We are committed to protecting your personal information, and ensuring its privacy, accuracy and security. We handle your personal information in a responsible manner in accordance with the Privacy Act 1988 (Act) and the Australian Privacy Principles (APPs).
‘Sensitive information’ (a type of personal information), has the same meaning as in the Act. In summary, it means information or an opinion about an individual’s race or ethnic origins, political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices, trade or professional associations and memberships, union membership, criminal record, health or genetic information or biometric information.
Whose personal information do we collect?
What types of personal information do we collect and hold?
The personal information we collect includes:
- hotel guest personal information collected at registration and/or check-in, including name, address, phone number, credit card information, drivers licence details, age (children) and other personal information supplied by or on behalf of the guest;
- guest historical stay-related information, including purchases, preferences and reviews;
- names, addresses, e-mail addresses, phone numbers, payment details, occupation and other information to assist us in conducting our business, providing and marketing our products and services;
- where we offer credit – credit information which we may obtain from your credit references, including your identity, repayment history information, the type and amount of credit, default information, and other personal information about your credit worthiness;
- information about staff and directors, as required in the normal course of human resource management and the operation of a business; and
- information about current and previous East Hotel suppliers and clients with whom East Hotel has dealings.
We will only collect your sensitive information: if you have consented to us doing so – for example, sensitive information supplied by our guests so that we can cater for guests’ needs; directors and employees for company and human resource management purposes; or where required or permitted by law.
How do we collect personal information?
We only collect personal information by lawful and fair means. We may collect your personal information from a range of sources, including:
- direct from you, such as if you visit or telephone us, email us, write to us, provide your business card, meet with us, attend an interview with us, or contact us via our website;
- if you click ‘make a booking’ on our website (easthotel.com.au), in which case you will be directed to (and your personal information will be collected by) an online reservation system (The Booking Button) operated by SiteMinder Pty Ltd;
- third party accommodation booking websites;
- travel agents, online travel agents and other third parties;
- if you otherwise request or acquire a product or service from us;
- if you upload content to our social media (e.g. our Facebook site);
- if you provide a service or product to us;
- if you apply for employment with us, including directly or via recruitment agencies;
- contractors; and
- business partners.
Why do we collect personal information?
We collect the personal information: necessary for us to provide you with hotel accommodation and other products and services you have requested from us; to ensure that we meet your needs during your stay with us; for marketing purposes and to provide you with information about products and services that may be of interest to you; to improve the products and services we provide; and to enable us to conduct our business, including processing payments, managing any credit we have provided to you and meeting our legal and regulatory obligations. If you do not provide your personal information, we may not be able to supply the requested product or service, employ you or otherwise deal with you.
How do we deal with unsolicited personal information?
If we receive personal information about you that we have not requested, and we determine that we could not have lawfully collected that information under the APPs had we asked for it, we will destroy or de-identify the information if it is lawful and reasonable to do so.
Do you have to disclose your identity when dealing with us?
Where lawful and practicable, we will give you the option of interacting with us anonymously or using a pseudonym.
Use of personal information
We only use your personal information for the purpose for which it was provided to us, for related purposes (for personal information excluding credit eligibility information), or as required or permitted by law. Such purposes include:
- in the ordinary course of conducting our business. For example, personalising guests’ stay with us, catering for guests’ future stays with us, supplying or acquiring products and services, contacting guests about past or future stays with us, responding to your enquiries and feedback, and providing information about our events, news, publications and products and services that may be of interest to you;
- market research and product and service development, so that we are able to better understand our customers’ needs and tailor our future products and services accordingly;
- performing general administration, reporting and management functions. For example, invoicing and account management, payment processing, credit and risk management, training, quality assurance and managing suppliers;
- employment-related purposes, such as recruiting and providing services to staff;
- as part of a sale (or proposed sale) of all or part of our business; and
- other purposes related to or in connection with our business, including meeting our legal and contractual obligations to third parties and for internal corporate governance purposes.
Disclosure of personal information
We may disclose, and you consent to us disclosing, your personal information to third parties:
- engaged by us to provide products or services, or to undertake functions or activities, on our behalf. For example, processing payment information, debt recovery, managing databases including our use of a web based customer relationship management system, marketing, research and advertising;
- that are authorised by you to receive information we hold, including where the third party is considering whether to become a guarantor for you;
- that are our business partners, joint venturers, partners or agents;
- as part of a sale (or proposed sale) of all or part of our business. For example, we may disclose information to our external advisers, to potential and actual bidders and to their external advisors;
- such as our external advisers, and government agencies. For example, where disclosure is reasonably required to obtain advice, prepare legal proceedings or investigate suspected unlawful activity or serious misconduct; or
- as required or permitted by law.
