Privacy Policy – Data Breach

 

This is our privacy policy setting out our commitment to protecting and dealing properly with your personal information and to meeting our requirements under the Privacy Act and the Australian Privacy Principles.

We publish this policy on our website and we also publish this policy within our club so that you can be aware of when we might be collecting personal information about you. We respect the privacy of your and other’s personal information, however we may provide your personal information to third parties.

We collect personal information on most individuals who deal with us or who access our website or interact with us through social media including about members and their guests and other individuals who are patrons of our club or who attend a function at our club, about individuals who are themselves (or who are employees of) of suppliers, consultants and contractors who deal with us or otherwise provide services or advice to us, and about individuals in other organisations who have oversight over us or any of our operations.

In almost all cases where we collect personal information it would be impracticable for us to deal with you if you didn’t identify yourself. So we usually do not offer you the option of not identifying yourself.

The kinds of personal information that we collect include, but are not limited to – names, residential, email and other addresses, telephone numbers, social media participation details, gender, age, interests, other types of information or opinions about individuals that is within the definition of “sensitive information” under the privacy legislation, occupation, club PINs or passwords, preferences and sensitivities, details from drivers licences and other forms of identification that are produced to us, credit savings and debit card details, details of points of contact with the club, photographs, CCTV records, and details of activities with or within the club or dealings with the club including player reward accruals.

We do not collect personal information (other than sensitive information) unless it is reasonably necessary for or directly related to our functions or activities. We will not collect sensitive information about you without your consent (which will be implied where you choose to provide the information or you choose to deal with or interact with us where sensitive information might be obtained as outlined in this policy) except where that is otherwise permissible under the privacy principles.

We collect that personal information in many ways including – through membership applications and details of updates and changes, booking forms, use of membership and rewards cards and other forms of identification to obtain entry to our club or participate in gaming or other activities in a venue, use of membership and rewards cards and other forms of identification in connection with any transaction with us or within our club, credit savings and debit card information from credit savings or debit card transactions, bank details from cheques or online payments, records (including automated digital records based on activities) of website contact and use and social media contact and use, internet usage generally, observations by club staff, equipment used at point of entry, CCTV and other surveillance equipment used within our club, and gathering information collected by sub clubs. Some personal information may be collected by our staff creating or adding to particular records to record observations or opinions.

We may also collect personal information from publicly available sources of information or from others with whom we deal in connection with you including – if you are a member or proposed member, or if you are a proposed supplier, consultant or contractor, others who may put you forward or speak about you.

Some of your personal information may also be collected by any internet service provider or other service provider involved in the provision of services that we provide or facilitate such as WIFI connection services or mobile phone and data services. That is in addition to any of your personal information that we collect in the course of your use of that service such as details of your device used to access the service and details of connections and transmissions made using that service. You need to be mindful of that. The extent to which that happens on the part of the service provider depends on the workings of the particular service provider and are a matter between you and that service provider, governed by that service provider's privacy policy and obligations. If that is not acceptable to you then you should not use any such service that is provided or facilitated by us.

Your use of an ATM or any similar device may create a transaction record that is maintained and accessible by the Club, any relevant service provider and any relevant financial institution.

It is usually not practicable for us to remind you at each point or time of interaction, that personal information is being collected. If you choose to deal with us then you must be aware that your personal information may be collected.

In many cases, if you are not prepared to provide personal information or allow us to collect personal information in our usual way then we will not be able to deal with you or you may not be able to exercise particular rights or enjoy particular benefits or we may not be able to provide you with the level of service normally offered. In most cases that will be because the transaction or interaction (or our proper management of the transaction or interaction) depend on you supplying personal information. In other cases if you are not prepared to provide personal information or allow us to collect personal information in our usual way, then it will not be practicable for us to make a special case for you and change our systems to avoid collecting your personal information.

If we receive personal information about someone that we did not solicit (either directly or by facilitating the provision of that information to us) then within a reasonable period after receiving the information we aim to destroy the information or ensure the information is de-identified.

We store personal information in a number of different ways and in a number of different places including – digital records at initial points of contact; physical records generated at the point of a transaction (including cash register dockets); physical records maintained at our club; digital records at on-site equipment and also off-site servers in the cloud – both within Australia and elsewhere. In most cases where personal information is stored in the cloud, it cannot be accessed by the cloud service provider due to password protection or encryption or both.

We endeavour to take reasonable other steps including in relation to physical and digital security, to generally better secure our operations including our records of personal information and to protect the confidentiality of information that we hold.

