PRIVACY POLICY – DATA SUBJECTS PURSUANT TO THE EU GENERAL DATA PROTECTION REGULATION

This policy applies to you if you are a data subject pursuant to the EU General Data Protection Regulation (GDPR) which came into force on 25 May 2018. If you are not a data subject pursuant to the GDPR, please refer to our Australian Privacy Policy available here: https://grandhotelgroup.com.au/data-protection-policy/.

A ‘data subject’ is described as ‘an identified or identifiable natural person’ and the GDPR applies to the processing of Personal Data of data subjects who are in the union.

Personal Data is defined in Article 4 (1) of the GDPR as ‘any information relating to an identified or identifiable natural person’.

Grand Hotel Company Pty Limited, Grand Hotel Management Pty Limited, HR Operations Pty Limited, GH Operations Pty Limited and GHG Capital Pty Ltd (the Grand Hotel Group) is committed to protecting your privacy and the confidentiality of your Personal Information and Sensitive Information (Information) as defined in the Privacy Act 1988 (Cth) (Privacy Act) and your Personal Data as defined in the GDPR.

This Grand Hotel Group Privacy Policy explains, in further detail, the types of Information we collect, how we collect and use this Information, who we may disclose it to, how you can access and change your Information and how you can make a privacy complaint. 

What kinds of Information do we collect and/or hold?

What kinds of Information do we collect?

1                  The types of Information that Grand Hotel Group may collect and hold includes the following:

(a)               full name, postal address, e-mail address, telephone and fax numbers;

(b)               occupation;

(c)               date of birth, gender and marital status;

(d)               any other information you provide to us by any means;

(e)               information associated with web browsing, such as your IP address; and

(f)                information relating to a child under 16 if parental consent has been given.

2                  Grand Hotel Group may collect the Information of anyone over the age of 16 years. If Grand Hotel Group wishes to collect the information of anyone under 16 years of age (child), Grand Hotel Group must seek the consent of such collection from a person that has parental responsibility over the child.

3                  Generally, the kinds of information that Grand Hotel Group will collect and/or hold will depend on the nature of our interaction with you – essentially, the purpose of the activity we are conducting.  Accordingly, the kinds of information we record will usually extend to your name, address, contact details and payment information (such as credit card and bank account details).

4                  On occasion we may collect and/or hold other kinds of Information – such as when we run a promotional event or a competition.  When we do this, we will disclose our intention to do so to you.

5                  At all times, Grand Hotel Group will take reasonable steps to inform you of the kinds of Information it collects and holds when you are engaged with it, and how this may vary from project to project.

What kinds of Information can we hold?

6                  We are permitted to collect and/or hold, with your consent, the following kinds of Information:

(a)               Personal Information, being information or an opinion about an identified individual, or an individual who is reasonably identifiable, including, but not limited to information in relation to criminal convictions and offences.

(b)               Sensitive Information, being information or an opinion about an individual’s personal preferences or characteristics (such as race, ethnicity, political views, memberships, religious or philosophical beliefs and sexual preference), health information and/or biometric information.  

7                  Sensitive Information (as defined in the Privacy Act) is afforded a higher level of protection than other kinds of information under the Privacy Act and GDPR.  We collect and hold Sensitive Information only when you knowingly and voluntarily submit it.  We will rarely collect and hold this kind of information. 

How do we collect your Information and how do we hold it?

How do we collect your Information?

8                  Grand Hotel Group may collect Information from or about you in a number of circumstances, including:

(a)               from publicly available sources of information;

(b)               when you use our services or contact us directly;

(c)               when you sign up to receive information from us;

(d)               when you take part in one of our competitions and/or promotions;

(e)               when you use our website and/or via software, such as cookies and web/tracking pixels (also known as “web beacons”);

(f)                when you provide or offer services to us;

(g)               from third parties;

(h)               from our own records at Grand Hotel Group; and

(i)                 when legally required to do so.

Means of collection

9                  Grand Hotel Group only collects (and holds) Information when knowingly and voluntarily submitted by you. When you register your interest or otherwise in the course of us providing services to you, Grand Hotel Group may need to collect Information which may include your name, address, telephone/mobile phone number, e-mail address, credit card details, your business name, your user ID or password.

