1. Information We Collect
1.1 Personal Information
We collect personal information that you provide directly to us, including:
- Contact Information: Name, email address, phone number, postal address
- Travel Information: Travel dates, destination preferences, group size, special requirements
- Payment Information: Credit card details, billing address (processed securely through third-party payment processors)
- Identity Information: Passport details, date of birth, nationality (when required for bookings)
- Communication Records: Emails, phone calls, and other communications with our staff
1.2 Automatically Collected Information
When you visit our website, we automatically collect certain information:
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Information: Pages visited, time spent on pages, click-through rates, referral sources
- Location Information: General geographic location based on IP address
- Cookies and Similar Technologies: See our Cookie Policy for detailed information
1.3 Information from Third Parties
We may receive information about you from:
- Travel partners and suppliers
- Social media platforms (when you interact with our social media accounts)
- Marketing and analytics providers
- Publicly available sources
2. How We Use Your Information
We use your personal information for the following purposes:
2.1 Service Provision
- Processing and managing your travel bookings
- Coordinating travel arrangements with suppliers
- Providing customer support and assistance
- Sending booking confirmations and travel documents
- Managing special requests and accommodations
2.2 Communication
- Responding to your inquiries and requests
- Sending newsletter and promotional materials (with your consent)
- Providing important travel updates and notices
- Conducting customer satisfaction surveys
2.3 Business Operations
- Improving our website and services
- Analyzing usage patterns and trends
- Preventing fraud and ensuring security
- Complying with legal obligations
- Resolving disputes and enforcing agreements
2.4 Legal Basis for Processing (GDPR)
For users in the European Union, we process your personal data based on:
- Contract Performance: Processing necessary for providing our services
- Legitimate Interests: Improving services, preventing fraud, direct marketing
- Consent: Newsletter subscriptions, cookies, and marketing communications
- Legal Obligation: Compliance with applicable laws and regulations
3. Disclosure of Your Information
We may share your personal information in the following circumstances:
3.1 Service Providers
We share information with trusted third-party service providers who assist us in:
- Travel bookings and arrangements (hotels, airlines, tour operators)
- Payment processing and fraud prevention
- Email marketing and communication services
- Website hosting and technical services
- Analytics and marketing optimization
3.2 Legal Requirements
We may disclose your information when required by law or to:
- Comply with legal processes or government requests
- Protect our rights, property, or safety
- Protect the rights, property, or safety of our customers
- Prevent or investigate fraud or security issues
- Enforce our terms of service
3.3 Business Transfers
In the event of a merger, acquisition, or sale of our business, your information may be transferred as part of that transaction, subject to applicable privacy laws.
3.4 Consent
We may share your information for other purposes with your explicit consent.
4. Security of Your Information
We implement appropriate technical and organizational security measures to protect your personal information:
4.1 Technical Safeguards
- SSL encryption for data transmission
- Secure servers with regular security updates
- Access controls and authentication systems
- Regular security monitoring and testing
- Secure payment processing through PCI-compliant providers
4.2 Organizational Measures
- Employee training on data protection
- Confidentiality agreements with staff and contractors
- Limited access to personal information on a need-to-know basis
- Regular review and update of security policies
- Incident response procedures for data breaches
4.3 Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities within 72 hours, as required by applicable laws.
5. Policy for Children
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 without parental consent.
5.1 Parental Consent
If you are a parent or guardian booking travel for a minor, you may provide their information for travel purposes. You represent that you have the authority to provide this information and consent to its use.
5.2 Discovery of Children's Information
If we discover that we have collected information from a child under 18 without parental consent, we will promptly delete such information from our records.
6. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
6.1 Access and Portability
- Request a copy of the personal information we hold about you
- Receive your information in a portable format
- Request information about how we process your data
6.2 Correction and Deletion
- Correct inaccurate or incomplete information
- Request deletion of your personal information (subject to legal and contractual obligations)
- Request restriction of processing in certain circumstances
6.3 Consent and Objection
- Withdraw consent for marketing communications
- Object to processing based on legitimate interests
- Opt-out of automated decision-making
6.4 Australian Privacy Rights
Under the Australian Privacy Act 1988, you have rights to:
- Access your personal information
- Correct inaccurate information
- Make a complaint to the Office of the Australian Information Commissioner
6.5 Exercising Your Rights
To exercise these rights, contact us using the information provided in Section 11. We will respond to your request within 30 days.
7. Third-Party Websites
Our website may contain links to third-party websites, including:
- Social media platforms
- Partner websites and booking platforms
- Tourism information sites
- Supplier websites
We are not responsible for the privacy practices of these third-party websites. We encourage you to review their privacy policies before providing any personal information.
8. International Transfers
Your personal information may be transferred to and processed in countries other than your country of residence, including Australia and other countries where our service providers operate.
8.1 Adequacy and Safeguards
When transferring data internationally, we ensure appropriate safeguards are in place:
- Standard contractual clauses approved by relevant authorities
- Adequacy decisions by relevant data protection authorities
- Binding corporate rules for intra-group transfers
- Your explicit consent for specific transfers
9. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.
9.1 Retention Periods
- Booking Information: 7 years after travel completion for tax and legal compliance
- Marketing Communications: Until you unsubscribe or request deletion
- Website Analytics: 26 months from collection
- Customer Service Records: 3 years from last interaction
9.2 Deletion Criteria
We consider the following factors when determining retention periods:
- Legal and regulatory requirements
- Contractual obligations
- Legitimate business interests
- Customer service needs
- Security and fraud prevention
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.
10.1 Notification of Changes
When we make material changes to this Privacy Policy, we will:
- Post the updated policy on our website
- Update the "last modified" date
- Notify you via email for significant changes
- Obtain your consent where required by law
10.2 Your Continued Use
Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
11. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
11.1 Response Time
We will acknowledge receipt of your inquiry within 5 business days and provide a substantive response within 30 days.
11.2 Complaints
If you are not satisfied with our response, you may lodge a complaint with:
- Australia: Office of the Australian Information Commissioner (OAIC) - www.oaic.gov.au
- EU: Your local data protection authority