Privacy Policy

The New South Wales Masonic Club recognises the importance of your privacy and understands your concerns about the security of your personal information. We are committed to protecting the personal information that we hold about you. This describes generally how we manage your personal information and safeguard your privacy in accordance with the Australian Privacy Principles.

Collecting personal information about you:

As a Club, your personal information must be held in our membership database and is information collected directly from you. As the Castlereagh Boutique Hotel is within the NSW Masonic Club, your personal information will be stored in our reservations system. For example, we may collect personal information about you when you deal with us over the telephone, when you make a reservation or through other correspondence (whether by letter, fax or e-mail), when you visit our web site or when you have contacted us in person.

Generally, the type of personal information we collect about you is the information included in documents such as a membership application form or as required of our hotel reservation system (for example, your name, date of birth, occupation, mailing address, telephone number and email address).

Our disclosure statement:

The New South Wales Masonic Club collects personal information from you for the following purposes:

- to provide our services to you.
- to confirm and process your method of payment.
- to attend to your specific needs in respect of our services.
- to provide you with information about our business and to undertake other marketing activities.

If you do not provide the information requested, we might not be able to provide you with the service requested. If you are our customer, we may disclose your personal information to third party service providers, who assist us in providing services to you. It is not our policy to disclose your personal information to overseas recipients unless required by law to do so. Please see further details on this below.

Using and disclosing your personal information:

We will use and disclose personal information for the primary purpose for which it was collected. We may also use or disclose personal information for purposes related or ancillary to the main reasons we collect it, such as:

- Invoicing,
- Provision of information concerning the services offered by us.

There are situations where we are compelled by law to disclose your personal information to Government Agencies including but not limited to: law enforcement agencies, the Australian Electoral Office or the Australian Taxation Office.

Direct Marketing:

The NSW Masonic Club may use the personal information we collect from you to inform you of upcoming events, offers, competitions, products or services. We may employ a third party to distribute such information. If you do not wish to receive this direct marketing information, please let us know or ‘unsubscribe’ from the electronic offer.

Overseas Transfer of Information:

It is unlikely that we will disclose your personal information overseas. However, if you agree to information being put on our websites then this could be accessed by anyone in Australia and by persons in other countries.

Using the Club’s websites:

The websites and social media sites operated by us may collect personal information for the purposes outlined in this privacy policy. They may also use cookies which is a packet of information that allows The NSW Masonic Club server to identify and interact more effectively with your computer.
Any information collected as a result of your use of websites operated by us will be handled in accordance with this privacy policy. The websites and social media sites operated by us may contain hyperlinks to other websites including those operated by third parties. The links are provided for reference only. We do not have any control over these external websites. We are not responsible for the content on these sites or the privacy practices adopted by these sites.

Access to your personal information:

You have access to the information we hold about you on your behalf and can edit this information at any time when notified.

Accuracy, completeness and up-to-date information:

We take reasonable and responsible steps to ensure that your personal information is accurate, complete, and up-to-date whenever we collect or use it.
If you find that the personal information we hold about you is inaccurate, incomplete or out-of-date, please contact us immediately and we will take reasonable steps to either correct this information, or if necessary, discuss alternative action with you.


We take appropriate steps to protect any personal information that we hold from misuse and loss. We also take all reasonable steps to protect it from unauthorized access, modification and disclosure. We make our employees aware of the sensitive nature of your personal information and only grant them access on a need-to-know basis.


Within designated areas of the NSW Masonic Club, Members, Guests and staff will be subject to video surveillance for security purposes. Details of any suspected and/or actual illegal or undesirable activities taken place on the Club premises may be shared with law enforcement and regulatory bodies such as the Office of Liquor, Gaming and Racing and the Independent Liquor and Gaming Authority.

How to contact us:

If you wish to gain access to your personal information or make a complaint about a breach of your privacy or if you have any query on how your personal information is collected or used or any other query relating to the New South Wales Masonic Club Privacy Policy, please contact the Administration Office during business hours at 169 Castlereagh Street Sydney– Phone: 02 9284 1000 or by Email

Changes to our Privacy Policy:

From time to time it may be necessary for us to review and revise our Privacy Policy. We reserve the right to make changes at any time and we may notify you of those by posting an updated version on our website


Hotel Reception:

1. Data Storage

- Guest contact and credit card details are stored electronically in Choice Advantage Property Management System and the hotel server. Print copies are stored in the Cellar and Reception, both area are either locked or manned 24 hours per day, 7 days per week.
- Data is accessible on site and by Management and Front Desk staff only. Staff must be aware of any non-authorised individuals in any of these areas.
- Offsite access is restricted to any person we elect to share our access to namely our IT Service contractor and Accountant.
- Choice Hotels has external access to the Choice Advantage system for updating and Maintenance requirements.

2. Information Protection

- Username and Password are required for accessing data in Choice Advantage . S. Personal passwords are to be changed every 3 months.
- Login details are not required when accessing email and data stored in Front Desk computers.
- Virus scan is performed in all three Front Desk computers periodically.
- Print copies containing guest credit card details are normally destroyed three months after check-out. Some booking slips are kept up to 24 months in case of commission claim from overseas travel agents.