10                Grand Hotel Group only collects (and holds) Sensitive Information (as defined in the Privacy Act) when knowingly and voluntarily submitted by you. Although Grand Hotel Group will rarely hold and/or collect this kind of information, the information Grand Hotel Group may hold includes your racial or ethnic background, your family status and/or financial information about you, such as your tax file number. Subject to any legal constraints or obligations

11                Grand Hotel Group will, at all times, take reasonable steps to collect your Information directly from you, unless:

(a)               it is unreasonable or impracticable for us to do so; or

(b)               you consent to the collection of the Information from someone other than you; or

(c)               we are required or authorised by or under an Australian law, or a court/tribunal order, to collect the Information from someone other than you.

12                In the event we receive your Information from a third party, via referral and/or via a purchase list, we will take reasonable steps to inform you of that and seek your consent to our collection of that Information.  Should you refuse to consent to that collection, we will take reasonable steps to destroy or de-identify that Information.

How we use your Information

13                We will only use your Information to the extent permitted by the law. We may use the Information you provide to us or which we collect for the following range of purposes, including:

Purpose/Activity
·         To register you as a new customer

·         To process and deliver your order/booking/purchase including:

            (a) Manage payments, fees and charges; and

            (b) Collect and recover money owed to us; and

            (c) Organise and provide you with a product or service you have requested, delivering your purchase to you or ensuring that you benefit from any relevant special offer or promotion (and to fulfil our obligations under any other agreement we may have with you)

·         To provide you with checkout assistance when you use our website or services (including any online e-commerce stores). If you do not complete your purchase/booking, we may contact you using these details to offer our assistance (in case, for instance, you were experiencing technical difficulties that prevented you from completing a transaction)

·         To manage our relationship with you which will include:

            (a) Notifying you about changes to our terms and conditions or Policy;

(b) Asking you to leave a review or take a survey

·         To enable you to partake in a prize draw, competition or complete a survey
·         To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
·         To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
·         To use data analytics to improve and enhance our existing products, services and applications and develop new offerings, recommendations, advertisements and other communications and learn more about customers’ preferences in general.
·         To make suggestions and recommendations to you about goods or services that may be of interest to you, including carrying out surveys to better understand your preferences.
·         To prevent fraud and for investigation purposes, for example, using device information such as device ID(s) to ensure that any vouchers or discounts relating to any promotions or campaigns are not being redeemed fraudulently, checking that a payment is not made fraudulently.

·         To create and manage customer database(s). As part of our ongoing customer relationship management activities, we may consolidate several databases into one or otherwise link separate databases to more effectively manage your accounts. Information may be linked via a unique identifier, such as a cookie or account number.

            Alternatively, we may decide to combine two or more databases into a single database of customer information.

            We may do this for your and/or our convenience (for example, to allow you to more easily register for a new service), to allow us to provide more seamless customer support whenever you contact us and to provide you with better, personalised services, content, marketing and adverts.

·         To consider employing you if you contact us via one of the job application areas or pages of our websites.

14                We will only use your Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the details set out at the bottom of this Policy.

15                If we need to use your Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

16                Please note that we may process your Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Cookies Policy

What are cookies?

A cookie is a small text file stored on your computer’s browser.  Many cookies from websites will be visible from your browser.  You will usually find information on cookies and how to manage them under “options” or “settings” in your browser.  You can choose to see cookies before deleting them and to keep cookies from some sites.

There are several different types of cookies (some of which are used on Grand Hotel Group’s website):

·         First party cookies:  A “first party” cookie is sent from a website to your web browser when you visit that site.  This is how websites “record” or “remember” things like your customised settings (such as your location), your shopping cart contents and your log in details.

·         Temporary cookies: Temporary cookies generally only last for one browsing session (until you close your web browser).

·         Persistent cookies: Persistent cookies remain on your computer after you close your browser and will be sent back to the applicable website each time you visit it.

·         Third party cookies: Third party cookies are sent by businesses that provide content, such as advertising, on websites that you visit.  Many websites feature advertising from third parties and those third parties may use cookies to track your browsing activities.  They will normally use this information to “show” you targeted advertising – that is, advertising relating to products or services they think you will be interested in based on your prior web searches.

