Privacy Notice Last Updated: May 10, 2020
Hermitage Estate (“Hermitage Estate”, “we”, “us” and “our”) takes the issue of safeguarding your privacy very seriously. Our Privacy Notice describes what information we collect from retreat guests, prospective guests, as well as visitors to the Hermitage Estate website, and the way in which Hermitage Estate uses this information to better serve your needs.
This Privacy Notice has been adopted by all of the individuals and entities that manage and operate Hermitage Estate. References to “we”, “us”, “our” and “Hermitage Estate” throughout this Privacy Notice, depending on the context, refer collectively to those separate and distinct individuals and entities.
What is personal information?
Personal information is any information about you as an identifiable individual. The personal information that we process includes:
- Identity information – such as name, age, gender, passport information, CCTV images, and publicly available photograph;
- Contact information – such as your home address, zip/postal code, email address and phone number;
- Financial information – such as your credit card details, itemized spending and transaction history;
- Reservation information – such as the type and location of the room you reserve and the dates of your reservations;
- Public information – such as when we review public platforms to understand what you are saying about us or the hospitality industry;
- Technical information – such as information about the device you use to interact with us (including the unique device identifier, hardware model, operating system and version); and
- Correspondence information – when you contact us, such as to send an enquiry or make a request, any correspondence or application may be kept and added to your personal information.
How do we use your personal information?
For each of the categories of personal information described above, we use your personal information for the following purposes:
- to enable you to use our website;
- to help us identify you and any accounts you hold with us;
- to provide superior customer service to you;
- to assist us in making your reservation and providing the services you request at our property;
- to process transactions through our website (including taking payment for purchases you may make through our website) and to assist in any inquiries about your transaction;
- for billing purposes in relation to your stay with us;
- to confirm prior transactions and reconcile statements or invoices;
- to contact you in relation to matters that arise from your stay with us;
- to send you newsletters regarding our property and to advise you of promotions or to inform you of offers or other information that may be of interest to you (if, where required, you separately provide your consent for us to do so);
- to conduct surveys or focus groups to receive your views of our properties and service delivery (if, where required, you separately provide your consent to this);
- to respond to a specific “Information Request” from you about our property and deal with any other enquiries, correspondence, concerns or complaints you have raised;
- for you to participate in one of our on-line promotions;
- to analyse guest trends and insights; and
- to operate our business, including for internal purposes such as auditing, data analysis, statistical and research purposes, staff training and troubleshooting to help us improve our services.
Occasionally we will combine information from a number of Guests to better understand trends and your expectations. When this occurs, all identifiers are removed and the aggregate, anonymized information cannot be linked to any specific individual or group.
On what basis do we use your personal information?
We use your personal information on the following basis:
- to comply with legal and regulatory obligations, including financial reporting requirements imposed by government regulators and our auditors;
- to enter into agreements with you, and to perform our agreement to provide services to you when you stay with us;
- for legitimate business purposes – using your personal information helps us to operate and improve our business and minimize any disruption to the services that we may offer to you. It also allows us to make our communications with you more relevant and personalized to you, and to make your experience of our services more efficient and effective;
- because you have given your consent – at times we may ask for your consent to allow us to use your personal information for one or more purposes. See the Your Rights section for more information about the rights that you have if we process your information on the basis of your consent; or
- for the establishment, exercise or defense of legal claims or proceedings.
How and from what sources is personal information collected?
For each of the categories of personal information and purposes described above, we collect your personal information while monitoring our technology tools and services, including comment cards and email communications sent to and from Hermitage Estate.
Otherwise, we gather information when you provide it to us, or interact with us directly, for example:
- when you create a profile or sign in to access an existing profile on our website or guest portal;
- when you make a purchase through our website;
- when you make a reservation online, by calling our Management Office; and
- during your stay at the Estate, including information provided during check-in.
We also receive information about you from other sources, such as our business partners and publicly available sources. We combine information that we have about you from various sources, including the information that you have provided to us.
Finally, we may collect your photograph from publicly available sources so that we can recognize you in order to provide you with superior customer service.
How do we protect personal information?
We use a variety of security measures and technologies to help protect your personal information from unauthorized access, use, disclosure, alteration or destruction, consistent with applicable data protection and privacy laws. For example, we allow only encrypted communications from all of our web forms, including when you provide your credit card information through our website, of course.
Hermitage Estate stores personal information in a secure location, and we take steps to ensure that only select, designated individuals have access to this information. All staff have signed non-disclosure agreements, preventing the disclosure of any details about the hotel and its guests to any third party outside of the sources stated in the agreement. A copy of our NDA may be obtained by request from [email protected].
We endeavor to protect the privacy of your account and other personal information that we hold in our records, but unfortunately, we cannot guarantee 100% complete security. While we go to great lengths to prevent any such occurrence, Unauthorized entry or use (hacking), hardware or software failure, and other factors, may compromise the security of user information. Also, while we endeavor to put adequate contractual protections in place, we cannot guarantee the security of any personal information in databases hosted by third parties.
It is important to note that any e-mail communication, while violation is unlikely, is not secure. This is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail (for example, from the “Contact Us” section of our website). We recommend that you do not include any confidential information (i.e. credit card information) when using e-mail. For your protection, our e-mail responses to you will not include any confidential information.
Finally, to be prudent, please be sure to always close your browsers when you are done using a form or the reservation site. Although the session will terminate after a short period of inactivity, it is best to close your browsers immediately upon completion, especially when using a public computer.
Will personal information be provided to third parties?
We do not and will not ever sell your personal information.
