Privacy Policy

Privacy Policy

The ‘CLLIX Corporate Group’ includes Song Properties Pty Ltd ACN 600 168 876, Cllix Apartments & Hotels SA and all subsidiaries, affiliates and related entities of each of these entities. In this policy we, us or our means each member of the Cllix Corporate Group.  The Cllix Corporate Group trades under several different brands including Arena Apartments, Atlas Apartments, Brisbane One Apartments, Brisbane Skytower, Hope Street Apartments, Ivy & Eve Apartments, Soda Apartments, Fortitude Valley Apartments,  Realm Apartments, The Hedge Apartments, Australia 108, The Eminence Collins House Apartments, Sky One Apartments, Paragon Apartments, Ruby Gold Coast. This list of brands is regularly updated and can be viewed on cllix.com.

This policy explains how and why we collect, use, hold and disclose your personal information under the Privacy Act 1988 (Cth) (Privacy Act), Australian Privacy Principles, and EU General Data Protection Regulation 2016/679 (the GDPR), in connection with the services that we provide, being hotel reservation and management services (Services). It also describes the rights you have and the control you can exercise in relation to your personal information. You consent to us collecting, holding, using and disclosing your personal information in accordance with this policy.

1. What is personal information?

Personal information is any information or opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.

2. How do we collect personal information?

The apartment or hotel you’re booked to stay in is likely not owned by us. Most ‘CLLIX’ branded apartments or hotels operate under an agreement between the property owner and a member of the Cllix Corporate Group.

When staying in one of these apartments or hotels, your data will be processed by both us and the property owner, each acting as data controllers for their distinct purposes. In summary:

• we process your data to manage a central booking engine, collect necessary data for organising your stay in apartments or hotels under one of our brands, and maintain a global database of clients participating in the CLLIX loyalty program; and
• each property owner processes (but does not collect through us) your data to manage its contractual relationship with you (invoicing, payment, booking management, etc.), perform marketing activities, and comply with legal obligations.

We may collect personal information from you in a number of ways, for example, if you:

• book a room, check-in and pay, use services provided during your stay, or eat or drink at the hotel bar or restaurant during a stay;
• contact us with a query (whether in person, or by phone, fax, email, through our website or through social media (for example, Instagram, Facebook and Twitter));
• sign up for our customer loyalty program, participate in customer surveys (for example, the Guest Satisfaction Survey), subscribe to our newsletters or to receive offers and promotions via email;
• enter a competition conducted by us or win a centre gift card;
• respond to one of our direct marketing campaigns;
• subscribe or otherwise interact with our social media accounts;
• use our Wi-Fi; and
• engage with our chat bot.

We may also receive information about you from third parties, including hotel owners, tour operators, travel agencies (online or not), GDS reservation systems and others.

3. Why do we collect information and how long is it retained?

We collect personal information from you for a range of purposes that we have set out in our Use and Retention Annexure below.

We process your personal information for a number of reasons including with your consent, to comply with law or for our legitimate business interests or those of a third party, provided this does not override any interests or rights that you have as an individual.

We retain the data we collect for different periods of time depending on what it is, how we use it, and how you configure your settings in our website or app. We will keep certain personal information of yours for longer of those periods set out in the Use and Retention Annexure below, or as required by Australian law. We generally keep your information as needed to provide our goods and services to you and to deal with claims. Other data is deleted or anonymized automatically after a set period of time, such as advertising data in server logs.   We will retain your information as necessary to comply with legal, accounting or regulatory requirements. General retention periods can be between 3 and 15 years.

4. What sort of personal information do we collect?

We may collect the following personal information about you:

• Personal details: your name, date of birth, nationality, sex, marital status, address, telephone (including mobile phone number where provided), email address and other identification details such as your driver’s licence or passport number;
• Children: information relating to your children (for example, first name, date of birth, age) if required;
• Images/footage: photographs, images or footage of you, for example, if you are a member of one of our clubs for promotional purposes or through security and CCTV;
• Location: technical and location data you generate because of using our websites and applications;
• Preferences: your preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bedding, type of newspapers/magazines, sports, cultural interests, food, and beverages preferences, etc.);
• Your communications: information provided in communications with us, including your questions/comments, during or following a stay in one of our CLLIX Apartments & Hotels branded establishments;
• Business information: data identifying you in relation to commercial dealings we have with you or the business you represent;
• Information from public sources: such as LinkedIn and similar professional networks, directories or internet publications;
• Subscriptions/preferences: when you subscribe to receive information or updates from us, or content preferences that let us know what you are interested in;
• Supplier data: contact details and other information about you or your company or organisation where you provide services to us;
• Social media: posts, Likes, tweets and other interactions with our social media presence;
• Medical information: if for example you sustain an injury or have a medical emergency;
• ID: •information contained on a form of identification (such as an ID card, passport, or driver’s licence);
• Loyalty program: • your email address for the CLLIX loyalty program and information related to your activities within the context of the loyalty program;
• Financial information: your credit card number or bank details (for transaction and reservation purposes).

We may receive personal information directly from you, the company or organisation you represent, or screening providers who assist us with our legal obligations.

We do not collect personal information about your online activities across third-party websites or online services.

We will also de-identify, aggregate and collate information to analyse customer behaviours and patterns in order to enhance and tailor our Services including generating reports used by marketing and operations teams for promotions, marketing, publicity, research, operational and profiting purposes.

5. Customer satisfaction surveys, reminders and direct marketing

From time to time, we survey our customers on a range of issues, including customer satisfaction of our centre and the quality of our Services. These surveys help us to improve our Services and tailor the way that we provide our Services to you. If you do not wish to participate in these surveys, please contact us (details provided in this Privacy Policy).

If you do not wish to receive direct marketing communications including customer satisfaction surveys or other marketing information from related service providers, please contact the relevant service provider directly.

We acknowledge that we must comply with the Spam Act and the Do Not Call Register Act.

6. Website collection of information

When you access our website, we collect information about your visit including URL clickstream to, through and from our website (including date and time), information about your network as such as information about devices, nodes, configurations, connection speeds and network application performance, pages viewed or searched for, page response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouse-overs) and other similar information and whether you click on particular links or open our emails. We may also collect your IP address, time zone setting, browser plug-in types and versions, operating system you are using, device type, hardware model, MAC address, unique identifiers and mobile network information.

7. Cookies and Google Analytics

A cookie is a small data file that a website transfers to your internet browser for identification purposes. The cookies that we use do not identify you individually. Instead, they identify your internet browser. We use cookies and Google Analytics on our online services. Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website.

Google Analytics collects and processes data by using the website’s cookies to analyse the use of the website including, for example, how long users spend on each webpage and collect other ‘Online data’ described above. This information is used mainly for the optimisation of the website to enhance the user experience, and to allow us to better deliver our services. The data collected by Google is transmitted to a server in the United States (or other countries outside of Australia). You can review how Google uses data by clicking on the following link: https://policies.google.com/technologies/partner-sites

8. Use of Commonwealth government identifiers

We will not use Commonwealth government identifiers (Identifiers) (for example, tax file numbers or Medicare numbers) as our own identifiers of individuals. We will only use or disclose Identifiers in the circumstances permitted by the Privacy Act.

9. How do we use your personal information?

We use your personal information for the following purposes:

• Service provision: delivering our Services;
• Bookings: to obtain information about and confirm your booking of accommodations;
• Speed: to speed up your bookings next time your visit a CLLIX branded apartment or accommodation;
• Loyalty plan: to manage our customer loyalty plan;
• Business relationship: developing our relationship with you, your company or organisation;
• Communication: communicating with you to keep you informed of our products and services, and market insights, including special offers and promotions;
• Client surveys and feedback: reviewing feedback from you and responding to your concerns;
• Website monitoring: to monitor our website and our other technology services, to ensure they are used appropriately and working as intended, including as tracking outages, unauthorised use, or troubleshooting issues that you report to us;
• Online security: protecting our information and technology platforms from hacks, or identifying and addressing malware and other security threats;
• Regulatory: compliance with law, including auditing and reporting requirements.

