Privacy Policy
Read Before Booking
On this page:
- Business Contact Information
- Owner Rez & Data Collection
- Automatic Data Collection
- Method of Data Collection
- Types of Data Collected
- Purpose of Date Collection
- Data Security
- Third-Party Data Sharing
- Cookies & Tracking
- User Rights
- Feedback & Concerns
Fathoms 10 Privacy Policy
Fathoms 10 manages your personal information in accordance with the Privacy Act 1988 and the Australian Privacy Principles (APPs).
Important
Fathoms 10 only uses guest contact details to send communications that are directly tied to a guest's booking activity.
Guest contact details are not used for marketing purposes and guest data is not sold to third parties.
This Privacy Policy explains how and why Fathoms 10 collects and uses your personal information, including:
- What kinds of personal information Fathoms 10 collects and holds
- How Fathoms 10 collects and holds your personal information
- The purposes for which Fathoms 10 collects, holds, uses, and shares your personal information
- How you may access and correct your personal information
Business Information
Registered Business Name: Fathoms 10 Mollymook
PID-STRA-50555 | ABN 69692553262
Website: fathoms10.com.au
CONTACT US
OwnerRez Data Collection
OwnerRez is the property management software that powers the Fathoms 10 website and the booking process.
The software handles bookings, payments, guest communications and staff scheduling.
The OwnerRez booking process is designed with a privacy-first, progressive data collection approach. Only the minimum necessary information is collected at each step.
Minimum data collection
A guest can enter dates/guest counts and view a price without providing any personal information.
Progressive data collection
Name, phone, and email are only collected if the guest chooses to proceed with a booking or inquiry.
No data is saved until booking confirmation Any information entered during the booking process is not saved until the guest presses the final ‘confirm’ button.
Automatic Data Collection
Device & Browser Information
When guests visit the Fathoms 10 website, OwnerRez's servers automatically record information and send cookies.
IP Addresses
OwnerRez collects IP addresses automatically via server logs whenever a guest interacts with the Fathoms 10 website.
IP Address - Renter Agreement Signing
When a guest signs a renter agreement, their IP address is specifically recorded as part of the signed lease record.
IP Address - Indirect Location Data
An IP address can be used to infer a general geographic location (e.g., country or city), but it is not precise GPS-level location data.
Cookies
OwnerRez sends one or more cookies to a guest's browser when they visit the Fathoms 10 website.
These cookies:
- Uniquely identify the guest's browser
- Are used to improve service quality by storing user preferences and tracking user trends
Guests can configure their browser to refuse cookies, but some OwnerRez features may not function properly if cookies are disabled.
Behavioral / Interaction Data
OwnerRez and Fathoms 10 do not collect detailed behavioral data. Google Analytics & Facebook Pixel are not enabled on the Fathoms 10 website.
Method of Data Collection
Automatic Server-Side Collection (Passive)
Every time a guest visits the Fathoms 10 website, OwnerRez servers automatically and silently record:
- IP address
- Browser type & language
- Date & time of the request
- Web request details
- Cookies that uniquely identify the browser
This happens without any action from the guest.
Booking / Inquiry Widget (Active - Guest submits information)
The OwnerRez Booking/Inquiry Widget embedded on the Fathoms 10 website collects guest data progressively:
Step 1 Quote only:
Guests can enter dates and guest counts to get a price without providing any personal info
Step 2 Inquiry/Book Now:
If they proceed, they provide:
- Name
- Email address
- Phone number
- Comments/questions
No personal data is saved until the guest actively clicks ‘Send Inquiry’ or ‘Confirm’.
Guest Forms / Confirm & Pay (Active - During Checkout)
When a guest proceeds to book, they complete the Confirm & Pay which collects:
- Full contact details (name, email, phone, address)
- Names of all guests in the booking party (including children & infants)
- Credit card payment information (securely encrypted)
- Renter agreement signature (with IP address recorded at signing)
- Security deposit hold information
- File uploads - government issued photo ID
Guest Review Form (Active - Post-Stay)
After a stay, guests can submit a review through the Fathoms 10 website, which collects their written feedback and star rating.
Types of Data Collected
Data is collected progressively during the booking process.
