Sydney Restaurant Group is bound to comply with the Privacy Act 1988 and the Australian Privacy Principles (“APPs”) that regulate the handling of personal information about individuals.
1. Management of Personal Information
(a) From whom do we collect information?
From time to time Sydney Restaurant Group will collect personal information from website users, Sydney Restaurant Group Entities (refer to the definition set out below), customers, Dimmi Pty Limited, suppliers, recruitment agencies, employees, contractors and other individuals.
The following companies operate restaurants that are represented by the Sydney Restaurant Group.
- Aqua Dining Pty Ltd trading as Aqua Dining;
- Ripples at Chowder Bay Pty Ltd trading as Ripples Chowder Bay;
- Ripples Cafe Pty Ltd trading as Ripples Milsons Point;
- Jardin St James Pty Ltd trading as Jardin St James;
- Lumi Bar & Dining Pty Ltd trading as Lumi Bar & Dining;
- Ormeggio Pty Ltd trading as Ormeggio at the Spit and Chiosco by Ormeggio; and
- Via Alta Pty Ltd trading as Via Alta.
These entities are referred to in this Policy as the “Sydney Restaurant Group Entities”.
(b) Types of information Sydney Restaurant Group collects
The type of personal information that may be collected will depend on Sydney Restaurant Group’s relationship with the person, and the circumstances of collection. Information collected from individuals may include the following:
- name, gender and date of birth;
- residential address, email address, facsimile number and contact telephone numbers;
- details of restaurants where individuals have dined, what was ordered and how much money was spent;
- financial information, including bank account details and credit / debit card details so we can make and receive payments;
- details about website users including information which is automatically provided by your browser to our servers for example information about your website visit, browsing of, and use of our website; and
- employment and contractor information such as resumes, third party references, superannuation details, tax file numbers, emergency contact details and employee or contractor records.
(c) How Sydney Restaurant Group collects information
How we collect personal information will largely depend on whose information we are collecting. If it is reasonable and practical to do so, we collect personal information directly from you.
We may collect information about you when you:
- make a booking or dine at one of the Sydney Restaurant Group Entities;
- engage Sydney Restaurant Group for the provision of services;
- request information from us;
- interact or conduct business with Sydney Restaurant Group;
- telephone, email or write to us;
- visit our website;
- contact us or input information through our website;
- register to receive newsletters and other information from us;
- register for special events or promotions;
- enter contests, respond to surveys or provide feedback to us;
- post information or photos on social media channels or on any forum that references us or a Sydney Restaurant Group Entity;
- apply for employment with Sydney Restaurant Group; or
- have a face to face meeting with a representative of Sydney Restaurant Group.
As well as collecting information directly from an individual, there may be occasions when Sydney Restaurant Group collects information from a third party. We may collect personal information from:
- entities that are Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)) of Prophetable Hospitality Pty Ltd;
- Sydney Restaurant Group Entities;
- Dimmi Pty Limited and other third parties who make enquiries or bookings on your behalf; and
- independent sources.
We will however only collect information from third parties where it is not reasonable and practical to collect the information from you directly.
(d) Gathering and combining personal information
Improvements in technology enable organisations to collect and use personal information to get a more integrated view of individuals, and to allow them to provide better products and services to individuals.
We may combine information made available from a variety of sources. This enables us to analyse the data in order to gain useful insights, which can be used for the purposes set out in Section 1(g) of this Policy.
(e) Unsolicited Information
Sometimes we may be provided with your personal information without having sought it through our normal means of collection. We refer to this as “unsolicited information”. Where we collect unsolicited information we will only hold, use and / or disclose that information if we could otherwise do so had we collected it by normal means. If that unsolicited information could not have been collected by normal means then we will destroy, permanently delete or de-identify the information as appropriate.
(f) How Sydney Restaurant Group stores information
Personal information is stored and held in a combination of hard copy and electronic files maintained by Sydney Restaurant Group.
