GRAND HOTEL GROUP PRIVACY POLICY

If you are a data subject pursuant to the EU General Data Protection Regulation (GDPR) which came into force on 25 May 2018, please refer to our GDPR Privacy Policy available here: https://grandhotelgroup.com.au/data-protection-regulation/.

Grand Hotel Company Pty Limited, Grand Hotel Management Pty Limited, HR Operations Pty Limited, GH Operations Pty Limited and Residence On Langley Park Pty Ltd (the Grand Hotel Group) is committed to protecting your privacy and the confidentiality of your personal information and sensitive information in accordance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act).

This Grand Hotel Group Privacy Policy explains, in further detail, the types of personal information we collect, how we collect and use this information, who we may disclose it to, how you can access and change your personal information and how you can make a privacy complaint.  

  1. What kinds of information do we collect and/or hold?

What kinds of information do we collect?

1                  The types of personal information that Grand Hotel Group may collect and hold includes the following:

(a)               full name, postal address, e-mail address, telephone and fax numbers;

(b)               occupation;

(c)               date of birth, gender and marital status;

(d)               any other information you provide to us by any means; and

(e)               information associated with web browsing, such as your IP address.

2                  Generally, the kinds of information that Grand Hotel Group will collect and/or hold will depend on the nature of our interaction with you – essentially, the purpose of the activity we are conducting.  Accordingly, the kinds of information we record will usually extend to your name, address, contact details and payment information (such as credit card and bank account details).

3                  On occasion we may collect and/or hold other kinds of information – such as when we run a promotional event or a competition.  When we do this, we will disclose our intention to do so to you.

4                  At all times, Grand Hotel Group will take reasonable steps to inform you of the kinds of personal information it collects and holds when you are engaged with it.

What kinds of information can we hold?

5                  We are permitted to collect and/or hold, with your consent, the following kinds of information:

(a)               Personal information, being information or an opinion about an identified individual, or an individual who is reasonably identifiable.

(b)               Sensitive information, being information or an opinion about an individual’s personal preferences or characteristics (such as race, ethnicity, political views, memberships, religious or philosophical beliefs and sexual preference), health information and/or biometric information.  

6                  Sensitive information is afforded a higher level of protection than other kinds of information under the Privacy Act.  We collect and hold sensitive information only when you knowingly and voluntarily submit it.  We will rarely collect and hold this kind of information. 

  1. How do we collect your personal information and how do we hold it?

How do we collect your personal information?

7                  Grand Hotel Group may collect personal information from or about you in a number of circumstances, including:

(a)               from publicly available sources of information;

(b)               when you use our services or contact us directly;

(c)               when you sign up to receive information from us;

(d)               when you take part in one of our competitions and/or promotions;

(e)               when you use our website and/or via software, such as cookies and web/tracking pixels (also known as “web beacons”);

(f)                when you provide or offer services to us;

(g)               from third parties;

(h)               from our own records at Grand Hotel Group; and

(i)                 when legally required to do so.

Means of collection

8                  Grand Hotel Group only collects (and holds) personal information when knowingly and voluntarily submitted by you. When you register your interest or otherwise in the course of us providing services to you, Grand Hotel Group may need to collect personal information which may include your name, address, telephone/mobile phone number, e-mail address, credit card details, bank account details, your business name, your user ID or password.

9                  Grand Hotel Group only collects (and holds) sensitive information when knowingly and voluntarily submitted by you. Although Grand Hotel Group will rarely hold and/or collect this kind of information, the information Grand Hotel Group may hold includes your racial or ethnic background, your family status and/or financial information about you, such as your tax file number. Subject to any legal constraints or obligations, Grand Hotel Group will, at all times, take reasonable steps to obtain your express consent where Grand Hotel Group proposes to handle your sensitive information.

10                Grand Hotel Group will, at all times, take reasonable steps to collect your personal information directly from you, unless:

(a)               it is unreasonable or impracticable for us to do so; or

(b)               you consent to the collection of the information from someone other than you; or

(c)               we are required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than you.

