Who We Are
The website https://www.scandiatmaleny.com (Website) and the Website’s contents, products, materials and services (Services) are owned by Scandi at Maleny ABN 69 730 034 073 (Scandi at Maleny, we, us, our). The term ‘you’ refers to the user or browser of the Website. and in the context of bookings for Scandi at Maleny's premises means the guest making the booking or all guests in respect of the booking.
Our Principles of Information Protection
Transparency: We are committed to being open, honest and transparent about Personal Information.
Trust: We agree only to use Personal Information for the purposes we say we will and for improving the effectiveness and efficiency of our Services as described or provided in and/or contemplated by this Website.
Safety: We are committed to keeping Personal Information provided to us secure.
Responsibility: We accept the responsibility of handling Personal Information.
What Information Do We Collect?
When you visit our Website or use our Services including making a booking for Scandi at Maleny, we collect Personal Information. The type of Personal Information we collect will depend on the circumstances of its collection and the nature of your dealing with us. This Personal Information may include but is not limited to your name, contact details, date of birth, credit and financial information, bank account details, passport or driver's licence details, any medical or allergy information, and preferences and opinions about our Services.
If you make a booking certain Personal Information will also need to be collected in relation to all guests, not just the guest making the booking.
Sensitive information includes information about an individual’s mental and physical health, disability, racial or ethnic origin, criminal convictions, religious affiliation and political affiliation. We will only collect, use or disclose your sensitive information if it is reasonably necessary to carry out our functions or activities, and we have your explicit consent.
Provision of Personal Information under the declaration in connection with Public Health Laws referred to above is considered to be given with explicit consent. This Personal information will be used to determine whether there is any significant risk or if it is not safe to permit guests to commence their stay under a booking for the premises.
The Ways We Collect Your Personal Information
Information you provide to us directly: When you visit or use some parts of our Website and/or Services we might ask you to provide Personal Information to us when you complete an enquiry form, respond to an email offer or to receive a newsletter or participate with us on social media forums. Where appropriate, you will be asked to enter your name, email address, mailing address and/or phone number as well as provide other Personal Information to enable us to provide the Services and give you access to our premises. This will include requests to provide Personal Information to make a booking and as part of our guest registration requirements. On check-in the declaration in connection with Public Health Laws referred to above will be required from all guests. By providing the requested Personal Information you are giving this information to us voluntarily and giving us consent to use, collect and process this Personal Information.
Information we collect automatically: We collect some information about you automatically when you visit our Website or use our Services, like your IP address, device ID, computer and connection information, geo-location information and device type. We also collect information when you navigate through our Website and Services, including what pages you looked at and what links you clicked on. This information gives us a better understanding of how you are using our Website and Services so that we can continue to provide the best experience possible, for example, by personalising the content you see.
We do not set any personally identifiable information in cookies, nor do we employ any data-capture mechanisms on our Website other than cookies. If you prefer, you can choose to disable cookies through your own web browser’s settings or have your computer warn you each time a cookie is being sent. Please note disabling this function may cause some of the features on this Website not to work as well as intended; however, you can still contact us via telephone to obtain our Services.
Information we get from third parties: At times we might collect Personal Information about you from other sources, such as publicly available materials or trusted third parties like our marketing and research partners. If so, we use this information to supplement the Personal Information we already hold about you, to better inform, personalise and improve our Services and to validate the Personal Information you provide.
Where we collect Personal Information, we will only process it to perform a contract with you, to make a booking with you, where we have legitimate interests to process the Personal Information and those interests are not overridden by your rights, in accordance with a legal obligation or where you have provided your consent. If we do not collect your Personal Information, we may be unable to provide you with all our Services, and some functions and features on our Website may not be available to you.
How We Hold Your Personal Information
We hold your Personal Information in encrypted electronic forms, in secure databases or cloud-based platforms that we own and operate or that are owned and operated by our service providers. While we take reasonable steps to protect the security of your Personal Information, data protection and security measures can never be guaranteed. We therefore cannot guarantee the security of your Personal Information.
What Do We Use Your Personal Information For?