·         Tracking/web pixels (also known as “web beacons”): Tracking pixels are clear picture files used to keep track of your navigation through a single website or a series of websites.  Tracking pixels are normally used by websites that use third party traffic monitoring and tracking services.

·         Local Stored Object cookie or “flash cookies”: Flash cookies contain more information than the other kinds of cookies referred to above and are not generally cleared when you clear cookies in your web browser.

Why and how does Grand Hotel Group use cookies?

17                Generally we use cookies to learn about the way you interact with Grand Hotel Group’s content and to help us to improve your experience when visiting Grand Hotel Group’s website.

18                Grand Hotel Group may record your visit through the use of cookies and may log the following information for purely statistical purposes:

  • your server address;
  • your top-level domain name (eg.  .com, .gov, .uk, etc);
  • the date and time of your visit to Grand Hotel Group’s site;
  • the pages accessed and documents downloaded by you;
  • the previous site(s) visited by you; and
  • the type of browser used by you. 

Most of the information collected by cookies will not be sufficient to identify you – this is because the information collected will be very “general” in nature, relating to your interests (i.e. the products you have looked at) and the websites you have visited previously.  Information collected via cookies will only be deemed to be “personal information” for the purposes of the Privacy Act or the Australian Privacy Principles if it makes you or any other individual reasonably identifiable.

Grand Hotel Group will not facilitate the merging of personally-identifiable information with non-personally identifiable information collected through any cookies, tracking/web pixels or Google advertising products or features, unless it has robust notice of and the relevant party’s consent to that merger.

Third party cookies

19                Third party cookies are sent by different organisations (such as businesses which provide content such as advertising) to the owner of the website you are visiting – so in this instance this means by organisations other than Grand Hotel Group. 

20                Third party cookies are used on Grand Hotel Group’s website to enable remarketing and reporting for impression assisted visits, website conversions, user demographics and user interests. 

21                The third party cookies we use on our website include (but are not limited to) :

  • Google Analytics: Grand Hotel Group uses Google Analytics, a web analytics service provided by Google Inc.  Reports obtained from Google Analytics are used to help improve the efficiency and usability of Grand Hotel Group’s website.

Google Analytics uses first party cookies and JavaScript code to gather statistics about how this website is accessed.  It anonymously tracks how our visitors interact with this website, including which website they came from previously and what they did on the site (i.e. which pages they visited).  The information generated by the cookie and JavaScript code about your use of the website (including your IP address) will be transmitted to and stored by Google on servers located outside of Australia. 

Google will use the information transmitted to it for the purposes of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.  Google may transfer this information to third parties where it is required to do so by law or where such third parties process the information on Google’s behalf.

  • Google Analytics Advertising Features: Grand Hotel Group also uses Google Analytics Advertising Features.  By enabling the Advertising Features, Grand Hotel Group enables or permits Google Analytics to collect data about the traffic to Grand Hotel Group’s website via the use of Google advertising cookies and identifiers, in addition to the data collected through the standard Google Analytics feature. 

The Google advertising cookies are used to, among other things; select advertising for users based on what is relevant to them, to improve reporting on campaign performance and to avoid showing ads the user has already seen.

Nitropacka lightweight WordPress plugin for website performance optimisation. Cookies are used to deliver services and to analyse traffic, comprising of essential cookies for basic functions of the website and  traffic analysis, as well as optional Cookies to better learn how NitroPack is used.How can I manage, reject and/or delete cookies?

22                We will not use cookies to collect Information about you. 

23                However, if you do not want Information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature.  You should note that cookies may be necessary to provide you with features and/or functions on this website and on other websites.  As noted above, Grand Hotel Group sometimes links to or embeds content from other websites and organisations.  Grand Hotel Group does not control the dissemination of third party cookies from these sites.  In order to manage and/or reject and delete third party cookies, you will need to refer to the privacy policies of the relevant third party website(s).

