The protection of your Personal Information is something that Varsity Song Hotel Operator Pty Ltd (ACN 652 286 489) and its related entities (collectively “Varsity”, “we”, “us” and “our”) take very seriously.
This Policy also applies to the collection and processing of your Personal Information if you are an individual in a country that is a member of the European Economic Area (“EEA”) by or on behalf of Varsity, to the extent the General Data Protection Regulation (EU) 2016/679 (“GDPR”) applies. For the purposes of GDPR, we are a ‘data controller’ and we are responsible for, and control the processing of, your Personal Information. Information about a person from which that person is reasonably identifiable, whether or not it is true, is generally referred to throughout this Policy as “Personal Information”.
This Policy provides important information in relation to:
- your rights arising under the Privacy Act and, where applicable, the GDPR;
- what Personal Information we collect;
- what we do with your Personal Information;
- with whom your Personal Information may be shared; and
- how we will respond to requests for access, correction or complaints about privacy.
From time to time and for any reason we may revise our information handling practices and this Policy. This Policy will be updated to reflect any changes made and published on www.hotelhacienda.com.au (“Website”).
If you have any questions about this Policy or the Personal Information we hold about you, please contact our Privacy Officer (see “Contact Information” below).
2. WHAT PERSONAL INFORMATION WE COLLECT
This Policy only applies to the collection and use of your Personal Information by Varsity and those third parties authorised by Varsity. This Policy does not cover third party websites to which we may provide links, nor does it cover advertisers. These third parties may have their own privacy policies and/or terms and conditions of use which you should refer to. See “Links to Third Party Services and Websites” below for more information.
Personal Information is defined in section 6 of the Privacy Act as information or an opinion about an identified individual, or an individual who is reasonably identifiable:
whether the information is true or not; and
whether the information or opinion is recorded in a material form or not.
We collect Personal Information to the extent that it is reasonably necessary for one or more of our functions or activities, including our accommodation services and related services. The kinds of Personal Information that we collect and hold include:
- date of birth;
- address and/or location;
- telephone and/or mobile number;
- identification documents, including driver’s licence and passport details;
- your image;
- email and/or IP address;
- emergency contact details;
- bank account or credit card details;
- details of your preferences, interests and opinions; and
- details relevant to your dealings with us and/or the services we provide.
3. PERSONAL INFORMATION ABOUT OTHER INDIVIDUALS
We may also hold Personal Information that you provide to us about other individuals e.g. Personal Information about your spouse, partner, guardian, friend, referee or someone lodging with you. We rely on you as our customer to inform those individuals that their Personal Information is being provided to us and that they may contact us for further information.
4. SENSITIVE INFORMATION
Under the Privacy Act, “Sensitive Information” includes but is not limited to information or an opinion about an individual’s racial or ethnic origin, religious belief, or criminal record and health information about an individual. In many cases, we will not collect or hold Sensitive Information about you. However, in certain circumstances and provided we have obtained your consent or where it is required or authorised by or under an Australian law or court/tribunal order, we may collect and hold Sensitive Information (e.g. health information) about you or someone lodging with you.
Any Sensitive Information will be collected with your consent for the purpose notified to you at the time and only to the extent that you authorise us or where we are legally permitted to do so, including if it is needed for your vital interests or the vital interests of another individual.
5. HOW WE COLLECT PERSONAL INFORMATION
We collect Personal Information in a number of ways, including:
- when making a booking and/or entering into a contract or agreement with us;
- records of our other communications and interactions with you;
- customer survey or market research activities; • the marketing of our products and services;
- your enquiries; and
- our Website and/or any mobile device application introduced or operated by Varsity (“App”)
Please see the “Collection of Personal Information Through Website and App Activity” for more information. We generally collect Personal Information directly from you, unless it is unreasonable or impracticable to do so. We may also collect Personal Information about you from third parties such as Online and Offline Travel Agents and corporate databases and other sources necessary to identify and evaluate potential guest and/or travel market data research firms, your representatives, and contractors providing services to you or us.