For each of the categories of personal information, source of information and purposes described above, we may share certain anonymous parts of your personal information with:
- relevant staff of the Hermitage Estate;
- Hermitage Estate Promotional Staff;
- agents or third party service providers of Hermitage Estate who provide services to Hermitage Estate to better serve your needs as a Guest;
- a prospective buyer or investor in the event that we sell the business or assets (under a Non-Disclosure agreement);
- analytics providers and search engine optimisers that assist Hermitage Estate in the improvement and optimization of the website;
- our professional advisors and auditors; and
- local or foreign regulators, governments, courts, law enforcement and national security authorities.
You may advise Hermitage Estate if you do not want personal preferences shared.
Where a third party is engaged by Hermitage Estate to provide services on our behalf, Hermitage Estate requests these parties protect your personal information in a manner consistent with the principles articulated in this Privacy Notice.
In the case of third party agents, the agents’ websites can be consulted for the agents’ policy on the collection, storage and use of your personal information.
If you have chosen to join a subscription list, please note that they are only used for internal purposes and we do not sell or rent our subscription lists to anyone, ever.
If Hermitage Estate suspects any unlawful activity is taking place, it may investigate and/or report its findings or suspicions to the police or other relevant law enforcement agency.
Transfers of your personal information outside your home country
Your personal information may be processed by Hermitage Estate and its trusted third party suppliers anywhere in the world, including in countries where data privacy laws may not be equivalent to, or as protective as, the laws in your home country.
In particular, your personal information will be stored in your guest profile in our Central Reservation System located in Australia, and is available to relevant Hermitage Estate management and senior staff.
We will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country. These measures include data transfer agreements implementing standard data protection clauses. You can find out more about data transfer agreements here.
Accessing, correcting or deleting your personal information
We understand that you may like to know what personal information we hold about you, or to correct or delete certain information we hold about you. We are happy to assist you with your request.
To protect your personal information, we require that you prove your identity to us at the time your request is made. This may involve providing us with information which we hold on file about you (e.g. a home or business address), or we may require you to produce some form of photo or government issued identification.
Hermitage Estate reserves the right to decline a request to access, correct or delete your personal information under certain circumstances as permitted by law. In particular, there may be a variety of legitimate business reasons why we may be unable to delete your personal information and where we are permitted to decline your request to delete your information.
If we decline your request, you will be provided with the reasons.
You may also be entitled to:
- request the restriction of the processing of your personal information, or object to that processing;
- opt out from processing of your personal information for direct marketing purposes;
- withdraw your consent to the processing of your personal information (where Hermitage Estate is processing your personal information based on your consent); and
- request the receipt or transmission to another organization, in machine-readable form, of the personal information you have provided to Hermitage Estate.
You have the right to be free from discrimination (e.g. you will not be penalized) in relation to the exercise of your privacy rights under this privacy notice.
Where you are given the option to share personal information with Hermitage Estate, you can always choose not to do so.
If you do not wish to receive marketing information from Hermitage Estate, you may indicate your wishes upon check-in with us, or send an e-mail to this effect, to: [email protected]. You will always have the ability to accept or decline any form of communication from Hermitage Estate. You may unsubscribe from electronic marketing communications at any time by selecting the “unsubscribe” link included in such communications.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
This could mean that we are unable to perform the actions necessary to achieve the purposes of processing described above (see ‘How do we use your personal information?’) or that you are unable to make use of the services offered by us.
After you have chosen to withdraw your consent, Hermitage Estate may be able to continue to process your personal information to the extent required or otherwise permitted by law.
If at any time you wish to exercise any of these rights, you can do so by:
For hotel Guests, contact our Management:
- via e-mail at [email protected]
- via message at +61 478 883 632
- via letter –
Attention: Hermitage Guest Management
PO Box 363
Alternatively, you can contact our Chief Privacy Officer via the form in the ‘Contact us’ section of the website.
You may make a request through an authorized agent (such as a lawyer). We may request evidence of their authority to act on your behalf.
How long is my personal information retained?
Your personal information will be stored for the period of time required by law in the jurisdiction of any hotel holding the information. This may involve retaining information following your stay. We will delete your personal information once it is no longer required for any of the purposes described above.
We will also keep your personal information where we need to do so in connection with a legal action or an investigation involving Hermitage Estate.
Any financial information Hermitage Estate retains will be protected under the terms of this Privacy Notice.
How is personal information affected by business transactions and/or transfers?
Hermitage Estate currently manages its property directly. If we cease to manage the property, guest information required to process pending reservations and information that is historically shared with the hotel staff is retained by the new property manager. All other personal information remains private and secure with the current Hermitage Estate Managers.
What laws apply to this notice?
Hermitage Estate does business worldwide and is an Australian company incorporated under the laws of the state of New South Wales, Australia. As such, Australia’s Personal Information Protection and Electronic Documents Act applies to our company. We apply the requirements of this law (and any other applicable laws) to how we handle all personal information wherever received, and the Hermitage Estate also complies with the local privacy laws of the jurisdiction where it is located. All transfers of personal information between countries will be subject to the terms of this Privacy Notice and in compliance with these laws.
If you have additional questions regarding the law or if you feel we have not treated your personal information appropriately, you may contact The Privacy Commissioner of Australia at the following address:
The Office of the Australian Information Commissioner
GPO Box 5218
Level 3, 175 Pitt Street (Appointment Only)
Sydney NSW 2001
Tel: +61 2 9284 9749
Fax: +61 2 9284 9666
For translation or disability services, please consult their website:
E-mail: [email protected]
You may also have the right to complain to the local data privacy supervisory authority in your home country.
If you have any questions or concerns regarding this Privacy Notice, please contact our Chief Privacy Officer:
- via e-mail at [email protected]
- via message at +61 478 883 632
- via letter –
Attention: Chief Privacy Officer
PO Box 363