TRAVERSE ALPINE OPERATIONS

PRIVACY POLICY

Traverse Alpine Operations Pty Ltd ABN 34 169 662 551 (Traverse, we, our, us) is an experienced hospitality provider delivering an exceptional standard of food and beverage services and luxury accommodation in Victoria’s alpine region and surrounds. We proudly operate Cloud 9, Frying Pan Inn, Huski, Murmeli and Astra (including the Astra Bar & Restaurant and Astra Day Spa) in Falls Creek, as well as Elm Dining and The Boat Shed Lake Hume. We recognise and respect the importance of your privacy and that you have a right to control how your Personal Information is collected and used by us.

This Privacy Policy applies to all your dealings with us. By visiting or using our Online Platforms, booking dining, spa or accommodation reservations, enquiring about (or using) our Services or otherwise communicating with us, you accept the terms of this Privacy Policy and expressly consent to the collection, use and disclosure of your Personal Information by us as described in this Privacy Policy.

The purpose of this Privacy Policy is to provide you with information on how we collect, use, store and disclose your Personal Information. If you require any further information about our privacy practices, we welcome you to get in touch with us using the contact details set out in section 16 of this Privacy Policy below.

Definitions

In this Privacy Policy:

APPs means the Australian Privacy Principles under the Privacy Act which govern the standards, rights and obligations around the collection, use and disclosure of Personal Information, privacy governance and accountability, integrity and correction of Personal Information and the rights of individuals to access their Personal Information.

Online Platforms means the online platforms we operate including traversealpinegroup.com.au, astrafallscreek.com.au, murmeli.com.au, huski.com.au, fryingpaninn.com.au, cloud9fc.com.au, theboatshedlakehume.com.au, elmdining.com.au and any of our other websites or social media pages (including Facebook, Instagram and LinkedIn) managed by us.

Personal Information has the meaning given to it under the Privacy Act.

Privacy Act means the Privacy Act 1988 (Cth), as amended from time to time.

Privacy Officer means our first point of contact for all privacy related inquiries and matters, who can be contacted using the details set out in section 16 below.

Privacy Policy means this document setting out the policy of Traverse relating to the privacy and handling of your Personal Information.

Sensitive Information has the meaning given to it under the Privacy Act.

Services means the services provided by us to our customers including hospitality, food, entertainment (both at our venues and at catered events), accommodation, sport physiology and beauty services.

What is Personal Information?

Personal Information is defined in the Privacy Act as information or opinion about an identified individual (or an individual who is reasonably identifiable) whether the information or opinion is true or not and whether the information or opinion is recorded in material form or not.

Sensitive Information is a subset of Personal Information that is afforded higher levels of protection under the Privacy Act. It includes information or opinion about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation, criminal record or health information.

Types of Personal Information we collect

In order to provide you with our Services, we often need to collect your Personal Information. If we do not collect the Personal Information or if any of the Personal Information you provide is incomplete or inaccurate, we may not be able to provide the Services or those Services may be compromised.

Depending on the nature of the Services we provide to you, the Personal Information we collect may include:

contact details (including your name, date of birth, address, email and phone details);

health information (for example, when visiting the Astra Day Spa);

information required for you to do business with us including bank account details, credit card information and any other relevant financial information;

information on prior dealings with us; and

any other Personal Information relevant to the Services we provide.

How we collect Personal Information

We will always aim to collect Personal Information directly from you, where practicable. We may also sometimes collect Personal Information through:

our Online Platforms (including your interactions with us on our social media platforms);

forms (hardcopy and electronic) filled out by you when acquiring our Services;

orders for our products and/or Services;

third party service providers, including reservation services;

requests to join our mailing or distribution lists or to be contacted for further information about our products and/or Services;

provision of customer service and support;

responses to surveys or research conducted by us or on our behalf; and

entries into competitions or trade promotions conducted by us or on our behalf.

From time to time, we may collect Personal Information about you from third parties, public sources and as otherwise permitted by law. However, please note that we will only collect Sensitive Information (including health information) directly from you and with your consent.

