This Policy applies between you, the User of this Web Site and The Welcome Mat Global the owner and provider of this Web Site. This Policy applies to our use of any and all Data collected by us in relation to your use of the Web Site and our Services. This Policy was last updated on the 12 October 2020.
The Welcome Mat Global complies with:
- Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Privacy
- Australian Direct Marketing Association (ADMA) Code of Practice in relation to
how we market to our customers;
- Spam Act 2003 in relation to electronic marketing; and Do Not Call Register Act 2006 where we engage in telemarketing;
- EU General Data Protection Regulation (GDPR)
What is personal data?
Personal data refers to any information relating to an identified or identifiable natural person (“Personal Data”).
The Welcome Mat Global with ABN: 89 643 305 837 of QLD 4215, Gold Coast, Australia is the Controller of your personal data.
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Our website is not intended for children and we do not knowingly collect data relating to children.
What data do we collect?
We may collect data or ask you to provide certain data when you use our website and services. The sources from which we collect Personal Data are: Data collected directly from you or your device relating to an identified or identifiable natural person (“Data Subject”) and may include direct identifiers such as name, address, email address, phone number, additional billing or property addresses, booking service or related information such as about your stay or your hospitality, travelling or other preferences including special needs or medical conditions, Driver’s license, ID or
passports, location data and your general product and service preferences.
Data collected online or through indirect identifiers such as login account number, login password, payment details, or IP address. Data collected that is linked, for example if you have used our service and later choose us again, we will link your data and treat that linked data as Personal Data.
We organise collected Personal Data as Account Data, Booking Data and Billing Data.
Account Data is everything we need to set up your account and includes your email address and username, and information connected with our services, such as, your First and Last Name, your address and phone number.
Booking Data is everything we need to set up your stay and booking or to make a reservation and includes additional billing or property addresses, booking service or related information such as about your stay or your hospitality, travelling or other preferences including special needs or medical conditions, Driver’s license, ID or passports, location data and your general product and service preferences.
Billing data is everything we need to set up your payment including your name, email address, masked credit card number and in certain circumstances, your billing address and your phone number if this is not already collected.
As described above, we link data and if we have already collected some of your data, we will only ask you for the remaining data that is necessary to carry out the service contracted for.
How personal data is collected
We collect personal data in the following ways:
On what grounds do we use Personal Data?
We use your Personal Data for the following purposes and on the following grounds:
On the basis of fulfilling our contract (when you use our services)
On the basis of your consent (when you subscribe to our newsletter)
On the basis of legal obligations (for obligations such as tax, accounting, anti-money
laundering, or when a court or other authority asks us to) direct interactions you may provide personal data when you complete online forms, request services, create a user account, join our mailing list, use our feedback form or otherwise or correspond with us (by phone or email) automated technology
we automatically collect personal data (technical and usage) when you browse or interact with our website, by using cookies, and other similar technologies. We may also receive technical data about you if you visit other websites which use our cookies.
On the basis of our legitimate interest (for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights.)
Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
When do we disclose your Personal Data?
We disclose your Personal Data in response to your business enquiry or your request for information within our Company in order to provide the best service possible and within our legitimate interest.
We may share your information with organisations that help us provide the services described in this Data Protection Policy and who may process such data on our behalf and in accordance with this Data Protection Policy, to support this website and our services.
For example, with our legal other professional advisors.
We may also share information with our secure payment gateway provider stripe, and you may need to provide credit or debit card information directly to the provider in order to process payment details and authorise payment following a secure link. The information which you supply to in such cases is not within our control and is subject to the payment gateway provider’s own Privacy Notice and Terms and Conditions. Click the following to read the Privacy Notice and Terms and Conditions of Stripe.
In relation to information obtained about you from your use of our website, we may share a cookie identifier and IP data with analytic and advertising network services providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.
We may disclose personal information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us. However, we are legally required to keep basic information about our customers (including contact, identity, financial and transaction data) for five years after they cease being customers, for tax purposes.
You can learn how long your information is held and when it is destroyed from our Data Retention Policy which you can request using our contact form.
