Privacy Policy
THE GOOD COMPANY BAR GROUP PTY LTD (ACN: 644 719 139) (GCBG) PRIVACY POLICY
THIS PRIVACY POLICY SETS OUT HOW GCBG COLLECTS, USES AND DISCLOSES PERSONAL INFORMATION AND SENSITIVE INFORMATION. GCBG MAY COLLECT SUCH INFORMATION IN ANY OF THE WAYS SET OUT IN THIS PRIVACY POLICY INCLUDING WHERE YOU MAKE A BOOKING WITH GCBG OR AT ANY OF ITS VENUES OR WHEN YOU ENTER ANY OF ITS VENUES.
THIS PRIVACY POLICY APPLIES TO GCBG AND TO EACH OF ITS SUBSIDIARY ENTITIES WHETHER EXISTING AT THE DATE OF THIS PRIVACY POLICY OR LATER INCORPORATED.
1. Background
1.1 The privacy of your personal information is afforded the highest level of importance by Good Company Bar Group Pty Ltd (ACN:644 719 139) (GCBG).
1.2 This privacy policy (Privacy Policy) sets out how the Company and its Related Bodies Corporate (as that term is defined in the Corporations Act 2001 (Cth)) (we, our and us) collects, stores, uses, protects, shares and discloses your personal information. Capitalised terms not defined in this Privacy Policy have the meanings given in our Terms of Use. This Privacy Policy applies to our venues (including venues operated by our subsidiaries and Related Bodies Corporate) (Venues) and to any web platforms such as websites, mobile phone applications and social media pages (Web Platforms) accessed by you. By visiting or using our Web Platforms you agree to the collection, storage, usage and disclosure of your personal information by us in the manner described in this Privacy Policy.
1.3 It is necessary for us to collect your personal information in order for us to provide certain services (Services) to you including services relating to accessing our Venues, making bookings for our Venues and for us to provide you with targeted Services such as promotions which may be applicable to your use of the Services.
1.4 From time to time we will review our Privacy Policy. We will notify you about any changes to our Privacy Policy at any time by posting an updated version of the Privacy Policy on the Web Platforms and emailing you an update. We do not make any representations about third party Web Platforms that may be linked to our Web Platforms.
1.5 The processing of personal information by us will always be in line with the Australian Privacy Principles (Australian Privacy Principles) contained in the Privacy Act 1998 (Cth) (Privacy Act), and in accordance with country-specific data protection regulations applicable to us.
1.6 We have implemented a number of technical and organisational measures to ensure the protection of personal information processed through our Services.
1.7 This Privacy Policy sets out our information handling procedures and the rights and obligations that both you and we have in relation to your personal information. In the event of any inconsistency, the legislative requirements will override the provisions of this document.
2. User Content
2.1 Where we rely on your consent as the lawful basis to the collection and processing of your data under the Privacy Act we will always ask you to positively affirm your acceptance of our Privacy Policy. By clicking a button indicating that you accept this Privacy Policy, you acknowledge and agree to be bound by this Privacy Policy.
2.2 For all areas of the Services where consent is given it is just as easily able to be withdrawn through the appropriate account settings on the Web Platforms.
3. WHO CAN USE THE GCBG SERVICES AND WEBPLATFORMS
We endeavour to make the Web Platforms and our Services available to as many users and customers as possible. Use of the Web Platforms and access to our Services are subject to you being at least 18 years old.
4. PERSONAL INFORMATION WE COLLECT
4.1 We will, from time to time, receive and store personal information you enter onto our Web Platforms, provided to us directly or given to us in other forms (for example if you call a Venue to make a booking).
4.2 We collect, receive and store such personal information including but not limited to:
(a) your contact information, including full name, date of birth, gender, residential addresses, geographical location, telephone and facsimile numbers, social media handles and email addresses;
(b) data relating to your activity in our Venues;
(c) data relating to your activity on our Web Platforms, whether hosted by us or a third party, including if you are a user of our Web Platforms and information about you is inputted as part of its functionality, and/or via tracking technologies such as cookies;
(d) relevant codes, passwords or entry access information in the event they may be required to render the completion of works or the performance of the Services;
(e) photographs, video and audio recordings of patrons inside the Venue;
(f) closed circuit television (CCTV) footage of patrons inside and in the close proximity to the outside of the Venues.
