The Grace Hotel (part of the Federal Hotels International (FHI) Group) and each of its related entities
(together “The Grace, we, us, our”) understand your concern about the privacy of their information when
collected by us.
describes how we treat any Personal Information that we receive. It outlines the type of Personal
Information we collect, how that information may be used, to whom we permit access and how we
protect that Personal Information. Our Policy is part of our ongoing commitment to the protection of your
We are bound by and act in accordance with the Privacy Act 1988 (including the Australian Privacy
Principles (APP’s)). This dedication extends to information or opinions that are collected about an
individual in circumstances where their identity can reasonably be determined. We also recognise and
acknowledge the European Union’s General Data Protection Regulation (‘GDPR’) and, even though it is
unlikely that The Grace needs to be GDPR compliant, we are committed to ensuring the security and
protection of the Personal Information that we process, and to provide a compliant and consistent
approach to data protection.
1. WHAT INFORMATION ABOUT YOU DO WE GATHER?
Information you provide helps us to know and serve you better, which is part of our mission to provide
consistent quality service to our guests.
The types of information we gather are:
- Personal Information means any information (or an opinion) about you from which your identity
is apparent, or can be reasonably ascertained. This includes most information that is stored with
or linked to your name, address, or other identifying features. personal information may also
include Sensitive Information.
- Sensitive Information is a subset of Personal Information and includes (but not limited to) information relating to your health. We rarely collect such information, but it may be necessary if a
guest has particular health or personal needs.
2. HOW DO WE COLLECT PERSONAL INFORMATION?
We collect your personal information in a variety of ways. These include:
- Information You Give Us: We receive and store information you enter on our website or give us in any other way. You may choose not to provide certain information, but then you might not be
able to take advantage of many of our features. We use the information that you provide for such
purposes as reserving a room or any other products we may offer, responding to your requests,
customising your preferences and communicating with you.
- Automatic Information: We receive and may evaluate certain types of information whenever you
interact with us. For example, like many websites, we obtain certain types of information when
your Web browser accesses www.fhihotels.com or www.gracehotel.com.au
- E-mail Communications: We use e-mail addresses for promotional purposes but we will provide
you with the option not to receive such mailings, both in each promotional mailing and on this website. You will, however, receive an auto-generated e-mail confirmation when making a reservation on the Internet, and occasionally from our reservation sales agents for inquiries related to a booking you have made for any of our services and products.
- Information from Other Sources: For reasons such as improving the personalisation of our
services (for example, providing recommendations or special offers that we think will interest
you), we might receive information about you from other sources and add it to your existing
- Social Media: We may collect certain information from your social media account consistent with
your social media settings, when you take part in any social media activities sponsored by the FHI
Group. You may also be subject to the privacy policies of these social media sites and the FHI
Group shall not be responsible for your activities on these social media sites.
- Competitions: In the event you participate in FHI Group’s promotions, contests or sweepstakes,
your name, electronic mail address and other personal information will be collected for
participation, identification and notification purposes.
- Travel agents and booking websites: Travel agents, authorised persons who book accommodation for you and online booking sites, also supply us with your personal data so that
we can provide you with the required services.
3. HOW WE USE YOUR PERSONAL INFORMATION
Your personal information may be used to:
- identify you and to assist you to subscribe to our Website services more easily;
- provide the services you require;
- administer and manage those services, including charging, billing and collecting debts;
- gain an understanding of your information and communication needs in order for us to provide
you with better, more personalised services that are tailored to your needs;
- inform you of ways the services provided to you could be improved;
- conduct appropriate checks for credit-worthiness and for fraud;
- research and develop our services using third party services;
- maintain and develop our business systems and infrastructure, including testing and upgrading of
- inform you of matters about which we believe you may have an interest;
- notify you of our service offerings from time to time; and
- provide or potentially offer our services, provide information about our services, perform our
administrative and marketing operations, comply with legislative and regulatory requirements,
direct marketing by us or our related companies, conduct market research or customer
satisfaction research and identify services that may be of interest to you.
We will not use your personal information for any purpose which is not related to services we provide or may offer to you or to the functionality of our Website. We will not use your personal information in a
manner contrary to this policy, or in a manner not contemplated in this policy, without your prior consent.
4. WHAT ABOUT COOKIES?
Some websites store, as do www.fhihotels.com and www.gracehotel.com.au, information in a small text
file, called a “cookie” on your hard disk.
If you use our Websites or any online facility we confirm that we may utilise tracking software and
cookies. Cookies are pieces of information that a web site can transfer to an individual's computer hard drive for record keeping and allows websites to recognise a user’s device. A cookie will contain the name of the internet location (the domain) from which the cookie has come from and the lifetime of the cookie (a cookie will usually expire after a period of time). Cookies can make using our websites easier by storing information about your preferences on a particular website. This will enable you to take full
Two types of cookies may be used on our websites:
- Session cookies which are temporary cookies that remain in the cookie file of your browser until
you leave the site; and
- Persistent cookies which remain in the cookie file of your browser for much longer (though how
long will depend on the lifetime of the specific cookie).