You have the right to:
- information about the processing of your personal data
- obtain access to the personal data held about you
- ask for incorrect, inaccurate or incomplete personal data to be corrected
- request that personal data be erased when it’s no longer needed or if processing it is unlawful
- object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation
- request the restriction of the processing of your personal data in specific cases receive your personal data in a machine-readable format and send it to another controller (‘data portability’)
- request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision
- Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time using email@example.com
How do we protect your Personal Data?
We protect your data using state of the art technical, and physical safeguards and operate a firm system of policies, confidentiality agreements, digital safeguards and procedures to ensure the highest level of administrative protection.
In more detail to access our database the user must be authorised, is challenged through a two-way authentication system and use an encrypted VPN. Also, the removal of Personal Data from our location is forbidden and made by using a complex encryption system very difficult. We use cutting edge antivirus and anti-malware software and up-to-date firewall protection. Moreover, authorised personnel must have a legitimate need to know interest such as being your point of contact or service your user account.
The data we collect from you may be stored, with appropriate technical and organisational security measures applied to it, on our servers in Australia. In all cases, we follow generally high data protection standards and advanced security measures to protect the personal data submitted to us, both during transmission and once we receive it.
To exercise any of your rights, or if you have any questions or complaints about our use of
your Personal Data and this policy, please contact us by using: firstname.lastname@example.org
We may also share your data with recipients outside Australia. If we do then we will make sure that it is protected in the same way as if it was being processed in Australia. Some countries or territories outside Australia do not have adequate levels of data protection corresponding to the general data protection regulation. In order to protect your data and to achieve an adequate level of protection for your personal data when we transfer it to these countries or territories, we will ensure that one or more safeguards are put in place.
Automated decision-making and profiling
We do not use automation for decision-making and profiling
Do Not Track
Do Not Track is a privacy preference you can set in most browsers. We support Do Not
Track because we believe that you should have genuine control over how your info gets
used and our site responds to Do Not Track requests.
Do Not Sell My Personal Information
We do not sell information that directly identifies you, like your name, address or phone
From time to time we may use the personal information we collect from you to identify particular products offers which we believe may be of interest to you. We may contact you to let you know about these products and services and how they may benefit you. You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a
marketing communication based on your interactions or relationship with us.
Direct Marketing from generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by The Welcome Mat Global, or by our contracted service providers. Every directly addressed marketing form sent or made by us or on our behalf should include a means by which customers may unsubscribe (or opt out) of receiving similar marketing in the future.
You can ask us to remove or amend any previous consent you provided by contacting us
Individual(s) or companies that have been approved by us as a recipient of organizational Personal Data and from which The Welcome Mat Global has received confirmation of their data protection practices conformance with the requirements of this policy. Commercial Partners include all external providers of services to The Welcome Mat Global and include proposed Commercial Partners. No Personal Data can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.
Personal Data Training
All new hires entering The Welcome Mat Global who may have access to Personal Data are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned.
Employees in positions with regular ongoing access to Personal Data or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of Personal Data and shall receive annual training regarding the security and protection of Personal Data and company proprietary data
Personal Data Audit(s)
The Welcome Mat Global conducts audits of Personal Data maintained by The Welcome Mat Global in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of Personal Data. Where the need no longer exists, Personal Data will be destroyed in accordance with protocols for destruction of such records and logs maintained for the dates of destruction.
Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, The Welcome Mat Global will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible and in no event be later than the commencement of the payroll
period after which the breach was discovered.
Confirmation of Confidentiality
All company employees must maintain the confidentiality of Personal Data as well as company proprietary data to which they may have access and understand that that such Personal Data is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgement reminders annually attesting to their understanding of this company requirement.
Violations of Personal Data Policies and Procedures The Welcome Mat Global views the protection of Personal Data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under The Welcome Mat Global’s discipline policy and may include suspension or
termination in the case of severe or repeat violations. Personal Data violations and disciplinary actions are incorporated in The Welcome Mat Global’s Personal Data onboarding and refresher training to reinforce The Welcome Mat Global’s continuing commitment to ensuring that this data is protected by the highest standards.
ta protection law, then you should notify us