Privacy policy

Privacy Policy

Last Updated: August 2018

Effective Date: September 1st, 2018

We will ensure that the information you provide us with is kept private and confidential. We only collect, use and retain information reasonably required for our legitimate business interests:

  • Customer service and communications
  • Marketing purposes which you agree to
  • Technical improvement and internal operations

When we say ‘we’ or ‘us’ in this policy, we are generally referring to our separate legal entities that include Blue Mountains Retreat Accommodation Group trading as Mountain Heritage Hotels and related entites that fall under the corporate umbrella of the Crockett Group Pty Ltd.

If you have any questions about this policy, please contact us

Our website uses SSL security (Secure Sockets Layer) to ensure that all data you share with our website remains private. The personal information you enter, including your name, address and credit-card information, is safeguarded (encrypted) before it is sent or received over the Internet.

Your personal information refers to the data obtained from you in connection with our website and hotel services.

  • Information is collected lawfully and we do our best to ensure that your details are accurate and up-to-date.
  • We do not sell data to third parties.
  • We use, collect and store your personal information to provide booking and online services as per standard hotel practices.

When you complete a booking, sign up to our loyalty club, newsletter, consult with our service team, send us an email, or communicate with us in any way, you are voluntarily giving us information that we collect.

This may include:

  • personal identifying information
  • credit card information
  • demographic information
  • or travel documentation.

Failure to provide this information will result in our inability to process your reservation. We collect additional personal information during registration/check-in, including such information as may be required by local laws.

By giving us this information, you consent to this information being collected, used, disclosed, transferred or stored by the hotel or our third-party providers as described in this privacy policy.

We will collect your consent prior to processing your data where required by applicable law.

Event planning:

If you plan an event with us, we collect information about the event, guests, information on your organization. We may share personal information about you with event planners, or relevant third-party service providers.

On-property Services:

We may share personal information with third-party providers of related services such as spa treatments.


In addition, we may disclose personal information in order to:

  1. comply with applicable laws,
  2. respond to governmental inquiries or requests from public authorities,
  3. comply with valid legal process,
  4. protect the rights, privacy, safety or property of our hotel, site visitors, guests, employees or the public,
  5. permit us to pursue available remedies or limit the damages that we may sustain,
  6. enforce our websites’ terms and conditions, and
  7. respond to an emergency.

We may share your personally identifiable information with third-party service providers including:

  • Payment processors for secure credit card payment transaction.
  • Our business partners, suppliers, and sub-contractors, for the performance of any contract we enter into with them.
  • Legal authorities when we believe in good faith that we are lawfully authorised or required to do so or when necessary
  • In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition, or in any other situation where personally identifiable information may be disclosed or transferred as one of our business assets.

In order to provide electronic services, such as reservations, hotel management, email and websites, your information is stored on third party hardware and software platforms. These services will not use, share or sell your information as dictated by their contractual obligations to us, unless required by law.

Some of these services are provided by international entities and are obliged to operate under the laws of those countries.

These services include:

  • Hotel customer service platforms
  • Web hosting services, email, spam checking, and website analytics.

When you browse the website or make a purchase, we may automatically collect information about your visit by using cookies.

This information may include your

  • device type
  • browser
  • IP address
  • how you came to the website or
  • how you interacted with the website.

This information may be used to monitor or improve website performance or deliver targeted advertising. Information from the cookie alone generally will not identify you personally and we will not use this information in connection with any personally identifiable information you have provided.

When you use our website contact forms, this information is not stored, but sent via email to the appropriate person in our organisation. These forms ask for personally identifying information to allow us to contact you and answer your queries.

Contact form content is checked for spam by a third party provider.

We will not use or disclose your personal information for the purposes of direct marketing unless you have consented to it.

With your consent, we may use your personal information to provide or offer you discounts, newsletters, promotions and featured specials, as well as other marketing messages or invite you to events via email, online advertising, or social media. We may use third party services to track some performance indicators such as open and click rates.

If you prefer not to receive email marketing materials from us, you may opt-out at any time by contacting us, using the unsubscribe link in marketing emails, or by clicking on this link to unsubscribe at any time.

Non-identifying IP addresses are logged for “Page not found” errors, and page redirects (301 & 302). These IP addresses are only used for for technical analysis purposes to identify errors coming from the same source, and flag the access of potential hackers and spammers. The IP addresses are not used for any other purpose and are deleted after a month.

We take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, considering the risks involved in the processing and the nature of the personal information.

  • Our website is hosted on a secure https server and is scanned on a regular basis for security holes and known vulnerabilities to make your visit to our site as safe as possible.
  • We implement a variety of security measures when a user makes a booking, enters, submits, or accesses their information to maintain the safety of your personal information.
  • Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit card information you supply is encrypted via SSL Secure Socket Layer technology (see Online Security). If a security breach causes an unauthorized intrusion into our system that materially affects you, then we will notify you as soon as possible and later report the action we took in response.
  • We require our subcontractors to undertake the obligation to protect your information.
Payment details

We will only ask for payment card details by telephone when you are booking a reservation or promotional package. We will NOT contact you by text messaging or email to ask for your confidential personal information or payment card details.

For your own privacy protection, please do NOT send payment card numbers or any other confidential personal information to us via email.

You are entitled to access your personal information on request.

If your personally identifiable information changes or you wish your information to be removed from our records, you may update or delete it by emailing us. We will give you access to your personally identifiable information that we hold within 30 days of a request to access.

We will retain your information for as long as required to deliver your service, agreement or resolve any issues, or until advised not to. Please note that we cannot always delete records of all historical data. For example, we are required to retain certain records for financial reporting and compliance reasons.

Our web servers are located in Australia. However, we or our subcontractors may use cloud technology to store or process Personal Information, which may result in storage of data outside Australia.

Our website includes links to other websites, whose privacy practices may be different from ours. We encourage you to carefully read the privacy policy of any website you visit.

The following third party services are integral to the working of our website and email marketing campaigns.

1. Booking Button (SiteMinder)

Our online reservation and payment systems are provided by SiteMinder to facilitate your stay with us.

Information about hotel guests is collected and processed in order to provide the appropriate booking services. They may process any information, including personal data, provided by the hotel or any online travel agency relating to your booking arrangements.

SiteMinder collects your information and may share that information with other businesses subject to one or more appropriate safeguards set out in the law. Their data is stored in the cloud using Amazon Web Services in the USA.

2. MailChimp

We use an email marketing platform. We provide Mail Chimp with contact information or other Personal Information about you such as your name, email address, address or telephone number. This information is collected and used for the purposes of legitimate business interests, such as providing an email newsletter or promotion.

When you click on links in a marketing email, Mail Chimp may collect your device and interaction with an email. They use cookies and other tracking technologies to collect some of this information.

You can update and manage some of this information by editing your email subscription preferences.

You may opt out (unsubscribe) to our marketing program at any time by clicking on this link.

3. Akismet (Automattic)

Our contact forms are checked through an automated cloud anti-spam detection service. The content of the form is submitted to the Akismet service for the sole purpose of spam checking and is NOT stored by the third party. The Akismet service cannot guarantee in which country the spam check will be processed.

Social Media

Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

Embedded content from other websites

Our website may occasionally include embedded content (e.g. videos, interactive maps, social media posts). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

Content on our website from third parties may include YouTube videos, Google maps, and Facebook and Instagram feeds or share widgets.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

If you are a site visitor who lives in Australia, your privacy is protected under the Privacy Act 1988 (“Australian Privacy Act”).

Points which are not already covered in this policy:

  • The act permits us to collect personal information only where reasonably necessary for one or more of our legitimate functions or activities
  • If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information upon your request.
  • If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action.

We may make changes to this privacy policy, which come into effect upon updating this page. We recommend reviewing this privacy policy so you are aware of any changes that affect what you are consenting to by interacting with the website, submitting a query, making a booking or otherwise interacting with us.