Privacy Policy

Canterbury-Hurlstone Park RSL Club Ltd

1.      Purpose

Canterbury-Hurlstone Park RSL Club Ltd ABN 56 000 967 199 (the Club, 'we' or 'us') aims to protect the privacy of the personal information that we collect and hold whilst carrying out our activities.  "Personal information" is any information or opinion that is capable of identifying a person.

This policy applies to personal information collected from and about members and guests, other customers, staff, suppliers and any other person whose personal information the Club may collect from time to time. 

The Club is bound by the Australian Privacy Principles (Principles) established under the Privacy Act 1988 (Cth) (Act).  This statement has been developed as part of the Club's efforts to comply with its obligations under that legislation.

This statement explains:

·          what types of personal information we might collect;

·          how we aim to use personal information;

·          when we will disclose personal information to others;

·          how we manage and secure personal information;

·          how you can access and seek to correct personal information that we hold about you; and

·          how you may make a complaint if you think that we have breached the Principles.

This statement does not form part of any contract.

From time to time, we may review and update this statement – for example, to reflect changes to the law or our company.  We will publish any changes to this policy on our website.  By continuing to use our products and services and website or by continuing to provide us with your personal information after these changes have been published, you confirm your acceptance of these changes.  We suggest that you visit our website regularly to keep up to date with any changes. 

The Principles do not apply to employee records.  As a result, this statement does not apply to the Club's treatment of employee records, where the treatment is directly related to a current or former employment relationship between the Club and an employee.

The separate privacy policy for Anytime Fitness can be found on the website: http://www.anytimefitness.com.au/gyms/AU-1271/hurlstone-park-nsw-2193

2.     What types of personal information do we collect?

The Club aims only to collect 'personal information' (as defined under the Act) that is reasonably necessary for our activities.  The types of personal information that we collect will depend on the nature of the interaction between you and the Club, and where and how we collect the information. 

As a registered club, we have a legal responsibility to collect certain information about our members and guests pursuant to state and federal legislation including without limitation the Registered Clubs Act 1976 (NSW) (Registered Clubs Act), Corporations Act 2001 (Cth) (Corporations Act), Gaming Machines Act 2001 (NSW), Liquor Act 2007 (NSW), Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and Work Health and Safety Act 2011 (NSW).

Personal information collected by the Club includes:

·             information about members, guests, people attending club functions, and other customers including names, addresses, email addresses, telephone numbers, other contact details, information about their use of (and preferences in relation to) the Club's products and services, and information pertaining to membership records;

·             information about applicants to, and individuals enrolled in, the Club's registered training organisation 'CMNL Academy' at enrolment including names, addresses, email addresses, telephone numbers, other contact details,  date of birth, citizenship, educational history and prior academic results, work history (if required as a basis of admission), details of parents or guardians (for students under 18 years of age at the time of the enrolment) and credit card details.

·             information collected by the Club’s registered training organisation ‘CMNL Academy’ post enrolment which may identify racial or ethnic origins (including proficiency in languages other than English), information about health or disability (where this is relevant to accommodating specific needs) and membership of professional or industry associations (where required as a basis of admission or for credit transfer/recognition of prior learning).

·             information collected by CMNL Academy from other educational institutions where necessary to verify qualifications and course credits for enrolment and assessment purposes: from an employer if a course of study is being supported or incorporated into employment

·             information about job applicants, staff, and volunteers;

·             your bank, credit card or debit account details when you make a purchase and transaction information we collect related to our services, including the types of services requested or used, order details and payment methods;

·             if you visit our website or use our mobile device applications (Apps), your websites and Apps usage information such as your IP address, dates and times of access, App features, pages viewed or system activity;

·             geolocation information – depending on your App settings or device permissions, we may collect your precise or approximate information as determined through data such as GPS, IP address and Wi-Fi including when the App is running in the foreground (App open and onscreen) or background (App open but not onscreen) of your device;

·        device information - information about the devices you use to access our services, including the hardware models, device IP address, operating systems and versions, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers, device motion information, and mobile network information;

·        App specific information – depending on the App, we may collect specific information for the use and operation and use of that App; and

·        how often you use any one of our Apps, the events that occur within our Apps, aggregated usage, performance data and where the App was downloaded from; and

·             information about other people who come into contact with the Club such as contractors and suppliers.

If some information that the Club requests is not provided, we may not be able to provide you with our goods and services, or engage you to work at the Club if you are a job applicant.