However we cannot guarantee that in every individual case at every time: and also that cannot guarantee the physical or digital security of a particular record. While we take security steps ourselves you should also be aware of the types of information security risks that exist and take appropriate care to help safeguard yourself and your information.

The purposes for which we collect, hold, use and disclose that personal information include – managing our records of and interactions with our members, patrons, suppliers and other contacts; by way of business records for the management and administration of our operations; for marketing analysis and promotional purposes; in order to meet our numerous legal compliance and other obligations; in relation to guests, to meet the identification and registration requirements applicable under the clubs legislation; in relation to members, in the application of our internal processes for dealing with members including disciplinary processes; in order to meet our obligations including how we see our obligations as a good corporate citizen, in circumstances where the release of personal information is permissible under the privacy principles; and in order to keep our records and manage our operations in a modern and efficient manner.

Sometimes that may involve providing your personal information to third parties (but only within Australia) including - outside organisations who provide services or advice to us in relation to any of the types of matters listed above including consultants and contractors and also professional and other advisers, but not for their own commercial use.

We are a public company and in limited circumstances we can have a legal obligation to allow others to look at our Register of Members.

If you provide personal information to us or deal with us in a way that leads to the collection of personal information as outlined in this policy then we presume your consent to deal with the information in accordance with this policy.

Where we use your personal information for direct communication with you for promotional purposes we will take reasonable steps to allow you to give notice opting out for future periods.

In some situations where you are dealing with us, you may still have the opportunity to opt out of providing particular personal information such as by not choosing to use a member or reward card within the club in situations where we have not made that mandatory for compliance purposes or where we determine that the provision of particular information is not needed by us in the particular circumstances.

If you are a member, there are certain materials such as notices of meeting that we are obliged to send to you and while you continue as a member you cannot opt out of those.

We take reasonable steps to keep your personal information that we have collected, accurate. That involves – making any correction that becomes apparent to us as necessary, acting on updates from you, and also making any correction under the process outlined below.

You have a right to access your own personal information that is held by us to the extent we are required to give you access under the privacy legislation and privacy principles and subject to the limitations directly or necessarily arising under the legislation or principles. We may apply a reasonable administrative charge for providing that access.

You also have a right to receive gaming machine player activity statements to the extent that we are required to provide those under the gaming machines legislation.

We normally keep personal information indefinitely as it is difficult to identify any particular time when particular personal information ceases to be relevant.

However to the extent of information which is obtained for a register of guests who enter our premises where the register is required under the clubs legislation, and which information forms part of a register (which may include identification information such as drivers licence details), we will usually not maintain that register beyond three years after the date of the entry in the register except where we have a reasonable basis for anticipating that the particular register may still be needed in evidence at some later time.

We apply the Australian Privacy Principles guidelines issued by the Australian Information Commissioner, as we administer this policy and particularly in relation to matters that are not specifically addressed in this policy.

If we become aware of a data security breach then we will promptly act on that breach by applying the Australian Information Commissioner's Guide for data breach notification. This action may include a review of our internal security procedures, taking remedial internal action, notifying affected individuals and the Office of the Australian Information Commissioner (OAIC). If we are unable to notify individuals, we will publish a statement on our website and take reasonable steps to publicise the contents of this statement.

Our executive with the day-to-day responsibility for administering this policy is our Secretary Manager.

You may request access to your personal information or player activity statements by contacting our Secretary Manager or their delegate. In order to safeguard your personal information, this request should be made in person, with appropriate identification.

If you establish to our reasonable satisfaction that any of your personal information that you access is incorrect then we will promptly make the appropriate correction in our records.

If you have any complaint about any aspect of our dealing with your personal information, you may make that complaint to our Secretary Manager who will promptly investigate to see whether your personal information has been dealt with properly under this Policy.

We will provide you with a written response to your complaint promptly after we have completed our investigation. Any response that we provide is provided on a confidential basis however and without admission.

From time to time we may decide or have to change or update this policy. The policy applicable at a particular time is the most current policy published by us at the time and it applies to all personal information that we then hold.

CONTROL INFORMATION

Subject: Privacy Policy

Authorised by: Andrew Walker

Distribution: Website & Notice Board

Original Issue Date: 13 March 2006

Revised Issue Date: 22 March 2018

Approved by Board: 17 April 2018

Implementation Date and Version No. 18 April 2018 | Version 02