6. COLLECTION OF PERSONAL INFORMATION THROUGH WEBSITE AND APP ACTIVITY
We collect the Personal Information that you enter onto our Website and/or the App. We may also collect information about you that is not Personal Information (such as your username, if it is not your actual name, and browser details) or in some circumstances Personal Information about you when you interact with us online or via an app (including when you visit a different Varsity website or the App) or when you mention the brand name “Varsity” or “Hotel Hacienda” or our products via external social media platforms (e.g. Facebook or Twitter). Any Personal Information that we may collect from social media platforms is determined by the privacy settings of your account within the social media platform (that is, the extent to which your Personal Information is publicly available on the social media platform) and the content of your post.
To assess the effectiveness of our Website/App design and layout, as well as monitor traffic to the Website/App we may contract with third parties to collect statistical data. However, no Personal Information is collected during this process.
7. HOW WE USE PERSONAL INFORMATION
We collect, hold and use your Personal Information for the purposes of our business operations and activities, including:
- assessing your application for a room at a Varsity property;
- providing accommodation and related services to you, including through the use of a third party service provider and/or via the App;
- communicating with you including facilitating responses to your enquiries or complaints; • communicating with you via the App;
- verifying your identity, address and other details; • contracting with you and processing payments;
- conducting debt recovery activities (including through a debt collection agency);
- conducting customer surveys;
- gathering and aggregating information for statistical and modelling purposes, including customer segmentation processes;
- developing and improving our services;
- managing performance and compliance with our contractual and regulatory obligations and assessing that compliance through independent audits;
- maintaining and updating our records;
- contacting you to obtain your feedback or comments on our products and services; and
- facilitating acquisitions and potential acquisitions of our business.
After using reasonable efforts to recover outstanding amounts owed by you to us, if there are still outstanding amounts owing, we may disclose your rental default information to debt collection agencies.
We also use your Personal Information to provide you with information on products and services that we or third parties offer, as well as offers, competitions and other marketing or promotional information that we consider may be relevant to you or that you might be interested in, even after you cease acquiring products or services from us. If you use the App, this may include push notifications to tell you about offers, events, updates and our products and services that may be of interest to you. You can tell us if you do not want to receive such information by contacting us using the “Contact Information” listed below. Subject to the configuration options available on our device, you may also decline marketing messaging sent by push notifications by refusing the relevant permissions in your device settings, however this may also prevent you from receiving updates via push notifications on the App.
8. HOW WE DISCLOSE PERSONAL INFORMATION
We may disclose your Personal Information to third parties that help us provide services to you as our customer. Third parties that we may disclose your Personal Information to include:
- your authorised representative or guardian;
- Varsity contractors, suppliers and agents who assist Varsity in providing products and services to you (e.g. billing providers, call centre, customer management, data storage, delivery, data processing, data analysis, document management, information broking, research, investigation, insurance, website, mobile application and technology services);
- financial institutions for payment processing and billing activities;
- credit providers and agencies;
- other organisations who, in conjunction with us, provide the services or assist in providing services to our assets;
- Varsity’s related entities and/or partners; • third party operators of hotel guest databases;
- Government agencies, regulatory authorities or enforcement bodies (e.g. Australian Federal Police) where required or authorised by law;
- our professional advisers, including independent auditors we engage to ensure the integrity of our operations; and
- debt collection agencies.
- We may also collect your Personal Information from these types of third parties.
9. OVERSEAS USE OR DISCLOSURE OF PERSONAL INFORMATION
We may disclose your Personal Information to entities overseas where it is reasonably necessary to help us fulfil the purpose for which the Personal Information was collected, or a related or ancillary purpose or otherwise in accordance with the Privacy Act and, where relevant, the GDPR. The countries to which such disclosures are made, and types of Personal Information disclosed, depend on the specific circumstances of the engagement.
We may also store, process or back-up your Personal Information on secure servers that are located overseas (including through third party service providers). These servers are commonly located in the United Kingdom.
Where we transfer Personal Information between countries, we will only do so with relevant protections in place, to ensure your Personal Information is protected in accordance with applicable laws and this Policy. We may require your further consent to transfer your Personal Information outside of Australia or the EEA, although we do not expect to transfer your Personal Information outside these jurisdictions.
10. HOW WE HOLD AND KEEP SECURE PERSONAL INFORMATION
We typically hold the Personal Information we collect on electronic databases located in Australia.