11                In the event we receive your personal information from a third party, via referral and/or via a purchase list, we will take reasonable steps to inform you of that and seek your consent to our collection of that information.  Should you refuse to consent to that collection, we will take reasonable steps to destroy or de-identify that information.

Cookies Policy

What are cookies?

A cookie is a small text file stored on your computer’s browser.  Many cookies from websites will be visible from your browser.  You will usually find information on cookies and how to manage them under “options” or “settings” in your browser.  You can choose to see cookies before deleting them and to keep cookies from some sites.

There are several different types of cookies (some of which are used on Grand Hotel Group’s website):

·         First party cookies:  A “first party” cookie is sent from a website to your web browser when you visit that site.  This is how websites “record” or “remember” things like your customised settings (such as your location), your shopping cart contents and your log in details.

·         Temporary cookies: Temporary cookies generally only last for one browsing session (until you close your web browser).

·         Persistent cookies: Persistent cookies remain on your computer after you close your browser and will be sent back to the applicable website each time you visit it.

·         Third party cookies: Third party cookies are sent by businesses that provide content, such as advertising, on websites that you visit.  Many websites feature advertising from third parties and those third parties may use cookies to track your browsing activities.  They will normally use this information to “show” you targeted advertising – that is, advertising relating to products or services they think you will be interested in based on your prior web searches.

·         Tracking / web pixels (also known as “web beacons”): Tracking pixels are clear picture files used to keep track of your navigation through a single website or a series of websites.  Tracking pixels are normally used by websites that use third party traffic monitoring and tracking services.

·         Local Stored Object cookie or “flash cookies”: Flash cookies contain more information than the other kinds of cookies referred to above and are not generally cleared when you clear cookies in your web browser.

Why and how does Grand Hotel Group use cookies?

12                Generally we use cookies to learn about the way you interact with Grand Hotel Group’s content and to help us to improve your experience when visiting Grand Hotel Group’s website.

13                Grand Hotel Group may record your visit through the use of cookies and may log the following information for purely statistical purposes:

  • your server address;
  • your top-level domain name (e.g.  .com, .gov, .uk, etc);
  • the date and time of your visit to Grand Hotel Group’s site;
  • the pages accessed and documents downloaded by you;
  • the previous site(s) visited by you; and
  • the type of browser used by you. 

14                Most of the information collected by cookies will not be sufficient to identify you – this is because the information collected will be very “general” in nature, relating to your interests (i.e. the products you have looked at) and the websites you have visited previously.  Information collected via cookies will only be deemed to be “personal information” for the purposes of the Privacy Act or the Australian Privacy Principles if it makes you or any other individual reasonably identifiable.

15                Grand Hotel Group will not facilitate the merging of personally-identifiable information with non-personally identifiable information collected through any cookies, tracking/web pixels or Google advertising products or features, unless it has robust notice of and the relevant party’s consent to that merger.

Third party cookies

16                Third party cookies are sent by different organisations (such as businesses which provide content such as advertising) to the owner of the website you are visiting – so in this instance this means by organisations other than Grand Hotel Group. 

17                Third party cookies are used on Grand Hotel Group’s website to enable remarketing and reporting for impression assisted visits, website conversions, user demographics and user interests. 

18                The third party cookies we use on our website include (but are not limited to) :

  • Google Analytics: Grand Hotel Group uses Google Analytics, a web analytics service provided by Google Inc.  Reports obtained from Google Analytics are used to help improve the efficiency and usability of Grand Hotel Group’s website.

Google Analytics uses first party cookies and JavaScript code to gather statistics about how this website is accessed.  It anonymously tracks how our visitors interact with this website, including which website they came from previously and what they did on the site (i.e. which pages they visited).  The information generated by the cookie and JavaScript code about your use of the website (including your IP address) will be transmitted to and stored by Google on servers located outside of Australia. 

Google will use the information transmitted to it for the purposes of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.  Google may transfer this information to third parties where it is required to do so by law or where such third parties process the information on Google’s behalf.

  • Google Analytics Advertising Features: Grand Hotel Group also uses Google Analytics Advertising Features.  By enabling the Advertising Features, Grand Hotel Group enables or permits Google Analytics to collect data about the traffic to Grand Hotel Group ‘s website via the use of Google advertising cookies and identifiers, in addition to the data collected through the standard Google Analytics feature. 