Hotel & Club Administration:

1. Data Storage

- Members’ personal details are obtained from membership application forms either lodged directly with Administration or online via the NSWMC website. This information is stored electronically in Sanyo Membership software application residing on one of the hotel’s IT network servers. Hard copies of membership application forms are stored in a locked cabinet in the Administration office for a period of 2 years and then transferred to a secure area in the locked Cellar.
- Where Members’ credit card details are kept (ie where payment for subscriptions is made other than via the secure website access or in person at the NSWMC office), such records are maintained in a locked cabinet in the Administration office for 3 months before being transferred to a secure area in the locked Cellar. After a period of 2 years these records are then destroyed.
- Personnel and payroll records are maintained within the Wage Easy payroll software application and hard copies of information are stored in a lockable filing cabinet withinthe Accounts office. This office is locked every night and when the Administration office is unattended. Payroll data is accessible only by the Accounts clerk and the Accountant. The Office area is alarmed at night.
- No information relating to Members or Employees is kept in offsite storage. A back up hard drive is removed each day and kept with the General Manager. This hard drive is rotated each business day.

2. Information Protection

- Usernames and associated passwords are required for accessing data in Sanyo, and is accessible only from the Administration work station. Members’ personal data, including any financial information, is accessible only by Administration staff.
- Usernames and associated passwords are required for accessing data in Wage Easy and is accessible only from the Accounts and Accountant work stations. Employees’ personal data, including any financial information, is accessible only by Accounts staff.
- Usernames and associated passwords are required to access emails relating to Member information, which is stored only on the Administration PC.
- Usernames and associated passwords are required to access emails relating to Employee information, which is stored only on the Accounts PC.
- Payment processing is secure in that credit card and bank account details are not recorded on printed payment receipts or summaries.
- Destruction of records: After the prescribed time-frame for keeping the records on-site, physical paperwork is shredded so that it’s contents can’t be read and discarded off-site in an appropriate manner.

This Clubs Privacy Policy will be reviewed on a regular basis in an effort to take proactive steps to maintain internal practices, procedures and systems that ensure compliance under the Privacy Act and Australian Privacy Principles.

General Data Protection Regulations – for UK or EU Guests:

If you are a resident of the EU or UK you have certain rights and protections under the GDPR regarding the processing of your Personal Data.

We collect, use and store your Personal Data to enable us to provide you with our goods or services and information about them. We rely on the following lawful means of processing your Personal Data:
– Where it is necessary to fulfil a contract with you. This includes where we collect your Personal Data to enable us to send you our goods or provide you with our services.
– Where you have given us valid consent to use your Personal Data. We will rely on that consent and only use the Personal Data for the specific purpose for which you have given consent. This includes where we email newsletters or send mobile phone notifications.
– We may also process your Personal Data where it is to further our legitimate interests which could include usage statistics, analytics and internal analysis so we can improve our services to you.

Your Rights as an EU OR UK Resident

If you are a resident of the EU or UK you have various rights including the:
– Right to be informed;
– Right of access;
– Right to rectification;
– Right to object;
– Right to restriction of processing;
– Right to erasure or to be forgotten;
– Right to data portability; and
– Right not to be subject to automated processing.

If you want to access your Personal Data or ask for the information to be corrected, please contact us. In some circumstances, you also have a right to object to or ask that we restrict certain processing activities or delete your Personal Data. If you would like to limit or request deletion of your Personal Data or exercise any other rights you can do so by contacting us.

Withdrawing Your Consent

You can withdraw your consent to our collection or processing of your Personal Data. You can do so by contacting us or by opting out of email newsletter communications by following the instructions in those emails or by clicking unsubscribe. If you withdraw your consent to the use of your Personal Data, you may not have access to our services and we might not be able to provide you with our services. In some circumstances, where we have a legal basis to do so, we may continue to process your information after you have withdrawn consent. For example, if it is necessary to comply with an independent legal obligation or if it is necessary to do so to protect our legitimate interest in keeping our services secure.

Our Compliance

We comply with the GDPR protection directives set out by the EU and UK regarding the collection, use and retention of Personal Data from EU member countries and the UK. All Personal Data stored on our platform is treated as confidential. It is stored securely and is only accessed by authorized personnel. Our collection is limited in relation to what is necessary, for the purpose for which the Personal Data is processed, and kept only for so long as is necessary for the purpose for which the Personal Data was collected. We implement and maintain appropriate technical, security and organisational measures to protect Personal Data against unauthorized or unlawful processing or use, and against accidental loss, destruction, damage, theft or disclosure. We ensure the encryption and pseudonymisation of Personal Data and we have adequate cyber security measures in place.

Your Acknowledgement

By providing us with your Personal Data, you consent to us disclosing it to third parties who reside outside the EU or UK. We will ensure that those third parties are GDPR compliant.

Should you require any further information, please contact the NSW Masonic Club (incorporating Castlereagh Boutique Hotel ) on 02 9284 1000 or email:

Paul Brasch

General Manager
NSW Masonic Club &
Castlereagh Boutique Hotel.

Policy Last Updated August 2018