Contact Details
The Fathoms 10 guest contact record includes:
- Name, email address(es), phone number(s), and address
- Names of all guests in the booking party (including children & infants)
- Billing/credit card information (stored in encrypted form on secure servers)
- Government-issued photo ID (file upload)
- Renter agreement signature (with IP address recorded at signing)
- Guest review (if submitted)
Browsing/Quote Stage
A guest can enter dates to get a price without providing any personal information at all.
Inquiry or Booking Intent
Once a guest chooses to send an inquiry or proceed with a booking, the following are collected:
- First & last name
- Email address
- Phone number
Confirm & Pay Stage
After the guest signs the renter agreement and presses the ‘Confirm’ button, additional information is saved, which includes:
- Billing/credit card information (stored in encrypted form on secure servers)
- Names of all guests in the booking party (including children & infants)
- Renter agreement signature (with IP address recorded at signing)
- Government-issued photo ID (file upload)
Important: No additional information entered during the booking process is saved by OwnerRez until the guest presses the final ‘Confirm’ button at the end of the process.
Guest Review Form
Fathoms 10 uses OwnerRez to collect and store written guest feedback and star ratings on both the website and booking platforms.
Purpose of Data Collection
Guest contact information is the foundation of every part of the Fathoms 10 booking relationship - from communication and payment to legal and fraud protection and insurance compliance.
Communication
Personal contact information is required to:
- Send booking confirmations
- Deliver check-in instructions
- Send automated messages and reminders
- Communicate any issues before, during, or after the stay
Payment Processing
Credit card and billing information is needed to:
- Collect booking fee payments
- Place a security deposit hold on the guest's card prior to arrival
Government-issued photo ID (file upload)
Collecting a government-issued photo ID helps confirm that the guest is who they say they are.
This protects Fathoms 10 against:
- Identity fraud - guests booking under false identities
- Chargeback fraud - disputed payments from fraudulent bookings
- Problem guests - those who may cause damage or disturbances
Renter Agreement Signing
Guest name and contact details are required to:
- Populate the renter agreement with the guest's identity, making it a legally enforceable contract
- Identify who agreed to the Fathoms 10 terms and conditions
Accurate Guest Records & Repeat Business
Maintaining accurate guest records (name, email, phone, address) ensures:
- Seamless communication throughout the booking lifecycle
- The ability to identify and re-engage repeat guests
- Organised records for reporting and business operations
Guest Review Form
Collecting and storing reviews in OwnerRez allows fathoms 10 to retain ownership of an important business asset.
Note: Fathoms 10 does not:
- Use guest contact details for marketing or promotional purposes
- Sell guest data to third parties
Data Security
Protecting Guest Information & Payment Details
PCI Compliance & Payment Security
OwnerRez is fully PCI compliant and PCI certified - meaning it meets the global Payment Card Industry Data Security Standard (PCI DSS) for handling cardholder data.
Key payment security measures include:
- Credit card details are encrypted in transit and at rest
- Data is transmitted securely via HTTPS using TLS
- Cardholder data is stored in a token vault database using strong encryption
- Payment details are sent to payment processors via dedicated IPSec VPN tunnels or site-to-site VPN connections
- No Sensitive Authentication Data (SAD) is stored post-authorization
- Only the payment token and transaction status are retained after a transaction is complete
- Data Backups
- All data is backed up nightly by two independent backup services
- Each backup is stored in a separate physical location to protect against disasters (e.g., floods, fires)
- Data associated with active accounts is maintained for as long as the account remains active
- Credit Card Responsibility
As a Host, Fathoms 10 is not responsible for storing or managing credit card data.
Once a payment is submitted:
- The credit card information is handled entirely by OwnerRez and the connected payment processor - Stripe
- It is stored on private, secure, encrypted databases
- It is conveyed over secure channels to financial institutions
- General Data Security
- Internal reviews of data collection, storage, and processing
- Physical security measures to guard against unauthorized access
- Access to personal information is restricted to OwnerRez employees, contractors, and agents who need it - all bound by confidentiality obligations
- Violations of confidentiality obligations can result in termination and criminal prosecution
- Regular Audits
OwnerRez undergoes regular PCI compliance audits to ensure systems and processes remain secure and up to date.
Third-Party Data Sharing
Fathoms 10 uses OwnerRez to share guest data with the following third-parties:
Touch Stay - Digital Guidebook
Touch Stay is the digital guidebook platform that helps Fathoms 10 share property information with guests via SMS automatically. It replaces printed welcome books with a mobile-friendly guide containing check-in instructions, house rules, Wi-Fi details, local recommendations, and more.
Data Sharing Between OwnerRez & Touch Stay
After booking confirmation guest contact details are shared with Touch Stay to enable booking related SMS communication regarding:
- Guest digital guidebook links
- Booking reminders
- Check-in/check-out reminders
- Access codes
How Guest Details Are Shared
Owner Rez shares guest and reservation data with Touch Stay via webhooks for near real-time updates.
Standard fields shared with every booking:
- Guest name
- Guest email address
- Guest phone number
- Reservation check-in date & time
- Reservation check-out date & time
If a guest would prefer to receive communication regarding their stay via email they are encouraged to contact Fathoms 10 before booking.
What Touch Stay Does Not Receive
Touch Stay does not receive payment details, credit card information, or any financial data from OwnerRez.
Stripe - Payment Processor
Stripe is the payment-processing software Fathoms 10 uses to accept booking payments and is required to be PCI-compliant to integrate with OwnerRez.
Data Sharing Between OwnerRez & Stripe
When a guest makes a payment, the following cardholder details are transmitted securely from OwnerRez to Stripe:
- Name
- Billing address
- Primary account number (PAN)
- Card expiration date
- Card validation value (CVV2, CVC2, CID)
This data is transmitted via HTTPS using TLS and sent to Stripe through dedicated IPSec VPN tunnels or site-to-site VPN connections.
How the Data is Protected in Transit
After authorisation, only the payment token and transaction status are stored - no Sensitive Authentication Data (SAD) is retained post-authorization
OwnerRez uses a token vault database with strong encryption to store cardholder data
Stripe stores the card as a token - the raw card number is never stored by OwnerRez. This supports Stripe Radar and European 3DS2 requirements. However, once tokenized, the card cannot be used with a different processor.
Important: Fathoms 10 is not responsible for storing or managing credit card data - this is handled entirely by OwnerRez and Stripe.
Cookies & Tracking
Cross-Domain Tracking Cookies
Cross-domain cookies are used to track guest sessions across the Fathoms 10 site and the OwnerRez booking/quote pages.
If a guest has third-party cookies blocked in their browser, sessions will not be tracked across domains - resulting in separate sessions instead of one continuous tracked journey.
Minimizing Cookie Tracking
To minimize cookie tracking Google Analytics & Facebook Pixel are not enabled on the Fathoms 10 website.
Email Open Tracking
OwnerRez tracks whether guests have opened emails sent through the platform. This is a standard email tracking method that typically uses a tiny invisible standard tracking pixel embedded in the email (not a browser cookie).
Guests can effectively prevent this tracking by:
- Using an email client that blocks tracking pixels by default
- Disabling automatic image loading in their email client - since tracking pixels are loaded as images, blocking images prevents the open from being recorded
- Using privacy-focused email apps or browser extensions that block trackers
Google Vacation Rentals (GVR)
If a stay is booked through Google Vacation Rentals, Google uses industry-standard cookies for tracking as part of their platform. Guests interacting with GVR are subject to Google's own cookie policies and consent mechanisms.
User Rights
How Guests Can Access, Correct, or Delete Their Data
Guests have the right to seek the correction of any personal information Fathoms 10 might have about them. However, guests do not have a self-service portal within OwnerRez to manage their own data. Instead, this is handled by the Host on their behalf.
Fathoms 10 will take all reasonable steps to make appropriate corrections to personal information so that it is accurate, complete, and up to date.
Note: Deletion requests are subject to the Fathoms 10 record-keeping obligations.
To seek correction of your personal information please contact us.
Feedback & Concerns
If you would like to provide feedback, raise a concern, or if you believe Fathoms 10 has breached the Privacy Act, please contact us. Fathoms 10 will attend to all questions and concerns in accordance with the Privacy Act.
If you are not satisfied with our response, or you believe that Fathoms 10 is in breach of the APPs, you can make a complaint to the Privacy Commissioner at the Office of the Australian Information Commissioner (OAIC).
The OAIC can be contacted on 1300 363 992 or at www.oaic.gov.au.
Policy Created: 08/04/2026