The Company is bound to comply with the Privacy Act 1988 and the Australian Privacy Principles (“APPs”) that regulate the handling of personal information about individuals.
1. Management of Personal Information
(a) From whom do we collect information?
From time to time the Company will collect personal information from website users, customers, Dimmi Pty Limited, suppliers, recruitment agencies, employees, contractors and other individuals.
(b) Types of information we collect
The type of personal information that may be collected will depend on our relationship with the person, and the circumstances of collection. Information collected from individuals may include the following:
• name, gender and date of birth;
• residential address, email address, facsimile number and contact telephone numbers; • details restaurant bookings, what was ordered and how much money was spent;
• financial information, including bank account details and credit / debit card details so we can make and receive payments;
• details about website users including information which is automatically provided by your browser to our servers for example information about your website visit, browsing of, and use of our website; and
• employment and contractor information such as resumes, third party references, superannuation details, tax file numbers, emergency contact details and employee or contractor records.
(c) How we collect information
How we collect personal information will largely depend on whose information we are collecting. If it is reasonable and practical to do so, we collect personal information directly from you.
We may collect information about you when you:
• make a booking or dine at Ripples Milsons Point restaurant;
• engage us for the provision of services;
• request information from us;
• interact or conduct business with us;
• telephone, email or write to us;
• visit our website;
• contact us or input information through our website;
• register to receive newsletters and other information from us;
• register for special events or promotions; • enter contests, respond to surveys or provide feedback to us;
• post information or photos on social media channels or on any forum that reference Ripples Milsons Point;
• apply for employment with the Company; or
• have a face to face meeting with a representative of the Company.
As well as collecting information directly from an individual, there may be occasions when we collect information from a third party. We may collect personal information from:
• entities that are Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)) of Ripples Milsons Point Pty Ltd;
• Dimmi Pty Limited and other third parties who make enquiries or bookings on your behalf; and
• independent sources.
We will however only collect information from third parties where it is not reasonable and practical to collect the information from you directly.
(d) Gathering and combining personal information
Improvements in technology enable organisations to collect and use personal information to get a more integrated view of individuals, and to allow them to provide better products and services to individuals.
We may combine information made available from a variety of sources. This enables us to analyse the data in order to gain useful insights, which can be used for the purposes set out in Section 1(g) of this Policy.
(e) Unsolicited Information
Sometimes we may be provided with your personal information without having sought it through our normal means of collection. We refer to this as “unsolicited information”. Where we collect unsolicited information we will only hold, use and / or disclose that information if we could otherwise do so had we collected it by normal means. If that unsolicited information could not have been collected by normal means then we will destroy, permanently delete or de-identify the information as appropriate.
(f) How we store information
Personal information is stored and held in a combination of hard copy and electronic files maintained by the Company.
Personal information is only accessible by officers and employees of the Company, unless it is disclosed to another party in accordance with this Policy.
The Company takes all reasonable steps to protect personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure by using industry standard software protection programs.
(g) How is personal information used?
Personal information is used by the Company for the purpose of marketing and conducting our business.
Our uses of personal information include, but are not limited to:
• establishing your identity;
• managing our relationship with you;
• creating and responding to booking requests;
• creating personal customer profiles;
• identifying restaurants, services and events that we think may be of interest to you;
• sending newsletters, publications and other promotional information to you;
• providing you with updates in relation to promotions, special events and other activities;
• providing services to you;
• conducting and improving our business and services;
• collecting and making payments;
• in the case of employees:
Ø to pay your wages and employee entitlements; and
Ø to manage your employment relationship with us;
• in the case of contractors:
Ø to pay your contractors fee; and
Ø to manage your contractor relationship with us; and
• complying with our legal obligations, and assisting government and law enforcement agencies and/or regulators.
We may also need to collect personal information in order to comply with our legal obligations, such as the Anti-Money Laundering and Counter-Terrorism Financing laws, under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
(h) Direct Marketing
We disclose personal information to Prophetable Hospitality Pty Ltd trading as Sydney Restaurant Group (Sydney Restaurant Group) to enable that entity to conduct direct marketing on behalf of the Company and other entities that have a connection with the Sydney Restaurant Group. We may also use your personal information to engage in direct marketing activities.
Direct marketing activities undertaken by the Sydney Restaurant Group and / or by the Company may include distribution of newsletters, promotional information and correspondence advising you about special events. If you do not want to receive emails and/or other communications from us you can tell us by contacting us as detailed in this Policy or as detailed in any direct marketing communication that you receive from us.
If you do not want to receive emails and/or other communications from the Sydney Restaurant Group you can contact the Sydney Restaurant Group as detailed in any direct marketing communication that you receive from the Sydney Restaurant Group.
(i) Sensitive Information
Sensitive information is a type of personal information and includes information about an individual's health (including predictive genetic information), racial or ethnic origin, political opinions and religious beliefs or affiliations. We do not collect sensitive information.
(j) Disclosure of information
Personal information may be disclosed to employees and agents of the Company, to enable them to provide services to customers of the Company and others.
