Privacy Policy of The Grace Hotel Sydney

The Grace Hotel (part of the Federal Hotels International (FHI) Group) and each of its related entities (together “The Grace, we, us, our”) understand your concern about the privacy of their information when collected by us.

At The Grace, the security of your personal information is very important to us. Our Privacy Policy describes how we treat any Personal Information that we receive. It outlines the type of Personal Information we collect, how that information may be used, to whom we permit access and how we protect that Personal Information. Our Policy is part of our ongoing commitment to the protection of your privacy.

We are bound by and act in accordance with the Privacy Act 1988 (including the Australian Privacy Principles (APP’s)). This dedication extends to information or opinions that are collected about an individual in circumstances where their identity can reasonably be determined. We also recognise and acknowledge the European Union’s General Data Protection Regulation (‘GDPR’) and, even though it is unlikely that The Grace needs to be GDPR compliant, we are committed to ensuring the security and protection of the Personal Information that we process, and to provide a compliant and consistent approach to data protection.



Information you provide helps us to know and serve you better, which is part of our mission to provide consistent quality service to our guests.

The types of information we gather are:

  • Personal Information means any information (or an opinion) about you from which your identity is apparent, or can be reasonably ascertained. This includes most information that is stored with or linked to your name, address, or other identifying features. personal information may also include Sensitive Information.
  • Sensitive Information is a subset of Personal Information and includes (but not limited to) information relating to your health. We rarely collect such information, but it may be necessary if a guest has particular health or personal needs.



We collect your personal information in a variety of ways. These include:

  • Information You Give Us: We receive and store information you enter on our website or give us in any other way. You may choose not to provide certain information, but then you might not be able to take advantage of many of our features. We use the information that you provide for such purposes as reserving a room or any other products we may offer, responding to your requests, customising your preferences and communicating with you.
  • Automatic Information: We receive and may evaluate certain types of information whenever you interact with us. For example, like many websites, we obtain certain types of information when your Web browser accesses or
  • E-mail Communications: We use e-mail addresses for promotional purposes but we will provide you with the option not to receive such mailings, both in each promotional mailing and on this website. You will, however, receive an auto-generated e-mail confirmation when making a reservation on the Internet, and occasionally from our reservation sales agents for inquiries related to a booking you have made for any of our services and products.
  • Information from Other Sources: For reasons such as improving the personalisation of our services (for example, providing recommendations or special offers that we think will interest you), we might receive information about you from other sources and add it to your existing information.
  • Social Media: We may collect certain information from your social media account consistent with your social media settings, when you take part in any social media activities sponsored by the FHI Group. You may also be subject to the privacy policies of these social media sites and the FHI Group shall not be responsible for your activities on these social media sites.
  • Competitions: In the event you participate in FHI Group’s promotions, contests or sweepstakes, your name, electronic mail address and other personal information will be collected for participation, identification and notification purposes.
  • Travel agents and booking websites: Travel agents, authorised persons who book accommodation for you and online booking sites, also supply us with your personal data so that we can provide you with the required services.



Your personal information may be used to:

  • identify you and to assist you to subscribe to our Website services more easily;
  • provide the services you require;
  • administer and manage those services, including charging, billing and collecting debts;
  • gain an understanding of your information and communication needs in order for us to provide you with better, more personalised services that are tailored to your needs;
  • inform you of ways the services provided to you could be improved;
  • conduct appropriate checks for credit-worthiness and for fraud;
  • research and develop our services using third party services;
  • maintain and develop our business systems and infrastructure, including testing and upgrading of these systems;
  • inform you of matters about which we believe you may have an interest;
  • notify you of our service offerings from time to time; and
  • provide or potentially offer our services, provide information about our services, perform our administrative and marketing operations, comply with legislative and regulatory requirements, direct marketing by us or our related companies, conduct market research or customer satisfaction research and identify services that may be of interest to you.

We will not use your personal information for any purpose which is not related to services we provide or may offer to you or to the functionality of our Website. We will not use your personal information in a manner contrary to this policy, or in a manner not contemplated in this policy, without your prior consent.



Some websites store, as do and, information in a small text file, called a “cookie” on your hard disk.

If you use our Websites or any online facility we confirm that we may utilise tracking software and cookies. Cookies are pieces of information that a web site can transfer to an individual's computer hard drive for record keeping and allows websites to recognise a user’s device. A cookie will contain the name of the internet location (the domain) from which the cookie has come from and the lifetime of the cookie (a cookie will usually expire after a period of time). Cookies can make using our websites easier by storing information about your preferences on a particular website. This will enable you to take full advantage of the services we offer. The use of cookies is an industry standard and you'll find most major websites use them.