24                If you want to control or opt out of the operation or application of Google Analytics, Google Analytics Advertising Features and/or Nitropack, you should refer to the respective guide(s) on opting out of those features at: èhttp://www.google.com/intl/en/policies/privacy/; and

è https://nitropack.io/page/privacy

Social media

25                When you browse and make use of Grand Hotel Group’s social media pages (such as Facebook, Twitter and YouTube), you are using an external site and are therefore subject to the privacy policies and practices of that site.  If you have any questions or concerns regarding that site’s privacy policies and practices, you should review the privacy policy of the relevant site.  Grand Hotel Group does not endorse, and is not accountable for, any views expressed by third parties using that site.

26                Grand Hotel Group records all information posted to its social media pages and uses that information for the purposes of administering the pages, for record keeping, for considering and/or addressing any comments made and for running competitions and campaigns.  No attempt will be made to further identify social media subscribers except where requested and authorised by law.

Notification of collection

27                When Grand Hotel Group collects Information about you, it will take reasonable steps to notify you or to otherwise ensure you are aware of certain matters.  These matters include our identity as an organisation and contact details, the context of the collection, whether the collection is required or authorised by law, the purposes of the collection, Grand Hotel Group’s usual disclosure of Information, information about our Privacy Policy and whether Grand Hotel Group is likely to disclose your Information to overseas recipients.

28                Grand Hotel Group will take reasonable steps to provide this notification before, or at the time it collects your Information.  If it is not possible for it to do so, Grand Hotel Group will take reasonable steps to provide notification as soon as practicable after collection.

29                If you choose not to provide certain Information to us, we may not be able to provide you with access to parts of the Grand Hotel Group website or to certain content, products and services available on the Grand Hotel Group website or generally from Grand Hotel Group. 

How do we hold and store your Information?

30                Information we collect may be stored electronically, in physical hardcopy or in both formats.  Electronic information may be stored on internal databases or on external platforms we utilise such as Bpoint, MRI, FMS or Hub Technology.

Security

31                Grand Hotel Group strives to ensure the security, integrity and privacy of the Information of its clients.  Grand Hotel Group takes reasonable steps to protect the security of all Information. 

32                Grand Hotel Group personnel are required to respect the confidentiality of Information and the privacy of individuals. 

33                We use a variety of physical and electronic security measures, including restricting physical access to our offices and firewalls and secure databases to keep Information secure from misuse, loss or unauthorised use or disclosure. 

34                Grand Hotel Group continually reviews its various security measures in order to ensure that they are up to date and fit for purpose.

Information retention and destruction practices or obligations

35                Grand Hotel Group will only retain your personal and/or sensitive information as long as it is necessary for it do so (for example, this may be until the end of a given project or the end of a period of time for expressing interest in a development) or where and when it is required to do so by legislation or a court or tribunal order.

36                Grand Hotel Group has an internal system that is used to identify information that is no longer necessary for it to retain and periodically reviews its data in accordance with this system.

37                Once the purpose for which the information was collected expires and/or upon periodic review, Grand Hotel Group will take reasonable steps to destroy the information or to de-identify the information, so that it can be retained for statistical purposes. 

38                Information which is retained for statistical purposes may be used to improve our services and to make them more responsive to the needs of our customers.  This statistical compilation and analysis of information may also be used by us or provided to others as a summary report for marketing, advertising or research purposes

Unsolicited personal information

39                Grand Hotel Group may receive your Information as unsolicited personal information

40                Unsolicited personal information is received by an organisation, such as Grand Hotel Group, where it took no active steps to collect that information.

41                When and where Grand Hotel Group receives unsolicited information, Grand Hotel Group will determine whether it could have collected the information under Australian Privacy Principle 3 (which governs the collection of solicited personal information) or Article 14 of the GDPR.  Where Grand Hotel Group could not have collected the information consistent with Australian Privacy Principle 3, Grand Hotel Group will destroy or de-identify the information as soon as practicable, so long as it is lawful and reasonable for it to do so.

The purpose of our collection, holding of, use or disclosure of Information

How and in what circumstances will Grand Hotel Group use or disclose my Information?

42                Grand Hotel Group may, in certain circumstances, collect, hold, use and/or disclose your Information. 

43                Grand Hotel Group will use and disclose your Information to provide our services to you or to fulfill administrative functions associated with these services.  In general, we will use and disclose your Information for the following purposes:

(a)               to notify you about an event you may wish to be involved in;

(b)               to communicate with you with respect to an existing event or booking;

(c)               to provide and market our services;

(d)               to help us manage and enhance our services;

(e)               to purchase from you;

(f)                for any purpose for which the information was provided; or

(g)               any other purpose related to any of the above.

