Devil’s Corner, ABN 56 005 349 235 and its associated entities (collectively Devil’s Corner, we, us, or our) is committed to protecting the privacy of individuals’ personal information.
What is personal information?
“Personal information” is information or an opinion about an identified person, or information from which a person could reasonably be identified. That is regardless of whether the information or opinion is true, and whether or not it is stored in a material or intangible/electronic form.
We do not collect “sensitive information” without your consent. When we refer to “sensitive information” we mean information about a person’s racial or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, political, professional, trade association or trade union memberships, sexual orientation or practices, criminal records, or health, genetic or biometric information or templates.
COLLECTION OF PERSONAL INFORMATION
From whom do we collect your personal information?
We may collect your personal information:
- directly from you(for example, this may occur when we contact you, enter into contracts or arrangements with you, when you attend events arranged or sponsored by us, visit our websites, cellar doors or wineries, when you use our free Wi-Fi networks, when you post about us on social media or when you enter a competition);
- from publicly available sources and databases(for example, this may occur if it is unreasonable or impractical for us to collect the personal information directly from you, because we have provided you with a reasonable opportunity to supply personal information which we reasonably require for our activities, but you have only partially provided it, or not at all);
- through statutory, regulatory and other governmental processes;and
- from third partieswho you have authorised to provide us with personal information.
What types of personal information do we collect?
Depending on how you interact with us, we may collect the following personal information from you:
- Contact details– if you contact us or use our free Wi-Fi networks, we may collect details which include your name, street/postal address, email address and telephone number.
- Epicurean member details– if you submit a membership application form and/or subsequently interact with us, such as through our website, by email or at Epicurean member events, we may collect your abovementioned contact details, government identifiers (such as your driver’s licence number), demographic (age, gender, vocation, educational history), interests and our history of interactions or dealings with you.
- Member surveys– we may collect details about a range of issues relating to your interest in wines and the Epicurean Club, such as wine preferences, qualities sought in a wine, purchase locations and feedback on our activities.
- Visitor information, images and videos– if you visit our cellar doors, restaurants, wineries and hosted events (eg. wine and food festivals or dining functions) we may collect your abovementioned contact details, reservation details when making bookings, as well as travel details provided when you visit as a member of a tour group. From time-to-time we will collect photographs and video footage of visitors.
- Restaurant diner information– if you dine at our restaurants, we may collect your abovementioned contact details, reservation details when making bookings, travel details and meal preferences. For larger bookings and functions we may also collect credit card details.
- Customer sales information– when you purchase goods and services from us, whether in person or through our website, we may collect your abovementioned contact details, demographic, credit card details and items purchased.
- Competition entrant details– if you enter our competitions, we may collect your abovementioned contact details.
- Acquisition of other businesses– if we acquire the assets or shares of another business to whom you have disclosed your personal information, such transactions generally involve the disclosure of personal information from the vendor organisation to Devil’s Corner, either as part of the due diligence process or as a result of a transfer of assets. In such instances, Devil’s Corner collects the personal information held by the newly acquired business.
If you attend any of our sites, facilities or offices (such as our cellar doors, restaurants, wineries, vineyards or bottling or packaging facilities), we may use closed-circuit television cameras and other photographic equipment to record:
- your image;
- the date and time of your attendance; and
- your actions whilst at the relevant site.
Unsolicited personal information
If we receive unsolicited personal information, we will assess whether we would have been entitled to collect that personal information. If we would not have been entitled to collect that personal information, we will destroy or de-identify it as soon as practicable (provided that it is lawful and reasonable to do so).
We collect personal information when individuals communicate with, or purchase products from, us through our website, such as contact details, items purchased, credit card details and other information you choose to provide. Payment details provided through our website are processed through a secure server.
When you access our website, we may receive information about you via a ‘cookie’. A cookie is a piece of information that our web server may send to your computer when you visit the website. The cookie is stored on your machine, but does not identify you or give us any information about your computer. A cookie helps us to recognise when you re-visit the website, and helps us to optimise your experience. Through the use of sessional cookies, we collect information such as Internet Protocol ‘IP’ addresses, device IDs, MAC addresses, browser information, installed software, hardware type, access date and time, number of visitors, pages viewed, types of transactions conducted, time spent on the website and documents downloaded. We use this information to evaluate the performance and effectiveness of our website.
STORAGE AND SECURITY OF PERSONAL INFORMATION
How do we secure your personal information?
We take all reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We maintain physical, electronic, and procedural security measures to safeguard personal information including using appropriate computer system and network security;
- where appropriate, specifying the confidentiality of your personal information in contracts with our partners with whom we exchange information;
- having contingency plans for assessing critical system functions and establishing data backup, disaster recovery and emergency mode operations;
- having formal, documented policies and procedures for the receipt, storage, processing and distribution of personal information;
- imposing information access controls, including policies and procedures for access to our system and the various kinds of data it contains;
- having policies and procedures for internal information systems auditing;
- documented system and data authorisations, security clearance policies and procedures, and security training for affected staff; and
Storage of personal information in the Cloud
Personal information may be stored in the Cloud (that is, computer servers connected to one another via the Internet). To assist Devil’s Corner to store and access your personal information on the Cloud, we may store your personal information with, or allow it to be accessed by, overseas third parties who provide:
- software and maintenance services for the Cloud
- training services in connection with using and accessing the Cloud; and
- infrastructure/hardware used to access the Cloud.
