‘Personal Information’ is defined in the Privacy Act to mean information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
‘Privacy Act’ means the Privacy Act 1988 (Cth) as amended from time to time.
‘Sensitive Information’ is defined in the Privacy Act to include things such as race, sexual orientation, political opinions, members of a trade association or trade union, criminal record or health information.
OVERVIEW OF THIS POLICY
This Policy details how we comply with the Privacy Act, including the Australian Privacy Principles which have been introduced under the Privacy Act.
This Policy does not apply to the collection or use of information about corporations.
We may from time to time review and update this Policy to take into account new laws and technology, our operations and practices. We encourage you to check our website from time to time to ensure that you are aware of our current Policy.
If you would like a hardcopy of this Policy, please contact The Spa Manager on (03) 52619977.
THE TYPE OF PERSONAL INFORMATION WE COLLECT
The type of Personal Information we collect and hold includes:
- identification information, such as your name, date of birth and address;
- telephone numbers and e-mail addresses;
- personal history including general health and medical information;
- information relating to treatments and product preferences;
- credit card details for the purposes of the cancellation policy and purchases of treatments, services and products;
- personal details, points, treatment history and referral information obtained from the Saltair Loyalty Rewards program;
- information provided as a result of competitions and other promotions;
- marketing and other advertising information relating to advertising demographics and research; and
- other information provided by consent;
We may at times, subject to this Policy, collect and hold Sensitive Information.
COLLECTION OF PERSONAL INFORMATION
We collect Personal Information and Sensitive Information only by fair and lawful means where it is reasonable and practicable to do so.
If you do not provide us with the Personal Information and Sensitive Information we reasonably request, we may not be able to provide the requested products or services to you. We also may not be able to provide you with the information about the products or services that you may want.
How we Collect Information
We generally will only collect such information about you if you voluntarily submit it to us by:
- providing your information in person or during a telephone call with our staff;
- sending us an email or facsimile;
- completing forms;
- completing consultation forms;
- purchasing products, treatments or gift vouchers from us through our website;
- booking with us through our website; and/or
- sending us information when using any part of our website.
Website usage and Cookies
We may collect certain information from you such as:
- your browser type;
- your location;
- your IP address;
- the time and date that you accessed our website;
- information about when and how you use our website;
- information about your past internet usage, such as websites you visit before coming to our website;
This information is used by us to administer our website, analyse trends and improve our website, products and services.
Collection of Information from Third Parties
We will not collect Personal Information about you from third parties unless:
- you consent to the collection of the information from someone else; or
- it is unreasonable or impracticable to collect the information from you.
If it is unclear to us whether you have consented to the collection of Personal Information from a third party, we will take reasonable steps to contact you to ensure that you are aware of the reason and purpose of the collection.
If we collect Personal Information from a third party, we will inform you that Personal Information has been collected and the circumstances of such collection.
If we are required to collect Personal Information or Sensitive Information about you under an Australian law, we will inform you of this, including details of the law requiring the collection.
Where we receive unsolicited Personal Information or Sensitive Information about you, we will check whether that information is reasonably necessary for our functions or activities. If it is, we will handle this information in the same way we do other information we seek from you. If not, we will destroy or de-identify it.
REASON FOR COLLECTION, DISCLOSURE & USE
We will not collect Personal Information unless the information is reasonably necessary to:
- provide goods and services to you;
- provide you with information about those goods and services;
- assist you with enquiries;
- gain an understanding of your needs;
- give you access to specific sections of our website and improve your online experience with us; and
- comply with legal obligations.
We may disclose Personal Information to our related entities.
We do not disclose Personal Information to any overseas recipients.
We will not collect Sensitive Information about you unless:
- we obtain your explicit consent to collect and use such information, or:
- the information is reasonably necessary for one or more of our functions or activities; or
- the collection of the information is required or authorised by or under Australian law or a court/tribunal order; or
- a permitted general situation exists in relation to the collection of the information by us; or
- a permitted health situation exists in relation to the collection of the information by us.
We may use and/or disclose your Personal Information in order to:
- provide you with news and information about our goods and services;
- provide you with marketing and promotional material that we believe you may be interested in; or
- seek your feedback on our services.
Only with your express consent will we use or disclose Personal Information (including Sensitive Information) about you for the purposes of direct marketing. You can ask us not to do this at any time by writing to The Spa Manager, Saltair Day Spa, 50 Ashmore Road, Torquay. 3228.
We will not sell your Personal Information or Sensitive Information.
We take reasonable steps to protect your Personal Information and Sensitive Information against misuse, interference, loss, unauthorised access, modification and disclosure. The protective steps we take include:
- confidentiality requirements of our employees;
- document storage security measures; and
- security measures for access to our systems.
We aim to ensure that the Personal Information and Sensitive Information we hold is accurate, up-to-date and complete. Please ensure any information you provide is accurate, up-to-date and complete, and notify us if you believe we hold information that is outdated, inaccurate, misleading, irrelevant or incomplete so that it can be corrected.
If we are satisfied that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, then reasonable steps will be taken to correct the information within 30 days, or a longer period as we agree with you in writing.
We will not charge you for a correction.
If we determine that the correction is not required, we will provide you with written notice stating the reasons why the correction was not made and refer you to our complaints procedure.
If a correction is made to any information that was previously disclosed to a third party, as long as it is reasonable to do so, we will give each such recipient written notice of the correction within a reasonable period. We will also notify you that the correction has been made.
You are entitled to access your Personal Information and Sensitive Information held by us.
If you wish to access this information, you must lodge a request for access by contacting The Spa Manager by email on firstname.lastname@example.org, or by post to Saltair Day Spa, 50 Ashmore Road, Torquay. 3228.
We may charge a fee to cover our reasonable costs in meeting an access request. You will be provided with access to the information within 30 days of the request (unless unusual circumstances apply).
We are not required to give you access to this information if:
- it would be unlawful to do so; or
- denying access is required or authorised by an Australian law or a court/tribunal order; or
- to do so would likely prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
If we do not give you access to the information requested you will receive written notice that explains the reason for the refusal.
Complaints about alleged breaches by us of the Privacy Act, the Australian Privacy Principles or this Policy can be made by contacting The Spa Manager, Saltair Day Spa, 50 Ashmore Road, Torquay. 3228. If you do not consider that your complaint has been adequately dealt with by us, you may make a further complaint to the Office of the Australian Information Commissioner, which has complaint handling responsibilities under the Privacy Act.
For further information about privacy, visit the Office of the Australian Information Commissioner’s website.