PRIVACY POLICY

​

1. BACKGROUND

​

1.1 GENERAL

Great Ocean Road Hotel Group Pty Ltd (ABN 99 447 257 381) (we, us, our) trading as Great Ocean Road Resort, is a company limited by guarantee. This Policy applies to visitors and users of this website, which is operated by Great Ocean Road Resort under the domain name ‘greatoceanroadresort.com.au’. By using our website, you signify your acceptance of this Privacy Policy. If you do not agree to this policy, please do not use our website. We reserve the right to modify, alter or otherwise update this Privacy Policy at any time.

​

This Policy also applies to all individuals and entities who interact with Great Ocean Road Resort, this includes (but is not limited to) agents, contractors, subcontractors, employees, representatives, users of Great Ocean Road Resort's services, volunteers, and participants in Great Ocean Road Resort events.

​

We are committed to ensuring that we manage personal information in an open and transparent way in accordance with applicable Commonwealth and Victorian privacy laws.

​

We may amend this Policy from time to time. The current version of this Privacy Policy will be posted on our website.

​​

1.2 OUR OBLIGATIONS

We are required to comply with the Privacy and Data Protection Act 2014 (Vic) (PDP Act). We may also be required in some circumstances to comply with Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth).

​

In addition, we are bound by the Victorian PDP Act and Health Records Act when we collect and handle health information in the relevant jurisdiction. References in this Privacy Policy to ‘personal information’ should also be read as a reference to ‘health information’ and ‘sensitive information’ as defined in the relevant legislation.

​​

2. WHAT PERSONAL INFORMATION DO WE COLLECT AND HOLD?

We may collect personal information if the information is reasonably necessary for one or more of our functions or activities as outlined in section 4. For example, we may collect:

• your name, address, location and other contact details;
• your age;
• your gender;
• information about your nationality and language;
• information about your interests, preferences, or travel plans;
• information about our events (i.e. which events you attend and how you participate in our events);
• where you choose to disclose via social media, your preferences, likes and dislikes;
• billing information.

​​

2.1 WHAT IF YOU DON’T PROVIDE US WITH YOUR PERSONAL INFORMATION?

We will provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name.

In some cases however, if you don’t provide us with your personal information when requested, we may not be able to provide you with the information, or assistance that you are seeking. For example, you must identify yourself to subscribe to receive our newsletter, register for an event, or enter a competition.

​​

3. HOW DO WE COLLECT PERSONAL INFORMATION?

3.1 METHODS OF COLLECTION

We will only collect personal information by lawful and fair means. We will only collect personal information about an individual from that individual (unless it is unreasonable or impracticable to do so).

​​

3.2 COLLECTION NOTICES

Where we collect personal information about you, we will take reasonable steps to provide you with certain details about that collection such as who we are and how you may contact us, why we are collecting the information and who we may share it with.

We will generally include this information in a collection notice provided to you at or before the time the information is collected (or, if that is not practicable, as soon as practicable after that time).

Collection notices provide more specific information than this Policy. The terms of this Policy are subject to any specific provisions contained in collection notices and in the terms and conditions of particular offers, products and services.

​

3.3 UNSOLICITED INFORMATION

Unsolicited personal information is personal information we receive that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement).

We may keep records of unsolicited personal information if permitted by law (for example, if the information is reasonably necessary for one or more of our functions or activities). If not, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

​​

4. WHY DO WE COLLECT PERSONAL INFORMATION?

4.1 WHAT ARE THE PRIMARY PURPOSES THAT WE COLLECT PERSONAL INFORMATION FOR?

The primary purposes for which we collect, hold, use and disclose personal information are set out below:

• providing information, news, offers and conducting surveys;
• providing or facilitating the provision of goods and services;
• processing bookings and payments;
• registering subscriptions to our newsletter or application forms;
• running a competition or promotion;
• maintaining our relationship with an individual or entity delivering goods and services;
• promoting ourselves and our products and services, including through direct marketing and events;
• answering queries and resolving complaints (including responding to comments or messages submitted to us via our website);
• general account management, planning and administration (including managing relationships with business contacts who have transacted with us);
• sending individuals follow ups on events, products or services ordered, used or enquired about;
• keeping individuals informed of changes to this website and the events, products or services offered through this website or other sites of related companies, licensees or other production companies with which we collaborate; and
• analysing the results of surveys.

​

4.2 WHAT SECONDARY PURPOSES MAY WE USE PERSONAL INFORMATION FOR?

We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or:

• which are permitted by law;
• for which you have provided your consent; or
• which are necessary for maintaining the reliability and security of infrastructure and services.