Some of the information we collect is 'sensitive information' (as defined under the Act), including information about your racial or ethnic origin, religious beliefs or affiliation, or health.  The Act requires us only to collect sensitive information:

·             from you where you consent and it is reasonably necessary for our activities;

·             if the collection is required by law or a court or tribunal order; or

·             if it relates to our Club activities and you are a Club member or have regular contact with us in connection with our activities.

3.     How do we collect your personal information?

We usually collect personal information directly from you, for example when you:

·        enter our premises and sign-in or use one of our digital terminals/ID scanners or manually sign in;

·        correspond with us by e-mail or in writing, deal with us over the telephone or in person, use our facilities (such as food and beverage or sporting facilities);

·        use our services (such as the member loyalty program);

·        use the social media sites used by the Club

·        receive or request sponsorship through programs such as ClubGRANTS;

·        are involved, witness or connected to an incident at the Club or disciplinary proceedings of the Club;

·        obtain, apply for or renew membership of a sub-club of the Club or participate in the activities of a sub-club of the Club;

·        participate in a survey, specific promotion or activity;

·        enrol in courses with our registered training organisation by completing the enrolment form or;

·         make an enquiry through our website or use one of our Apps. 

The Club also collects CCTV footage in some areas of its premises for security purposes.

Sometimes, someone else may provide us with personal information about you, with or without your direct involvement.  For example, we might collect personal information from:

·         a related body corporate of the Club;

·         a local liquor accord, a regulatory authority, or another industry organisation such as Clubs NSW;

·         another organisation of which you are a member, such as a sporting club which uses our facilities;

·         in relation to our registered training organisation, another educational institution that you have attended; or

·         a representative of yours.

Wherever practicable, we will advise you of the information being collected and provide you with an opportunity to refuse the collection of information.

4.     How do we use your personal information?

Information of customers and suppliers

The purposes for which the Club uses a person's personal information include:

·       to verify their identity;

·       creating or updating their account;

·       processing or facilitating payments for goods or services;

·       to facilitate their participation in our member loyalty program;

·       improving our website or Apps;

·       to provide them with our services and/or products, for our activities (such as registered club community, social, sporting and recreational activities), and to answer enquiries about these functions;

·       to communicate with them;

·       to provide information about other activities, products or services the Club considers would interest them (which they can tell the Club not to do at any time);

·       to help the Club to properly operate its business, for example to improve its products or services, for security purposes, to train our staff and contractors, or to undertake marketing activities; and

·       to comply with our legal obligations (for example, liquor & gaming laws and Anti-Money Laundering & Counter Terrorism laws).

If we collect your personal information for any other purpose, we will generally let you know that purpose at the time we collect the information.

Information of job applicants, staff members and contractors

The Club collects personal information of job applicants, staff and contractors for the primary purpose of assessing and (if successful) engaging or employing the person, as the case may be. The purposes for which the Club uses such personal information include:

·       managing the individual's employment or engagement;

·       insurance purposes;

·       ensuring that it holds relevant contact information; and

·       satisfying its legal obligations.

Information of volunteers

The Club also collects personal information about volunteers, to enable them to work with us.

Information of CMNL Academy students

CMNL Academy will only use your information for the following purposes:

  • Day-to-day administration

  • To satisfy the RTO legal obligations and allow the RTO to discharge its duty of care

  • To comply with legal and regulatory obligations, including disclosure and reporting to Commonwealth, State and Territory government agencies for planning, evaluative, and administrative purposes including but not limited to:

    • Australian Skills Quality Authority

    • NSW Department of Industry

    • National Centre for Vocational Education Research (NCVER)

    • FSS and RSA/RCG to report back to NSW authorities including the NSW Food Authority and the Office of Liquor, Gaming and Racing

  • To provide progress reports to your employer (funded traineeships only)

  • For students under 18 years of age, information regarding attendance, progress and general well-being may be provided in order to keep parent/s and /or guardian/s adequately informed.

Students of  CMNL Academy have the right to access your personal information recorded at any time and provide any necessary corrections.

 

5.     When will we disclose your personal information to others?

The Club aims to confine its disclosure of personal information to the primary purpose for which it has been collected, or for a related purpose.  This means the Club will usually only disclose personal information in connection with our business, our administrative functions, and our registered club community, social, recreational and sporting activities.  This includes when disclosure is necessary to: provide you with a product or service that you have requested; help us with the running of the Club; or for compliance with our legal obligations (for example, disclosing information of prospective members on the Club's noticeboard).

Sometimes the Club may also disclose your personal information outside the Club for the purpose for which the information was collected, or for a related purpose – for example when disclosure is necessary to: provide you with a product, service or activity you have requested; help us with the running of the Club; or for security reasons.

