Privacy Policy
Effective from 13 December 2019
1. Introduction
Eversham Management Pty Ltd trading as Gregory’s Guest House (ABN 78 146 563 573) (we, us or our) has adopted this Privacy Policy, in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Cth) (APPs), to outline how we deal with “personal information” (Personal Information). Personal Information is information about an individual whose identity is apparent, or can reasonably be ascertained, from that information.
Most of the Personal Information that we collect is collected in conjunction with our services at gregorysguesthouse.com.au (Services).
2. The kinds of Personal Information that we collect and hold
For the purpose of conducting our business and providing the Services, we may collect the following categories of Personal Information about individuals:
(a) (Identity Information) name, signature, location, website address, date of birth, nationality, license & registration details, bank account details, family details, employment details, educational qualifications, third-party usernames, and profile pictures;
(b) (Contact Information) email address, social media profiles, telephone & fax number, third-party usernames, residential, business and postal addresses;
(c) (Behaviour Information) habits, movements, trends, decisions, webpage views, online activity, associations, memberships, finances, purchases; ‘bio’ that is posted against your profile, answers to questions about career and why you are great to live with;
(d) (Internet Data) Internet Protocol or “IP address”, referring web site addresses, browser type, operating system, domain name, access times and other data typically collected by analytics services like Google Analytics; and
(e) (Business Information) information about your business or project, if it is run in your personal capacity, including information on professional affiliations or services offered, ABN, ACN.
The APPs categorise certain types of Personal Information as “sensitive information” (Sensitive Information). Sensitive Information includes information about your:
(f) racial or ethnic origin
(g) political opinions
(h) membership of a political association
(i) religious beliefs or affiliations
(j) philosophical beliefs
(k) membership of a professional or trade association
(l) membership of a trade union
(m) sexual orientation or practices; or
(n) criminal record.
Such information may be included in the information that you provide to us, for example in your bio and user profile, but we do not specifically seek it out.
3. How we collect Personal Information
We only collect Sensitive Information that you provide to us voluntarily; for example, by filling in our questionnaires and forms and building your profile and bio. We do not try to obtain such information from third parties. You do not have to submit Sensitive Information to us. By submitting Sensitive Information, you consent to our use and disclosure of that information in accordance with this Privacy Policy.
Otherwise, we collect Personal Information in three main ways:
1. from the individuals to whom the information relates;
2. from third parties; and
3. via automated electronic means.
We collect Personal Information from individuals when an individual:
(a) (Registrations / Subscriptions) registers or subscribes for a service, list, account, membership, connection or other processes whereby that individual enters his or her details to apply for, receive or access something, including a transaction;
(b) (Contact) contacts us via any medium, including telephone, fax or email; and
(c) (Services) accesses and uses the Services.
We collect Personal Information about individuals from other entities when:
(d) (Referrals) a third party refers us business;
(e) (Research) we conduct research on potential clients, and the individuals associated with those potential clients; and
(f) (Documents and Databases) businesses provide us with access to documents or databases containing lists of personal information.
We collect Personal Information via the following automated processes:
(g) (Logs) when you visit our website, our server may log details about your visit such as your IP address, the time and duration of your visit, the link from which you visited, and information about your browser and operating system;
(h) (Cookies) we will likely place a cookie on your hard drive when you visit our website.
4. How we hold Personal Information
We hold and store Personal Information using:
(a) (Storage Services) third party data storage services, which are businesses that professionally manage information technology infrastructure;
(b) (Software Services) third party application providers, where we use an application for the purposes of our business and store data in association with that application on infrastructure provided by those third party application providers; and
(c) (Paper Files) printed paper storage.
We may combine or link Personal Information about you that we collect on one occasion, with Personal Information about you that we collect on other occasions.
We and our employees, contractors and other authorised representatives will take all reasonable precautions to protect Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
We secure Personal Information that we collect by:
(d) (Passwords) using passwords and credentials to control access to data;
(e) (Encryption) using specialised encryption algorithms and software to store passwords, and forcing one-way encryption to prevent reverse-engineering of the passwords that we generate;
(f) (Session Expiry) forcing time-out of authentication sessions and requiring re-authentication to minimise risk associated with idle connections;
(g) (Firewalls) using both server and network firewalls to control access points in and out of the data storage infrastructure;
(h) (Network Traffic Encryption) using Secure Sockets Layer (SSL) technology to secure transmissions both to and from the data storage infrastructure; and
(i) (Reputable Vendors) ensuring that the third-party providers holding data and information on our behalf are reputable vendors taking reasonable steps to secure the information.