Personal information is only accessible by officers and employees of Sydney Restaurant Group, unless it is disclosed to another party in accordance with this Policy.
Sydney Restaurant Group takes all reasonable steps to protect personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure by using industry standard software protection programs.
(g) How is personal information used?
Personal information is used by Sydney Restaurant Group for the purpose of marketing and conducting our business.
Our uses of personal information include, but are not limited to:
- establishing your identity;
- managing our relationship with you;
- creating and responding to booking requests;
- creating personal customer profiles;
- identifying restaurants, services and events that we think may be of interest to you;
- sending newsletters, publications and other promotional information to you;
- providing you with updates in relation to promotions, special events and other activities;
- communicating with you about restaurants operated by Sydney Restaurant Group Entities;
- engaging with Sydney Restaurant Group Entities and their customers;
- providing services to and on behalf of the Sydney Restaurant Group Entities;
- conducting and improving our business and services;
- collecting and making payments;
- in the case of employees:
- to pay your wages and employee entitlements; and
- to manage your employment relationship with us;
- in the case of contractors:
- to pay your contractors fee; and
- to manage your contractor relationship with us; and
- complying with our legal obligations, and assisting government and law enforcement agencies and/or regulators.
We may also need to collect personal information in order to comply with our legal obligations, such as the Anti-Money Laundering and Counter-Terrorism Financing laws, under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
(h) Direct Marketing
We may use your personal information to engage in direct marketing activities such as distribution of newsletters, promotional information and advising you about special events held by Sydney Restaurant Group Entities. If you do not want to receive emails and/or other communications from us, you can tell us by contacting us as detailed in this Policy or as detailed in any direct marketing communication that you receive.
(i) Sensitive Information
Sensitive information is a type of personal information and includes information about an individual’s health (including predictive genetic information), racial or ethnic origin, political opinions and religious beliefs or affiliations. We do not collect sensitive information.
(j) Disclosure of information
Personal information may be disclosed to employees and agents of Sydney Restaurant Group, to enable them to provide services to Sydney Restaurant Group Entities, customers of the Sydney Restaurant Group Entities and others.
It may be necessary for us to disclose your personal information to certain third parties in order to assist us with one or more of our functions or activities, or where permitted or required by law. Third parties may include:
- entities that are Related Bodies Corporate (as defined in the Corporations Act 2001(Cth)) to Prophetable Hospitality Pty Ltd;
- those to whom we outsource certain functions, for example information technology support;
- auditors and insurers;
- government and law enforcement agencies and regulators; and
- entities established to help identify illegal activities and prevent fraud.
- We may disclose your personal information from time to time, only if one or more of the following apply:
- you have consented;
- you would reasonably expect us to use or disclose your personal information in this way;
- we are authorised or required to do so by law;
- disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety;
- we are permitted pursuant to Section 16A of the Privacy Act 1988 (Cth); or
- disclosure is reasonably necessary for a law enforcement related activity.
(k) Cross-border disclosure of personal information
Sydney Restaurant Group does not generally send any personal information to overseas entities.
We may only transfer personal information to a foreign recipient (including when an overseas entity accesses the information in Australia), if:
- we reasonably believe that:
- the recipient is subject to law, or a binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the APP’s; and
- there are mechanisms that the individual can access to take action to enforce that protection of the law or binding scheme;
- the disclosure is required or authorised by or under an Australian law or a court/tribunal order;
- the transfer is necessary for the performance of a contract with the individual (from which the information was collected);
- the transfer is for the benefit of the individual (and the other APP requirements are met); or
- if the individual consents to the transfer.
Where disclosure is to be made to a known overseas entity, we will take reasonable steps to assess the privacy laws of the country where information will be disclosed to determine whether the overseas recipient is required to comply with privacy laws that are at least as stringent as the APP requirements in relation to information. We may enter into a written contract with the overseas recipient to enable us to enforce protection of the personal information that we provide to the overseas recipient, and ensure that the overseas entity does breach the APPs.
