Emporium Hotel Management Pty Ltd ACN 621 364 994 (we, us or our) is committed to protecting your privacy. This policy describes how we collect and use your personal information. It also describes the rights you have and control you can exercise in relation to it.
Who are we?
We are an independent boutique hotel that provides hotel, food and beverage dining facilities as well as function rooms.
If you have any questions about our use of your personal information, please use the following contact:
Emporium Hotel Management Pty Ltd ACN 621 364 994
267 Grey Street South Bank 4101 Queensland
Telephone: 1800 346 835
You can reach our data protection officer at firstname.lastname@example.org
Personal information collection and usage
We may collect the following personal information about you:
- Contact information: your name, position, role, company or organisation, telephone (including mobile phone number where provided) as well as email and postal address;
- Your communications: information provide in communications with us;
- Business information: data identifying you in relation to commercial dealings we have with you or the business you represent;
- Your logon ID and password: for access to EConfidential
- Information from public sources: e.g. Linked in and similar professional networks, directories or internet publications;
- Subscriptions/preferences: when you subscribe to receive information or updates from us, or content preferences that let us know what you are interested in;
- Supplier data: contact details and other information about you or your company or organisation where you provide services to us;
- Social media: posts, Likes, tweets and other interactions with our social media presence;
- Technical information: when you access our website and our technology services being IP address, time zone setting, browser plug−in types and versions, operating system you are using, device type, hardware model, MAC address, unique identifiers and mobile network information;
- Online data: when you access our website, app and our technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network as such as information about devices, nodes, configurations, connection speeds and network application performance; pages viewed or searched for, page response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouse-overs) and whether you click on particular links or open our emails.
We may receive personal information directly from you, the company or organisation you represent, or screening providers who assist us with our legal obligations.
We also collect personal information about your online activities across third party websites or online services.
How do we use your personal information?
We use your personal information for the following purposes:
- Service Provision: helping you book your ideal hotel, dining venue or function room.
- Customisation: providing you with customised and more relevant hotel room, dining and function space offers.
- Assistance: assisting you to make hotel, dining, or function room reservations.
- Communication: communicating with you to keep you informed of our products and services, and market insights;
- Events: relevant hotel events that you may be interested or have attended in the past
- Client surveys and feedback: reviewing feedback from you and responding to your concerns;
- Website monitoring: to monitor our website and our other technology services, to ensure they are used appropriately and working as intended, including as tracking outages, unauthorised use, or troubleshooting issues that you report to us;
- Online security: protecting our information and technology platforms from hacks, or identifying and addressing malware and other security threats;
- Regulatory: compliance with law, including auditing and reporting requirements ;
- Managing suppliers: who deliver services to us;
- Legitimate interest: to pursue the legitimate business interests listed in the “Legitimate Interests” section of this policy below.
Why do we use your personal information?
We will process your personal information for a number of reasons:
- you consent: for example you share details for particular purposes;
- to comply with law;
- processing is necessary for our legitimate business interests or those of a third party, provided this does not override any interests or rights that you have as an individual. Our legitimate interests are listed in the next section.
What are our legitimate interests?
We have legitimate business interests in:
- providing you with our goods and services;
- managing our business and our relationship with you or your company or organisation;
- understanding and responding to inquiries and customer feedback;
- understanding how our customers use our goods, services and websites;
- identifying what our customers want and developing our relationship with them;
- improving our goods and services;
- ensuring our systems and premises are secure;
- managing our supply chain;
- developing relationships with business partners;
- ensuring debts are paid;
- operating suppressors to exclude you from direct marketing if you unsubscribe;
- sharing data in connection with acquisitions and transfers of our business.
Why do we use sensitive information?
By ‘sensitive information’ we mean information such as your racial or ethnic origin, sexual orientation, religious beliefs or medical/health information. We will process sensitive information where:
Who do we share your data with?
