Byron Bay Management Pty Limited A.C.N. 107 577 257 and The Byron At Byron Pty Limited A.C.N. 098 004 721 of 77-97 Broken Head Road, Byron Bay, New South Wales trading as (collectively “The Byron at Byron Resort and Spa”) is committed to managing your personal information openly and transparently and to keeping your personal information safe. We will take all necessary measures to fulfil this commitment, including to:
This policy is intended to explain clearly and in plain language some of the key processes and procedures that we have implemented to manage your personal information, to protect your privacy and to comply with the Privacy Act 1988, the Privacy Amendment (Enhancing Privacy Protection) Act2012 (“Act”) and the Australian Privacy Principles.
References to “our”, “us” and “we” in this policy are references to Byron Bay Management Pty Limited A.C.N. 107 577 257 and The Byron At Byron Pty Limited A.C.N. 098 004 721 and its related entities.
We own and administer the website, www.thebyronatbyron.com.au (Website).
This policy gives a broad overview of our policies in relation to privacy but if you require further information, you are welcome to contact us or to read any of the privacy statements or notices that will be issued to you as and when personal information is collected.
We will only collect from you information that is necessary and relevant to our relationship with you, including to enable us to provide to you the best possible service and customer experience.
Depending on the exact nature of our relationship with you, we may request that you provide some or all of the following information:
It would be very unusual for us to need to collect all or even most of the above information from you however the information we will require will depend on the specific service or services that we are providing to you. We will only collect personal information from you that we reasonably require in order to satisfactorily perform the services that you require from us.
The Act places restrictions on us collecting sensitive information about you (which includes information about your religion, political views, ethnicity, criminal records and sexual preferences). Generally we will not collect this type of information, however we may need to collect some sensitive information if you are applying for a job with us, and you have provided us with your consent to do so.
There are various reasons why we might need to collect, hold, use or disclose your personal information and this will depend upon the specific services that we are providing to you but we will tell you the main reason for asking for your personal information at the time when we ask you to provide it.
Usually, the main reason that we will need to collect your personal information will be relating to a service that we are providing to you or are about to provide to you and for contacting you in relation to those services. Our main services include accommodation, restaurant, spa, event and conference services, and the sale of apartments in The Byron at Byron.
We may also use your personal information for other reasons, including:
There is no obligation for you to provide us with any of your personal information but if you choose not to provide us with your personal information, we may not be able to provide the information, goods or services that you require.
The means by which we collect your personal information will depend on the nature of the service that we are providing to you.
We may collect your personal information:
We will always collect your personal information directly from you unless it is impracticable to do so. This would usually be done through the Website when you elect to disclose your personal information to us for a particular purpose.
Where we are collecting your personal information, we will remind you of the following at the time of collecting your personal information:
Wherever possible, we will collect personal information directly from the relevant individual to whom that information relates.
You represent and warrant to us that where you provide personal information to us about another person:
We may use and disclose your personal information for the purposes for which it was collected or for a related purpose such as:
Wherever possible, we will limit the information provided to independent third parties to that information required for those third parties to properly perform their functions. Further, our contracts with these third parties will always require the third parties to comply with the APPs (or equivalent standards).
As part of the services that we provide to you, we may:
You may make a request that we do not disclose your personal information to facilitate direct marketing by another organisation and you may request that we provide you with the source of any personal information we use for direct marketing purposes. Any such requests will be actioned within a reasonable period and there will be no charges to you for making, or to you from us actioning, such requests.
Cookies may record information about your visit, including the type of browser and operating system you use, the previous site you visited, your server’s IP address, the pages you access and the information downloaded by you. While this anonymous statistical data may be aggregated and used in broader statistical analysis by us and our web monitoring service provider to improve our services, at no time can we personally identify you as the source of that data.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our website.
If you follow us or interact with us on any of our pages on third party social media platforms, such as Facebook, Instagram, Twitter, Pinterest, Houzz, You Tube or Linkedin, the information that you provide will be subject to the third party’s own privacy policies. Please check these policies before you submit any personal data to these networks.
We have implemented appropriate processes and techniques (including physical security such as locks and security systems and computer and network security, including firewalls and passwords) to protect personal information from loss, misuse and interference and from unauthorised access, modification or disclosure. In addition, access to your personal information is limited to those who specifically need it to conduct their responsibilities.
We and our third party service providers take all necessary steps to destroy or permanently de-identify your personal information where it is no longer required and to protect your personal information from loss, misuse and interference and from unauthorised access, modification or disclosure.
While care is taken to protect your personal information on the Website, unfortunately no data transmission over the Internet is guaranteed as 100% secure. Accordingly, we cannot ensure or warrant the security of any information you send to us or receive from us online. This is particularly true for information you send to us via email as we have no way of protecting that information until it reaches us. Once we receive your personal information, we are required to protect it in accordance with the Act.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), primarily at the physical address of the company referred to in this policy as “The Byron at Byron”, which is located in Australia. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the Privacy Act.
We take reasonable steps to ensure that:
There may be circumstances where we need to disclose personal information that we hold about you to a third party overseas (“Overseas Recipients”). This may occur, for example, where we have a database or server hosted outside Australia or where you are interacting with an application which is based overseas.
Prior to us disclosing your personal information to an Overseas Recipient, we have an obligation under APP 8.1 to take reasonable steps to ensure that the Overseas Recipient does not breach the APPs in relation to your personal information, as well as an obligation under APP 6 to only disclose your personal information to an Overseas Recipient for the primary purpose for which that personal information was collected (unless an exception applies under APP 6) (the “Overseas Disclosure Obligations”).