We may provide your personal information to:

·       outsourced service providers who perform functions on our behalf or provide services to us, such as providing security services, conducting market research, providing email and mail handling services, and providing professional advice to the Club;

·       authorised representatives of the Club who sell products or provide services on our behalf;

·       our related bodies corporate;

·       anyone authorised by you to receive your personal information (your consent may be express or implied and can be withdrawn at any time);

·       an actual or prospective amalgamation partner in the event we engage in an amalgamation process with another registered club, or, an actual or prospective purchaser in the event we sell any part of our business which is not a registered club operation; and

·       anyone to whom we are required or authorised by law to disclose personal information.

We generally require third parties only to use your personal information for the specific purpose for which it was given to us and to protect the privacy of your personal information.  We will only disclose your personal information to third parties on the basis that they agree with us to keep your information confidential (except where we are authorised or required by law to disclose the information).

Otherwise, the Club would only share personal information, including sensitive information, with a third party if the Club has a belief that its use and/or disclosure is necessary:

·       to lessen or prevent threats to health, life or safety of any individual;

·       to investigate unlawful activity or serious misconduct within the Club;

·       to assist enforcement bodies, such as the police, with their activities;

·       to assist in locating a missing person;

·       to establish, exercise or defend a legal or equitable claim; or

·       for the purpose of confidential alternative dispute resolution.

Consent

You consent to us disclosing your personal information to the third parties listed above, and similar organisations who may in turn provide your information to other third parties (for example, for marketing purposes).  You can withdraw your consent at any time by informing us in writing that you withdraw that consent (except where we are authorised or required by law to disclose the information).

If you do not permit the disclosure of some personal information as the Club requests, then the Club may not be able to meet its legal obligations and may not be able to do business with you or engage you to work at the Club.  If this is the case, we will let you know.

Sending information overseas

We may use cloud-based service providers that store or process personal information outside Australia. Where this occurs, we will take reasonable steps to ensure the overseas recipient protects the information in accordance with the Australian Privacy Principles, including conducting due-diligence and implementing appropriate contractual and security measures. We aim to store personal information within Australia where practical, but some services may require overseas hosting. We will only transfer information overseas where necessary for our operations or with your consent. As our systems evolve, the countries in which data may be stored may change; details are available on request. 

Please note that if you agree to your information being put on our Website or on our social media pages, then this information could be accessed by anyone in Australia and by persons in other countries. 

6.     The Club's website and use of our Apps

When you visit the public pages of our website or one of our Apps, our website server and App use make a record of your visit and logs the following information:

·       your IP ('Internet Protocol') address (which, in general terms, is a unique identifier assigned to your computer when it is connected to the Internet);

·       search terms used;

·       the operating system and Internet browser software you are currently using; and

·       the data that you download, and the time that you download it.

This information cannot be used to identify you and is only used for statistical purposes to help us identify what parts of our website our users visit the most, which assists us to determine how to improve our services.  We do not collect personal information from visitors on our website other than what is supplied to us on a voluntary basis.  We use 'cookies' on our website, which are a mechanism to keep track of certain information and make the browsing experience more responsive.  However, this information does not identify the user, so our obligations in relation to personal information do not apply to the information that we collect via cookies.

If you contact us through our website or email us, the Club will only use your personal information to respond to your request or answer your queries. We will not add your email address to our mailing list without your consent.

Other websites or Apps

To the extent that our website or Apps contain links to sites or Apps operated by third parties, including other organisations, those linked websites or linked Apps are not controlled by us and we are not responsible for the privacy practices of the site operators.  Before you disclose your personal information to any linked websites or Apps, we advise you to examine their privacy policies and terms and conditions of use.

7.     How we manage and secure personal information

We have appointed a Privacy Officer to be responsible for the management of personal information that we collect.  The Club's staff are required to respect the confidentiality of all personal information and the privacy of individuals, and we have directed our staff that personal information must be dealt with in accordance with this statement.

The Club has security systems in place which are intended to protect your personal information from misuse, loss, unauthorised access, modification or disclosure by the use of various methods.

If the Club receives personal information about you which it did not request and which it does not reasonably require, the Club may destroy or de-identify this information where appropriate.

If you reasonably believe that there has been an unauthorised use or disclosure of your personal information, please contact our Privacy Officer whose contact details are at the end of this statement.

8.     Updating personal information that we hold about you

The Club aims to keep all personal information that we hold accurate, complete and up-to-date. We encourage you to tell us if you change your contact details. If you believe that the information we hold about you is incorrect, incomplete or out-of-date, please contact us - our contact details are at the end of this statement.