We are committed to keeping secure the Personal Information you provide to us. We take precautions to protect the Personal Information we hold about you from misuse, loss, interference, theft and from unauthorised access, modification or disclosure.
Depending on the circumstances, our security measures may include, but are not limited to:
- educating our employees about their obligations with regard to your Personal Information;
- ensuring our employees and outsourced service providers use passwords when accessing our systems;
- using secure networks or encryption when transmitting electronic customer data;
- storing Personal Information in secure, encrypted data centres;
- requiring third parties we engage to provide appropriate assurances that such parties will handle your Personal Information in a manner consistent with the Privacy Act and, where relevant, the GDPR; and
- compliance with payment card industry security standards with respect to the storage and transmission of payment card details.
11. HOW WE HANDLE REQUESTS FOR ACCESS TO PERSONAL INFORMATION
You can request access to details of the Personal Information that we hold about you at any time by contacting our Privacy Officer (see “Contact Information” below). We will respond to any such request for access as soon as reasonably practicable and in any event will acknowledge receipt within ten business days of receiving your request.
We may require you to set out the request in writing. In most cases, we will try to provide with you a copy or details of your Personal Information in the manner requested. Otherwise, we will work with you to find a mutually agreed alternative. If, after exploring all options, we cannot provide you with access to the information in the form requested, or have other lawful grounds, we will provide a written statement setting out our reasons for refusal.
12. CORRECTION AND DELETION OF PERSONAL INFORMATION
We may not be able to provide you with the services you are seeking if you provide incomplete or inaccurate Personal Information. If you believe the Personal Information we hold about you is inaccurate, incomplete or outdated, please contact us using the contact details listed in this Policy so that we can correct it.
To the extent we are subject to the GDPR, if you would like us to delete Personal Information we have collected from you, please contact us using the contact details listed in this Policy. Please note that we may be required by law to retain certain Personal Information. Before we are able to provide you with any information, correct any inaccuracies, or delete Personal Information, we may ask you to verify your identity and/or provide other details to help us respond to your request.
13. DIRECT MARKETING
If at any time you decide you do not wish to receive marketing communications from Varsity, just let us know by contacting us using the contact details listed in this Policy.
If you have opted-in to marketing communications, you may subsequently elect not to receive marketing communications from Varsity by following the opt-out instructions in the marketing communications we send you, sending a message through the contact feature on our Website or contacting us using the contact details listed in this Policy. Please note that if you opt-out of receiving marketing communications from us, we may still send communications to you concerning your account(s) with Varsity.
14. OBJECTING AND PORTABILITY – YOUR RIGHTS
To the extent we are subject to the GDPR, you may have the right to request in some circumstances that any further processing of the Personal Information you have provided to us be restricted, or you may object to such further processing. You may also have the right to have the Personal Information you provided to us transferred to another party.
15. LINKS TO THIRD PARTY SERVICES AND WEBSITES
16. RETENTION OF PERSONAL INFORMATION
If we determine that Personal Information we hold about you is no longer required, we will take reasonable steps to destroy or de-identify it to the extent required by law.
The periods for which we keep your Personal Information will vary according to the purpose for which we use the Personal Information. Unless there is a specific legal requirement to keep your Personal Information, we will not keep it for longer than necessary for the purposes for which the Personal Information was collected or for which it is to be further processed.
17. CONTACT INFORMATION
Should you have a query about this Policy, request for access or correction or complaint, please contact us on any of the methods below:
- Postal Address: Attention: Privacy Officer Varsity, Level 14, 275 George Street, Sydney NSW 2000
- Email: email@example.com
- Phone: (02) 9098 8800
If you have a complaint, we encourage you to inform us so that we can have the opportunity to remedy the issue and find a solution. We will aim to resolve your complaint within five business days from when we receive your complaint in writing. There may be times when we need a bit longer to investigate the complaint and respond to you but we will contact you within five business days to give you an update and let you know when we think we’ll find the answer or solution. We will also confirm how frequently you would like to be updated moving forward.
If you are unsatisfied with the handling of your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (“OAIC”). For more information about making a complaint to OAIC, visit making a privacy complaint.