10. Business sales

You consent to us providing your personal information to a prospective or actual purchaser of our shares or any part of our business to allow that purchaser to: (a) conduct due diligence on our business; or (b) complete a change of control in our business or a sale or transfer of business assets; or (c) receive (to the extent permissible at law) our user databases, together with any of your personal information and non-personal information contained in those databases.

11. What are our legitimate interests?

We have legitimate business interests in:

• providing you with our Services;
• managing our business and our relationship with you or your company or organisation;
• understanding and responding to inquiries and customer feedback;
• understanding customer behaviours, wants and needs so that we can improve and tailor our Services;
• ensuring our systems and premises are secure;
• managing our supply chain and developing relationships with our business partners;
• managing financials including ensuring debts are paid;
• operating suppressors to exclude you from direct marketing if you unsubscribe;
• sharing data in connection with acquisitions and transfers of our business.

12. Links to third party websites

Our website, email updates and other communications may, from time to time, contain links to and from the websites of others. The personal information that you provide through these websites is not subject to this Privacy Policy and the treatment of your personal information by such websites is not our responsibility. If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and prod when visiting those sites.

13. Third party sharing of information

Sometimes, we may collect your personal information from third parties, including hotel owners, retailers, public sources, other employees and security personnel, for example where:

• you interact with a hotel owner and we need to know about that information;
• you respond to a survey conducted by a third party on our behalf;
• we collect information from tour guides, travel planners, stallholders, other employees and personnel to facilitate the provision of Services; or
• we have arranged for third parties to supply you with products and services and those third parties provide us with information about the products or services that you have purchased from them.

We may also share your personal information:

• with hotel owners in connection with your booking; and
• between CLLIX Corporate Group members and its personnel including hotel staff, reservation staff using our reservation tools and IT departments.

14. Sensitive Information

The collection of Sensitive Information (for example, racial origin, sexual orientation, religious beliefs and health information) is restricted by the Privacy Act. We will not collect Sensitive Information about you unless:

• it is necessary for one of our functions or activities and you have consented to that collection; or
• we need to protect your vital interests or those of another person (for example, in medical emergencies);
• you have manifestly made the data public for example published on social media; or
• we are otherwise required or authorised by or under law to do so such as complying with health and safety regulations (including contact tracing for COVID or other diseases), or dealing with actual or suspected criminal offences.

15. Who do we share your data with?

We may share your information as with others including:

• Suppliers: who provide our business with goods and services, including IT and communication suppliers, outsourced business support, marketing and advertising agencies. Our suppliers have to meet minimum standards as to information security and they will only be provided data in line with their function;
• Shared service centres: that we or third parties operate including for IT services, marketing, risk management and office support services;
• Law enforcement bodies and our regulators: or authorities in accordance with law or good practice;
• Medical and healthcare professionals: for example if you are injured or involved in an incident at a property during your stay;
• Financial institutions: for payment processing, referees, referrals or guarantors whose details you have provided to us;
• Family or representatives: any person, family member, representatives or other organisations that you have consented or where we are required, permitted, authorised or otherwise directed to by law;
• Appropriate parties in the event of emergencies: in particular to protect health and safety of you, our customers, staff and organisations;
• Advertising networks and analytics service providers: to support and display ads on our website, apps and other social media tools;
• Independent contractors: including website designers, marketing and communications agencies, cell centres, mailing houses, freight and courier services, printers and distributors of direct material
• Other third parties: including risk management and office support service providers for example to assist in providing and enhancing our Wi-Fi capabilities;
• Aggregations: to enhance your profile by sharing certain personal information with our preferred commercial partners. In this case, a trusted third party may cross-check, analyse, and combine your data.

16. Social media

To allow you to be identified on our website without the need to fill out a registration form, we have put in place a social network login system. If you log in using the social network login system, you authorise us to access and store the public data on your social network account (e.g. Facebook, LinkedIn, Google, Instagram, Apple etc), as well as other data stated during use of such social network login system. We may also communicate your email address to social networks to identify whether you are already a user of the concerned social network and to post personalised, relevant adverts on your social network account if appropriate.

17. Personal information about others

In some cases, you may provide personal information to us about other people (such as your customers, suppliers, directors, officers, shareholders or beneficial owners). You should ensure that you have given those individuals an appropriate notice that you are providing their information to us and have obtained their consent to that disclosure.