By using any part of the Services, individuals acknowledge that the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Individuals provide information, including Personal Information, to us via the Services at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
5. The purposes for which we collect, hold, use and disclose Personal Information
We collect, hold and use Personal Information for the purpose of providing the Services to individuals, since the Services often involve sharing and making available Personal Information to facilitate room renting. This includes holding and using the Personal Information so that we can:
(a) (Identify) identify individuals for the purpose of providing the Services;
(b) (Communicate) communicate with individuals for the purpose of providing the Services, including communications about our goods and services; marketing and promotions; and competitions, surveys, and questionnaires; and
(c) (Transact) transact with individuals for the purpose of providing the Services;
(d) (Business Development) assess the progress and success of our website and develop business opportunities.
We tend not to use information collected via automated means in order to identify specific individuals. Rather, it is generally used for data analysis. For example, we may use cookies and log information to ascertain the number of unique visitors to our website, whether or not those visitors are repeat visitors, and the source of the visits.
We disclose Personal Information that you submit for your bio and profile, including any Sensitive Information you include, by publishing it or making it available on our website. Your name, username and contact details may also be visible on forums, comment boards, and correspondence with other users.
We may disclose Personal Information to companies that we work with to provide us with various administrative services. These include:
(e) (Hosting) Cloud and web hosting service providers;
(f) (SaaS) providers of software as a service;
(g) (Marketing) providers of marketing services;
(h) (Support) providers of IT support services, web and software development;
(i) (Data Analytics) data analysis service providers; and
(j) (Online Payment) providers of online payment systems.
We will only share Personal Information with these third parties to the extent reasonably necessary to perform their functions in order to make our Services more effective and affordable.
By using any part of the Services, individuals acknowledge that we are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose or transfer Personal Information to in accordance with this Privacy Policy or any applicable laws). The collection and use of Personal Information by such third parties may be subject to separate privacy and security policies. For more information on the third-party service providers we use, and their Privacy Policies, please contact us using the details listed below.
For information on disclosures to overseas recipients, see below.
6. How an individual may access and correct Personal Information
You can:
(a) request access to the Personal Information that we hold about you; and
(b) correct Personal Information that we hold about you.
If you wish to access the Personal Information that we are holding about you, or correct Personal Information that we are holding about you, you can contact us using the following details:
Position Title: Director
Telephone: 02 9516 2853
Email: thomas@gregorysguesthouse.com.au
Postal Address: 20 Margaret St, Newtown, NSW 2042
We reserve the right to refuse access where there are reasonable grounds for doing so, for example if:
(c) the request is frivolous; or
(d) providing access would be unlawful or would compromise the privacy of another person.
7. How an individual may complain about an APP breach, and how it will be handled
(a) If you have a complaint relating to an alleged breach of the APPs, you should contact us in writing using the details listed in the previous section of this Privacy Policy.
(b) When you notify us of a complaint about our handling of your Personal Information, we will deal with the complaint by responding to it in writing within 14 days.
(c) We will endeavour to work with you to resolve the complaint entirely within 30 days, although that period may be longer if it is reasonable.
(d) If you are unsatisfied with our response, you may refer the complaint to the Office of the Australian Information Commissioner (http://www.oaic.gov.au/).
8. Disclosure of Personal Information to overseas recipients
(a) Our use of third party service providers may result in the transfer of your Personal Information to overseas recipients; for example, when data is managed and held in overseas data centres in the United States. Use of our Service by overseas entities may also result in overseas transfer of your Personal Information.
(b) You may not have the same rights in relation to the handling of your Personal Information by overseas recipients as you would under Australian privacy law.
(c) By providing us with Personal Information, you consent to the transfer of your Personal Information to recipients outside Australia.
(d) If you consent to such transfers, we will not be accountable for overseas recipients’ handling of your Personal Information. In any event, we take reasonable steps to ensure that the Personal Information that has been transferred will not be held, used or disclosed by the recipient of the information inconsistently with the APPs.
9. Amendment
We may amend the Privacy Policy at our sole discretion. If you continue to use the Services after receiving notice from us of such an amendment to the Privacy Policy, you agree to be bound by the Privacy Policy as amended.