyers).
- to our related entities, suppliers, consultants, contractors or agents for the purposes set out in the section above or for other purposes directly related to the purpose for which the information is collected;
- where the law requires or authorises us to do so (whether in Australia or overseas);
- to others that you have been informed of at the time any information is collected from you; and
- with your consent (express or implied) to others.
We do not provide, rent, sell or exchange your personal information to third parties without your prior approval.
We do not adopt, use or disclose government related identifiers (such as a Medicare number or driver’s licence number) as our own identifier for you unless:
- it is required/authorised by law or court/tribunal order;
- it is reasonably necessary to verify your identity;
- it is reasonably necessary to fulfil our obligations; or
- we reasonably believe it is reasonably necessary for one or more enforcement related activities.
To improve our services, we sometimes collect de-identified information from web users. Although the information collected does not identify an individual, it does provide us with useful statistics that permits us to analyse and improve its web services.
When you visit our website, a record of your visit is logged and the following data is supplied by your browser: your IP address and/or domain name, your operating system (type of browser & platform), the date, time and length of your visit and the resources you accessed or downloaded.
We use this information to customise information for website visitors and to collect aggregated data for the purposes of analysis, quality control, administering and improving the website. It is not used for any other purpose.
Aggregated data may be shared with third parties. You can stop your browser from accepting new cookies or disable cookies altogether by changing your browser preferences.
LINKS TO OTHER WEBSITES
If we hold your personal information, we may use or disclose that personal information (other than sensitive information) for direct marketing if:
- we collected the information from you; and
- you would reasonably expect us to use or disclose the information for that purpose; and
- we provided you with a simple way to opt out of receiving direct marketing from us; and
- you have not made such an opt out request to us.
We may also use or disclose your personal information (other than sensitive information) for direct marketing if:
- we collected the information from you and you would not reasonably expect us to use or disclose the information for that purpose or someone other than you; and
- either you have consented to the use or disclosure of the information for that purpose or it is impracticable to obtain that consent; and
- we provided you with a simple way to opt out of receiving direct marketing from us; and
- in each direct marketing communication with you:
- we include a prominent statement that you can request to opt out; or
- we otherwise draw your attention to the fact that you can request to opt out; and
- you have not made such a request to us.
We can use or disclose your sensitive information for the purpose of direct marketing if you have consented to the use or disclosure of that information for direct marketing.
We may also use or disclose your personal information for direct marketing if:
- when we are a contracted service provider for a Commonwealth contract;
- where we collected your information in order to meet an obligation under that contract; and
- the use or disclosure is necessary to meet (directly or indirectly) such an obligation.
If we have collected the personal information that we used to send you direct marketing material from a third party, you can ask us to notify you of its source of information. It is our policy is to do so unless it is unreasonable or impracticable.
HOW TO OPT OUT OF DIRECT MARKETING
If we use or disclose your personal information for the purpose of direct marketing, you may request not to receive direct marketing communications from us.
If we use or disclose your personal information for the purpose of facilitating direct marketing by other organisations, you may request that we do not use or disclose your information for this purpose.
We will give effect to your request not to receive direct marketing from us or an entity facilitated by us free of charge within a reasonable time after the request is made.
At or before the time of collection of personal information from you, or as soon as practicable afterwards, we will take reasonable steps to notify you or to otherwise ensure that you are aware of:
- our contact details;
- the fact that we collect, or has collected, your personal information and the circumstances of that collection (if collected from someone other than you);
- if the collection is required or authorised by law or a court/tribunal order;
- why the personal information was collected by us;
- the consequences to you if we do not collect all or some of your personal information;
- any other entity, body or person, or the types of any other entities, bodies or persons, to which we usually disclose personal information;
- if we are likely to disclose your personal information to overseas recipients and if so, the countries in which such recipients are likely to be located (if it is practicable to specify those countries or to otherwise make the individual aware of them); and
We will generally include these matters in a collection notice. For example, where personal information is collected on a paper or website form, we will include a collection notice, or a clear link to it, on the form.
PROTECTING YOUR PERSONAL INFORMATION
We store information in different ways, including paper and electronic form. We take reasonable steps to protect it from misuse, interference, loss, unauthorised access, modification or disclosure including:
- confidentiality requirements of staff;
- security measures for access to our systems including firewalls and secure password protected databases for storage;
- servers kept at a secure location with limited access;
- document storage security requirements;
- access controls for our building;
- limited the provision of personal information to third parties and subject to guarantees about use; and
- our staff are trained to deal with the information.
We cannot guarantee that personal information will be protected against unauthorized access or misuse and we do not accept any liability for the improper actions of unauthorised third parties.
We will retain your personal information for as long as necessary to fulfil our obligations to you, to protect our legal interests, to comply with an Australian law or as otherwise stated to you when we collected your personal information.
Once we are no longer required to retain your personal information, we will take reasonable steps to destroy your personal information or to ensure that your personal information is de-identified.