We use session cookies to allow you to carry information across pages of our site and avoid having to re-
We may use persistent cookies:
- from time to time to help us recognise you as a unique visitor when you return to our Websites and to monitor your use of our Websites;
- to allow us to link you to any of our partners or affiliates should you come to our Websites through a paid advert or banner on a website of an affiliate or partner.
- Most Internet browsers are pre-set to accept cookies. If you prefer not to receive cookies, you can adjust your Internet browser to disable cookies or to warn you when cookies are being used.
5. USE OF WEB BEACONS AND OTHER TRACKING SOFTWARE
Some of our web pages may contain web beacons which allow us to count users who have visited web
pages. Web beacons collect only limited information including a cookie number, time and date of a page
view, and a description of the page on which the web beacon resides. These beacons do not carry any
personally identifiable information and are used to track the effectiveness of a particular marketing
6. DOES THE GRACE SHARE THE INFORMATION IT RECEIVES?
Information about our guests is important for us in order to provide you with maximum comfort and the
legendary experience of staying in The Grace. We may therefore share information amongst the FHI
Group but we will not sell or give away any information to third parties.
7. WHEN WE DISCLOSE YOUR PERSONAL INFORMATION
Your personal information is also collected to promote and market to you other services provided by third
parties which we consider may be of interest to you. Before we do so, we will provide you with an
opportunity to give us permission to release your details to third parties for marketing or promotional
purposes (such as promotional email offers), via an opt-in mechanism. That is, we will send you such
material only if you elect to receive it or if it is provided to you in response to your request. You may also
notify us at any time that you do not wish to receive marketing or promotional material from third parties
by calling us  9272 6888 or by using the Contact Us page to send your request via email.
We will use and disclose information for the primary purpose for which it was collected. We may also use
and disclose personal information for purposes that are related or ancillary to the main reasons we collect
it. For example, we may use your personal information for the purpose of providing you with information
about other services offered by us. We may also be required, by law, to disclose personal information to
law enforcement officers or other persons.
For the purposes set out above (under “How we use your personal information”) we may disclose your
personal information to organisations outside the FHI Group. Where appropriate, these disclosures are
subject to privacy and confidentiality protections. The organisations to which we usually disclose
- your representatives (eg your authorised representatives or legal advisers);
- Customer review websites
- credit-reporting and fraud-checking agencies; our professional advisers, including our accountants, auditors and lawyers;
- government and regulatory authorities and other organisations, as required or authorised by law;
- organisations involved in:
- a transfer/sale of all or part of our assets or business (including accounts and trade
- managing our corporate risk and funding functions; and
- our related companies.
From time to time we may also engage third party contractors to perform some of the services that are
listed under the heading “How we use your personal information” above. In these circumstances we
prohibit the third party contractor from using personal information about you except for the specific
purpose for which we supply it. They must also comply with the Privacy Act 1988.
8. HOW SECURE IS INFORMATION ABOUT ME?
We work to protect the security of your information during transmission by using Secure Sockets Layer
(SSL), which encrypts information you input and which is certified by the Secure Server Certification
Authority. We reveal only the last four digits of your credit card numbers when confirming a reservation.
Of course, we transmit the entire credit card number to the appropriate credit card company for
It is important for you to protect against unauthorized access to your password and to your computer. Be
sure to sign off when you have finished using a shared computer.
We will take all reasonable steps to protect the information we hold from misuse, interference and loss,
and from unauthorised access, modification or disclosure. When information is no longer needed we will
destroy or de-identify it.
We require our employees to protect the confidentiality of information as required by applicable law.
Access to information by our employees is limited to administering, offering, servicing, processing or
maintaining of our products and services. We also maintain physical, electronic and procedural
safeguards designed to protect information. When we share or provide information to other persons or
organizations, we contractually obligate them, if required by law, to treat information as confidential and
If a breach of security arises, we shall comply with the Mandatory Disclosure laws set out in the Privacy
9. WHAT INFORMATION CAN I ACCESS?
www.fhihotels.com gives you access to your own profile, which you may access via login, i.e., with your
e-mail address, and a self-defined password. You may, and we kindly request you to do so, update that
information, if required. Information about you that you may access are:
- Your Name, Address and Contact Details and any other personal details we may have stored; and
- Your Room Requests that you previously entered on the Internet.
We can also correct your information if we are satisfied that it is incorrect.