We will take all reasonable steps to satisfy our Overseas Disclosure Obligations.
The countries to which we are most likely to send your personal information include the New Zealand, United Kingdom, United States of America and Singapore.
You have certain rights in relation to the Personal Information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
(a) Right of Access: You have the right at any time to ask us for a copy of the personal information about you that we hold, and to confirm the nature of the personal information and how it is used. Where we have good reason, and if the relevant Privacy Regulations permit, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
(b) Right of Correction: If personal information we hold about you is not accurate, or is out of date or incomplete, and requires amendment or correction you have a right to have the data rectified, updated or completed. You can let us know by contacting us at the address or email address set out in the “Contact us about Privacy” section below.
(c) Right of Erasure. In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the personal information is no longer necessary for the purposes for which it was collected or processed or our processing of the personal information is based on your consent and there are no other legal grounds on which we may process the personal information.
(d) Right to Object: to or Restrict Processing: In certain circumstances, you have the right to object to our processing of your personal information by contacting us at the address or email address set out in the “Contact us about Privacy” section below. For example, if we are processing your personal information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your personal information for direct marketing purposes. You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.
(e) Right of Data Portability. In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that Information to you or directly to a third party organisation.
This right exists in respect of personal information that:
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems.
You can exercise any of the above rights by contacting us at the address or e-mail address set out in the “Contact us about Privacy” section below. You can exercise your rights free of charge.
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
Usually we will be able to provide you with access to your personal information upon receipt of your written request, either by email sent to email@example.com, or by post sent to The Byron at Byron, 77-97 Broken Head Road, Byron Bay, New South Wales, and confirmation of your identity.
There are some limited circumstances in which we may not be able to provide you with access to your personal information when requested. Such circumstances might include where access would pose a serious threat to the life, health or safety of another person or where such access would unreasonably impact on the privacy of others.
Where you request access to your personal information, we will respond to any such request within a reasonable period after the request is made and if possible, we will provide you with access to your information in the manner requested by you, if specified. In any event, we will take all reasonable steps to give you access to your information in a way that meets your needs.
If we deny you access to your personal information for any reason, or if we are unable to provide you with access to your information in the manner requested by you, then we will provide you with a written notice confirming:
We may recover from you our reasonable costs of supplying you with access to your personal information but we will not charge you for any request you might make to access your information.
We do what we can to ensure that the information we hold about you is accurate, complete, up-to-date, relevant and not misleading. To assist us to do this, please ensure that you provide us with correct information at the time you provide it to us and immediately inform us if your details change at any time. If we are concerned that any of your information is inaccurate, incomplete, out-of-date, irrelevant or misleading, or if you request that we correct any of your information, then we will take all reasonable steps to correct the information to ensure that it is accurate, complete, up-to-date, relevant and not misleading in the context of the purpose for which it is held.
If we correct any of your personal information and that information has previously been disclosed to another entity that is required to comply with the APPs, then, upon your request to do so, we will take reasonable steps to notify that other entity of the correction unless such notification is impracticable or unlawful.
If we refuse to correct your personal information following a request by you to do so, then we will provide you with a written notice confirming:
If we refuse to correct your personal information following a request by you to do so and you request that we associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading then we will take reasonable steps to associate the statement with the information so that the statement is apparent to users of the information.
We will respond to any requests regarding the correction of your personal information within a reasonable period after the request is made.
We will not charge you for any request to correct your personal information, nor will we pass on to you any costs incurred by us in correcting your personal information or for associating a statement with your personal information.
We are committed to maintaining and protecting your privacy but it is possible that in limited circumstances, mistakes might be made. If you are concerned with the way your personal information has been handled then you are entitled to make a complaint. If you would like to lodge a complaint, please contact us through our Privacy Compliance Officer, whose details are set out below.
The Byron at Byron
Postal address: 77-97 Broken Head Road, Byron Bay, New South Wales
E-mail address: firstname.lastname@example.org
Phone: +61 2 6639 2000
If your personal information has not been handled in an appropriate way, we will do our best to remedy your concerns as quickly as possible, including by acknowledging receipt of your complaint within 48 hours and trying to resolve the complaint within 10 working days. Where this is not possible, we will contact you within this period to let you know an anticipated time frame within which your complaint will be resolved.
If your complaint is not satisfactorily resolved, you may approach an external dispute resolution service or apply to the Office of the Australian Information Commissioner (“OAIC”) to have the complaint heard and determined.
Wherever it is practicable, we will always provide you with the option not to identify yourself when dealing with us. Alternatively, you may elect to use a pseudonym to protect your identity.
This Website may contain links to websites which are owned or operated by other parties. You should make your own enquiries as to the privacy policies of these parties. We are not responsible for information on, or the privacy practices of, such websites.
Please find below our contact details. Please do not hesitate to contact us in relation to any privacy-related concerns and we will use our best endeavours to address any such concerns thoroughly and in a timely manner.
If it is practical to do so, you can contact us without identifying yourself. However, if you choose not to identify yourself, it may be more difficult for us to assist you with your enquiry. This will depend on the nature of your enquiry.
The Byron at Byron
Postal address: 77-97 Broken Head Road, Byron Bay, New South Wales
E-mail address: email@example.com
Phone: +61 2 6639 2000