Last updated: 19 December 2025

1) Who we are

This Privacy Policy explains how The Oasis Apartments & Treetop Houses (“we”, “us”, “our”) collects, uses, stores and discloses personal information.

Contact details

• Email: managers@byronoasis.com.au
• Address: 24 Scott Street, Byron Bay NSW 2481, Australia
• Phone: 02 6685 7390
• Business name / entity: Galkor Management Pty Ltd ATF Gallagher O’Reilly Trust
• ABN: 24 451 533 655

2) What personal information we collect

The personal information we collect depends on how you interact with us (booking, staying as a guest, visiting the property, contacting reception, using Wi-Fi, etc.). It may include:

Guest/booking information

• Name, email, phone number, address (sometimes)
• Booking details (dates, room type, guest numbers, special requests)
• Payment information: We use a PCI-DSS compliant system (Resly) to process payments. We do not store full credit card numbers on our local servers or files. Payment details are tokenized (replaced with a secure encrypted reference code) by our payment gateway. We may retain the last 4 digits and expiry date for verification.
• Identity verification details (where required for security or compliance)
• Vehicle registration (where parking management or security requires it)
• Communications with us (emails, messages, call notes)

During your stay

• Incident reports (e.g., maintenance issues, noise complaints, damage, safety incidents)
• Preferences you provide (e.g., accessibility needs)
• Access/entry information if you use smart locks or access codes (where applicable)

Website and Wi-Fi (if used)

• Website usage data (IP address, device info, pages visited, cookies)
• Wi-Fi details (device identifiers and connection logs) to operate and secure the network

CCTV

• Images/video of people in common areas (see section 8)

If you do not provide required information, we may not be able to process your booking or provide certain services.

3) How we collect personal information

We collect personal information:

• Directly from you (phone, email, web forms, in-person, booking enquiries)
• Through booking platforms and agents (e.g., online travel agencies and channel managers)
• From payment providers when processing payments
• From our service providers involved in delivering accommodation services (e.g., IT, security, maintenance systems)
• From publicly available sources only where relevant and lawful (rare)
• When required or authorised by law (e.g., responding to lawful requests)

If you provide us personal information about other people (e.g., additional guests), you confirm you have their permission to do so.

4) Why we collect, use and disclose personal information

We collect and use personal information to:

• Process reservations, check-in/check-out, provide accommodation and guest services
• Communicate with you about your booking, stay, or enquiries
• Take payments, manage refunds, and handle invoices and accounting
• Manage property operations (maintenance, housekeeping scheduling, keys/access, parking)
• Maintain safety and security (including CCTV in common areas)
• Handle complaints, incidents, disputes, and insurance matters
• Meet legal and regulatory obligations
• Improve our services and guest experience
• Send service messages (e.g., important arrival or safety information)
• Marketing: We may send marketing only where permitted (for example, where you have opted in or where the law allows). You can opt out at any time using the unsubscribe method provided or by contacting us.

5) Who we disclose personal information to

We disclose personal information only as needed to run the accommodation and comply with the law. This may include:

• Booking platforms and channel managers you used to book (or that process booking data)
• Payment processors and banks to process payments and refunds
• Service providers such as IT support, cloud hosting (e.g., Resly), security/monitoring providers, guest messaging tools, and maintenance systems
• Housekeeping and maintenance contractors (limited to what they need to do the job)
• Insurers, legal advisers, accountants (where required for claims, disputes, or compliance)
• Law enforcement or regulators where required or authorised by law
• Emergency services where needed to protect health and safety

We take reasonable steps to ensure service providers handle personal information securely and only for authorised purposes.

6) Overseas disclosure

Some of our suppliers (for example, booking platforms, email services, cloud hosting, payment processors, CCTV or messaging software) may store or process data outside Australia.

Where we disclose personal information overseas, we take reasonable steps to ensure it is handled in a way that is consistent with Australian privacy requirements (for example, by using reputable providers and contractual protections where appropriate).

7) How we store and protect personal information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Measures may include:

• Access controls and role-based permissions within our property management system (Resly)
• Multi-factor authentication where available
• Secure systems and encrypted connections where appropriate
• Limiting access to personal information to staff/contractors who need it
• Staff/contractor confidentiality obligations
• Secure disposal of records when no longer required

While no system is perfectly secure, we implement industry-standard security measures and protocols to protect your information.

8) CCTV in common areas

We use CCTV in certain common areas to support safety, security, and incident investigation.

• CCTV is not used in private areas (e.g., inside apartments, bathrooms, or other areas where privacy is expected).
• Signs are displayed where CCTV operates.
• Access to CCTV footage is restricted to authorised personnel.
• Footage may be reviewed and retained for security and incident management and may be provided to insurers or law enforcement where required or authorised by law.

9) Data retention

We keep personal information only as long as needed for the purposes set out in this policy, unless we are required by law to keep it longer (e.g., tax, accounting, or dispute resolution obligations). When no longer required, we take reasonable steps to securely destroy or de-identify it.

10) Access and correction

You can request access to the personal information we hold about you and request corrections if it is inaccurate, out of date, incomplete, irrelevant, or misleading.

To request access or correction, contact us using the details in section 1. We may need to verify your identity before processing your request. In some cases, we may refuse access where lawful (for example, where providing access would unreasonably impact another person’s privacy).

11) Complaints

If you have a privacy concern or complaint, please contact us and provide details of the issue. We will:

1. Acknowledge your complaint,
2. Investigate it, and
3. Respond within a reasonable timeframe.

If you are not satisfied with our response, you may be able to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

12) Updates to this policy

We may update this Privacy Policy from time to time. The current version will be available on request and/or on our website (if published there), with the updated date shown at the top.