The Google advertising cookies are used to, among other things; select advertising for users based on what is relevant to them, to improve reporting on campaign performance and to avoid showing ads the user has already seen.

  • Nitropack:  a lightweight WordPress plugin for website performance optimisation. Cookies are used to deliver services and to analyse traffic, comprising of essential cookies for basic functions of the website and traffic analysis, as well as optional cookies to better learn how NitroPack is used.

How can I manage, reject and/or delete cookies?

19                We will not use cookies to collect personally identifiable information about you. 

20                However, if you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature.  You should note that cookies may be necessary to provide you with features and/or functions on this website and on other websites.  As noted above, Grand Hotel Group sometimes links to or embeds content from other websites and organisations.  Grand Hotel Group does not control the dissemination of third party cookies from these sites.  In order to manage and/or reject and delete third party cookies, you will need to refer to the privacy policies of the relevant third party website(s).

21                If you want to control or opt out of the operation or application of Google Analytics, Google Analytics Advertising Features and/or Nitropack, you should refer to the respective guide(s) on opting out of those features at:  èhttp://www.google.com/intl/en/policies/privacy/; and

èhttps://nitropack.io/page/privacy

 

Social media

22                When you browse and make use of Grand Hotel Group’s social media pages (such as Facebook, Twitter and YouTube), you are using an external site and are therefore subject to the privacy policies and practices of that site.  If you have any questions or concerns regarding that site’s privacy policies and practices, you should review the privacy policy of the relevant site.  Grand Hotel Group does not endorse, and is not accountable for, any views expressed by third parties using those sites.

23                Grand Hotel Group records all information posted to its social media pages and uses that information for the purposes of administering the pages, for record keeping, for considering and/or addressing any comments made and for running competitions and campaigns.  No attempt will be made to further identify social media subscribers except where requested and authorised by law.

Notification of collection

24                When Grand Hotel Group collects personal information about you, it will take reasonable steps to notify you or to otherwise ensure you are aware of certain matters.  These matters include our identity as an organisation and contact details, the context of the collection, whether the collection is required or authorised by law, the purposes of the collection, Grand Hotel Group’s usual disclosure of personal information, information about our Privacy Policy and whether Grand Hotel Group is likely to disclose your personal information to overseas recipients.

25                Grand Hotel Group will take reasonable steps to provide this notification before, or at the time it collects your personal information.  If it is not possible for it to do so, Grand Hotel Group will take reasonable steps to provide notification as soon as practicable after collection.

26                If you choose not to provide certain personal information to us, we may not be able to provide you with access to parts of the Grand Hotel Group website or to certain content, products and services available on the Grand Hotel Group website or generally from Grand Hotel Group. 

How do we hold and store your information?

27                Information we collect may be stored electronically, in physical hardcopy or in both formats.  Electronic information may be stored on internal databases or on external platforms we utilise such as Bpoint, MRI, FMS or Hub Technology.    .

Security

28                Grand Hotel Group strives to ensure the security, integrity and privacy of the personal and sensitive information of its clients.  Grand Hotel Group takes reasonable steps to protect the security of all personal information. 

29                Grand Hotel Group personnel are required to respect the confidentiality of personal information and the privacy of individuals. 

30                We use a variety of physical and electronic security measures, including restricting physical access to our offices and firewalls and secure databases to keep personal information secure from misuse, loss or unauthorised use or disclosure. 

31                Grand Hotel Group continually reviews its various security measures in order to ensure that they are up to date and fit for purpose.

Information retention and destruction practices or obligations

32                Grand Hotel Group will only retain your personal and/or sensitive information as long as it is necessary for it do so (for example, this may be until the end of a given project or the end of a period of time for expressing interest in a development) or where and when it is required to do so by legislation or a court or tribunal order.

33                Grand Hotel Group has an internal system that is used to identify information that is no longer necessary for it to retain and periodically reviews its data in accordance with this system.

34                Once the purpose for which the information was collected expires and/or upon periodic review, Grand Hotel Group will take reasonable steps to destroy the information or to de-identify the information, so that it can be retained for statistical purposes. 

