Sand Hill Road Group is a privately owned hospitality group operating a number of hotel venues through the following entities:
- Corner Flockhart Pty Ltd (ACN 163 414 300) as trustee for Terminus Hotel Unit Trust (ABN 95 263 357 657);
- Long River Run Pty Ltd (ACN 140 483 450) as trustee for Bridge Hotel Trust (ABN 85 425 405 359);
- Maskiell Mullins & Birch Pty Ltd (ACN 097 394 306);
- Near 101 Pty Ltd (ACN 600 977 651) as trustee for Little Flinders Unit Trust (ABN 83 971 262 407);
- Upton High Pty Ltd (ACN 146 006 322) as trustee for the Prahran Hotel Unit Trust (ABN 65 205 175 859);
- Venue Six Pty Ltd (ACN 122 415 776); and
- Zaibatsu 1 Pty Ltd (ACN 096 772 413).
We understand the importance of, and are committed to, protecting your personal information (that is, information or an opinion about you, whether true or not, which identifies you or from which your identity is reasonably identifiable). We are bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act).
- How we collect your personal information
We collect and hold personal information in a fair and lawful manner. We collect personal information in a number of unobtrusive ways, including:
- when you interact with us or staff at any of our venues, whether in person, by telephone, electronically or in written correspondence (Staff Interactions);
- via our websites, including sandhillroad.com.au, www.thebridgehotel.com.au, www.gardenstatehotel.com.au, www.holliava.com.au, www.theposty.com.au, www.prahranhotel.com, www.richmondclubhotel.com.au and www.theterminushotel.com.au (each a Website);
- via our software applications for smartphones, mobile devices, and tablet computers (each an Application);
- via social media, including but not limited to through our profiles on Facebook, Twitter and Instagram (Social Media);
- via electronic ordering kiosks at our venues (Kiosks);
- via third-party online services, such as Clipp, Dimmi, PurpleWiFi and Roller Digital (each an Online Service);
- when you participate in promotional activities, complete surveys or enter competitions such as dropping your business card in a box in one of our venues (Promotional Activities);
- when you log into any of our public or guest wireless internet (Wifi) services that are provided at any of our venues (Public Wifi).
Where it is reasonably practical to do so, we will collect your personal information directly from you. However, in certain cases we may collect personal information from publically available sources and third parties, such as suppliers, recruitment agencies, contractors, our clients and business partners. For example, we collect personal information from our service providers when you use an Online Service or Public Wifi.
- Types of personal information we collect
The type of personal information we collect depends on the collection method and the immediate purpose for which it is collected. This may include your name, phone numbers, address, email address, Social Media handles and profile information, age/date of birth, gender and company/employment information.
We may collect billing information if required to provide our goods and services to you; however, we will not retain or hold such information unless we need it for an ongoing purpose. For example, when you place an order through a Kiosk or pay a bill through a Staff Interaction, we only retain a few digits of your card details for verification purposes and do not retain full billing information for any future purposes. When you book a function, we collect billing information and store this for approximately two months after the function to allow us to process payments for corresponding expenses, then we destroy the billing information.
We only collect sensitive information about you with your consent or otherwise in accordance with the Privacy Act. For example, we may request information about any allergies or other medical issues you or your guests may have when you order food, beverages or catering services, which we will use for the purposes of fulfilling your order.
Where you do not wish to provide us with your personal information, we may not be able to provide you with requested goods or services.
- Background collection
When you use our Websites, Applications, Online Services or Public Wifi (collectively, Digital Services), information can be collected using cookies, beacons, log files, clickstream data and other technology (collectively, Metadata). This may include:
- the date, time and duration of your use of the Digital Services;
- information about the device and operating system you are using;
- the identity of the telecommunications network you are connected to;
- the browser you are using;
- the pages you visit and information you access using the Digital Services;
- when visiting our Websites, the last web page you were on before visiting the Website and the next page you click to when leaving our Website.