44                Grand Hotel Group will disclose Information when it permits that Information to become known outside Grand Hotel Group and where it releases it from its effective control.  For example, Grand Hotel Group would be said to have disclosed your Information where:

(a)               it shares your Information with another entity;

(b)               it publishes your Information on the internet so it is accessible by others;

(c)               where one of its staff reveals your Information in the course of a conversation with a person who does not work for Grand Hotel Group; or

(d)               where one of its staff members sends a document containing your Information to someone who is not you. 

 

Primary purpose and secondary purposes

45                Your Information will only be used and disclosed for the primary purpose for which it was submitted or for such other secondary purposes that are related to that purpose, unless we disclose other uses in this Privacy Policy or at the time of the collection of that Information. 

46                We will only make use of or disclose your Information for a secondary purpose if:

(a)               you have consented to the use or disclosure of that Information; or

(b)               you would reasonably expect Grand Hotel Group to use or disclose the Information for the secondary purpose; or

(c)               the use or disclosure of that Information is required or authorised by or under legislation or court/tribunal order; or

(d)               a “permitted general situation” exists in relation to the use or disclosure of the Information by Grand Hotel Group; or

(e)               Grand Hotel Group reasonably believes that the use of the Information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

47                In the event Grand Hotel Group discloses information pursuant to clause 47(e), Grand Hotel Group will make a written record of the use or disclosure.

48                When collecting your Information we will inform you of the primary purpose of our collection and/or any anticipated secondary purpose that may arise.   The purpose of our collection will vary from project to project, depending on the nature of the project and the nature of your involvement and/or interest in the project.    

Who can access my Information and what conditions apply to their use of my Information?

49                As a general rule, your Information will only be accessed and/or viewed by Grand Hotel Group staff and officers, as and when it is appropriate or necessary.  However, your Information may also be accessed, from time to time, by:

(a)               Grand Hotel Group contractors;

(b)               Grand Hotel Group project partners; or

(c)               Grand Hotel Group suppliers.

50                Where a party, other than an employee or officer of Grand Hotel Group, has access to the Information of individuals, they will be required to comply with any applicable Australian privacy legislation, the GDPR and, where appropriate, to enter into Privacy Agreements with Grand Hotel Group.

51                The access and use of your Information by a third party will be restricted to the purpose for which it was first collected and/or to a closely related secondary purpose.

Use of Aggregate Data

52                Grand Hotel Group may use Information in aggregate form to improve services and make them more responsive to the needs of customers. This statistical compilation and analysis of information may also be used by us or provided to others as a summary report for marketing, advertising or research purposes.

Direct marketing

53                Grand Hotel Group will not use or disclose your Information for the purpose of direct marketing, unless:

(a)               we collected the Information from you;

(b)               we obtained your consent to the use or disclosure of the Information for that purpose (except where it was impracticable to do so); and

(c)               you would reasonably expect Grand Hotel Group to use or disclose the Information for that purpose; and

(d)               we provide you with an easy to use means of opting out of receiving any further direct marketing communications; and

(e)               you have not requested that we cease sending you direct marketing communications.

54                As mentioned above, Grand Hotel Group makes use of a number of Google Analytics Advertising Features, including remarketing.  The Remarketing feature allows Grand Hotel Group to reach people who have previously visited its website and to match users with appropriate advertising.

55                If you would like to control or opt out of the application of the Google Analytics Advertising Features, you should refer to Google’s guide(s) on opting out of those features.

56                Grand Hotel Group will only make use of your Sensitive Information (as defined in the Privacy Act) for direct marketing purposes if you have consented to the use or disclosure of that information for that purpose.

57                If you receive direct marketing communications from Grand Hotel Group or from an associated entity, you are entitled to:

(a)               request that you receive no further direct marketing communications from Grand Hotel Group

(b)               and/or the associated entity; and

(c)               request that Grand Hotel Group disclose the source of the information.