It may be necessary for us to disclose your personal information to certain third parties in order to assist us with one or more of our functions or activities, or where permitted or required by law. Third parties may include:
• entities that are Related Bodies Corporate (as defined in the Corporations Act 2001(Cth)) to Ripples Milsons Point Pty Ltd;
• Sydney Restaurant Group;
• those to whom we outsource certain functions, for example information technology support;
• auditors and insurers;
• government and law enforcement agencies and regulators; and
• entities established to help identify illegal activities and prevent fraud.
We may disclose your personal information from time to time, only if one or more of the following apply:
• you have consented;
• you would reasonably expect us to use or disclose your personal information in this way;
• we are authorised or required to do so by law;
• disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety;
• we are permitted pursuant to Section 16A of the Privacy Act 1988 (Cth); or
• disclosure is reasonably necessary for a law enforcement related activity.
(k) Cross-border disclosure of personal information
The Company does not generally send any personal information to overseas entities.
We may only transfer personal information to a foreign recipient (including when an overseas entity accesses the information in Australia), if:
• we reasonably believe that:
Ø the recipient is subject to law, or a binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the APP’s; and
Ø there are mechanisms that the individual can access to take action to enforce that protection of the law or binding scheme;
• the disclosure is required or authorised by or under an Australian law or a court/tribunal order;
• the transfer is necessary for the performance of a contract with the individual (from which the information was collected);
• the transfer is for the benefit of the individual (and the other APP requirements are met); or
• if the individual consents to the transfer.
Where disclosure is to be made to a known overseas entity, we will take reasonable steps to assess the privacy laws of the country where information will be disclosed to determine whether the overseas recipient is required to comply with privacy laws that are at least as stringent as the APP requirements in relation to information. We may enter into a written contract with the overseas recipient to enable us to enforce protection of the personal information that we provide to the overseas recipient, and ensure that the overseas entity does breach the APPs.
(l) Social Media
There may also be occasions when we collect personal information (to the extent it is available) from publicly available sources, including social media platforms such as Facebook or Twitter. Sometimes, we may provide content and services on a range of platforms (including social media networks) with interactive features to which you may contribute. If you post your personal information in publicly accessible places or social media platforms, your personal information will become publicly available (subject to, where applicable, any privacy settings you have in place in social media platforms). We will not be responsible for the protection of personal information you choose to publish this way.
(m) Security of information
The Company will take reasonable steps to protect the personal information the Company holds from any misuse, loss, modification, disclosure or unauthorised access. For example, personal information is retained in secure hard copy and electronic files, and is only accessible by staff on a need to know basis.
Some of the security measures implemented by us to secure personal information include using firewalls, standard software protection programs, pass word access protections, secure servers and encryption of credit card transactions.
However, since no system is 100% secure or error-free, we cannot guarantee that your personal information is totally protected, for example, from hackers or misappropriation. You acknowledge that the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. You provide information to us via the internet or by post at your own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, your personal information where the security of information is not within our control.
(n) Links to other websites
Our website may contain links to other websites. You acknowledge that we are not responsible for the privacy or security practices of any third party (including third parties to whom we are permitted to disclose your personal information in accordance with this Policy or any applicable laws). The collection and use of your information by such third party/ies may be subject to separate privacy and security policies.
If you suspect any misuse or loss of, or unauthorised access to, your personal information, please contact us immediately using the contact details set out below.
(o) Information that is no longer required
If the Company no longer needs the personal information for any purpose for which it may use or disclose the information, and the information does not need to be retained under an Australian law, or court order, the Company will take reasonable steps to destroy or permanently de-identify the information.
2. Who can I contact for further information, to gain access to my personal information or to make a complaint?
(a) Contact Details
Individuals are able to contact the Company and request further information about this Policy, request access to their personal information or make a request that personal information be corrected and/or updated. Individuals are also able to make a complaint about any aspect of this Policy, and/or any aspect regarding the collection or use of information by the Company, including the following:
• the kind of information collected by the Company;
• the collection process; • the purpose for which information is collected;
• how information is held; or
• use or disclosure of information by the Company.
Further information can be requested, access to information can be requested and complaints can be made using the contact details set out below.
Ripples Cafe Pty Ltd
Address: 1 Olympic Drive, Milsons Point NSW 2061
Telephone: 02 9460 0048
(b) Request for correction of information
If an individual requests the Company to correct personal information held in respect to that individual, the Company will take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regarding to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
The Company will respond to a request for correction of personal information within a reasonable period after the request is made. If the Company refuses to correct the personal information as requested by an individual, the Company will provide the individual with a written notice that sets out:
• the reasons for the refusal, except to the extent that it would be unreasonable to do so; and
• the mechanisms available to complain about the refusal. If the Company refuses to correct the personal information, it will keep with the record an indication that the person has requested that the information be corrected.
Complaints in relation to this Policy or the collection of personal information will be investigated by the Company within a reasonable period after the complaint is received. Following an investigation, a response will be provided by the Company to the individual.
If a person is not satisfied with the way in which the Company handles an enquiry or complaint, they can call the Office of the Australian Information Commissioner on 1300 363 992.
The Company may vary this Policy as business requirements or the law changes. The Company will review this Policy on a regular basis and update the Policy as required. If we decide to change our Policy, we will post those changes on this page so that you are aware of the changes.