GDPR Policy

1. Introduction

This GDPR Policy explains how Mirage Quay Resort handles personal data in line with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). While we are based in Australia, we respect the rights of all visitors, including those in the European Economic Area (EEA) and the United Kingdom.

This policy should be read alongside our Privacy Policy and Terms of Use.

2. Data Controller

The data controller is responsible for deciding how and why your personal data is processed. If you have questions about how your data is handled, contact us at the email above.

3. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

How to Exercise Your Rights

To exercise any of these rights, email us at support@oceanviewlake.com with the subject line "GDPR Request". Please include:

• Your full name
• Your email address (the one we may have on file)
• A clear description of what you are requesting
• Any details that help us find your data

We will respond within 30 days. In complex cases, we may extend this by up to 60 days, but we will let you know.

4. Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. The bases we rely on are:

1. Consent: You have given us clear permission to process your data for a specific purpose (e.g., subscribing to updates).
2. Contractual necessity: We need to process your data to fulfil a contract with you (e.g., a hotel booking).
3. Legal obligation: We are required to process your data by law (e.g., tax and accounting requirements).
4. Legitimate interests: Processing is in our legitimate business interests, and those interests do not override your rights. Examples include improving our services and preventing fraud.

5. Consent

5.1 How We Obtain Consent

When we rely on consent, we ask for it clearly and specifically. You will always know what you are consenting to. We do not use pre-ticked boxes or hidden consent mechanisms.

5.2 How to Withdraw Consent

You can withdraw your consent at any time. To do so:

• Email us at support@oceanviewlake.com with the subject "Withdraw Consent"
• Click the "unsubscribe" link in any marketing email we send
• Adjust your cookie preferences by clearing your browser cookies and revisiting the site

Withdrawing consent does not affect the lawfulness of any processing done before the withdrawal.

6. Cookies and Tracking

Our website uses cookies. When you first visit, a cookie banner asks for your consent. You can choose to:

• Accept all cookies: Enables essential, analytics, and marketing cookies.
• Accept essential only: Only cookies needed for the website to function.
• Decline: No non-essential cookies will be set.

Managing Cookies

You can change your cookie preferences at any time by:

• Clearing your browser cookies and revisiting oceanviewlake.com (the consent banner will appear again)
• Adjusting cookie settings in your browser (Chrome, Firefox, Safari, Edge all have cookie management options)
• Using browser extensions that block tracking cookies

For more details, see the Cookies section of our Privacy Policy.

7. Data Processing Activities

We process personal data for the following activities:

7.1 Website Contact Forms

When you fill out our contact form, we collect your name, email, and phone number. This data is used to respond to your enquiry. Basis: Consent.

7.2 Bookings and Reservations

When you book a room or service, we collect the data needed to process your reservation. This may include your name, contact details, payment information, and special requests. Basis: Contractual necessity.

7.3 Marketing Communications

If you opt in to marketing, we may send you updates about offers and events. You can unsubscribe at any time. Basis: Consent.

7.4 Website Analytics

We use analytics tools to understand how visitors use our site. Data is anonymised and does not identify individuals. Basis: Legitimate interests (improving our website).

7.5 Push Notifications

If you opt in to browser push notifications, we may send you updates. You can disable these through your browser settings at any time. Basis: Consent.

8. Data Retention

We retain personal data only as long as necessary. Our retention periods are:

• Contact form submissions: 24 months
• Booking records: 7 years (legal requirement)
• Marketing consent records: Until consent is withdrawn
• Analytics data: 26 months
• Cookie consent records: 12 months

9. International Data Transfers

Some of our service providers may process data outside Australia and the EEA. When this happens, we ensure your data is protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions (where the destination country has adequate data protection laws)
• Binding Corporate Rules (where applicable)

10. Data Breaches

In the event of a data breach that poses a risk to your rights, we will:

• Notify the relevant supervisory authority within 72 hours
• Notify affected individuals without undue delay (if the breach poses a high risk)
• Document the breach and our response

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

12. Children's Data

Our services are not aimed at children under 18. We do not knowingly collect data from minors. If we learn that we have collected a child's data, we will delete it without delay.

13. Complaints

If you believe we have not handled your data properly, you have the right to lodge a complaint. We encourage you to contact us first so we can try to resolve the issue.

14. Changes to This Policy

We may update this GDPR Policy from time to time. The latest version will always be available on this page with the updated date. We encourage you to check this page regularly.

15. Contact the Data Controller