Secondary purposes that we may use your personal information for include improving our services through quality improvement activities such as audits and surveys and for the purposes of obtaining professional advice or in the unlikely event of an investigation, where a law enforcement agency may lawfully exercise a warrant to inspect records.

​

4.3 DIRECT MARKETING AND RE-MARKETING

We may use your personal information to let you know about our products or services, either where we have your express or implied consent or where we are otherwise permitted by law to do so. We may contact you for these purposes in a variety of ways, including by mail, email, SMS or telephone.

Where you have consented to receiving marketing communications from us, your consent will remain current until you advise us otherwise. However, you can opt out at any time, by:

• contacting us as set out in paragraph 10;
• advising us if you receive a marketing call that you no longer wish to receive these calls; or
• using the unsubscribe facility that we include in our commercial electronic messages (such as emails and SMSs) to opt out of receiving those messages.

​​

5. HOW MAY WE USE AND DISCLOSE YOUR PERSONAL INFORMATION?

5.1 GENERAL

We will only use and disclose your personal information when it is lawful and reasonable to do so. We will also only use and disclose your personal information for the purpose for which it was collected, or a purpose related to the purpose for which it was collected or as authorised by law. We may also disclose personal information without consent if we are required to do so by law.

 

5.2 EXAMPLES

We may disclose your personal information to third parties where appropriate for the purposes described under paragraph 4, including to:

• information technology and data storage providers;
• partner or affiliated organisations;
• research and statistical analysis providers;
• third party program evaluators;
• ticketing agencies; and
• mail houses.

​

In each case, we may disclose personal information to a service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.

​​

6. TRANSFER OF PERSONAL INFORMATION OUTSIDE VICTORIA

In some cases, persons that we disclose personal information to may be located outside of Victoria or we may store information on computer servers located outside of Victoria.

​

When we transfer personal information to third parties or outside Victoria, we use secure arrangements to protect the information. We will only transfer personal information outside Victoria after taking reasonable steps to satisfy ourselves that the recipient of the personal information is bound to comply with equivalent privacy obligations to those applying to us.

​​

7. INTEGRITY OF PERSONAL INFORMATION

We hold personal information in a number of ways, including in hard copy documents, electronic databases and email contact lists. We take reasonable steps to:

make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;
protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Information Privacy Principles set out in the PDP Act (we do keep some information for a number of years to comply with legal requirements).

​​

8. ACCESS AND CORRECTION

8.1 GENERAL

Please contact us (details under paragraph 11 below) if you would like to access or correct the personal information that we hold about you. We may ask you to verify your identity before processing any access or correction requests, to make sure that the personal information we hold is properly protected. Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 30 days.

​

8.2 ACCESS

We will generally provide you with access to your personal information, subject to some exceptions permitted by law. We will also generally provide access in the manner that you have requested (e.g. by providing photocopies), provided it is reasonable and practicable for us to do so.

​

8.3 CORRECTION

If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.

​

8.4 WHAT IF WE DO NOT AGREE TO YOUR REQUEST FOR ACCESS OR CORRECTION?

If we do not agree to your access or correction request, or if we do not agree to give you access in the manner you requested, we will provide you with a written notice setting out the reasons for our decision (except to the extent that, having regard to the grounds for refusal, it would be unreasonable to do so) and available complaint mechanisms.

If we refuse to correct personal information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to do this in such a way that will make the statement apparent to users of the information.

​​

9. COMPLAINTS

If you have a complaint about how we have collected or handled your personal information, please contact us (details under paragraph 11 below).

​

We will try in the first instance to deal with your complaint and take any steps necessary to resolve the matter. If we are not able to do so, we will ask you to submit your complaint in writing.

​

We will endeavour to acknowledge receipt of your written complaint within 7 days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the relevant facts, locating and reviewing relevant documents and speaking to relevant individuals.

​

In most cases, we expect to investigate written complaints and provide a response within 30 days of receipt. If the matter is more complex and our investigation may take longer, we will let you know, and tell you when we expect to provide our response. Our response will set out:

• whether in our view there has been a breach of this Policy or any applicable privacy legislation; and
• what action, if any, we will take to rectify the situation.

​

If you are unhappy with our response, you can refer your complaint to the Office the Commissioner for Privacy and Data Protection toll free on 1300 666 444.

​​

10. EMAIL AND ‘CONTACT US’ MESSAGES

We may preserve the content of any email, ‘contact us’ or other electronic message we receive. Any personal information contained in those messages will only be used or disclosed in ways set out in this Policy. The message content may be monitored by our service providers or our employees for purposes including compliance auditing and maintenance or where email abuse is suspected.

​​

11. CONTACTING US

Please contact us if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details are set out below.

​

Write to: Great Ocean Road Resort

Email: enquiries@greatoceanroadresort.com.au