DISCLOSING YOUR PERSONAL INFORMATION OVERSEAS
Some of our related entities and third party goods and service providers are located overseas. Our agreements with these parties generally include an obligation for them to comply with Australian privacy laws.
While we will take all reasonable care to ensure that overseas providers will handle your personal information securely, you acknowledge that by agreeing to the disclosure of your personal information to these overseas entities for the purposes stated above, we will not be held accountable for any breaches of the APPs by an overseas recipient.
We may disclose your personal information to our related entities and other third party service providers operating outside Australia who work with us or one of our suppliers, agents, or partners. We may also store your personal information on servers based overseas or in the “cloud” or other types of networked or electronic storage.
Before disclosing your personal information to an overseas third party, we will first take reasonable steps to ensure that the overseas recipient:
- does not breach the APPs in relation to your personal information; or
- the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting your personal information in a way that is substantially similar to the way in which the APPs protect the information.
We may disclose personal information to our other entities and third parties in jurisdictions including: Australia, New Zealand and the United States of America. The European Commission has recognised each of these countries as providing adequate protection of personal information.
You acknowledge and understand that by providing such consent:
- we will not be required to take steps as are reasonable in the circumstances to ensure that such third parties comply with the APPs;
- if the overseas recipient handles your personal information in breach of the APPs:
- we will not be liable under the Act; and
- you will not be able to seek redress under Act.
- the overseas recipient may not be subject to any privacy law or principles similar to the APPs;
- you may be unable to seek redress overseas;
- the overseas recipient is subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority.
If you withdraw consent, we will not rely on this consent when dealing with your personal information going forward.
You have the option of not identifying yourself or using a pseudonym when dealing with us provided that is it lawful and practicable.
We will try to accommodate a request for anonymity if possible. However, your right to anonymity does not apply in relation to a matter if:
- we are required or authorised by or by law or a court/tribunal order to deal with individuals who have identified themselves; or
- it is impracticable for us to deal with individuals who have not identified themselves.
It is our policy to enable you to access our website and make general phone queries without having to identify yourself and to enable you to respond to our surveys anonymously.
In some cases however, if you don’t provide us with your personal information when requested, we may not be able to respond to your request or provide you with a service.
ACCESSING TO YOUR PERSONAL INFORMATION
You have the right, upon request, to access any of our records containing your personal information.
To request access to your personal information please contact our privacy officer.
We will respond to your request to access your personal information within a reasonable period of time.
On the basis that it is reasonable and practicable to do so, we will give you access to the information requested.
If we refuse your request to access personal information, we will provide a written notice setting out the reasons for the refusal & how you can complain about the refusal.
The exceptions under the APPs which affect your right to access your personal information we hold include if the request:
- poses a serious threat to the life, health or safety;
- is frivolous, vexatious or relates to legal proceedings;
- would reveal our intentions or prejudice any negotiations;
- would be unlawful or would have an unreasonable impact on the privacy of others;
- is required or authorised by law or court/tribunal order;
- would likely prejudice enforcement related activities; or
- relates to sensitive decision making process.
When you make a request to access personal information, we will require you to provide some form of identification (such as a driver’s licence or passport) so we can verify that you are the person to whom the information relates.
HELP US KEEP YOUR PERSONAL INFORMATION ACCURATE
We will take reasonable steps to ensure our records of personal information are accurate, up to date and complete.
However, the accuracy of information depends to a large extent on the information you provide. If you do not give us all the personal information we may require, or the personal information provided is inaccurate or incomplete, then the products, services and information we provide may be affected.
If you think there is something wrong with the information we hold about you please contact our privacy officer to let us know if there are any errors and keep us up-to-date with any changes, and we will try to correct your personal information.
We will respond to your request to correct your personal information free of charge and in a reasonable period of time. If we refuse your request, we will provide you with a written notice setting out the reasons for the refusal and mechanisms available to complain about the refusal.
If we refuse to correct your personal information, you may request that we associate your information with a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading. We will take reasonable steps to make the statement visible to users of your personal information.
If we do correct your personal information and we have previously disclosed your personal information to a third party, upon your request, we will notify that third party of the correction unless it is impracticable or unlawful to do so.
DEALING WITH SPAM
We will not send you any commercial electronic messages (SMS or emails) unless it is permitted by the Spam Act (for example, we have your express or inferred consent). Any commercial electronic message that we send will identify us as the sender and will include relevant contact details and an unsubscribe facility. If you do not wish to receive commercial electronic messages from us, please contact the privacy officer.
DO NOT CALL REGISTER
We will not call you on a number listed on the Do Not Call Register unless it is permitted under the Do Not Call Register Act and related instruments (for example, if we have your express or inferred consent to do so).
If you do not wish us to call you on a particular number, please contact the privacy officer.
RESOLVING YOUR PRIVACY ISSUES
If you have any issues you wish to discuss with us or if you’re concerned about how we have collected or managed your personal information please contact the privacy officer.
For information about privacy or if your concerns are not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au and on 1300 363 992.
OUR PRIVACY OFFICER
Our privacy officer can be contacted at: