GDPR DATA POLICY - Updated June 2018
Capital Hotels respects your privacy
Capital Hotels and its related entities (together, Capital Hotels, CH, we, us or our) are committed to protecting the privacy of personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy explains how we collect, hold, use, disclose and protect personal information, and how individuals may access and correct their personal information or make a privacy complaint.
This Policy applies to all companies, subsidiaries, divisions and organisations within the Capital Hotels group.
What personal information do we collect?
In the course of our business, Capital Hotels may collect personal information from members of the public, including but not limited to:
The types of personal information we collect may include names, contact details, dates of birth, identification information, financial information, employment details and other information reasonably necessary for our business activities.
How do we collect personal information?
We usually collect personal information directly from you, including when you:
In some circumstances, we may also collect personal information from third parties, such as:
Where personal information is collected from third parties, we take reasonable steps to ensure you are aware of this collection, unless an exception under the Privacy Act applies.
How do we use personal information?
We use personal information only for purposes reasonably necessary for our business operations, including to:
Where required, we will obtain your consent before using personal information for marketing or other secondary purposes.
Disclosure of personal information
We do not sell personal information or provide it to mailing list companies.
In the ordinary course of business, we may disclose personal information to:
We take reasonable steps to ensure third parties handle personal information in a manner consistent with this Privacy Policy and the APPs.
Sensitive information
“Sensitive information” includes information about health, biometric data, criminal history or other matters defined under the Privacy Act.
Capital Hotels collects sensitive information only where reasonably necessary and where required or permitted by law (for example, medical information provided by job applicants). Sensitive information is used strictly for the purpose for which it was collected or a directly related purpose.
Tax File Numbers and credit-related information are handled in accordance with specific legislative requirements.
Overseas disclosure
In some circumstances, personal information may be stored or processed using cloud-based systems or service providers located overseas. Where this occurs, we take reasonable steps to ensure overseas recipients comply with privacy obligations equivalent to those under Australian law.
Storage and security of personal information
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.
Personal information is stored in a combination of secure electronic systems and physical records. Access is restricted to authorised personnel only.
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected or as required by law. When no longer required, personal information is securely destroyed or de-identified.
Data breaches
Capital Hotels complies with the Notifiable Data Breaches (NDB) scheme under the Privacy Act.
In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.
Access and correction of personal information
You have the right to request access to personal information we hold about you and to request correction of inaccurate, incomplete or out-of-date information.
Requests must be made in writing. We may require proof of identity and may charge a reasonable fee to cover administrative costs. If access is refused, we will provide written reasons in accordance with the Privacy Act.
Management and compliance
Capital Hotels has appointed a Privacy Compliance Officer responsible for overseeing compliance with this Policy and the Privacy Act.
Employees who handle personal information are trained in privacy obligations, and breaches of privacy are treated seriously.
Complaints
If you believe Capital Hotels has breached this Privacy Policy or the Privacy Act, you may lodge a complaint using the contact details below. We will investigate and respond within a reasonable timeframe.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):
Phone: 1300 363 992
Website: www.oaic.gov.au
Contact details
Attention: Rachael Batkovic, General Counsel
Email: rachael@kappelle.com.au
Tel: (02) 6250 9189
Fax: (02) 6248 7866
Address: PO Box 215, Hall ACT 2618
Updates to this Policy
This Privacy Policy is reviewed periodically to reflect changes in laws, technology and business practices.
Last updated: 1 July 2025