Opting-out

58                Grand Hotel Group will facilitate any request by you to opt-out of receiving direct marketing communications.  This may be a request to opt-out of receiving certain communications or to opt-out altogether. 

59                Grand Hotel Group will not charge you for making such a request or for giving effect to such a request. 

60                Grand Hotel Group will take reasonable steps to give effect to such a request within a reasonable period of time after the request is made and will reply to a request for the source of the information in a reasonable period of time (unless it is unreasonable or impracticable for us to do so). 

E-mails

61                We may use your e-mail address to send you Grand Hotel Group publications, newsletters, marketing emails and information relating to seminars or events.  We may also contact you by e-mail to seek your opinion or comment on our website and our service offerings. 

62                Grand Hotel Group, at all times, aims to comply with the terms of the Spam Act 2003 (Cth) and will not send unsolicited commercial electronic messages or “spam”.

63                All commercial electronic messages sent by Grand Hotel Group include information about the individual or organisation who authorised the sending of the message.

64                You can unsubscribe from our e-mails at any time.  You can also contact us and instruct us not to send further information to you.

How can you access your Information and/or seek the correction of your Information?

65                You have a right to access the Information we hold about you and to request the correction of any Information we hold about you. 

66                Grand Hotel Group will take reasonable steps to ensure that the Information it collects and discloses is accurate, up to date, complete and relevant.

Access to your Information

67                You can make a request for access to your Information informally in writing (including under Article 15 of the GDPR).  Grand Hotel Group aims to, whenever possible, facilitate informal requests for Information.

68                Applications for access to your Information may be lodged via email as follows:

(a)               For Melbourne: melbournedpo@ghg.net.au

(b)               For Perth: perthdpo@ghg.net.au

69                Should you experience difficulty in determining the correct route through which to request access to your Information, please contact our Privacy Officer and they will provide you with assistance.

70                Grand Hotel Group will take reasonable steps to respond to a request for access within a reasonable period of time after the request is made (within one month) and to give access to your Information in the manner requested by the individual, if it is reasonable and practicable to do so. 

71                Grand Hotel Group reserves the right to charge you a minimal fee for providing you with your Information if it forms the view that your request is unfounded or excessive.

72                In the event that Grand Hotel Group refuses to give you access to your Information requested by you, we will give you a written notice which sets out the reasons for the refusal (except to the extent that it would be unreasonable to do so) and the mechanisms available to you to complain about the refusal.

Retaining and deleting your Information

73                This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of your Information.

74                Information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

75                In some cases it is not possible for us to specify in advance the periods for which your Information will be retained. In such cases, we will determine the period of retention by taking into consideration the period necessary for retention for its lawful purpose.

76                Notwithstanding the other provisions of this section we may retain your Information where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Access to your Information and your rights

77                In this section, we have provided a summary of the rights that you have under current data protection law. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

78                Your principal rights under data protection law are:

(a)               the right to be informed;

(b)               the right to access;

(c)               the right to rectification;

(d)               the right to erasure, i.e to be forgotten;

(e)               the right to restrict processing;

(f)                the right to object to processing;

(g)               the right to data portability;

(h)               the right to complain to a supervisory authority; and

(i)                 the right to withdraw consent.

79                You have the right to confirmation as to whether or not we process your Information and, where we do, access to the Information, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of Information concerned and the recipients of the Information. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your Information. The first electronic copy will be provided free of charge, but additional copies in specific formats may be subject to a reasonable fee.

80                You have the right to rectify any inaccurate Information we hold about you and, taking into account the purposes of the processing, to have any incomplete Information about you completed.

(a)               You can make a request for the correction and/or amendment of your Information.  

(b)               Applications to have Information held by Grand Hotel Group corrected or amended should:

80.b.1        be made in writing to the Privacy Officer;

80.b.2        provide enough information to determine what changes are required; and

80.b.3        provide your current contact details.

(c)               In the event Grand Hotel Group refuses to correct your Information, Grand Hotel Group will give you a written notice which sets out the reasons for the refusal (except to the extent it would be unreasonable to do so) and the mechanisms available to you to complain about the refusal.

(d)               Grand Hotel Group will take reasonable steps to respond to a request for correction or amendment without undue delay and will not charge you for the making of the request or for the correction of your Information. 

