[Version 1.2: Last updated 2 February 2021]
Website users: Please see part A and part E. If you are a resident of the EU then part C also applies to you. If you are a resident of NZ, then part D also applies to you.
Registered ALW members: Please see part A and part E. If you are a resident of the EU then part C also applies to you. If you are a resident of NZ, then part D also applies to you.
Guests listed in our database: Please see important information in part B and part E. If you are a resident of the EU then part C also applies to you. If you are a resident of NZ, then part D also applies to you.
Part A: Personal information of ALW members and ALW website users
We collect, hold, use and disclose personal information for the purpose of letting you know about our products and services. You may receive updates from us from time to time. We do not sell or give away access to the personal information you provide to us.
You can browse this website anonymously. If you identify yourself to us, at that point we will collect your personal information. If you subscribe as a member of our platform, we will necessarily collect personal information about you as we have obligations to ensure our database is only accessed by known persons.
Collecting personal information
At all times we try to only collect the information we need to keep you updated about our services and your membership, deliver our services and/or to answer your enquiries.
The main way we collect personal information about you is when you give it to us, for example:
- When you contact us
- When you apply to become a member of our platform
- When you submit information to our website or directly to us
- When you ask for access to information we hold about you
Generally, we will store and retain your personal information for 7 years after the date your most recent membership period was paid up to.
If you provide us with a testimonial, you give us your consent for the use of your name, your accommodation name and the date of your testimonial to be displayed on our website, or in our other marketing material, together with the content of the testimonial that you provide.
Other than as disclosed in this policy, we only collect information directly from you or from publicly accessible databases (for example if we verify your ABN or company identifier via a publicly accessible website).
Social Networking Services and links to other websites
We may provide links to other websites or use social networking services such as Instagram and Facebook to communicate with the public about our work. These sites have their own privacy policies. When you communicate with us using these services, we may collect your personal information. We will only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes.
Collecting sensitive information
We do not actively collect sensitive information about you, including information about your health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation or criminal history. We will take steps to appropriately protect any sensitive information we do receive.
We do not publish your personal information. We may give access to identification data we obtain and transaction records to appropriate and competent advisors or authorities for the purpose of obtaining advice or services.
We will also disclose your information where we are required to do so by law or if requested by Government law enforcement agencies with jurisdiction in the region where your accommodation services are located.
Notifiable data breaches
We have processes in place to identify and manage any data breach. This includes notifying the relevant Privacy Commissioner and affected individuals if required under relevant legislation. To ensure we are always able to contact you, please ensure your contact details remain up-to-date.
Part B: Personal information of guests
We collect, hold, use and disclose personal information for the purpose of providing our services. We do not sell or give away access to your personal information. If your personal information has been uploaded to our database, this was done by consent given by you at the time you booked your accommodation. We now hold your personal information as a legitimate function of our business. We aim to hold only the minimum personal information required to deliver our services and have designed our platform to limit the types of information an accommodation provider can upload. This is to ensure the information we hold is accurate.
Collecting personal information
The main way we collect personal information about you is when an accommodation provider uploads it to our database or when you contact us.
The type of information we will hold about you is designed for users of our platform to identify you and includes your name, address, photo ID, other names you may be known by, possibly the names of persons travelling with you, security or other footage that identifies you and details of any damage or problems encountered by the accommodation provider during your stay.
Generally, unless otherwise required by law, we will store and retain your personal information on our platform for a period of 3 years from the date your name and information were last uploaded to our platform. Your personal information will be securely destroyed after that time.
Social Networking Services and links to other websites
We may provide links to other websites or use social networking services such as Instagram and Facebook to communicate with the public about our work. These sites have their own privacy policies. If you communicate with us using these services, we may collect your personal information. The social networking service will also handle your personal information for its own purposes.
Collecting sensitive information
We do not actively collect sensitive information about you, including information about your health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation or criminal history and we request that accommodation providers do not upload this information to our platform. We will take steps to appropriately protect any sensitive information we do receive.
Who can access your personal information?
Accommodation providers (and their authorised staff) who are registered members of our service will be able to search our database by guest name. If your details have been uploaded to our database, a member accommodation provider may read the data and the details of what happened with a previous accommodation provider. They may also contact that accommodation provider if they have any questions. Based on the information in our database, an accommodation provider may refuse you accommodation or impose restrictions on your stay (for example, an increased security bond).
If you stay at accommodation and the accommodation provider uploads your information to the database, your details may also be sent out as an alert to nearby member accommodation services to let them know there is a rogue guest in the area. This may impact your ability to find alternative accommodation.
Law enforcement agencies may also search our database. We will disclose your information where we are required to do so by law or if requested by Government law enforcement agencies with jurisdiction in the region where your accommodation services are located.
Law enforcement agencies will also be able to access your personal information for tracking or enforcement purposes. They may also use our database for BOLO (be on the lookout for) services.
We may give access to identification data we obtain and transaction records to appropriate and competent advisors or authorities for the purpose of obtaining advice or services, however they will not be authorised to use your personal information for any purpose other than the service or advice they are supplying to us (for example accounts or IT services).
Part C: EU residents
‘Personal data’ or ‘personal information’ is information that directly identifies you, such as your name and email address, or data that could be used, on its own or in combination with other data, to identify you. Sensitive personal data is information about you that requires additional protection and includes health information, criminal history, ethnicity and religious beliefs or sexual preferences. We do not intentionally collect sensitive personal information about you and request you do not unintentionally share it with us.
We aim for compliance with the General Data Protection Regulations (GDPR). We collect and process the minimum amount of information required to deliver our services.
Under the GDPR, we are a data controller when it comes to your personal information.
We collect, hold, use and disclose personal information for the purpose of providing our services. We do not sell or give away access to your personal information. If your personal information has been uploaded to our database, this was done by consent given by you at the time you booked your accommodation. We now hold your personal information as a legitimate function of our business. We aim to hold only the minimum personal information required to deliver our services and have designed our platform to limit they types of information an accommodation provider can upload.
If you are an accommodation provider, with your permission, we may use your email address to send you emails about our activities. These emails may contain links to other information. We process this information based on your consent. You may always withdraw your consent and unsubscribe from these emails by clicking on the unsubscribe link at the bottom of the email or by contacting us using the information set out above.
We may process the following categories of personal data about you:
Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
Customer Data that includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
Guest data that includes data relating to rogue guests that has been uploaded by a member accommodation provider. We process this data to supply our services to registered members of our platform as a legitimate
function of our business. Our lawful ground for this processing is the performance of a contract with our members and our legitimate business interests.
User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back- ups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.
Technical Data that includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
Marketing Data that includes data about your preferences in receiving marketing from us and our third parties and your communication preferences. This data is mostly collected from users of our website. We process this data to enable you to partake in our promotions, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.
We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful ground for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business).
We accept payments using PayPal or Stripe which allows us to sell our services to you. We do not take custody of or store your card details, although our payment processors may store that information on our behalf.
We use automated email functions via third party provider MailerLite. You may opt out of receiving emails via the unsubscribe function contained within the emails.
Privacy policies for our providers can be found here:
PayPal – https://www.paypal.com/au/webapps/mpp/ua/privacy-full
Stripe – https://stripe.com/privacy-center/legal
MailerLite.com – https://www.mailerlite.com/legal/privacy-policy
If you are a guest, unless otherwise required by law, we will securely destroy your personal information 3 years after the last time your personal information has been uploaded to our platform by a member of our services.
If you are a member of our platform, we will securely destroy your personal information when it is no longer required for our business purposes. We anticipate this will occur 7 years after you cease to be a member of our platform however this period may always change for compliance purposes with any relevant law of our jurisdiction.
We may share your personal information when required to do so by law or with our professional advisers to obtain advice, for instance if there is a breach of the terms and conditions, or to meet our accounting or compliance obligations. We use your personal data in this manner as a requirement for the legitimate functioning of our business.
Your personal information will necessarily cross international borders and we aim to only use third party providers with relevant certifications in this process (for example EU-US privacy shield participants). See the security section in part E.
Note that some of the rights listed in this section will not apply to data we are using about you within our database for our legitimate business purposes.
In general, under the GDPR, you have the right to ensure:
- we process your data fairly and lawfully and within the purpose and/or consent it was provided to us.
- your data is accurate.
- the data collected by us is not excessive.
To ensure this happens, you can –
- have your data updated and amended if incorrect, out of date or incomplete.
- restrict the level of processing or automated processing we do.
- know how long we keep your data.
- ask us to erase your data and be forgotten.
- ask us to provide details of the personal data we hold.
To achieve this, at your request, and upon production of satisfactory identification, we will tell you what personal data about you is being processed (eg. what information we have stored), on what basis, and by whom.
You may amend inaccurate, incomplete or outdated personal data at any time by contacting us via email at [email protected]. Please allow 30 days for us to look into your request and get back to you.
If you decide your data should not be processed for one or more purposes, and we are using your data based on your consent, you may withdraw your consent from using your data in that way.
Please note that we will action your request as soon as practically possible however such a request will not take effect immediately and your data may still be used in the meantime.
You may request that all personal data we have collected about you be deleted from our records and erased from information stored by any third party organisations processing data on our behalf (known as the right to be forgotten).