Two types of cookies may be used on our websites:

  • Session cookies which are temporary cookies that remain in the cookie file of your browser until you leave the site; and
  • Persistent cookies which remain in the cookie file of your browser for much longer (though how long will depend on the lifetime of the specific cookie).

Session cookies 
We use session cookies to allow you to carry information across pages of our site and avoid having to re-enter information.

Persistent cookies 
We may use persistent cookies:

  • from time to time to help us recognise you as a unique visitor when you return to our Websites and to monitor your use of our Websites;
  • to allow us to link you to any of our partners or affiliates should you come to our Websites through a paid advert or banner on a website of an affiliate or partner.
  • Most Internet browsers are pre-set to accept cookies. If you prefer not to receive cookies, you can adjust your Internet browser to disable cookies or to warn you when cookies are being used. 



Some of our web pages may contain web beacons which allow us to count users who have visited web pages. Web beacons collect only limited information including a cookie number, time and date of a page view, and a description of the page on which the web beacon resides. These beacons do not carry any personally identifiable information and are used to track the effectiveness of a particular marketing campaign.



Information about our guests is important for us in order to provide you with maximum comfort and the legendary experience of staying in The Grace. We may therefore share information amongst the FHI Group but we will not sell or give away any information to third parties.



Your personal information is also collected to promote and market to you other services provided by third parties which we consider may be of interest to you. Before we do so, we will provide you with an opportunity to give us permission to release your details to third parties for marketing or promotional purposes (such as promotional email offers), via an opt-in mechanism. That is, we will send you such material only if you elect to receive it or if it is provided to you in response to your request. You may also notify us at any time that you do not wish to receive marketing or promotional material from third parties by calling us [612] 9272 6888 or by using the Contact Us page to send your request via email.

We will use and disclose information for the primary purpose for which it was collected. We may also use and disclose personal information for purposes that are related or ancillary to the main reasons we collect it. For example, we may use your personal information for the purpose of providing you with information about other services offered by us. We may also be required, by law, to disclose personal information to law enforcement officers or other persons.

For the purposes set out above (under “How we use your personal information”) we may disclose your personal information to organisations outside the FHI Group. Where appropriate, these disclosures are subject to privacy and confidentiality protections. The organisations to which we usually disclose information include:

  • your representatives (eg your authorised representatives or legal advisers);
  • Customer review websites
  • credit-reporting and fraud-checking agencies; our professional advisers, including our accountants, auditors and lawyers;
  • government and regulatory authorities and other organisations, as required or authorised by law;
  • organisations involved in;
    - a transfer/sale of all or part of our assets or business (including accounts and trade receivables); and
    - managing our corporate risk and funding functions; and
  • our related companies.

From time to time we may also engage third party contractors to perform some of the services that are listed under the heading “How we use your personal information” above. In these circumstances we prohibit the third party contractor from using personal information about you except for the specific purpose for which we supply it. They must also comply with the Privacy Act 1988.



We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL), which encrypts information you input and which is certified by the Secure Server Certification Authority. We reveal only the last four digits of your credit card numbers when confirming a reservation.Of course, we transmit the entire credit card number to the appropriate credit card company for verification.

It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when you have finished using a shared computer.  We will take all reasonable steps to protect the information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. When information is no longer needed we will destroy or de-identify it.

We require our employees to protect the confidentiality of information as required by applicable law. Access to information by our employees is limited to administering, offering, servicing, processing or maintaining of our products and services. We also maintain physical, electronic and procedural safeguards designed to protect information. When we share or provide information to other persons or organizations, we contractually obligate them, if required by law, to treat information as confidential and conform to our privacy policy and applicable laws and regulations.

If a breach of security arises, we shall comply with the Mandatory Disclosure laws set out in the Privacy Act 1988. 


9. WHAT INFORMATION CAN I ACCESS? gives you access to your own profile, which you may access via login, i.e., with your e-mail address, and a self-defined password. You may, and we kindly request you to do so, update that information, if required. Information about you that you may access are:

  • Your Name, Address and Contact Details and any other personal details we may have stored; and
  • Your Room Requests that you previously entered on the Internet.
  • Your Credit Card details that you previously used, of which only the last 4 digits of the number is shown at all times.