81                In some circumstances you have the right to the erasure of your Information without undue delay. Those circumstances include:

(a)               the Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

(b)               you withdraw consent to consent-based processing;

(c)               you object to the processing under certain rules of applicable data protection law;

(d)               the processing is for direct marketing purposes; and

(e)               the Information has been unlawfully processed.

82                However, there are exclusions to the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

83                In some circumstances you have the right to restrict the processing of your Information. Those circumstances are:

(a)               you contest the accuracy of the Information;

(b)               processing is unlawful but you oppose erasure;

(c)               we no longer need the Information for the purposes of our processing, but you require Information for the establishment, exercise or defence of legal claims; and

(d)               you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your Information. However, we will only otherwise process it:

83.d.1        with your consent;

83.d.2        for the establishment, exercise or defence of legal claims;

83.d.3        for the protection of the rights of another natural or legal person; or for reasons of important public interest.

84                You have the right to object to our processing of your Information on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the Information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

85                You have the right to object to our processing of your Information for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

86                To the extent that the legal basis for our processing of your Information is:

(a)               consent; or

(b)               that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract and such processing is carried out by automated means,

you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

87                To the extent that the legal basis for our processing of your Information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

Determination process

88                Grand Hotel Group is not required to give you access to Information to the extent that:

(a)               Grand Hotel Group reasonably believes that giving access would pose a serious threat to the life, health or safety of an individual, or to public health or public safety; or

(b)               giving access would have an unreasonable impact on the privacy of other individuals; or

(c)               the request is frivolous or vexatious; or

(d)               the Information relates to existing or anticipated legal proceedings between the entity and the individual, and would not be accessible by the process of discovery in those proceedings; or

(e)               giving access would reveal the intentions of Grand Hotel Group in relation to negotiations with you in such a way as to prejudice those negotiations; or

(f)                giving access would be unlawful; or

(g)               denying access is required or authorised by or under legislation or a court/tribunal order; or

(h)               giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

(i)                giving access would reveal evaluative information generated within Grand Hotel Group in connection with a commercially sensitive decision making process.

Notifiable data breaches

89                Where we become aware of a potential data breach which is likely to result in serious harm to any individuals about whom we hold information, we will:

(a)               investigate the suspected breach and determine scope of any breach that has occurred and the risk of harm to affected individuals whose information may have been compromised;

(b)               notify you of the potential breach; and

(c)               take steps to minimise any harm caused to affected individuals as a result of the breach.

How can I complain about a breach or give feedback on how Grand Hotel Group deals with my Information?

90                Should you wish to provide Grand Hotel Group with feedback with respect to its management of your Information, to complain about a breach of Grand Hotel Group’s privacy obligations or to appeal a decision with respect to a request for access to or the correction of Information.  Please contact us at the address set out at 99 below.

91                Grand Hotel Group will take reasonable steps to respond to your complaint and/or feedback within 45 days. 

92                In the event that you wish to have a decision refusing access to your Information and/or refusing to correct your personal data reviewed or to lodge a complaint with respect to the management of your personal data, please contact us on the contact details as set out at 99.

Disclosure of Information to overseas recipients

93                Generally, Grand Hotel Group does not disclose the Information of its customers to overseas recipients. 

94                However, there is a possibility that, on occasion, your Information may be disclosed to an overseas recipient.  The location of any recipients will vary depending on the project or purpose concerned.

95                In the event that a particular project or development will or may involve the disclosure of Information to an overseas recipient, Grand Hotel Group will take reasonable steps to inform you of that potential use or disclosure as soon as possible.  As part of our notification process, Grand Hotel Group will inform you of the location and/or identity of that recipient.

96                Similarly with other third party recipients and/or partners of Grand Hotel Group, we will take reasonable steps to ensure that any overseas recipients comply with the Privacy Legislation. 

97                Should you have any queries about the potential disclosure of your Information to an overseas recipient, please contact our Privacy Officer.

Queries and Feedback

98                If you have any queries relating to this Privacy Policy, or you have any feedback, please contact Grand Hotel Group via email as follows:

(a)               For Melbourne: melbournedpo@ghg.net.au

(b)               For Perth: perthdpo@ghg.net.au