Aggregated Metadata helps to understand how people use our Digital Services so we can improve and develop them further. Metadata is generally not linked to the identity of visitors or users. However, we may be able to identify you and combine your anonymous Metadata with other personal information we hold about you in certain circumstances, such as:
- if you are logged in to a Website, Application or Online Service;
- if you follow a link from an electronic message to access a Website, Application or Online Service;
- if you use Public Wifi and we hold personal information about you that could be used to associate your usage with your identity.
We also collect personal information and Metadata provided by Social Media networks when you use a Social Media account to login to our Digital Services, and this Metadata will be associated with your identity.
Depending on your device settings and permissions, Digital Services may also collect information about your current location. This may be needed for some functionality, such as identifying your proximity to one of our venues.
- Our purposes for handling your personal information
As a general rule, we only use personal information for purposes that would be considered relevant and reasonable in the circumstances.
We collect, hold, use and disclose personal information to:
- communicate with you, including responding to your inquiries;
- process your order for food or beverages and notify you when it is ready;
- book a function at our venues and any related catering services;
- offer and provide you with our goods and services;
- conduct customer satisfaction surveys and market research;
- administer loyalty programs and Promotional Activities;
- provide, maintain and improve our venues, products and services, including Websites, Applications, Social Media activities, Kiosks and Public Wifi;
- monitor and improve our engagement of Online Services;
- compile and analyse statistics and trends;
- performing contracts with service providers;
- manage and administer those goods and services;
- comply with our legal and regulatory obligations; and
- otherwise to manage our business.
We will not use or disclose your personal information for any other purpose unless you have consented to that use or disclosure.
We may disclose personal information between our organisations or to third parties such as our suppliers, organisations that provide us with technical and support services, or our professional advisors, where permitted by the Privacy Act. If we disclose information to a third party, we generally require that the third party protect your information to the same extent that we do.
- Protection of personal information
We will hold personal information as either secure physical records, electronically on our intranet system, in cloud storage, and in some cases, records on third party servers, which may be located overseas.
We maintain appropriate physical, procedural and technical security for our offices and information storage facilities so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of personal information. This also applies to disposal of personal information.
We further protect personal information by restricting access to personal information to only those who need access to the personal information to do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of your personal information.
We will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
- Direct marketing
Like most businesses, marketing is important to our continued success. We therefore like to stay in touch with customers and let them know about new opportunities. We may provide you with information about new services, products, Online Services and Promotional Activities either from us, or from third parties which may be of interest to you.
You may opt out at any time if you no longer wish to receive commercial messages from us. You can make this request by contacting our Privacy Officer.
- Accessing and correcting your personal information
You may contact our Privacy Officer to request access to the personal information that we hold about you and/or to make corrections to that information, at any time. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you reasonable costs incurred for providing you with access to any of the personal information we hold about you.
We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.
We will respond to all requests for access to or correction of personal information within a reasonable time.
- Sharing personal information
We may occasionally disclose personal information to third-party promotional partners, such as sponsors of Promotional Activities, with your consent.
We may also disclose personal information to our service providers and other trusted third parties (and their directors, servants and agents) to assist us with carrying out our functions. For example, we disclose customers’ personal information to MyGuestList, a marketing service provider that uses servers hosted in Canada, has a related entity in the USA and allows access to its staff in Columbia, India and the Philippines. If we propose to disclose personal information to other overseas recipients in the future, we will do so in compliance with the requirements of the Privacy Act.
By providing your personal information to us, you consent to us disclosing your personal information to any such overseas recipients for purposes necessary or useful in the course of operating our business, and agree that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the Australian Privacy Principles, that entity will not be bound by, and you will not be able to seek redress under, the Privacy Act.
- Resolving personal information concerns
Sand Hill Road
292 Church Street
Richmond VIC 3121
Telephone: 03 9428 5333
Facsimile: 03 9428 7876
Email: [email protected]
We take all complaints seriously, and will respond to your complaint within a reasonable period.
If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
Email: [email protected]
The last update to this document was 3 August 2016.