1.1. Raes on Wategos Pty Ltd (ACN 164 962 494) (Raes, we or us) operate and manage the Raes on Wategos Hotel, Spa and Restaurant. Raes is committed to ensuring your Personal Information is protected. We manage your Personal Information in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act).
2. The information we collect about you
2.1. Raes will only collect and hold Personal Information about you that is reasonably necessary to undertake our business activities and functions, or as otherwise permitted by law.
2.2. The term ‘Personal Information’ refers to any information or opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. The type of Personal Information that we collect and use depends on the type of dealings that you have with us and includes the following non-exhaustive list:
(a) contact details (for example, full name, address, mobile and telephone numbers and email address);
(b) identification information (for example, photographic identification, gender, date and place of birth, nationality, passport and visa information);
(c) Personal Information relating to children visiting or staying at Raes (for example, full name, date of birth, age).
(d) information relating to your reservation (for example, dates of arrival and departure, products and services you have ordered or purchased, special requests made (such as dietary requirements), products and service preferences, telephone numbers dialed and received, texts and telephone messages received);
(e) employer information (for example, employer name and contact details and employee title);
(f) payment and billing information (for example, credit card and bank account details and authentication information);
(g) information from enquiries you have made; and
(h) information about vehicles you may bring onto Raes premises.
2.3. Personal Information relating to children visiting or staying at Raes will not be collected directly from the children but will collected directly from the children’s parents or legal guardians.
2.4. We do not deliberately collect Sensitive Information (as defined in the Privacy Act) from hotel guests, users or visitors of our website; however, if you access and use our spa treatment facilities Raes may collect information about your spa treatments, including general health and wellness information (for example, medical conditions, medical treatments and special needs).
3. How we collect Personal Information
3.1. We will collect Personal Information about you in a variety of ways, including:
(a) when you interact and transact with us (for example, when you make a hotel reservation or book a room or our function venue, visit our spa facilities or restaurant, purchase goods or services from Raes, when you participate in a promotion, competition, or survey, or when you complete forms such as a reservation form or guest feedback form);
(b) visit our website, contact us with a query or request;
(c) from publicly available sources of information (including, but not limited to, social media sites);
(d) from third parties (including our related bodies corporate, business partners and service providers, credit reporting bodies, credit providers, government agencies, travel agents, tour operators, internet booking agents, travel aggregators, employers, airlines and your representatives); and
(e) when otherwise legally authorised or required to do so.
4. How we use your Personal Information
4.1. We use and disclose your Personal Information for the purposes for which the information is collected, including (but not limited to):
(a) managing your stay at Raes, including tailoring our accommodation, products and services to your specific requirements and interests;
(b) providing, delivering and charging you for hotel accommodation and other products and services (including processing a booking or reservation that you have made with us);
(c) assisting with, or responding to, your queries;
(d) providing for the safety and security of staff, guests and other visitors;
(e) administering, improving and managing our hotel accommodation, products and services;
(f) informing you about our website, hotel, spa facilities and restaurant, products, services, offers, competitions, promotions, events, sweepstakes, surveys, questionnaires, or other matters which we believe are of interest to you (such as recruitment or job opportunities);
(g) fulfilling our contractual obligations to you and assisting third parties involved in your travel arrangements (for example, travel agents and tour operators);
(h) verifying your identity; and
(i) sharing with Third Party Providers.
4.2. We do not sell or trade Personal Information, however, we may disclose Personal Information to Third Party Providers and they may in turn provide us with Personal Information collected from you. We will not otherwise use or disclose your Personal Information unless the use or disclosure is authorised under the Privacy Act.
5. Disclosure to Third Party Providers
5.1. In order to manage your stay at Raes and to provide products and services to you we may disclose your Personal Information to:
(a) our related bodies corporate, business partners, sponsors, service providers, third party contractors, agents and suppliers;
(b) authorised external service providers who perform functions on our behalf, such as marketing and analysis organisations, financial and credit card institutions in order to process any payments, hosting companies, web developers, internet service providers, customer service providers, customer support specialists, fulfilment companies, credit reporting agents, debt collection agents, research and data analysis firms;
(c) external business advisors, such as auditors, lawyers, insurers and financiers;
(d) at your request, to third party providers of products and services with whom we have a commercial relationship, such as Byron Bay tour operators, taxi or local transport, operators, restaurants and limousine and car rental providers;
(e) to any other party with your consent and direction; and
(f) law enforcement bodies or regulatory authorities to assist with their functions, or as otherwise required or authorised by law,
(collectively, Third Party Providers)
5.2. Our Third Party Providers are located in Australia. If you subsequently decide that you do not wish to receive information from them, you may let us know by contacting [email protected].