If you make a request to be forgotten:
- your personal information may not be removed from our back-ups as we are unable to remove specific files from our backup,
- comments you have made in public areas may not be able to be removed,
- data we are using about you within our database for our legitimate business purposes may not be affected by your request to be forgotten.
If data we have collected about you is processed using automated means, you have the right to receive that data in a structured, machine-readable format and to transmit it to another data controller without hindrance.
We will carefully review privacy rights requests and let you know the outcome of our decision. We will require sufficient identification from you to confirm your identity. There are circumstances where it is lawful for us to not action your request, we will let you know if this applies. Our full details are at the end of this policy.
Embedded content from other websites
Part D: New Zealand Residents
The personal information you provide to us is voluntary however if you choose not to provide the requested information, we may not be able to provide our services to you.
Cross border transfer of data
We may store personal information collected within New Zealand in services located outside of New Zealand. This means your personal information may be stored or accessed in another Country. You consent to your personal information being transferred across Country borders outside of New Zealand. Your personal information may be transferred to a Country that does not have the same or as high a level of protections available under New Zealand privacy laws.
In saying that, we aim to only use reputable service providers who store and process client data to a high standard. We impose contractual restrictions on the use of personal information stored on our database by our member accommodation providers.
As an accommodation provider, you have the right to find out what personal information we hold about you and to request correction of your personal information. As a guest whose information has been given to us for our business purposes, your rights are more limited as allowed under the Privacy Principles.
Please forward any personal information data requests to us by email [email protected]. Note that there are circumstances where we are not required to delete or amend your data, even if you request that we do so. We will let you know if this applies. We may ask for proof of identification prior to releasing any information.
If you are not satisfied with our response to any privacy-related concern you may have, you can contact the New Zealand Privacy Commissioner: Office of the Privacy Commissioner email: [email protected].
Part E: General terms
Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Some website features may not function properly without cookies. If applicable in your jurisdiction, we will aim to provide you with options around the cookies set by our website.
The information collected by these tools may include the IP address of the device you are using and information about sites that IP address has come from, the pages accessed on our site and the next site visited. We use the information to help to track your use of our websites to improve your user experience and the quality of our services. To find out how to opt out of tailored advertising please check the options available here – http://www.networkadvertising.org/choices/.
Sale of our website
Security and overseas recipients
While no system is 100% impenetrable and we cannot guarantee the safety of the information you store with us, we use industry standard or higher measures to securely store the information we hold. All information collected by us is stored on a secure cloud server. All communication between users and our platform are secured by end-to-end encryption using HTTPS protocol Secure Sockets Layer (SSL).
Additionally, we add encryption to forms (to ensure important information is inaccessible without security access), use server and application level firewalls, port control, IP blacklisting and regular backups and security breach monitoring.
We have limitations in place for the category of people who can use the database at operator level and who can access the database within our organisation.
We use physical security if we require any hardcopy storage (although we aim for complete electronic storage) and use appropriate password control to limit electronic access.
Even with these measures in place, we do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of the above precautions. By using our website, becoming a member of our services or consenting to an accommodation provider using your personal information in relation to our services, you acknowledge that you understand and agree to assume these risks
Due to the online nature of our operations and the members we have from diverse locations, it is likely personal information stored by us will cross international borders. We aim to use reputable third party providers for services including cloud storage, CRM and payments.
California Do Not Track Disclosure
Our website does not support or respond to Do Not Track (DNT) or similar signals or mechanisms. Some third-party sites we use keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting or encounter such sites, and they recognise DNT signals, your browser will likely allow you to set the DNT signal so that third parties (particularly advertisers) know you do not want to be tracked. For example, Chrome provides these instructions https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DAndroid&hl=en
Accessing and correcting your personal information
You may request copies of the information we hold about you, which will only be provided electronically. We may ask for proof of identification prior to releasing any information. You may have the ability to make a request to amend or correct that information. If we do not agree with your requested change, we will let you know, and we will keep a copy of your request with our information or as otherwise required.
If you are listed as a rogue guest on our database and believe this is incorrect, the onus is on you to show why we should remove your details. You may email us at [email protected] setting out your reasons and we will consider your information. Decisions about the provision of information to you and the removal or amendment of data remain with us. Please remember the data we hold about rouge guests is collected and used as a legitimate business purpose of ours, is for evaluative purposes and is confidential as between the accommodation provider and us.
If you have any concerns about our use of your personal information, please write to [email protected] and let us know what the problem is. We will generally respond to your concerns within 30 days.
If you are not happy with how we manage your concerns, you can contact the Australian Privacy Commission, available at http://www.oaic.gov.au (if you are within Australia, or alternatively, the relevant privacy commission in your jurisdiction).
Our contact details:
|Company:||Accomms Least Wanted Pty Ltd ABN 89 641 326 570|