9.     How you can access personal information that we hold about you

Under the Act, an individual generally has the right to obtain access to any personal information which the Club holds about him/her and to advise the Club of any perceived inaccuracy in that information.  We will provide you with access to your personal information requested within a reasonable period after the request is made, usually not exceeding 30 days.  There are some exceptions, and in some circumstances the Act entitles the Club to deny access.  For example if providing access would impact unreasonably on the privacy of others or prejudice negotiations in which we are involved.  We may also refuse access where permitted or required by law, including situations where providing access would be unlawful, would prejudice an investigation, or would constitute “tipping off” under the Anti-Money Laundering and Counter-Terrorism Financing Act. Access may also be refused where the information forms part of internal due-diligence assessments, risk reviews, or contains confidential evaluative material or opinions about the individual. If we refuse access, we will provide the reason for the refusal unless prohibited by law.

If you are a Club member who participates in our Insignia membership program, we will give you a player activity statement regarding your player card on request.

If you make a request for access to your personal information, we may ask you to verify your identity and specify what information you require.  The Club may charge a fee to cover our costs of locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the Club will generally advise the likely cost in advance. To make a request to access any information that the Club holds about you, please contact us – our contact details are at the end of this statement.

10.  Surveillance and facial recognition

In the interests of security and safety, and the comfort of members and guests, the Club also operates video cameras within the Club's premises.  Video surveillance is stored on our digital recorders which are maintained in a restricted access area and password protected.

The Club has introduced facial recognition technology to assist us in identifying individuals who are  self-excluded from our premises. 

There are designated security cameras throughout the Club's premises which use facial recognition technology to collect and analyse 'faceprints' of selected individuals.  A faceprint is a digitally recorded representation of an individual's face based on the location, size and shape of an individual's facial features. 

By entering the Club’s premises, you consent to the use of facial recognition technology as described in this policy.

Facial recognition technology is used by the Club to enhance the Club’s Harm Minimisation obligations and assist the Club to identify and remove individuals who have been self-excluded. Gaming Machines Act s. 45(4) requires the Club to prevent self-excluded patrons from entering the nominated area of the venue, which is generally either the entire premises or the gaming machine areas. The collection of your digital image is reasonably necessary to enable the Club to effectively fulfil its obligations under Gaming Machines Act s. 45.

When you are at the Club’s premises, a digital image of your face will be analysed by the Club’s facial recognition technology. Designated security cameras on the Club’s premises use facial recognition technology to collect and record a digital image of your face. The digital image will be matched against the Club’s database of individuals who have self-excluded from the Club’s premises.

Images of individuals not identified as self-excluded are deleted immediately and are not retained.

Individuals who are identified as self-excluded from the Club’s premises will be refused entry or asked to leave.

If you have not been self-excluded from the Club, your digital image will be deleted.

If you have been self-excluded from the Club, the Club will collect your digital image from your photo held by the Club (e.g. from the photo on your membership card) and will hold a copy of that digital image while you remain self-excluded from the Club.

The Club has implemented systems to ensure that your personal and sensitive information is securely stored on our networks and protected by authentication log in procedures. The Club runs advanced malware protection systems and takes all reasonable steps to protect personal information from misuse, interference and loss, unauthorised access, modification, destruction and disclosure.

11.  Data breach

If a data breach or suspected data breach occurs, we will undertake a prompt investigation, which will include an assessment of whether the incident is likely to result in serious harm to any individuals.  In such a situation we will comply with the requirements of the Privacy Act which may require notification to the Office of the Australian Information Commissioner (OAIC), the Police and affected individuals.  Please contact us if you have reason to believe or suspect that a data breach may have occurred, so that we can investigate and, if necessary, undertake appropriate containment, risk-mitigation and notification activities as required.

12.  Questions or complaints

If you have a question about this statement, or a complaint about the Club's compliance with the Principles, please contact the Privacy Officer in writing - our contact details are at the end of this statement.  Please allow us a reasonable time to respond to your complaint.  The Privacy Officer will investigate your complaint and respond to you within a reasonable period, depending on the nature of your complaint.  If you are not happy with the Privacy Officer's response, you may contact the CEO Mr Dean Thomas on (02) 9559 0000 or the OAIC whose contact details can be found at: https://www.oaic.gov.au/.

13.  Contact us

For CMNL Academy:

Phone: (02) 9559 0000

Email: info@cmnlacademy.com.au

 

For all other enquiries please contact our Privacy Officer:

Phone: (02) 9559 0000

Email: privacyofficer@cmnl.com.au