35                Information which is retained for statistical purposes may be used to improve our services and to make them more responsive to the needs of our customers.  This statistical compilation and analysis of information may also be used by us or provided to others as a summary report for marketing, advertising or research purposes. 

Unsolicited personal information

36                Grand Hotel Group may receive your personal or sensitive information as unsolicited personal information

37                Unsolicited personal information is received by an organisation, such as Grand Hotel Group, where it took no active steps to collect that information.

38                When and where Grand Hotel Group receives unsolicited information, Grand Hotel Group will determine whether it could have collected the information under Australian Privacy Principle 3 (which governs the collection of solicited personal information).  Where Grand Hotel Group could not have collected the information consistent with Australian Privacy Principle 3, Grand Hotel Group will destroy or de-identify the information as soon as practicable, so long as it is lawful and reasonable for it to do so.

  1. The purpose of our collection, holding of, use or disclosure of personal information

How and in what circumstances will Grand Hotel Group use or disclose my personal information?

39                Grand Hotel Group may, in certain circumstances, collect, hold, use and/or disclose your personal and/or sensitive information. 

By way of a guide, these terms are defined as follows in section 6 of the Privacy Act and in the Australian Privacy Principles Guidelines:

An entity “holds” personal information “if the entity has possession or control of a record that contains personal information”.

An entity “uses” personal information “where personal information is handled, or an activity is undertaken with the information, within the entity”.

An entity “discloses” personal information “when it permits that information to become known outside the entity and releases it from its effective control”.

40                Grand Hotel Group will use and disclose your personal information to provide our services to you or to fulfill administrative functions associated with these services.  In general, we will use and disclose your personal information for the following purposes:

(a)               to notify you about an event you may wish to be involved in;

(b)               to communicate with you with respect to an existing event or booking;

(c)               to provide and market our services;

(d)               to help us manage and enhance our services;

(e)               to purchase from you;

(f)                for any purpose for which the information was provided; or

(g)               any other purpose related to any of the above.

41                Grand Hotel Group will disclose personal information when it permits that information to become known outside Grand Hotel Group and where it releases it from its effective control.  For example, Grand Hotel Group would be said to have disclosed your personal information where:

(a)               it shares you personal information with another entity;

(b)               it publishes your personal information on the internet so it is accessible by others;

(c)               where one of its staff reveals your personal information in the course of a conversation with a person who does not work for Grand Hotel Group; or

(d)               where one of its staff members sends a document containing your personal information to someone who is not you. 

Primary purpose and secondary purposes

42                Your personal and/or sensitive information will only be used and disclosed for the primary purpose for which it was submitted or for such other secondary purposes that are related to that purpose, unless we disclose other uses in this Privacy Policy or at the time of the collection of that information. 

Definition pursuant to Australian Privacy Principles Guidelines:

Primary purpose refers to the particular purpose for which the information in question was collected. 

Secondary purpose is any purpose other than the primary purpose for which we have collected your personal information.

43                We will only make use of or disclose your personal information for a secondary purpose if:

(a)               you have consented to the use or disclosure of that information; or

(b)               you would reasonably expect Grand Hotel Group to use or disclose the information for the secondary purpose; or

(c)               the use or disclosure of that information is required or authorised by or under legislation or court/tribunal order; or

(d)               a “permitted general situation” exists in relation to the use or disclosure of the information by Grand Hotel Group; or

(e)               Grand Hotel Group reasonably believes that the use of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

44                In the event Grand Hotel Group discloses information pursuant to clause 44(e), Grand Hotel Group will make a written record of the use or disclosure.

45                When collecting your information we will inform you of the primary purpose of our collection and/or any anticipated secondary purpose that may arise.   The purpose of our collection will vary from project to project, depending on the nature of the project and the nature of your involvement and/or interest in the project.    

Who can access my personal information and what conditions apply to their use of my personal information?

46                As a general rule, your personal and sensitive information will only be accessed and/or viewed by Grand Hotel Group staff and officers, as and when it is appropriate or necessary.  However, your personal information may also be accessed, from time to time, by:

(a)               Grand Hotel Group contractors;

(b)               Grand Hotel Group project partners; or

(c)               Grand Hotel Group suppliers.