We mostly use your Personal Information to operate our Website, provide you with any Services you have requested, including making available our premises for short-term rental pursuant to your booking and entering into a Short-Term Rental Agreement with you for the booking, and to manage our relationship with you and provision of our Services to you. We also use your Personal Information in the following ways:
To communicate with you: We may provide you with information you have requested from us or information we are required to send to you and to respond to your enquiries, comments and applications and bookings.
We may communicate with you about changes to our Website and Services, security updates or for assistance with using our Website and Services. We may communicate about and administer our products, Services, events, online webinars, podcasts, programs and promotions (such as by sending transactional emails if you have made purchases).
We may send you marketing materials we think you may be legitimately interested in, to ask you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).
To personalise your experience: Your Personal Information helps us to better respond to your individual needs and any booking for our premises.
To enhance our Website and Services and develop new ones: By carrying out technical analysis or the tracking and monitoring of the use of our Website and Services, we can improve and optimise your user experience.
To support you and improve customer service: Your Personal Information helps us to more effectively respond to your customer service requests and support your needs whether as a user of our Website or a guest at our premises.
To administer a contest, promotion, survey or other site feature.
To protect you: So that we can make sure everyone is using our Website in accordance with our permitted uses, and so we can detect and prevent any fraudulent or malicious activity.
To market to you: In addition to marketing communications, we may also use your Personal Information to display targeted advertising to you online. Through our own Website, through third-party websites or through social media platforms, we carry out profiling activities to learn more about you and offer you tailored advertising based on your behaviour on our platforms. You can opt-out of Google Analytics® at any time. For more information on opting out of being tracked by Google Analytics® across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
To analyse, aggregate and report: We may use the Personal Information we collect about you and other users of our Website and Services (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties. We may also use aggregated information to improve our Services.
To send periodic emails: The email address you provide may be used to send you information and updates pertaining to any order you may have made or Services you may have used or related services, in addition to sending you occasional Scandi at Maleny news, updates, related product or service information, etc. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
The legal basis for processing your Personal Information as described above will typically be one of the following:
performance of a contract with you or a relevant party; or
our legitimate business interests or compliance with our legal obligations.
Security: How Do We Protect Your Personal Information?
Security is a priority when it comes to your Personal Information. We are committed to protecting the information you provide us. To prevent unauthorised access or disclosure, to maintain data accuracy and to ensure the appropriate use of Personal Information, we have put in place appropriate physical and managerial procedures to safeguard the information we collect.
We use Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive data such as credit card information. SSL encryption is designed to make the information unreadable by anyone but us. This security measure is working when you see either the symbol of an unbroken key or closed lock (depending on your browser) on the bottom of your browser window. However, we cannot guarantee that your Personal Information will always be secure due to technology or security breaches. If we become aware of a high-risk data breach, we will notify you (and the appropriate authority) within seventy-two (72) hours.
How We Can Share Your Personal Information
We may share your Personal Information with third parties whom we trust, whom we are affiliated with and whom we are required to provide it to for the purpose of fulfilling our Services to you, including our online booking system. We do not sell, trade or otherwise transfer your Personal Information to outside parties. However, we may sell, trade or otherwise transfer your Personal Information to third parties who assist us in operating our Website, conducting our business or servicing you, so long as those parties agree to keep such Personal Information confidential. For example, third-party service providers and partners who assist us with the functionality of the Website or Services or to deliver, market or promote our goods and Services to you.
We may use third-party browser and mobile analytics services like Google Analytics® on the Website. These services use tools to help us analyse your use of our Website including information like the third-party website you arrive from, how often you visit, events within the Platforms, usage and performance data and purchasing behaviour. We use this data to improve the Website and provide information, products and Services that may be of interest to you.
We may also release your Personal Information when we believe release is appropriate to comply with the law, enforce our site policies or protect our or others’ rights, property or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising or other uses.
We may be required to provide your Personal Information to regulators, law enforcement bodies, government agencies, courts or other third parties where it is necessary to comply with applicable laws or regulations or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure.
Your Personal Information may be shared with an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business. We will only disclose your Personal Information to other third parties where we have obtained your consent.