As those third parties are situated, and store content, offshore, your personal information may be transmitted, disclosed, stored or accessed to/from overseas jurisdictions.
If you proceed to submit your personal information to us, you are consenting to the transmission, disclosure, storage and access of your personal information by third parties in overseas jurisdictions. In that respect, Australian Privacy Principle 8 which ordinarily obliges Devil’s Corner to take reasonable steps to ensure that overseas recipients of your information do not breach the Australian Privacy Principles (except Principle 1) will not apply.
Please note that if any of those overseas recipients handle your personal information in a manner which is inconsistent, or does not comply, with the Australian Privacy Principles:
- to the maximum extent permitted by law, Devil’s Corner will not be accountable under the Privacy Actfor any resulting loss or damage that you may suffer;
- to the maximum extent permitted by law, you will not be able to seek redress against Devil’s Corner under the Privacy Act 1988(Cth);
- the overseas recipient may not be subject to any privacy obligations at all, or to any principles similar to the Australian Privacy Principles;
- you may not be able to seek redress against the overseas recipient in their jurisdiction; and
in holding access to your personal information, the overseas recipient may be subject to foreign laws which compel their disclosure of your personal information to other parties, such as overseas government authorities.
DISCLOSURE OF PERSONAL INFORMATION
We disclose personal information in limited circumstances. Your personal information may be disclosed to:
- our third party service providers, such as payment processors, data entry service providers, marketing agencies, market researchers, mailing houses, electronic network administrators, cloud service providers, debt collectors, and, where necessary, to professional advisers, such as solicitors and accountants;
- other members/entities within our corporate group; and
- governmental authorities or other statutory bodieswhere it is expressly permitted under the Privacy Act, for example, where it is with your consent or where we are legally required to do so, such as pursuant to a court order or warrant.
USE OF PERSONAL INFORMATION
How do we use your personal information?
We may use your personal information for the following purposes:
- to provide our goods and administer our services, including verifying your identity, contacting you about your orders, processing deposits and payments, training our staff and testing our systems;
- to facilitate your participation in our loyalty program, The Epicurean Club and loyalty programs of other program partners;
- to administer your membership account;
- to develop and inform you about events, offers, promotions and our products and services;
- to provide and conduct our competitions, promotions and events;
- to distribute our newsletters and other communications, either ourselves or with the assistance of third party services providers;
- for customer support, including resolving and providing assistance or responding to other enquiries or requests;
- for publication in articles about our functions, in newsletters or on our websites (eg. in respect of your image);
- to conduct marketing activities for our products and services, or products and services of third parties;
- to conduct market and other research and analysis to improve our products, services and marketing activities, including contacting you for feedback about your experience with us;
- to conduct quality audits and for risk management generally; and
- to maintain records and comply with our legal obligations. For example, we use information regarding a person’s age to ensure that we do not supply alcohol to minors.
Do we use your personal information to conduct direct marketing?
We send to our customers, potential customers, Epicurean members’ and persons who access our free Wi-Fi networks, information about our products and services that we consider may be of interest. We also engage third parties to undertake those activities. These communications are sent in various forms, including mail, SMS and email. Where a person has indicated a preference in regards to a method of communication, we endeavor to use that method whenever it is practicable to do so. You can opt-out of receiving marketing communications at any time by lodging a request with our Privacy Officer (details below) or by using opt-out facilities provided in marketing communications. Once we have received your opt-out request, we will remove you from our direct marketing programs as soon as reasonably practicable. We do not trade in, rent or sell your personal information to other parties under any circumstances.
ACCESS TO, AND CORRECTION OF, PERSONAL INFORMATION
How can you access and correct your personal information?
You may request access to your personal information by sending a written request to our Privacy Officer (details below). Upon receiving an access request, we may request further details from you in order to verify your identity. We reserve the right to refuse access to personal information if we cannot verify your identity to our reasonable satisfaction. Access will generally be provided in an appropriate form within 30 days. We may charge a fee for providing access if it requires a significant amount of time to locate your information or to collate or present it in an appropriate form. This fee will be explained to you before it has been incurred. In limited circumstances, and only where it is permitted under the Privacy Act, we may not be able to provide access to information: for example, where it would have an unreasonable impact upon the privacy of others or where we believe your request is frivolous or vexatious.
We will take reasonable steps to ensure personal information we collect and use is accurate, up-to-date and complete. Where personal information is out-of-date or incorrect, you may inform us of this and we will correct it accordingly.
Dealing with us anonymously or using a pseudonym
You can deal with us anonymously or by using a pseudonym if you choose. However, if you do so we may be unable to provide you with accurate or useful information and (in some circumstances) you may not be able to access a full range of our products and services. For example, we may not be able to process your request, sell you alcoholic beverages, provide a definitive response, assess your eligibility for events, offers or promotions, or we may need to ask you further questions and require more time to respond.
Contacting us in regards to privacy matters
If you have any concerns or complaints regarding how we handle personal information, please contact our Privacy Officer. Correspondence should be addressed to:
1 Sherbourne Road, Apslawn, Tasmania, 7190
Phone (03) 6257 8881
We take all complaints seriously and will respond to you within a reasonable period of time, unless we consider your complaint to be frivolous or vexatious.
If a privacy concern or complaint is not resolved to your satisfaction, you can contact the Office of the Australian Information Commissioner.
Last updated: – 01 December 2015.