4.3 We may collect additional information at other times, including but not limited to:
(a) when you provide feedback;
(b) change your content or email preference;
(c) respond to surveys and/or promotions;
(d) respond to competitions run via social media;
(e) enter our Venue as a patron, member of staff etc; or
(f) use a cloakroom at our Venues;
(g) communicate with our customer support.
4.4 The legal basis for the above processing is based on:
(a) when you provide feedback;
(b) change your content or email preference;
(c) respond to surveys and/or promotions;
(d) respond to competitions run via social media;
(e) enter our Venue as a patron, member of staff etc; or
(f) use a cloakroom at our Venues;
(g) communicate with our customer support.
5. COLLECTION
5.1 We will only collect personal information where it is reasonably necessary to do so for the conduct of our business and operate the Web Platforms. Any collection of personal information by us will be fair and lawful and will not be intrusive.
5.2 We will collect personal information about you in the following ways:
(a) if you provide your information by telephone, post, email or facsimile, through our Web Platforms, including via any functions or services of our Web Platforms operated by a third party, or in person;
(b) if you contact us via email or submit your information through the ‘Contact’ page on our Web Platforms;
(c) if you establish an account on our Web Platforms;
(d) if you attend or contact one of our Venues;
(e) if you use a third party application associated with GCBG;
(f) if you have provided information to one of our related body corporates and wholly owned subsidiaries;
(g) if you require us to provide services to you; and/or
(h) if during the course of using our Web Platforms or Service either you or a third party input information about you, as part of its functionality.
5.3 In order to maintain and continue to improve our Web Platforms and user experience, we may automatically collect information about how you use our Web Platforms, the areas of our Web Platforms that you visit, as well as information about your computer or mobile device including your IP address, device ID, physical location, browser and operating system type, and referring URLs, via cookies and other tracking technologies. Some of the information we collect may be anonymous and/or aggregated, while other information may be personal information. We may also collect information about you through analysing your actions with electronic communications we send to you from time to time, including your opening of such communications and clicking on included links. This information is necessary for providing personalised and location-based content as well as for analysing the use of resources, troubleshooting problems, preventing fraud, and improving our services. We may combine this information with information in your account to help prevent fraud. Any information collected, stored and analysed by us helps us to build our product and ensure the best user experience possible.
5.4 In the course of operating our business, we may collect personal information from third parties such as online reservation and booking system operators, data collection systems, advertisers, mailing lists and other food and beverage venues with which we have a relationship with.
5.5 If we collect personal information about you from a third party in circumstances outside the input requirements associated with our Web Platforms and Service we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.
5.6 When we collect personal information from you, we will take reasonable steps to notify you or ensure you are aware of:
(a) our identity and contact details;
(b) that we have collected your personal information, and whether that collect is required or authorised by law;
(c) the purposes of collection;
(d) the consequences if personal information is not collected (such as if this will affect our ability to provide the Services to you);
(e) our usual disclosures of personal information of the kind collected;
(f) information about this Privacy Policy; and
(g) whether we are likely to disclose personal information to overseas recipients, and if practicable, the relevant countries in which they are located.
5.7 Some information referred to in clause 5.6 above is included in this Privacy Policy.
6. HOLDING OF PERSONAL INFORMATION
6.1 We will hold personal information as either physical records, records on our servers, records in cloud storage, and in some cases, records on third party servers or cloud storage facilities, which may be located overseas.
6.2 We take active steps to hold all hard copy and electronic records of personal information in a secure manner to ensure that they are protected from misuse, interference, loss, and any unauthorised access, modification or disclosure.
6.3 We have procedures in place to destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
6.4 If you require further information about these procedures, please contact us through a Web Platform’s ‘Contact’ feature and we will respond to your queries promptly.