Marketing use and disclosure
We may use and disclose your personal information (other than sensitive information) to provide you with information about our products and services that we consider may be of interest to you. You may opt out at any time if you do not, or no longer, wish to receive marketing and promotional material. You may do this by: contacting us via e-mail or in writing at the address below and requesting that we no longer send you marketing or promotional material; or where applicable, clicking the “Unsubscribe” button.
Use or disclosure of sensitive information
We will only use or disclose your sensitive information for the purpose for which it was initially collected or for a directly related purpose, as required or permitted by law, or where you consent to the use or disclosure.
Disclosure of personal information overseas
By providing your personal information to us, you acknowledge and agree that we may disclose your personal information to overseas recipients as part of operating our IT systems which store and transmit data, such as when we store guest personal information in our Customer Relationship Management (CRM) system and when we use web based services to send emails to people for direct marketing purposes. Our external CRM system stores data (including personal information) in the United States and may also store personal information in other overseas locations. When we use web based services to send emails to people for direct marketing purposes, this personal information may be stored in the United States and in other overseas locations.
Any overseas disclosure does not affect our commitment to safeguarding personal information we collect. However, you acknowledge that, in agreeing to the disclosure of your (or other people’s) personal information to overseas recipients, we will no longer be required to take reasonable steps to ensure overseas recipients’ compliance with the APPs in relation to that personal information and we will not be liable (to you or others) for any breach of the APPs by those overseas recipients. On this basis, you consent to such disclosure. If you provide someone else’s personal information to us, you agree that you do so with their consent including to overseas disclosure on these terms.
How is my personal information kept secure?
We take reasonable steps to protect your personal information from misuse, interference, loss and unauthorised access, modification and disclosure. Such steps include: physical security over paper-based and electronic data storage and premises; computer and network security measures, including use of firewalls, password access, secure servers, automatic screen savers and employee policies about IT security; restricting access to your personal information to employees and those acting on our behalf who are authorised and on a ‘need to know’ basis, including limiting access to guests’ credit card details following the guest’s departure; policies about privacy of guests’ personal information and our employees’ access to and use of guests’ personal information; retaining your personal information for no longer than it is reasonably required, unless we are required by law to retain it for longer; and entering into confidentiality agreements with staff and third parties.
Where we no longer require your personal information, including where we are no longer required by law to keep records relating to you, we will ensure that it is de-identified or destroyed.
We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date. When guests stay or make a new reservation, we update guest information which we store. However, we rely on you to advise us of any changes or corrections to the information we hold about you. If you consider that the information we hold about you is not accurate, complete or up-to-date, or if your information has changed, please let us know as soon as possible.
You may request access to the personal information we hold about you by contacting us. We will respond to your request within a reasonable time. We will provide you with access to the information we hold about you unless otherwise permitted or required by law. If we deny you access to the information, we will notify you of the basis for the denial unless an exception applies. Where reasonable and practicable, we will provide access to the information we hold about you in the manner you request. No fee applies for requesting access to information we hold about you. However, we reserve the right to charge a reasonable fee where we do provide access.
If you believe that personal information we hold about you is incorrect, incomplete or not current, you may request that we update or correct your information by contacting us. We will deal with your request within a reasonable time. If we do not agree with the corrections you have requested (for example, because we consider that the information is already accurate, up to date, complete, relevant and not misleading), we are not required to make the corrections. However, where we refuse to do so, we will give you a written notice setting out the reasons.
We do not adopt, use or disclose government related identifiers except as required or permitted by law.
If you have a complaint in relation to the collection, storage, use or disclosure of your personal information, please contact our Privacy Officer using the details below. You will need to provide us with details of your complaint, as well as any supporting evidence and information. We will review all complaints received and our Privacy Officer will respond to you. If you are not satisfied with our response, you may discuss your concerns with or complain to the Australian Privacy Commissioner via www.oaic.gov.au.
How to contact us
- by email to email@example.com
- by writing to: Privacy Officer, 69 Canberra Avenue, Kingston ACT 2604
- by telephone: + 61 2 6295 6925
- by fax: + 61 2 6178 0100
Effective date: 12 March 2014