If your have a request for further information, and the request is particularly complex or requires detailed
searching of our records, there may be a reasonable cost to you in order for us to provide this
There are some circumstances where we can refuse to give access to information. These include where
given access to the information would:
(a) pose a serious threat to the life, health or safety of an individual or the public,
(b) have an unreasonable impact on the privacy of others; or
(c) be frivolous or vexatious.
The other exceptions are detailed the Australian Privacy Principles.
For security reasons, a request for any information (other than that contained on your own online profile)
should be made in writing. You may be asked to provide proof of identify.
10. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
We retain your personal information only for the period necessary to fulfil the purposes outlined in this
policy, unless a longer retention period is required or permitted by applicable law.
11. DIRECT MARKETING – THIRD PARTIES
We never disclose personal information that we collect to a third party for the purpose of allowing them to
direct market their products and services unless you have given us your permission to do so.
12. DIRECT MARKETING – THE GRACE AND FHI GROUP
By accepting our services, you expressly permit the FHI Group to use your personal information for our
direct marketing purposes and the purposes expressly set out in this policy. You further consent to our
use of your information to keep you informed of the launching of new products and services by email, fax,
social media or letters and undertaking other marketing or service based activities. You may opt out of
any of these direct marketing services at any time.
13. CROSS BORDER
We may share your personal information with the FHI Group around the world.
We may also use Software as a Service (Saas), Cloud, Cloud computing or other technologies from time
to time and your information may be stored outside Australia. We will not transfer personal information to
a recipient in a foreign country unless we have appropriate protections in place as required by the
relevant privacy laws.
All copyright and other intellectual property rights in the form of text, images, sound, software and other
materials on this site are owned by Federal Hotels International Sdn Bhd (“FHISB”) and The Grace and
affiliated Companies or are included with permission of the relevant owners. References to affiliates or
associates shall include the FHI Group.
You are welcome to browse this site and to reproduce extracts from it, for your information and for
noncommercial and personal purposes only. The material on this site may not be modified or
incorporated in any other work, publication or site without the prior written agreement of FHISB and The
The information and material contained in this site are for general references only. FHISB and The
Grace disclaim any warranty or representation of any kind, express or implied, as to any matter
whatsoever relating to this site or any Linked Site. To the fullest extent allowed by law, FHISB and The
Grace shall accept no responsibility or liability in respect of any loss or damages howsoever arising herein.
16. LINKED SITES
There may be third party websites linked to the FHI Group’s websites. We will not be responsible for any
information contained on such websites and any activities conducted on such websites shall be at your
own risk and will be subject to the privacy policies of the websites concerned.
17. COMMUNICATIONS POLICY
Other than personal information, FHISB and The Grace shall be free to reproduce, use, disclose and
distribute your communications to us onto third parties and to use any ideas, concepts, know-how or
techniques contained in those communications for any purpose whatsoever. Communications include but
are not limited to feedbacks, questions, comments, suggestions and the likes.
If you have a complaint regarding our management of your privacy you may access our internal dispute
resolution (IDR) process by contacting us. The process will be as follows:
Upon receipt of any such complaint, The Grace will:
- (a) use a process that is accessible, flexible and timely and done in accordance with the
principles set out in the Privacy Act;
- (b) focus on maximising the opportunity for the complainant and The Grace to work together to achieve a successful resolution to the complaint;
- (c) strive to identify and address any systemic issues that may arise through the lodgement of the complaint and rectify or deal with such issues to prevent their recurrence in the future.
- (d) At first instance you should contact us requesting a resolution. We will appoint a person to assist you with your complaint.
- (e) If the matter cannot be resolved you may ask him or her to refer it to the General Manager to engage the IDR process which may take up to 20 twenty business days to make a decision.
- (f) You will be notified of our decision. If you remain dissatisfied with the outcome, we will also inform you of your right to take this matter to the Office of the Australian information Commissioner (OAIC).
- (g) You have 12 months from the date you became aware of your privacy issue to lodge your complaint with the OAIC. The contact details of the OAIC are:
Office of the Australian information Commissioner
GPO Box 2999
Telephone: 1300 363 992Website: www.oaic.gov.au
18. UPDATE OF POLICY
our website so our users are always aware of what information we collect, how we use it, and the
circumstances under which we disclose it.
19. WHAT CAN I DO IF I HAVE ANY OTHER QUESTIONS OR CONCERNS?
Your personal data will be managed by our dedicated Data Protection Officer who will be happy to
answer any concerns or queries you may have relating to the use or storage of your personal data. Our
Data Protection Officer can be contacted at:
firstname.lastname@example.org or email@example.com.
If you have a concerns about how we deal with privacy issues you can contact our Privacy Officer or the
Office of the Australian Information Commissioner: http://www.oaic.gov.au/privacy/privacy-complaints