7. USE OF PERSONAL INFORMATION
7.1 We will only use or disclose your personal information for the purposes for which we advised you we were collecting it for (which are set out as follows and otherwise in this Privacy Policy) or a related purpose which would reasonably be expected or otherwise with your permission.
7.2 Generally, we will use your personal information:
(a) to operate the Web Platforms, generate content and provide customer support (including updates and improvements);
(b) to provide you with Services and access to our Venues;
(c) for our administrative, marketing (including direct marketing), planning, product or service development, quality control, survey and research purposes;
(d) to provide, administer, market and manage our Web Platforms, including but not limited to, providing you with customary search results for use in our Services to enhance your experience;
(e) to provide you with targeted marketing services including by third-party providers including affiliates, partners, joint venturers and researchers;
(f) to provide you with access to protected areas of the Web Platforms and to authenticate your account (where applicable);
(g) to conduct surveys to determine use and satisfaction with our Services, Venues and Web Platforms;
(h) to enforce our Terms and Conditions of access to our Venues, our Web Platforms or this Privacy Policy;
(i) to verify your information for accuracy or completeness (including by way of verification with third parties);
(j) to comply with our legal obligations, a request by a governmental agency or regulatory authority or legally binding court order including the collection of personal information on entry to a Venue;
(k) to combine your personal information with information we collect from third parties and use it for the purposes set out this Privacy Policy;
(l) to aggregate and/or make anonymous your personal information, so that it cannot be used, whether in combination with other information or otherwise, to identify you;
(m) to resolve disputes and to identify, test and resolve problems;
(n) to notify you about updates, improvement and changes to the Web Platforms and Services we provide from time to time; and
(o) to protect a person’s rights, property or safety;
1.2 The website may make third party social media features available to its users. We cannot ensure the security of any information you choose to make public in a social media feature. Also, we cannot ensure that parties who have access to such publicly available information will respect your privacy.
1.3 In the event that we hold sensitive information about you, we will only disclose or use that information with your consent or if another exception applies under applicable laws.
2. DISCLOSURE OF PERSONAL INFORMATION
2.1 We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Privacy Policy.
2.2 We may disclose your information, including your personal information, to third parties for the purposes contained in this Privacy Policy (including those listed above), including but not limited to:
(a) Affiliates and Acquirers
(i) We may share some or all of your personal information with related body corporates, our subsidiaries, or other companies under a common control (Affiliates), in which case we will require our Affiliates to honour this Privacy Policy.
(ii) In the event we are involved in a merger, acquisition or sale of assets we may disclose Personal information collected by us to such entities that we propose to merge with or be acquired by, and will assume the rights and obligations regarding your personal information as described in this Privacy Policy. This includes the disclosure of information to our clients where we act as a data processor.
(b) Third parties and others you choose to sharewith
(i) We may disclose your personal information to third parties to whom you expressly ask to us to send the personal information to or to others you directly or indirectly choose for us to disclose your personal information to.
(ii) We may disclose your personal information to third parties with whom we have a commercial relationship with, including for the purpose of providing customers with access to promotions and other similar services.
2.3 We may from time to time need to disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant or policy enquiry, in the course of a legal proceeding or in response to a law enforcement agency request.
2.4 We may also use your personal information to protect the copyright, trademarks, legal rights, property or safety of GCBG, its application, Web Platforms and customers or third parties.
2.5 Information we collect may from time to time be stored, processed in or transferred between parties located in countries outside of Australia. These may include, but are not limited to EU, USA and UK.
2.6 We will take reasonable steps to ensure that anyone to whom we disclose your personal information respects the confidentiality of the information and abides by the Privacy Principles or equivalent privacy laws.
2.7 We will not share, sell, rent or disclose your personal information in ways different from what is disclosed in this Privacy Policy.