We only collect and handle your Personal Information that is provided by you, with your consent or where otherwise permitted by law. We will assume that you have consented to us collecting all information that is provided to us in accordance with this Privacy Policy unless you tell us otherwise at the time you provide it to us.

If you provide us with Personal Information about a third party you represent to us, and we collect it on the basis that, the person agrees to us collecting and handling their Personal Information in accordance with this Privacy Policy.

Use of Personal Information

Our main purposes for collecting, holding, using and disclosing Personal Information are the following:

to supply products or Services to our customers, both at our venues and for catered events;

to notify our customers about our new or existing products and Services;

to notify you about our upcoming occasions, promotions, and themed events;

to distribute material and general information relating to our Services;

to obtain products and services from our suppliers;

to respond to enquiries from existing or prospective customers seeking information about our products or Services;

to enforce agreements between you and us;

to undertake research and surveys and analyse statistical information;

to conduct competitions and trade promotions;

to comply with contractual, legislative and policy requirements including in relation to occupational health and safety and environmental matters;

to improve our Services and products; and

as otherwise permitted or required by law.

Disclosure of Personal Information

We will only use or disclose your Personal Information for the purpose for which it was collected (known as the “primary purpose”), another purpose related to the primary purpose where you would reasonably expect it to be used or disclosed for such a related purpose (known as the “secondary purpose”), with your consent or as otherwise allowed under the Privacy Act.

In regards to Sensitive Information (which includes your health information), we will only ever use or disclosure your Sensitive Information with your consent, for the primary purpose for which it was collected or for another purpose directly related to the primary purpose where you would reasonably expect it to be used or disclosed for such a directly related purpose.

We may be required to disclose your Personal Information by law, by court order or to investigate suspected fraud or other unlawful activity. We may also disclose your Personal Information to third parties in certain circumstances including:

if you agree to the disclosure;

when we use it for the primary purpose for which it was collected (including to provide you with Services);

if you would reasonably expect us to disclose the information for a secondary purpose related to the primary purpose;

where disclosure is required or permitted by law;

to our related entities, in accordance with the Privacy Act;

if disclosure will prevent or lessen a serious or imminent threat to someone’s life or health; or

where it is reasonably necessary for an enforcement related activity.

We will not disclose your Personal Information to any recipients outside Australia.

Storage and security

We endeavour to keep our information technology systems and files secured from misuse, interference, loss, unauthorised access, unauthorised modification and unauthorised disclosure. Those who work with us are aware of the importance we place on protecting your privacy and their role in helping us to do so.

Our procedures to securely store Personal Information include electronic and physical security measures, staff training and use of password protection software.

When the Personal Information that we collect is no longer required, we will remove or de-identify the Personal Information as soon as reasonably possible. We may, however, retain Personal Information for as long as is necessary to comply with any applicable law, for the prevention of fraud, for insurance and governance purposes, in our IT back-up, for the collection of any monies owed and to resolve disputes.

Access to and correction of Personal Information

You are welcome to request that we provide you with access to the Personal Information we hold about you by contacting us using the details listed in section 16 below. Generally, we will provide you with access to the information unless applicable laws allow us to refuse, or prevent us from giving you, access to the Personal Information we hold about you. We will not unreasonably refuse requests to access Personal Information.

Where we agree to provide you with access to your Personal Information, we may make this conditional on us recovering our reasonable costs of doing so. No fee will be incurred for requesting access, but if your request for access is accepted, you will be notified of the fee payable (if any) for providing access if you proceed with your request.

You may also lodge a request to correct Personal Information we hold about you if you believe it is inaccurate, incomplete, irrelevant, misleading or out of date. There is no fee for doing this. To do so, please contact us at the contact details listed in section 16 below.

Direct marketing

Like most businesses, marketing is important to our continued success and viability. We may use Personal Information we hold about you, from time to time, to send marketing materials to current or prospective customers. Generally, we only do so where you consent or where allowed by applicable laws. Our communications to you may be sent in various forms such as by post or by electronic means (including e-mail and SMS).

If you wish to cease receiving this marketing information, please contact us directly on the contact details listed in section 16 below asking to be removed from our mailing lists, or use the “unsubscribe” or “update your preferences” facilities included in all our marketing communications.

We will never use your Sensitive Information for direct marketing purposes.