18. Security

We will store and process your information securely using good practice physical, technical and administrative security measures. However, exchanging information by the internet is not completely secure. Although we will take reasonable measures to protect your personal information, we cannot guarantee the security of information you transmit, so any transmission is at your own risk.

19. Where will your information be held?

We may disclose your personal information to recipients which are located outside Australia, including the United States.

Data protection laws vary by country.  We will take steps to protect your information in line with locally applicable data protection requirements.

20. Your Rights

If you are an individual in a country in the European Economic Area (EEA), we may be required to comply with the GDPR which applies to us when controlling or processing the personal information of individuals (data subjects) who are in countries in the EEA in relation to offering you our products or services or if we monitor any of your behaviour when in those countries.

Some of your rights under the GDPR will only apply in certain circumstances. If you would like to exercise, or discuss, any of these rights, please contact the relevant Data Privacy contact as listed in this Policy above.

• Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to your personal information.  This enables you to receive a copy of the personal information we hold about you and certain other information about it;
• Correction: you are entitled to request that any incomplete or inaccurate personal information we hold about you is corrected;
• Erasure: you are entitled to ask us to delete or remove personal information in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal information is required for compliance with law or in connection with claims;
• Restriction: you are entitled to ask us to suspend the processing of certain of your personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
• Transfer: you may ask us to help you request the transfer certain of your personal information to another party;
• Objection: where we are processing your personal information based on a legitimate interests (or those of a third party) you may challenge this.  However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;
• Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
• Consent: where we are processing personal information with consent, you can withdraw your consent,

(collectively, Data Subject Rights).

We have processes in place to deal with Data Subject Rights requests. Our actions and responsibilities will depend on whether we are the controller or processor of the personal data at issue. Depending on our role as either a controller or processor, the process for enabling Data Subject Rights may differ, and are always subject to applicable law. Please refer to the Contact Details section of this policy if you would like to make a Data Subject Rights request or have a specific need for assistance with a Data Subject Rights requests.

You also have a right to lodge a complaint with a data protection supervisory authority, in particular in the Member State in the European Union where you are habitually resident where we are based or where an alleged infringement of Data Protection law has taken place.

21. Direct Marketing

As described above, you can opt out of receiving direct marketing from us at any time.

We may use the information you give us on our website or other means for direct marketing purposes to provide emails, newsletters and other messages to keep you informed of legal developments, market insights, and of our services including events that we think may interest you.

You can opt out of receiving direct marketing from us at any time.  You can do this by changing your marketing preferences on your online accounts settings page or clicking on the “unsubscribe” link included at the end of any marketing email we send to you.

22. Links to third-party websites

Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others. The personal information that you provide through these websites is not subject to this privacy notice and the treatment of your personal information by such websites is not our responsibility.

If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.

23. Children

We do not knowingly collect information from children or other persons who are under 16 years old. If you are under 16 years old, you may not submit any personal information to us unless you have obtained consent from a person with parental responsibility for you.

24. Changes to this Notice

From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our policy will be published on our website. If we change anything important about this notice (the information we collect, how we use it or why) we will highlight those changes at the top of the notice and provide a prominent link to it for a reasonable length of time following the change.

25. Access to your personal information

You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below.

We will respond to your requests to access or correct personal information in a reasonable time (and no more than 30 days after your request). We will take all reasonable steps to ensure that the personal information we hold about you remains accurate and up to date.

There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).

Access to personal information may be refused in a number of circumstances, such as where the information relates to anticipated legal proceedings or the request for access is frivolous or vexatious. Similarly, in some limited circumstances we may not make requested corrections to personal information, in which case we will provide you with written reasons for this decision.

26. Complaints

If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.

We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.

If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (OAIC) (www.oaic.gov.au) for guidance on alternative courses of action which may be available.

27. Contact details

If you would like more information about the way we manage personal information that we hold about you  please contact us as at:

To: ‘Privacy Officer’

Email address: marketing@cllix.com

Postal address: Song Properties Pty Ltd Level 22 110 Mary St Brisbane City Qld 4000

28. Use and Retention Annexure