Privacy Policy
Sand Hill Road (OpCo) Pty Ltd (ACN 667 537 591) and its related entities (Sand Hill Road Group, us, we, our) takes your privacy seriously and are committed to responsible privacy practices.
Please take a moment to read this privacy policy (Privacy Policy) to understand how we collect, use, disclose, store, handle and protect your personal information. It explains how we manage your personal information, including our obligations and your rights in respect of our dealings with your personal information.
What is personal information
In this Privacy Policy, ‘personal information’ has the meaning set out in the Privacy Act 1988 (Cth) (Privacy Act). In general terms, personal information is information (whether fact or opinion) about an individual who is identified or reasonably identifiable from that information or other information combined with that information.
Some types of personal information area classified as ‘sensitive information’ and/or ‘health information’, which are subject to additional protection under the Privacy Act. Sensitive information may include information about your racial origin and health status, and health information may include information about your allergies and dietary requirements.
How we collect your personal information
We collect your personal information directly from you, including when you:
- interact with us or staff at any of our venues, whether in person, by telephone, electronically or in written correspondence (Staff Interactions);
- via our websites, including www.sandhillroad.com.au and www.watersidehotel.com.au (each a Website)
- via our software applications for smartphones, mobile devices, and tablet computers (each an Application);
- via social media, including but not limited to through our profiles on Facebook, TikTok, Linkedin, Google and Instagram (Social Media);
- via third-party online services, including but not limited to Stripe, Ezegift (gift certificates), SevenRooms, Triple Seat (each an Online Service);
- sign up for or participate in promotional activities, attend events, complete surveys or enter competitions such as dropping your business card in a box in one of our venues (Promotional Activities);
- when you log into any of our public or guest wireless internet (Wifi) services that are provided at any of our venues; and
- apply to work with us or are engaged by us as a contractor.
Where you provide us with personal information about someone else, you confirm that you have obtained their consent to do so.
Where it is reasonable and practical to do so, we will collect your personal information directly from you. However, in certain cases we may collect personal information from publicly available sources and third parties, such as suppliers, recruitment agencies, contractors, our clients and business partners. For example, we collect personal information from our service providers when you use an Online Service or Public Wifi.
Whilst we will always maintain robust privacy practices, we are not responsible for the privacy practices of third parties, so you should review their relevant privacy policy to satisfy yourself as to how they protect and handle your personal information.
Types of personal information we collect
The type of personal information we collect depends on the collection method and the immediate purpose for which it is collected. The types of personal information we may collect about you include:
- your name;
- your contact details including phone numbers, address, and email address;
- your Social Media handles and profile information;
- your age, date of birth, and gender;
- company and employment information; and
We may collect billing information if required to provide our goods and services to you; however, we will not retain or hold such information unless we need it for an ongoing purpose. For example, when you pay a bill through a Staff Interaction, we only retain a few digits of your card details for verification purposes and do not retain full billing information for any future purposes. When you book a function, we collect billing information and store this for approximately two months after the function to allow us to process payments for corresponding expenses, then we destroy the billing information.
Generally, we do not collect sensitive information about you. However, in certain circumstances we may need to collect limited sensitive information. We only collect sensitive information about you with your consent or otherwise in accordance with the Privacy Act. For example, we may request information about any allergies or other medical issues you or your guests may have when you order food, beverages or catering services, which we will use for the purposes of fulfilling your order.
We also collect technical information and general analytics when you use our Websites, Applications, Online Services or Public Wifi (collectively, Digital Services), information can be collected using cookies, beacons, log files, clickstream data and other technology (collectively, Metadata). This may include:
- the date, time and duration of your use of the Digital Services;
- information about the device and operating system you are using;
- the identity of the telecommunications network you are connected to;
- the browser you are using;
- the pages you visit and information you access using the Digital Services;
- when visiting our Websites, the last web page you were on before visiting the Website and the next page you click to when leaving our Website.
Aggregated Metadata helps to understand how people use our Digital Services so we can improve and develop them further. Metadata is generally not linked to the identity of visitors or users. However, we may be able to identify you and combine your anonymous Metadata with other personal information we hold about you in certain circumstances, such as:
- if you are logged in to a Website, Application or Online Service;
- if you follow a link from an electronic message to access a Website, Application or Online Service;
- if you use Public Wifi and we hold personal information about you that could be used to associate your usage with your identity.
We also collect personal information and Metadata provided by Social Media networks when you use a Social Media account to login to our Digital Services, and this Metadata will be associated with your identity.
Depending on your device settings and permissions, Digital Services may also collect information about your current location. This may be needed for some functionality, such as identifying your proximity to one of our venues.
Browsers and devices may provide settings that allow you to control whether Digital Services can access certain types of Metadata. You may disable the use of cookies in your browser settings and you may be asked to grant permissions for Websites and Applications to access certain information.
Our purposes for handling your personal information
We collect personal information directly from you where it is reasonably necessary for our functions or activities or as required by law. This can include to:
- communicate with you, including responding to your inquiries;
- process your order for food or beverages and notify you when it is ready;
- book a function at our venues and any related catering services;
- verify your age or identity;
- collect and process payments;
- offer and provide you with our goods and services;
- conduct customer satisfaction surveys and market research;
- administer loyalty programs and Promotional Activities;
- provide, maintain and improve our venues, products and services, including Websites, Applications, Social Media activities and Public Wifi;
- monitor and improve our engagement of Online Services;
- compile and analyse statistics and trends;
- undertake direct marketing activities;
- perform contracts with service providers;
- manage and administer those goods and services;
- comply with our legal and regulatory obligations; and
- otherwise to manage our business.