(l) Social Media
There may also be occasions when we collect personal information (to the extent it is available) from publicly available sources, including social media platforms such as Facebook or Twitter. Sometimes, we may provide content and services on a range of platforms (including social media networks) with interactive features to which you may contribute. If you post your personal information in publicly accessible places or social media platforms, your personal information will become publicly available (subject to, where applicable, any privacy settings you have in place in social media platforms). We will not be responsible for the protection of personal information you choose to publish this way.
(m) Security of information
Sydney Restaurant Group will take reasonable steps to protect the personal information Sydney Restaurant Group holds from any misuse, loss, modification, disclosure or unauthorised access. For example, personal information is retained in secure hard copy and electronic files, and is only accessible by staff on a need to know basis.
Some of the security measures implemented by us to secure personal information include using firewalls, standard software protection programs, pass word access protections, secure servers and encryption of credit card transactions.
However, since no system is 100% secure or error-free, we cannot guarantee that your personal information is totally protected, for example, from hackers or misappropriation. You acknowledge that the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. You provide information to us via the internet or by post at your own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, your personal information where the security of information is not within our control.
(n) Links to other websites
Our website may contain links to other websites. You acknowledge that we are not responsible for the privacy or security practices of any third party (including third parties to whom we are permitted to disclose your personal information in accordance with this Policy or any applicable laws). The collection and use of your information by such third party/ies may be subject to separate privacy and security policies.
If you suspect any misuse or loss of, or unauthorised access to, your personal information, please contact us immediately using the contact details set out below.
(o) Information that is no longer required
If Sydney Restaurant Group no longer needs the personal information for any purpose for which it may use or disclose the information, and the information does not need to be retained under an Australian law, or court order, Sydney Restaurant Group will take reasonable steps to destroy or permanently de-identify the information.
2. Who can I contact for further information, to gain access to my personal information or to make a complaint?
(a) Contact Details
Individuals are able to contact Sydney Restaurant Group and request further information about this Policy, request access to their personal information or make a request that personal information be corrected and/or updated. Individuals are also able to make a complaint about any aspect of this Policy, and/or any aspect regarding the collection or use of information by Sydney Restaurant Group, including the following:
- the kind of information collected by Sydney Restaurant Group;
- the collection process;
- the purpose for which information is collected;
- how information is held; or
- use or disclosure of information by Sydney Restaurant Group.
Further information can be requested, access to information can be requested and complaints can be made using the contact details set out below.
Prophetable Hospitality Pty Ltd ACN 164 374 369
trading as Sydney Restaurant Group
Address: Level 3, 30 Alfred Street, Milsons Point NSW 2061
Telephone: 02 9460 0048
(b) Request for correction of information
If an individual requests Sydney Restaurant Group to correct personal information held in respect to that individual, Sydney Restaurant Group will take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regarding to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
Sydney Restaurant Group will respond to a request for correction of personal information within a reasonable period after the request is made. If Sydney Restaurant Group refuses to correct the personal information as requested by an individual, Sydney Restaurant Group will provide the individual with a written notice that sets out:
- the reasons for the refusal, except to the extent that it would be unreasonable to do so; and
- the mechanisms available to complain about the refusal.
If Sydney Restaurant Group refuses to correct the personal information, it will keep with the record an indication that the person has requested that the information be corrected.
Complaints in relation to this Policy or the collection of personal information will be investigated by Sydney Restaurant Group within a reasonable period after the complaint is received. Following an investigation, a response will be provided by Sydney Restaurant Group to the individual.
If a person is not satisfied with the way in which Sydney Restaurant Group handles an enquiry or complaint, they can call the Office of the Australian Information Commissioner on 1300 363 992.
Sydney Restaurant Group may vary this Policy as business requirements or the law changes. Sydney Restaurant Group will review this Policy on a regular basis and update the Policy as required. If we decide to change our Policy, we will post those changes on this page so that you are aware of the changes.