Our Online Platforms

We sometimes use cookie technology on our Online Platforms to provide information and services to visitors. Cookies are pieces of information that a website transfers to your computer’s hard disk for record keeping purposes and are a necessary part of facilitating online transactions. Most web browsers are set to accept cookies. Cookies are useful to estimate our number of visitors and determine overall traffic patterns through our websites.

We may also collect statistical information regarding the use of our Online Platforms, including the domains from which website users visit, IP addresses, the dates and times of visits, activities undertaken on our Online Platforms and other clickstream data. In addition, we sometimes use web beacon technology to monitor internet activity on our websites. A web beacon is a clear-pixel image that generates an anonymous de-identified notice of a websites visit when viewed. A web beacon usually works in conjunction with a cookie.

If you do not wish to receive any cookies you may set your browser to refuse cookies. This may mean you will not be able to take full advantage of the services on our Online Platforms. If you set your browser to refuse cookies, a web beacon may still be able to generate a notice of your visit but it will not be associated with the information contained in cookies.

Third party links

Many of our Online Platforms may contain links to third party websites or platforms. These linked sites are not under our control and we are not responsible for the content of those sites nor are those sites subject to our Privacy Policy. Before disclosing your Personal Information on any other platform, we recommend that you examine the terms and conditions and privacy policy of the relevant platform. Please note that we are not responsible for any practices on linked platforms that might breach your privacy.

Employment and recruitment

This Privacy Policy does not apply to our handling of information about employees.

If you send us an application to be considered for an advertised position (or unsolicited), this information will be used to assess your application or suitability for employment with us. This information may be disclosed to our related bodies corporate and service providers for purposes such as aptitude and psychological testing or other human resources management activities.

As part of the application process, you may be asked for your specific consent to the use and disclosure of certain Personal Information about pre-employment testing. We may also ask you to consent to the disclosure of your Personal Information to those people who you nominated to provide references. A refusal to provide any of this information, or to consent to its proposed disclosure, may affect the success of the application.

Notifiable data breaches

A notifiable data breach scheme is currently in place in Australia. We are committed to adhering to this scheme as an important step in preventing and managing serious privacy breaches.

A “data breach” means unauthorised access to, or disclosure, alteration, loss, or destruction of, Personal Information—or, an action that prevents us from accessing Personal Information on either a temporary or permanent basis. An “eligible data breach”, in accordance with the Privacy Act, occurs when there is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates and we are unable to prevent the likely risk of serious harm with remedial action.

We, including all our people, take breaches of privacy very seriously. If we suspect a privacy breach has occurred, our priority is to contain and assess the suspected breach. In doing so, we will:

take any necessary immediate action to contain the breach and reduce the risk of harm;

determine the cause and extent of the breach;

consider the types of information involved, including whether the personal information is sensitive in nature;

analyse the nature of the harm that may be caused to affected individuals;

consider the person or body that has obtained or may obtain personal information as a result of the breach (if known); and

determine whether the Personal Information is protected by a security measure.

If we believe an eligible data breach has occurred we will, as soon as practicable, notify the Commissioner and all affected individuals or, if it is not possible to notify affected individuals, provide public notice of the breach (in a manner that protects the identity of affected individuals).

Changes to our Privacy Policy

Over time, aspects of our business may shift as we respond to changing market conditions and legislative obligations. This may necessitate our policies to be reviewed and revised. We reserve the right to change this Privacy Policy at any time and notify you by posting an updated version of the policy on our Online Platforms. In light of this, we strongly recommend that you review our Privacy Policy each time you visit or use our Online Platforms or provide us with any of your Personal Information.

Contacting us

If you have any inquiries or complaints about how we handle your Personal Information, or if you have any questions about this Privacy Policy, we welcome you to get in touch with us by contacting our Privacy Officer at:

Attention: Privacy Officer

Email: [email protected]

We will endeavour to assess and respond to your query within 30 days. More information about your rights and our obligations in respect to privacy and information on making a privacy complaint are available from the Office of the Australian Information Commissioner at:

Website: www.oaic.gov.au

Post: GPO Box 5218

Sydney NSW 2001

Email: [email protected]