1. INTRODUCTION & PURPOSE
The Consortium Qld’s mission is to provide quality hospitality experiences in Brisbane’s Bayside, with a focus on Manly and the harbour. We operate two venues, Tide on the Jetty and The Arsonist.
We understand that your privacy is important. This document sets out how we protect your privacy and manage your personal information. It applies to all people who deal with us.
2.2 What is personal information?
Personal information is any information that can be used to identify you. This includes any information or an opinion about you (including information or an opinion forming part of a database), whether true or not, and no matter how the information or opinions are recorded. The information may be collected from you directly or provided to us by another party.
3. COLLECTION OF PERSONAL INFORMATION
3.1 Honesty, Integrity & Fairness
The type of information The Consortium Qld collects is largely dependent upon whose information we are collecting and why we are collecting it. In general terms The Consortium Qld may collect:
Personal information including names, addresses and other contact details; date of birth, emergency contact details, financial information, photographic images and time/attendance records.
Health information including incident reports, medical records, disabilities, immunisation details, individual health care plans, counselling reports, nutrition and dietary requirements.
Consumer information including dates and times of visits, amount spent, booking dates and times, and group booking details.
3.2 How is personal information collected?
The Consortium Qld will generally collect personal information held about an individual by way of forms filled out (either paper or online) by staff members, customers and contractors, or via phone calls, face-to-face meetings, interviews and telephone calls.
In some circumstances, The Consortium Qld may be provided with personal information about an individual from a third party; for example, a report provided by a medical professional or a reference from a previous employer.
3.3 How will the personal information be used?
We only use personal information that is reasonably necessary for one or more of our functions or activities (the primary purpose) or for a related secondary purpose that would reasonably be expected by you, or to which consent has been granted. The primary uses of personal information include but are not limited to:
providing hospitality services;
keeping customers informed about matters relating to products and bookings, through correspondence, newsletters and magazines;
financial administration including insurance purposes;
marketing, promotional and fundraising activities; and
satisfying The Consortium Qld's legal and compliance obligations and allowing The Consortium Qld to discharge its duty of care.
3.4 Job applicants, staff members, volunteers and contractors
In relation to personal information of job applicants, staff members, volunteers and contractors, The Consortium Qld's primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor as the case may be. The purposes for which The Consortium Qld uses personal information of job applicants, staff members, volunteers and contractors include:
in administering the individual's employment or contract, as the case may be;
for insurance purposes;
satisfying The Consortium Qld's legal, compliance and due diligence obligations.
3.5 Marketing and Fundraising
The Consortium Qld treats marketing and fundraising for the future growth and development of The Consortium Qld as important ways of ensuring that The Consortium Qld continues to provide a quality dining and social experience which both customers and staff enjoy.
Simple opt out mechanisms will be provided to ensure individuals can cease receiving materials at any time. Publications, for example newsletters, which include personal information, may be used for marketing purposes.
4. DISCLOSURE OF PERSONAL INFORMATION
The Consortium Qld will only use personal information for the purpose for which it was given to us, or for the purposes which are related (or directly related in the case of sensitive information) to one or more of our functions or activities.
We may disclose your personal information to government agencies and other recipients from time to time, only if one or more of the following applies:
you have consented;
you would reasonably expect us to disclose your personal information in this way;
we are authorised or required by law;
a duty of care is undertaken, that is where disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety;
where another permitted general situation or permitted health situation exception applies;
disclosure is reasonably necessary for a law enforcement related activity.
4.1 Cloud computing
The Consortium Qld may store personal information in the “cloud” on host servers which are situated outside Australia. The Consortium Qld will ensure that cloud providers have arrangements in place with respect to security of information and compliance with privacy laws.
4.2 Sensitive information
Sensitive information will be used and disclosed only for the purpose for which it was provided, unless you agree otherwise, or the use or disclosure of the sensitive information is required by law, or when a Duty of Care is required.
5. STORAGE & SECURITY
The Consortium Qld's staff members are required to respect the confidentiality of customer personal information and the privacy of individuals. The Consortium Qld has in place steps to protect the personal and sensitive information The Consortium Qld holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records, passworded access rights and appropriate ICT systems to protect against unauthorised access to electronic records.
5.1 Updating personal information
The Consortium Qld endeavours to ensure that the personal information it holds is accurate, complete and up to date. A person may seek to update their personal information held by The Consortium Qld by contacting the Registrar of The Consortium Qld at any time.
5.2 Access and correction of personal information
Under the Privacy legislation, an individual has the right to obtain access to any personal information which The Consortium Qld holds about them and to advise The Consortium Qld of any perceived inaccuracy. There are some exceptions to this right set out in the applicable legislation. The Consortium Qld may require you to verify your identity and specify what information you require.
The Consortium Qld may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, The Consortium Qld will advise the likely cost in advance. If The Consortium Qld cannot provide you with access to that information, you will be provided with written notice explaining the reasons for refusal.
6. BREACHES & COMPLAINTS
6.1 Privacy complaints
If you wish to make a complaint about a breach by The Consortium Qld of the Australian Privacy Principles you may do so by providing a written complaint to the Privacy Officer. Verbal complaints may also be made. A response to your complaint will be provided within 30 days. If an individual is not satisfied with The Consortium Qld’s response, a complaint can be lodged with the Office of the Australian Information Commissioner on the following website: http://www.oaic.gov.au.
6.2 Notifiable breaches
A Notifiable Data Breach occurs when Personal Information of an individual held by The Consortium Qld is accessed by, or is disclosed to, an unauthorised person, or is lost, and:
a reasonable person would conclude that the unauthorised access or disclosure would likely result in serious harm to the relevant individual; or
in the case of loss (e.g. leaving a laptop containing Personal Information on a bus), unauthorised access or disclosure of Personal Information is likely to occur, and a reasonable person would conclude that the unauthorised access or disclosure would likely result in serious harm to the relevant individual.
If The Consortium Qld suspects that a Notifiable Data Breach has occurred, it will conduct a reasonable and expeditious assessment to determine if there are reasonable grounds to believe that a Notifiable Data Breach has occurred. The Consortium Qld will take all reasonable steps to ensure that the assessment is completed within 30 days of becoming aware of the suspected Notifiable Data Breach. Notification is subject to any restriction under the Act. In the event a Notifiable Data Breach occurs, The Consortium Qld will, as soon as practicable, prepare a statement outlining details of the breach, and:
notify the individual of the unauthorised access, disclosure or breach; and
notify the Office of the Australian Information Commissioner of the unauthorised access, disclosure or breach.
7. OTHER RELEVANT POLICIES
Staff, especially managers and supervisors, are encouraged to read this policy in conjunction with other relevant policies and legislation, including:
Workplace Discrimination and Harassment Policy
Workplace Health and Safety Policy
Restaurant Industry Award 2011
Privacy Act 1988 (Cth)
Privacy Amendment (Notifiable Data Breaches) Act 2017
Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)
8. MORE INFORMATION
If you have a query about this policy or need more information, please contact:
Peta Prestidge – email@example.com
9. REVIEW DETAILS
This policy was adopted by The Consortium Qld Pty Ltd on 1 September 2020.
This policy was last updated on 4 May 2021.