We share your information as with others as follows:
- Suppliers: who provide our business with goods and services, including IT and communication suppliers, outsourced business support, marketing and advertising agencies. [Our suppliers have to meet minimum standards as to information security and they will only be provided data in line with their function];
- Shared service centres: that we or third parties operate including for IT services, marketing, risk management and office support services;
- Law enforcement bodies and our regulators: or authorities in accordance with law or good practice;
- Appropriate parties in the event of emergencies: in particular to protect health and safety of you, our customers, staff and organisations;
- Your company or organisation: in relation to us providing our goods and services;
- [Screening service providers: to assist us comply with legal obligations in relation to the prevention or protection of crime, ant-money laundering, sanctions screening and other required checks];
- Advertising networks and analytics service providers: to support and display ads on our website, apps and other social media tools;
- Third parties: in the context of the acquisition or transfer of any part of our business or in connection with the business reorganisation;
- Other delegates: where your name will appear on the attendee list for events where you have told us you plan to attend.
Personal information about others
In some cases, you may provide personal information to us about other people (such as your customers, suppliers, directors, officers, shareholders or beneficial owners). You should ensure that you have given those individuals an appropriate notice that you are providing their information to us and have obtained their consent to that disclosure.
We will store and process your information securely using good practice physical, technical and administrative security measures. However, exchanging information by the internet is not completely secure. Although we will take reasonable measures to protect your personal information, we cannot guarantee the security of information you transmit, so any transmission is at your own risk.
Where will your information be held?
We operate a cloud-based server stored in Singapore and your information may be transferred out of your local jurisdiction or region. Data protection laws vary by country. We will take steps to protect your information in line with locally applicable data protection requirements. For those who work with our EU entities, for example, we have implemented Standard Contractual Clauses (SCCs) approved by the European Commission [in accordance with Article 46(2)(c) of the General Data Protection Regulation]. If you would like copies of the SCCs applicable to European data, please contact us
How long do we keep your data?
We retain the data we collect for different periods of time depending on what it is, how we use it, and how you configure your settings in our website or app. We generally keep your information as needed to provide our goods and services to you and to deal with claims. Other data is deleted or anonymized automatically once you opt-out of any marketing services. We will retain your information as necessary to comply with legal, accounting or regulatory requirements. Typical retention periods will range from 3 to 15 years.
If you are working with one of our EU entities or our practices in certain other jurisdictions where similar rules apply, you have certain rights in relation to your information. The availability of these rights and the ways in which you can use them are set out below in more detail.
Some of these rights will only apply in certain circumstances. If you would like to exercise, or discuss, any of these rights, please contact the relevant Data Privacy contact as listed in this Policy above.
- Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to your personal information. This enables you to receive a copy of the personal information we hold about you and certain other information about it;
- Correction: you are entitled to request that any incomplete or inaccurate personal information we hold about you is corrected;
- Erasure: you are entitled to ask us to delete or remove personal information in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal information is required for compliance with law or in connection with claims;
- Restriction: you are entitled to ask us to suspend the processing of certain of your personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
- Transfer: you may us to help you request the transfer certain of your personal information to another party;
- Objection: where we are processing your personal information based on a legitimate interests (or those of a third party) you may challenge this. However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;
- Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
- Consent: where we are processing personal information with consent, you can withdraw your consent.
If you want to exercise any of these rights, please contact one of the Data Privacy contacts set out in this Policy above, in writing at the relevant email address.
You also have a right to lodge a complaint with a data protection supervisory authority, in particular in the Member State in the European Union where you are habitually resident where we are based or where an alleged infringement of Data Protection law has taken place. ]
As described above, you can opt-out of receiving direct marketing from us at any time.
We may use the information you give us on our website or other means for direct marketing purposes to provide emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services including events, accommodation packages and dining up that we think may interest you.
You can opt-out of receiving direct marketing from us at any time. You can do this by changing your marketing preferences on your online accounts settings page or clicking on the "unsubscribe" link included at the end of any marketing email we send to you.
Links to third party websites
Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others. The personal information that you provide through these websites is not subject to this privacy notice and the treatment of your personal information by such websites is not our responsibility.
If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.
We do not knowingly collect information from children or other persons who are under 16 years old. If you are under 16 years old, you may not submit any personal information to us unless you have obtained consent from a person with parental responsibility for you.
Changes to this Notice
If we change anything important about this notice (the information we collect, how we use it or why) we will highlight those changes at the top of the notice and provide a prominent link to it for a reasonable length of time following the change.
How to contact us
If you would like more information about the way we manage personal information that we hold about you please contact us as set out at the top of this notice.