We will not use or disclose your personal information for any other purpose unless you have consented to that use or disclosure.
We may disclose personal information between our organisations or to third parties such as our suppliers, organisations that provide us with technical and support services, or our professional advisors, where permitted by the Privacy Act. If we disclose information to a third party, we generally require that the third party protect your information to the same extent that we do.
Protection of personal information
We will take reasonable steps to protect the information we hold from any loss, misuse, unauthorised access, disclosure or modification. We will hold personal information as either secure physical records, electronically on our intranet system, in cloud storage, and in some cases, records on third party servers, which may be located overseas.
We maintain appropriate physical, procedural and technical security for our offices and information storage facilities.. This also applies to disposal of personal information.
We further protect personal information by restricting access to personal information to only those who need access to the personal information to do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of your personal information.
Generally, we will retain your personal information for the period necessary for the purposes for which your personal information was collected, as outlined in this Privacy Policy, unless a longer retention period is required by law or reasonably necessary. When personal information is no longer required, we will take reasonable steps to destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
Direct marketing
Like most businesses, marketing is important to our continued success. We therefore like to stay in touch with customers and let them know about new opportunities. We may provide you with information about new services, products, Online Services and Promotional Activities either from us, or from third parties which may be of interest to you. We will only send you direct marketing communications where you have consented for us to do so.
You may opt out of receiving direct marketing communications at any time if you no longer wish to receive commercial messages from us. You can make this request by contacting our Privacy Officer or by using opt-out facilities provided in the direct marketing communications.
Accessing and correcting your personal information
You may contact our Privacy Officer to request access to the personal information that we hold about you at any time. We will provide access to that information in accordance with the Privacy Act, subject to any exemptions that may apply. If we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you an administration fee incurred for providing you with access to any of the personal information we hold about you.
If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it by contacting our Privacy Officer. Where we agree that the information needs to be corrected, we will update it. We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing. You can request that we make a record of your correction request with the relevant information. You can also ask us to notify any third parties that we provided incorrect information to about the correction.
We will respond to all requests for access to or correction of personal information within a reasonable time.
You do not have to identify yourself or provide any personal information if you contact us. You can also notify us that you wish to deal with us using a pseudonym. Where you do not wish to provide us with your personal information, we may not be able to provide you with requested goods or services.
Sharing personal information
We may disclose your personal information with other entities in the Sand Hill Road Group, including any new entities that may join the group from time to time, for the purposes set out in this Privacy Policy. We may occasionally disclose personal information to third-party promotional partners, such as sponsors of Promotional Activities, with your consent.
We may also disclose personal information to our service providers and other trusted third parties (and their directors, servants and agents) to assist us with carrying out our functions.
If we disclose your personal information to third parties we will use reasonable commercial efforts to ensure that such third parties only use your personal information as reasonably required for the purpose of disclosure and in a manner consistent with the applicable laws. For example (where commercially practical) by including suitable privacy and confidentiality clauses in our agreements with third party service providers to which we disclose your personal information.
Personal information and Metadata may also be collected by Social Media networks, Online Services, Public Wifi service providers and other third-party websites and applications. We do not receive such information except as otherwise indicated in this Privacy Policy. Please contact the operators of those channels or check their privacy policies with any queries about how they collect, use and disclose such information.
International data transfers
Your personal information may be transferred overseas or stored overseas for a variety of reasons. If we propose to disclose personal information to other overseas recipients in the future, we will do so in compliance with the requirements of the Privacy Act.
If your personal information is sent to a recipient in a country with data protection laws which are at least substantially similar to the Privacy Act and the Australian Privacy Principles, and where there are mechanisms available to you to enforce protection of your personal information under that overseas law, we will not be liable for a breach of the Privacy Act and the Australian Privacy Principles if your personal information is mishandled in that jurisdiction.
If your personal information is transferred to a jurisdiction which does not have data protection laws as comprehensive as Australia’s, we will take commercially reasonable steps to secure a contractual commitment from the recipient to handle your information in accordance with the Privacy Act and the Australian Privacy Principles.
Resolving personal information concerns
If you have any questions, concerns or complaints about this Privacy Policy, or how we handle, collect, use, disclose or manage your personal information, please contact our Privacy Officer:
Privacy Officer
Sand Hill Road
292 Church Street
Richmond VIC 3121
Telephone: 03 9428 5333
Email: [email protected]
We take all complaints seriously and are committed to resolving any complaints reasonably. We will make all reasonable inquiries and respond to your complaint within a timely and efficient manner.
If you have raised a complaint with us and you are dissatisfied with the outcome or the handling of your complaint, under the Privacy Act, you may contact the Information Commissioner at the Office of the Australian Information Commissioner whose details are set out below:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
Online: www.oaic.gov.au
Email: [email protected]
Changes to this Policy
We reserve the right to change or update this Privacy Policy from time to time, to keep up-to-date with legal requirements and the way we operate our business. An up-to-date copy of our Privacy Policy is available on our Website. You are responsible for reviewing this Privacy Policy and informing yourself of any changes.
The last update to this document was 7 November 2025.