We can also correct your information if we are satisfied that it is incorrect. If your have a request for further information, and the request is particularly complex or requires detailed searching of our records, there may be a reasonable cost to you in order for us to provide this information.

There are some circumstances where we can refuse to give access to information. These include where given access to the information would:

  • (a) pose a serious threat to the life, health or safety of an individual or the public,
  • (b) have an unreasonable impact on the privacy of others; or
  • (c) be frivolous or vexatious.

The other exceptions are detailed the Australian Privacy Principles.

For security reasons, a request for any information (other than that contained on your own online profile) should be made in writing. You may be asked to provide proof of identify.


We retain your personal information only for the period necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by applicable law.



We never disclose personal information that we collect to a third party for the purpose of allowing them to direct market their products and services unless you have given us your permission to do so.



By accepting our services, you expressly permit the FHI Group to use your personal information for our direct marketing purposes and the purposes expressly set out in this policy. You further consent to our use of your information to keep you informed of the launching of new products and services by email, fax, social media or letters and undertaking other marketing or service based activities. You may opt out of any of these direct marketing services at any time.



We may share your personal information with the FHI Group around the world. We may also use Software as a Service (Saas), Cloud, Cloud computing or other technologies from time to time and your information may be stored outside Australia. We will not transfer personal information to a recipient in a foreign country unless we have appropriate protections in place as required by the relevant privacy laws. 



All copyright and other intellectual property rights in the form of text, images, sound, software and other materials on this site are owned by Federal Hotels International Sdn Bhd (“FHISB”) and The Grace and affiliated Companies or are included with permission of the relevant owners. References to affiliates or associates shall include the FHI Group.

You are welcome to browse this site and to reproduce extracts from it, for your information and for noncommercial and personal purposes only. The material on this site may not be modified or incorporated in any other work, publication or site without the prior written agreement of FHISB and The Grace. 



The information and material contained in this site are for general references only. FHISB and The Grace disclaim any warranty or representation of any kind, express or implied, as to any matter whatsoever relating to this site or any Linked Site. To the fullest extent allowed by law, FHISB and The Grace shall accept no responsibility or liability in respect of any loss or damages howsoever arising herein.



There may be third party websites linked to the FHI Group’s websites. We will not be responsible for any information contained on such websites and any activities conducted on such websites shall be at your own risk and will be subject to the privacy policies of the websites concerned.


Other than personal information, FHISB and The Grace shall be free to reproduce, use, disclose and distribute your communications to us onto third parties and to use any ideas, concepts, know-how or techniques contained in those communications for any purpose whatsoever. Communications include but are not limited to feedbacks, questions, comments, suggestions and the likes.



If you have a complaint regarding our management of your privacy you may access our internal dispute resolution (IDR) process by contacting us. The process will be as follows:

Upon receipt of any such complaint, The Grace will:

  • (a) use a process that is accessible, flexible and timely and done in accordance with the principles set out in the Privacy Act;
  • (b) focus on maximising the opportunity for the complainant and The Grace to work together to achieve a successful resolution to the complaint;
  • (c) strive to identify and address any systemic issues that may arise through the lodgement of the complaint and rectify or deal with such issues to prevent their recurrence in the future.
  • (d) At first instance you should contact us requesting a resolution. We will appoint a person to assist you with your complaint.
  • (e) If the matter cannot be resolved you may ask him or her to refer it to the General Manager to engage the IDR process which may take up to 20 twenty business days to make a decision.
  • (f) You will be notified of our decision. If you remain dissatisfied with the outcome, we will also inform you of your right to take this matter to the Office of the Australian information Commissioner (OAIC).
  • (g) You have 12 months from the date you became aware of your privacy issue to lodge your complaint with the OAIC. The contact details of the OAIC are:

    Office of the Australian information Commissioner
    GPO Box 2999
    ACT 2601
    Telephone: 1300 363 992Website:



We may from time to time update this Privacy Policy in accordance with new laws and technology or changes to our operations or practices. If we change this Privacy Policy, we will post these changes on our website so our users are always aware of what information we collect, how we use it, and the circumstances under which we disclose it.


Your personal data will be managed by our dedicated Data Protection Officer who will be happy to answer any concerns or queries you may have relating to the use or storage of your personal data. Our Data Protection Officer can be contacted at: or

If you have a concerns about how we deal with privacy issues you can contact our Privacy Officer or the Office of the Australian Information Commissioner: