Make sure you collect accurate personal information of your customers and be careful how you use it
A weekend crackdown by Health and Safety Inspectors across 410 licensed venues and hospitality premises in NSW has resulted in $50,000 worth of penalty infringement notices for breaches of COVID safety.
Most of those breaches were due to the non-existence, or poorly prepared COVID-19 Safety Plans. This included the failure by venues to obtain the correct personal information of customers when they ‘check-in’ to a venue.
Collection of Personal Information
Under the Public Health (COVID-19 Restrictions on Gathering and Movement) Order (No 4) 2020, it is now mandatory to have a COVID-19 Safety Plan for all hospitality venues in NSW and register as a COVID Safe Business.
As a requirement of the Safety Plan:
- Venues must have a designated COVID-19 Safe Hygiene Marshall (this can be an employee at the entrance) to collect contact details off customers and ensure the details are correct. This information must be retained for at least 28 days. It is not enough to just have a sign, contactless code to scan with a smartphone and/or sign-in notepad at the entry point of the venue.
- Paper sign-in is permitted, however hospitality venues must create a digital record of customer contact details within 24 hours and provide it immediately if requested.
- The NSW Public Health strongly encourages venues use the contactless QR Code: https://www.nsw.gov.au/covid-19/covid-safe-businesses/qr-codes-and-contactless-record-keeping
Privacy - can your business use the personal information collected?
NSW Public Health provides that it is the responsibility of the venue to obtain effective consent from visitors on the collection of their personal information and ensure that information is confidentially and securely stored. The information cannot be used other than for the purpose of the Public Health Order.
However, the venue may use the personal information for alternative purposes (such as marketing and research) if consent is obtained from a customer.
Many venues have opted to include an interactive box as part of the contactless check-in process which customers may tick to provide consent for the venue to use their personal information for alternative purposes. For more information on Privacy Policies click here.
What are the Penalties?
Whilst it has not yet reached this level, businesses face fines of up to $55,000 and a further $27,500 penalty may apply for each day an offence continues.
From what we are seeing at this stage, a first offence will invoke a $5,000 fine and further breaches will result in additional fines and a temporary closure of the premises.
Sample Privacy Notice
To reduce any resistance from patrons in providing their personal information and to provide confidence in how that information is being used, we have prepared a sample “Privacy Notice” which we recommend and welcome hospitality businesses to display on their premises so that it is visible to customers upon entry (Sample Privacy Notice).
If you have any questions about your obligations or if you want to be able to use the personal information collected during COVID for other marketing purposes, call us for a Free Case Evaluation.