47                Where a party, other than an employee or officer of Grand Hotel Group, has access to the personal information of individuals, they will be required to comply with the applicable Australian privacy legislation and, where appropriate, to enter into Privacy Agreements with Grand Hotel Group.

48                The access and use of your personal or sensitive information by a third party will be restricted to the purpose for which it was first collected and/or to a closely related secondary purpose.

Use of Aggregate Data

49                Grand Hotel Group may use personal information in aggregate form to improve services and make them more responsive to the needs of customers. This statistical compilation and analysis of information may also be used by us or provided to others as a summary report for marketing, advertising or research purposes.

Direct marketing

Definition pursuant to the Australian Privacy Principles Guidelines:

Direct marketing involves the use and/or disclosure of personal information to communicate directly with an individual to promote goods and services.  A direct marketer may communicate with an individual through a variety of channels, including telephone, SMS, postal mail, e-mail and online advertising.

50                Grand Hotel Group will not use or disclose your personal information for the purpose of direct marketing, unless:

(a)               we collected the information from you;

(b)               we obtained your consent to the use or disclosure of the information for that purpose (except where it was impracticable to do so); and

(c)               you would reasonably expect Grand Hotel Group to use or disclose the information for that purpose; and

(d)               we provide you with an easy to use means of opting out of receiving any further direct marketing communications; and

(e)               you have not requested that we cease sending you direct marketing communications.

51                As mentioned above, Grand Hotel Group makes use of a number of Google Analytics Advertising Features, including remarketing.  The Remarketing feature allows Grand Hotel Group to reach people who have previously visited its website and to match users with appropriate advertising.

52                If you would like to control or opt out of the application of the Google Analytics Advertising Features, you should refer to Google’s guide(s) on opting out of those features.

53                Grand Hotel Group will only make use of your sensitive information for direct marketing purposes if you have consented to the use or disclosure of that information for that purpose.

54                If you receive direct marketing communications from Grand Hotel Group or from an associated entity, you are entitled to:

(a)               request that you receive no further direct marketing communications for Grand Hotel Group;

(b)               and/or the associated entity; and

(c)               request that Grand Hotel Group disclose the source of the information.

Opting-out

55                Grand Hotel Group will take reasonable steps to facilitate a request by you to opt-out of receiving direct marketing communications.  This may be a request to opt-out of receiving certain communications or to opt-out altogether. 

56                Grand Hotel Group will not charge you for making such a request or for giving effect to such a request. 

57                Grand Hotel Group will take reasonable steps to give effect to such request within a reasonable period of time after the request is made and will reply to a request for the source of the information in a reasonable period of time (unless it is unreasonable or impracticable for us to do so). 

E-mails

58                We may use your e-mail address to send you Grand Hotel Group publications, newsletters, marketing emails and information relating to seminars or events.  We may also contact you by e-mail to seek your opinion or comment on our website and our service offerings. 

59                Grand Hotel Group, at all times, aims to comply with the terms of the Spam Act 2003 (Cth) and will not send unsolicited commercial electronic messages or “spam”.

60                All commercial electronic messages sent by Grand Hotel Group include information about the individual or organisation who authorised the sending of the message.

61                You can unsubscribe from our e-mails at any time.  You can also contact us and instruct us not to send further information to you.

  1. How can you access your personal information and/or seek the correction of your personal information?

62                You have a right to access the personal information we hold about you and to request the correction of any personal information we hold about you. 

63                Grand Hotel Group will take reasonable steps to ensure that the personal information it collects and discloses is accurate, up to date, complete and relevant.

