Privacy Policy

The Balgowlah Bowling Club Ltd (ABN 24 000 148 443)
Bareena Drive, Balgowlah Heights NSW 2094
thebally.com.au
Effective date: 7 May 2026  |  Last updated: 7 May 2026

1. About this Privacy Policy

The Balgowlah Bowling Club Ltd (the Club, we, us, our) is committed to managing personal information in an open and transparent way. This Privacy Policy explains how we collect, hold, use and disclose personal information, and how you can access and correct your personal information or make a privacy complaint.

This Privacy Policy is intended to align with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth).

2. What is "personal information"?

"Personal information" generally means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

3. What personal information we collect and hold

The kinds of personal information we collect and hold may include:

(a) Members and prospective members

  • Name, contact details (email, phone, address)
  • Date of birth and membership details (including membership number and status)
  • Communications with us (including via membership communications tools)
  • Attendance and participation in Club activities, events and competitions

(b) Visitors and guests (including venue entry/sign-in)

  • Name and contact details (where collected through sign-in systems)
  • Visit details (date/time of entry)
  • Other information required for venue entry compliance and incident management

(c) Bookings, functions and events

  • Name and contact details
  • Booking details and preferences
  • Communications with us about your booking or function

(d) Online ordering and loyalty

  • Name and contact details
  • Order history and loyalty participation details (where applicable)

(e) Employees, contractors and volunteers

  • Contact details and employment-related information
  • Rostering and payroll-related information (as applicable)
  • Communications and records relating to the engagement
Note: Some acts and practices relating to "employee records" may be treated differently under the Privacy Act.

(f) Safety, compliance and incident reporting

  • Incident reports and related information (for example, details of an incident, witnesses, and actions taken)

(g) CCTV and security

  • CCTV footage and images of individuals at or around our premises (which may be personal information if individuals are identifiable)

(h) Website and online activity data

When you use our website, we (and third parties we use) may collect information such as:

  • Device identifiers and online identifiers
  • IP address, browser type, pages visited, and interactions with our website
  • Cookie and analytics data (including via Google Analytics and Squarespace analytics)
  • Advertising/remarketing data (for example, via Meta pixels and similar technologies)

4. How we collect personal information

We collect personal information in a range of ways, including:

  • Directly from you when you sign up for membership, make a booking, place an order, join a loyalty program, contact us, or interact with us online
  • Through our service providers and platforms used to operate the Club (see section 7)
  • Through CCTV and security systems at our premises
  • Through our website, cookies, analytics tools and advertising/remarketing technologies

5. Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information for purposes including:

  • Membership administration and communications
  • Venue entry compliance, Club rules, and incident management
  • Bookings, events, functions, competitions and related communications
  • Providing services to you (including online ordering and loyalty services)
  • Direct marketing and promotions (see section 10)
  • Employment, contractor and volunteer management
  • Security and safety (including CCTV)
  • Legal and regulatory compliance and responding to regulators or law enforcement requests

6. What happens if you don't provide personal information?

If you do not provide personal information when requested, we may not be able to:

  • Process your membership application or manage your membership
  • Accept or manage your booking or function enquiry
  • Provide certain services (including online ordering/loyalty participation)
  • Respond to your enquiry or complaint

7. Who we disclose personal information to

We may disclose personal information to third parties where necessary for the purposes set out in this Privacy Policy, including:

(a) Our key service providers

  • Membership management and member communications: CherryHub (now trading as Ralle Pty Ltd) including CherryChat
  • Visitor sign-in: VenueScan Pty Ltd
  • Online ordering and loyalty: Bite Business Pty Ltd
  • Workforce management: Tanda
  • Safety and incident reporting: SafetyCulture Pty Ltd
  • Restaurant and event bookings: NowBookit
  • Function bookings: Studio Ninja
  • Point of sale / payments: Lightspeed
  • Website hosting and forms: Squarespace
  • Social media and advertising/remarketing: Meta (and related advertising tools)
  • Networking and Wi-Fi management: Unifi
  • CCTV systems and support: Geutebrück and Axis Communications

(b) Professional advisers and other recipients

We may also disclose personal information to:

  • Our professional advisers (for example, insurers, auditors, accountants and lawyers)
  • Contractors who provide technical support (for example, CCTV or IT support) where required
  • Regulators, government agencies, and law enforcement where required or authorised by law, or where reasonably necessary (for example, police requests relating to incidents)

8. Overseas disclosures

Some of our third-party service providers may store, process or access personal information outside Australia (for example, where they use cloud hosting, support teams, or data centres located overseas).

Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place, such as contractual protections, access controls and security measures, and we only disclose personal information for the purposes described in this Privacy Policy.

Because we use a range of service providers and their hosting locations may change over time, it may not be practicable for us to specify all countries in which overseas recipients are located.

9. CCTV and security

We use CCTV at and around our premises for security, safety, incident management and compliance purposes. Personal information collected through CCTV is handled in accordance with the APPs.

Monitoring and access: CCTV may be monitored live and recorded. Footage may be accessed by authorised personnel and, where necessary, by contractors providing technical support. Footage may also be provided to police or other authorities on request where required or authorised.

Retention: CCTV footage is generally retained for approximately 30–60 days, unless it is required for an investigation, incident, complaint, insurance matter, or legal/regulatory purpose (in which case it may be retained for longer).

Employee notice (NSW): Separate to this Privacy Policy, NSW workplace surveillance laws may require written notice to employees before workplace surveillance commences and specify what that notice must include.

10. Direct marketing

We may use your personal information to send you information about Club news, events, promotions and offers (for example, via email and SMS), including through our membership communications tools and booking platforms.

You can opt out of receiving direct marketing at any time by:

  • Using the unsubscribe/opt-out function in the message; or
  • Contacting us using the details in section 14

We do not use purchased third-party marketing lists. We generally market to members and people who have booked with or enquired with the Club.

11. Website, cookies, analytics and remarketing

We use cookies and similar technologies on our website, including:

  • Squarespace analytics and Google Analytics to understand how visitors use our website; and
  • Remarketing/advertising pixels (including Meta pixels, and potentially Google Ads in future) to measure advertising performance and show relevant ads

The Office of the Australian Information Commissioner (OAIC) expects organisations to clearly disclose their use of third-party tracking pixels in their privacy policy, including the kinds of personal information collected and the purposes for which it is handled.

You can manage cookies through:

  • Our cookie banner/consent tool (where available); and/or
  • Your browser settings (noting that disabling cookies may affect website functionality)

12. Guest Wi-Fi

If you use our guest Wi-Fi, our network systems may collect technical information such as device identifiers and connection logs for security, troubleshooting and network management purposes. At present, we do not generally require you to provide your name or email address to access guest Wi-Fi, but this may change in the future.

13. Use of AI tools

From time to time, we may use third-party AI tools in a closed and controlled way to assist with internal tasks such as drafting communications, summarising feedback, or analysing trends in incident reports.

We have processes intended to prevent staff from inputting personal information into these AI tools. Where AI-assisted outputs are used, they are subject to human review.

Where the Privacy Act applies, the OAIC has published guidance on privacy considerations when using commercially available AI products.

14. How you can access and correct your personal information

You may request access to personal information we hold about you and request correction if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading.

To make a request, please contact our Privacy Officer using the details below. We may need to verify your identity before providing access or making corrections.

15. Privacy complaints

If you have a complaint about how we have handled your personal information, please contact our Privacy Officer. Please include as much detail as possible so we can investigate.

We will acknowledge your complaint and aim to respond within a reasonable time (generally within 30 days).

If you are not satisfied with our response, you may be able to complain to the Office of the Australian Information Commissioner (OAIC).

16. How we hold and secure personal information

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.

We use cloud-based systems and apply access controls such as multi-factor authentication (MFA) where available.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version will be published on our website and will show the effective date.

18. Contact us (Privacy Officer)

Privacy Officer: Secretary Manager – Tony Wagener
Email: contact@thebally.com.au

/p>