3. IF WE CANNOT COLLECT YOUR PERSONAL INFORMATION
If you do not provide us with the personal information described above, some or all of the following may happen:
(a) We may not be able to provide the Services to you, either to the same standard or at all;
(b) We may not be able to provide you with information about Services that you may require; or
(c) We may be unable to tailor the content of our Web Platforms to your preferences and your experience of our Web Platforms and/or Services may not be as enjoyable, useful or applicable to your requirements.
4. SECURITY OF PERSONAL INFORMATION
4.1 GCBG is committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
4.2 The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.
5. ACCESS OF PERSONAL INFORMATION
You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act. A small administrative fee may be payable for the provision of information. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at
privacy@goodcompanybargroup.com.au. We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act.
6. COMPLAINTS ABOUT PRIVACY
If you have any complaints about our privacy practices, please feel free to send in the details of your complaints to [Office 1 18 Grattan Street, Prahran VIC 3181]. We take complaints very seriously and will respond shortly after receiving written notice of your complaint.
7. COOKIES POLICY
7.1 We may use cookies and URL information to gather information regarding the date and time of your visit and the information for which you searched and which you viewed. “Cookies” are small pieces of information that the Web Platforms send to your computer’s hard drive while you are viewing a web site or App. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Web Platforms. Persistent Cookies can be removed by following Internet browser help file directions. Cookies may enable automatic logins when you visit in the future and may enable content customisation.
7.2 Cookies may collect and store your personal information. This Privacy Policy applies to personal information collected via Cookies. You consent and acknowledge that we collect your personal information through Cookies.
7.3 We sometimes use Cookies to show remarketing communications via third party networks like Google Display network, Instagram and Facebook.
7.4 You can control and/or delete cookies manually as you wish.
8. MANAGING YOUR PERSONAL INFORMATION
8.1 Subject to the Privacy Act, you may request to access the personal information we hold about you by contacting us via the ‘Contact’ feature of the Web Platforms. All requests for access will be processed within a reasonable time.
8.2 Accessing or Rectifying your personal information:
(a) We may, if required, provide you with tools and account settings to access, correct, delete, or modify the personal information you provided to us. You can find out more about how to do this by contacting us using the ‘Contact’ feature of the Web Platforms. In the event that you are unable to access your account to access or rectify your personal information, you may submit a request to us to correct, delete or modify your personal information. Rectifications, deletions or modifications will be processed within a reasonable time.
8.3 Deletion
(a) We keep data for as long as it is needed for our operations. If you deactivate and delete your account, your data will no longer be visible on your account. Please keep in mind that third parties may still retain copies of information you have made public through our Web Platforms.
(b) If you wish to have us delete your data please contact us using the ‘Contact’ feature of the Web Platforms.
8.4 Object, restrict or withdraw consent:
(a) If you have an account on the Web Platforms you will be able to view and manage your privacy settings. Alternatively, if you do not have an account, you may manually submit a request to us if you object to any personal information being stored, or if you wish to restrict or withdraw any consent given for the collection of your personal information.
(b) You may withdraw your consent to the processing of all your personal information at any time. If you wish to exercise this right, you may do so by contacting us using the ‘Contact’ feature of the Web Platforms.
(c) You may withdraw your consent or manage your opt-ins at any time by either viewing your account on the Services or clicking the unsubscribe link at the bottom of any marketing materials we send you.
8.5 Portability
(a) We may, if required and possible, provide you with the means to download the information you have shared through our Web Platforms. Please use the ‘Contact’ function within the Web Platforms for further information on how this can be arranged.
(b) We may retain your information for fraud prevention or similar purposes. In certain instances, we may not be required or able to provide you with access to your personal information. If this occurs, we will give you reasons for our decision not to provide you with such access to your personal information in accordance with the Privacy Act.
(c) There is no application fee for making a request to access your personal information. However, we may charge an administrative fee for the provision of information in certain circumstances such as if you make repeated requests for information or where the information is held by a third-party provider.
9. ANONYMITY AND PSEUDONYMITY
We will allow our users to transact with us anonymously or by using a pseudonym, wherever that is reasonable and practicable. However, this will not be possible if we are required or authorised by law or other instrument to deal with customers who have been appropriately identified, or where it is impracticable for us to deal with.
10. STORAGE AND SECURITY OF PERSONAL INFORMATION
10.1 We are committed to protecting the security of your personal information. We (and our third-party service providers) use a variety of industry-standard security technologies and procedures to help protect your personal information from unauthorised access, use or disclosure. We use secure web services to collect your information and we store certain kinds of data in encrypted form. We also record CCTV footage which is stored on local NVR for a period of 30 days.
10.2 We follow reasonable technical and management practices to help protect the confidentiality, security and integrity of data stored on our system. While no computer system is completely secure, we believe the measures implemented by us reduce the likelihood of security problems to a level appropriate to the type of data involved.
10.3 We encourage you to be vigilant about the protection of your own information when using digital services, such as social media. While we will endeavour to ensure that any relationships, we have with third parties include an appropriate level of protection for your privacy, we will be limited in our ability to control any electronic platform operated by a third party.
11. INTERNATIONAL TRANSFER AND DISCLOSURE OF PERSONAL INFORMATION
11.1 Where we transfer personal information outside of Australia or any other approved, pre-determined geographical location, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws.
11.2 We may disclose personal information to our related bodies corporate and third-party service providers located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
11.3 We may disclose your personal information to entities located outside of Australia, including the following:
(a) Our related bodies corporate;
(b) Our data hosting and other IT service providers, located in various countries; and
(c) Other third-parties located in various foreign countries.
11.4 We may disclose your personal information to entities within Australia who may store or process your data overseas.
12. NOTIFIABLE DATA BREACHES
12.1 We take data breaches extremely seriously and notification of data breaches will be applied and conferred in accordance with this clause 18.1.
(a) In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act or any other subsequent sections or legislation which supersede this Part IIIC, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out in this clause.
(b) We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment.
(c) If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made.
(d) Where, following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.
13. INTEGRITY AND RETENTION OF DATA
13.1 We take all reasonable steps to ensure that the personal information we collect about you is accurate, up to date and complete. Where we collect that information from you directly, we rely on you to supply accurate information. We make it easy for you to keep your personal information accurate, complete, and up to date. We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
14. DISCLAIMER – THIRD PARTY LINKS
14.1 Our Web Platforms may contain links to third party webpages, reservation and booking systems, Instagram accounts or other social media pages (Third Party Pages), including but not limited to those of third parties for whom we have provided our Services to and you acknowledge and agree:
(a) This Privacy Policy and any other policy of ours does not apply to Third Party Pages and we recommend you make reasonable efforts to familiarise yourself with the policies contained on third-party pages;
(b) We are not liable for and you expressly indemnify us for any loss or damage incurred as a result of the failure by Third Party Pages to have in place and provide access to their privacy policy, terms of use or any other company policies or their failure to comply with the Privacy Act or any other applicable laws.
15. CONTACT INFORMATION
We welcome your comments or questions regarding this Privacy Policy.
You can confidentially contact our Support Officer at:
Email: privacy@goodcompanybargroup.com.au
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian Information Commission at:
Telephone: 1300 363 992
Enquiries Form:
Online Enquiry FormOffice Address: Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address: GPO Box 5288, Sydney NSW 2001
Services: www.oaic.gov.au
16. CHANGES TO THIS PRIVACY POLICY
This Privacy Policy is subject to occasional revision and we reserve the right, at our sole discretion, to modify or replace any part of this Privacy Policy. It is your responsibility to check this Privacy Policy periodically for changes as continued use of our Services shall indicate your agreement to our then current Privacy Policy. Not all changes to our Privacy Policy will require your consent, for example where office security procedures are changed. We will notify you of any change to our Privacy Policy that requires your consent before being implemented.
17. General
This Privacy Policy was last updated on 22 September 2023 by Merton Lawyers of 713 Glenferrie Road, Hawthorn Vic 3122.
www.mertonlawyers.com.au