Determination process

64                Grand Hotel Group is not required to give you access to personal information to the extent that:

(a)               Grand Hotel Group reasonably believes that giving access would pose a serious threat to the life, health or safety of an individual, or to public health or public safety; or

(b)               giving access would have an unreasonable impact on the privacy of other individuals; or

(c)               the request is frivolous or vexatious; or

(d)               the information relates to existing or anticipated legal proceedings between the entity and the individual, and would not be accessible by the process of discovery in those proceedings; or

(e)               giving access would reveal the intentions of Grand Hotel Group in relation to negotiations with you in such a way as to prejudice those negotiations; or

(f)                giving access would be unlawful; or

(g)               denying access is required or authorised by or under legislation or a court/tribunal order; or

(h)               giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

(i)                 giving access would reveal evaluative information generated within Grand Hotel Group in connection with a commercially sensitive decision making process.

Providing access

65                Should you experience difficulty in determining the correct route through which to request access to your personal information, please contact our Privacy Officer and they will provide you with assistance.

66                Grand Hotel Group will take reasonable steps to respond to a request for access within a reasonable period of time after the request is made (within 45 days) and to give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so. 

67                Grand Hotel Group reserves the right to charge you a minimal fee for providing you with your personal information.

68                In the event that Grand Hotel Group refuses to give you access to the personal information requested by you, we will give you a written notice which sets out the reasons for the refusal (except to the extent that it would be unreasonable to do so) and the mechanisms available to you to complain about the refusal.

Request for correction of personal information

69                You can make a request for the correction and/or amendment of your personal information.

70                Applications to have personal information held by Grand Hotel Group corrected or amended should:

(a)               be made in writing to the Privacy Officer;

(b)               provide enough information to determine what changes are required; and

(c)               provide your current contact details.

71                In the event Grand Hotel Group refuses to correct your personal information, Grand Hotel Group will give you a written notice which sets out the reasons for the refusal (except to the extent it would be unreasonable to do so) and the mechanisms available to you to complain about the refusal.

72                Grand Hotel Group will take reasonable steps to respond to a request for access within a reasonable period of time after the request is made (within 45 days) and will not charge you for the making of the request or for the correction of the personal information. 

  1. Notifiable data breaches

73                We are committed to protecting information we hold about you, and to compliance with the Notifiable Data Breaches scheme.

74                Where we become aware of a potential data breach which is likely to result in serious harm to any individuals about whom we hold information, we will:

  • investigate the suspected breach and determine scope of any breach that has occurred and the risk of harm to affected individuals whose information may have been compromised;
  • notify you and the Privacy Commissioner of the potential breach; and
  • take steps to minimise any harm caused to affected individuals as a result of the breach.
  1. How can I complain about a breach or give feedback on how Grand Hotel Group deals with my personal information?

75                Should you wish to provide Grand Hotel Group with feedback with respect to its management of your personal information, to complain about a breach of Grand Hotel Group’s privacy obligations or to appeal a decision with respect to a request for access to or the correction of personal information.  Please contact us at the address set out at 84 below.

76                Grand Hotel Group will take reasonable steps to respond to your complaint and/or feedback within 45 days. 

77                In the event that you wish to have a decision refusing access to your personal information and/or refusing to correct your personal information reviewed or to lodge a complaint with respect to the management of your personal information, please contact us on the contact details as set out at 84 below.

  1. Disclosure of personal information to overseas recipients

78                Generally, Grand Hotel Group does not disclose the personal and/or sensitive information of its customers to overseas recipients. 

79                However, there is a possibility that, on occasion, your personal information may be disclosed to an overseas recipient.  The location of any recipients will vary depending on the project or purpose concerned.

80                In the event that a particular project or development will or may involve the disclosure of personal or sensitive information to an overseas recipient, Grand Hotel Group will take reasonable steps to inform you of that potential use or disclosure as soon as possible.  As part of our notification process, Grand Hotel Group will inform you of the location and/or identity of that recipient.

81                Similarly with other third party recipients and/or partners of Grand Hotel Group, we will take reasonable steps to ensure that any overseas recipients comply with privacy policies and regulations which are similar to or more strenuous than those required by the applicable Australian legislation. 

82                Should you have any queries about the potential disclosure of your personal information to an overseas recipient, please contact our Privacy Officer.

Queries and Feedback

83                If you have any queries relating to this Privacy Policy, or you have any feedback, please contact our Privacy Officer via email as follows:

(a)               For Melbourne: melbournedpo@ghg.net.au

(b)               For Perth: perthdpo@ghg.net.au