Direct marketing means using your Personal Information to contact you via the phone, SMS or email to promote our Services. You acknowledge that by providing us with your Personal Information, we, our related entities and/or business partners may contact you to promote and market our respective products and Services. You can opt-out from being contacted by us, our related entities or business partners for direct marketing by emailing us at email@example.com at any time to receive a Personal Information Request or Preference Update Form, or you can follow the unsubscribe instructions contained in the email communication.
Data Controller and Data Processors
We are the data controllers as we are collecting and using your Personal Information. We use trusted third parties as our data processors for technical and organisational purposes, including for payments and email marketing. We make all reasonable efforts to ensure our data processors are GDPR-compliant.
International Data Transfers
In order for us to provide products and our Services to you, your Personal Information will be collected and processed in Australia. By providing us with your Personal Information, you consent to us using third parties located overseas to store your Personal Information and acknowledge Australian Privacy Principle 8.1 does not apply to any such use. When we share data (to the extent that we do from time to time), it may be transferred to, and processed, in countries other than the country you live in.
Where data is shared with third-party data processors in other countries, we put reasonable safeguards in place to ensure your Personal Information remains protected. However, we note that your Personal Information will be captured, transferred, stored and processed in accordance with their policies, practices and in compliance with their local regulatory laws.
For those in the European Union (EU), this means that your data may be transferred outside of the European Economic Area (EEA). Countries outside of the EEA do not always offer the same levels of protection to your Personal Information so European law has prohibited transfers of Personal Information outside of the EEA unless the transfer meets certain criteria. Whenever we transfer your Personal Information out of the EEA, we do our best to ensure a similar degree of security of the data.
Where your Personal Information is transferred outside the EU, it will only be transferred to countries that have been identified as providing adequate protection for EU data or to a third party where we have approved transfer mechanisms in place to protect your Personal Information. If we use US-based providers that are part of the EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place. If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We will always provide you with the ability to opt-out of our communications by selecting the unsubscribe link at the bottom of all emails or by emailing us at firstname.lastname@example.org. We will not share your email address without your consent.
We may provide links to other websites on our Website. We have no responsibility or liability for the content and activities of any other individual, company or entity whose website or materials may be linked to our Website or its content, and thus we cannot be held liable for the privacy of the information on their website or that you voluntarily share with their website. Please review their privacy policies for guidelines as to how they respectively store, use and protect the privacy of your Personal Information.
Children’s Online Privacy Protection Act Compliance and Minors
We do not knowingly collect any personally identifiable information from anyone under sixteen (16) years of age online in compliance with COPPA (Children’s Online Privacy Protection Act (USA)), the Australian Privacy Act 1988 (Cth) and the GDPR (General Data Protection Regulation of the European Union).
Under our Website Terms and Conditions if you are under the age of eighteen (18), you must ask your parent or guardian for permission to use this Website.
We will retain your Personal Information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we will make sure it is deleted or is converted to aggregate data.
You have the right to ask us not to send you marketing emails at any time by emailing us at email@example.com to receive a Personal Information Request or Preference Update form, or you can simply follow the unsubscribe instructions contained in the email communication.
You have the right to know what Personal Information we hold about you, and to make sure it is correct and up to date.
You have the right to request a copy of your Personal Information or ask us to restrict processing your Personal Information or delete it.
You have the right to object to our processing of your Personal Information.
You have the right to ‘be forgotten’ and request we erase your Personal Information.
You can exercise these rights at any time by sending an email to firstname.lastname@example.org and we will respond to you within thirty (30) days.
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one (1) month. Occasionally it may take us longer than one (1) month if your request is particularly complex or you have made several requests. In this case, we will notify you.
If you wish to make a complaint you can email us at email@example.com. We will review and investigate your complaint and get back to you.
You can also submit a complaint to the Privacy Commissioner or local authorities, which will advise you on how to submit a formal complaint.
LEVY & W. IS AN INCORPORATED LEGAL PRACTICE ACN 622 416 488 | LEVYW.COM
Liability limited by a scheme approved under Professional Standards Legislation.
©THIS DIGITAL DOCUMENT IS SUBJECT TO COPYRIGHT.
UNAUTHORISED USE, MODIFICATION, REPRODUCTION, TRANSFER OR PART THEREOF, IS STRICTLY PROHIBITED.