5.3. Prior to the disclosure of Personal Information to Third Party Providers, we will take such steps as reasonable in the circumstances to ensure that the Third Party Providers treat your Personal Information securely and otherwise complies with the relevant Australian Privacy Principles in relation to the Personal Information.
6. Marketing communications
6.1. Where we have your express or implied consent, or where we are otherwise permitted by law, we may use your Personal Information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events. We may send this information in a variety of ways, such as by mail, email, SMS, telephone, social media or by customising online content and displaying advertising on our site.
6.2. If you do not wish to receive any of these marketing communications, you can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us by writing to [email protected].
7. Integrity of Personal Information
7.1. We use reasonable endeavours to protect Personal Information from accidental deletion, loss, and unauthorised access, disclosure or modification. We are committed to, and our officers, employees, agents and third party contractors are expected to observe, the confidentiality of your Personal Information.
7.2. Notwithstanding our reasonable endeavours, the confidentiality of any communication or information transmitted to or from us via our website or email, cannot be guaranteed. The internet is not a secure environment. If you use the internet to send us any Personal Information, Raes will not be liable for events arising from unauthorised access to your Personal Information. We also cannot control nor be held responsible for the collection of Personal Information by third-party websites.
7.3. If we determine that Personal Information is no longer needed for any purpose, we will take reasonable steps to delete, destroy or permanently de-identify that Personal Information, unless we are required by law or a court or tribunal to retain the information.
8. Data security
8.1. We have a comprehensive data breach notification policy and response plan (Response Plan), which outlines the steps our personnel are required to take in the event of a data breach. This allows us to identify and deal with a data breach quickly to mitigate any harm that may result.
8.2. As part of the Response Plan, we will notify you as soon as practicable if we:
(a) discover or suspect that your personal information has been lost, accessed by, or disclosed to, any unauthorized person or in any unauthorised manner;
(b) believe that you are likely to suffer serious harm as a result; and
(c) are unable to prevent the likely risk of harm.
8.3. If you would like more information about our Response Plan, please contact us at [email protected].
9. Links to other websites
9.1. Our website may provide links to external or third party websites. These linked websites are not under our control or supervision, and we are not responsible for the content contained therein or the conduct of those third parties’ linked to our website. Before disclosing your Personal Information on any other website, we advise you to examine the privacy policies of these third parties and terms and conditions of their websites.
10. Access to and updating your Personal Information
10.1. Subject to some exceptions provided by law, you have the right to access your Personal Information. If you want to inquire about or access any Personal Information we may have about you, you can do so contacting us by writing to [email protected]. Please be sure to include your full name, address and telephone number and a copy of a document evidencing your identity (such as drivers licence or passport) so we can ascertain your identity and whether we have any Personal Information regarding you. We may charge you a reasonable fee for processing your request and should we decline you access to your Personal Information, we will provide you with a written explanation setting out the legal reasons for doing so.
10.2. We will use our reasonable endeavours to keep Personal Information that we collect about you accurate, up-to-date and complete. Where it is appropriate to do so, this may include correcting your Personal Information. You should notify us in writing in the event your Personal Information changes.
(a) enable us to identify you as a return user and personalise and enhance your experience and use of our site; and
(b) help us improve our service to you when you access our site and to ensure that our site remains easy to use and navigate.
11.2. Cookie information is used in aggregated form – we do not use it to identify you as an individual. However, if you do not want to accept cookies, you can block them by adjusting the settings on your Internet browser. However, if you block them, you will not be able to use all of the features of our websites and this may affect the functionality of our website.
13. Further information
13.1. Further information about Privacy law and the Australian Privacy Principles is available from the Office of the Australian Information Commissioner’s website www.oaic.gov.au.
14. Making a complaint
14.2. We will respond to you within a reasonable period of time to acknowledge your complaint and inform you of the next steps we will take in resolving your complaint.
14.3. If you are unhappy with a response that you have received from us, you may direct your complaint to the Office of the Australian Information Commissioner.
Updated: February 2019