PRIVACY POLICY – PERSONAL INFORMATION

In this document “TTA”, “we” or “us” means The Travel Authority Pty Ltd ABN 66 107 889 707 t/a ATPI Cruse and Travel.

TTA complies with the Australian Privacy Principles (“APPs”) as contained in the Privacy Act 1988 (Cth).  The APPs detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them.

Personal information is information or an opinion about an identified individual, or about an individual who is reasonably identifiable.

Sensitive information, a sub-set of personal information, is information or an opinion about an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.  In some circumstances it may be necessary for us to collect sensitive information.

This policy details how TTA manages personal information about you. We may update this policy from time to time. A copy of the up-to-date policy may be accessed here.

The collection of personal information is generally necessary in order to book travel and accommodation arrangements.

What personal information we collect and hold

The kinds of personal information TTA collects from you or about you depend on the transaction you have entered into with us.

The kinds of personal information that we commonly collect and hold from you or about you includes:  your name, address, phone and fax numbers and email address, and in the case of booking of travel or accommodation: date of birth, driver’s license details or passport details and details of your employment, and (where applicable) bank account details and credit card details.

When you contact us via a request through our website, we record your name and the contact details you have given to us in that request.

How we collect and hold personal information

We aim to collect personal information directly from you, unless it is unreasonable or impracticable for us to do so.  For example, we collect personal information from you or about you from letters, emails, faxes, application forms and contracts that you submit to us and telephone calls with us.

In some instances we may receive personal information about you from third parties, such as your employer, airlines, wholesale travel booking providers, embassies, consulates, accommodation providers, car hire companies, our associated businesses, allied agencies, suppliers, merchants and referrers.

You can be anonymous or use a pseudonym when dealing with us, unless:

  • the use of your true identity is a legal requirement; or
  • it is impracticable for us to deal with you on such basis.

Please note that it is not possible for you to be anonymous or to use a pseudonym if you wish us to book travel or accommodation arrangements for you.

We also collect certain information where you visit or browse our website including through the use of cookies.  You may disable cookies by configuring the settings on your browser but this may affect website functionality. Such information does not identify you as an individual, but does log the IP address of your computer.

Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our business functions and activities.  For example, we collect, hold, use and disclose your personal information as necessary to book travel or accommodation services.

Our business involves making booking arrangements with third parties for travel and accommodation services, such as airlines, other transport providers and accommodation providers. We routinely disclose your personal information to these third parties for them to assist us in carrying out our business functions and activities.  We will disclose your personal information to banking institutions (to verify and process your payments).

If we do not collect, hold, use or disclose your personal information, or if you do not consent, then we may not be able to answer your enquiry, complete the transaction you have entered into or your organisation has contracted us to provide.

We also collect, hold, use and disclose your personal information for related purposes that you would reasonably expect, such as our administrative and accounting functions, fraud and identity checks, providing you with information about other products offered by us, marketing and promotions, market research, newsletter communications, feedback surveys and questionnaires, market research, statistical collation, social and media analysis and website traffic analysis.

Where we wish to use or disclose your personal information for other purposes, we will obtain your consent.

Where we use your personal information for marketing and promotional communications, you can opt out at any time by notifying us.  Opt out procedures are also included in our marketing communications.

We may also disclose your personal information to third parties (including government departments and enforcement bodies) where required or permitted by law.

We do not sell your personal information to other parties for their use in their or others’ promotional activities.

How we hold and store personal information

Your personal information is held and stored on paper, by electronic means or both.  We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure:

  • Data held and stored on paper is stored in lockable filing cabinets contained within locked offices that are secure premises with secured entry.
  • Data held and stored electronically is protected by internal and external firewalls and password protected computers.
  • Data held and stored “in the cloud” is protected by industry standard security measures applied by our cloud service provider.
  • Data stored or archived off-site is contained within secure facilities. We also require our storage contractors to implement privacy safeguards.
  • Where we disclose personal information to third parties (including airlines, wholesale travel booking providers, hotels and other accommodation providers, visa services), those third parties have in place privacy protection measures.
  • Our staff receives training on privacy procedures.
  • Credit card transactions are processed in Australian dollars using: (a) payment pages which comply with the industry standard and use TSL 1.0 (SSL 3.0); (b) a 128-bit SSL encryption; and (c) secure SSL tunnel to connect to the payment gateway.

Destruction and De-identification

We will retain your personal information while ever it is required for any of our business functions, or for any other lawful purpose.

We use secure methods to destroy or to permanently de-identify your personal information when it is no longer needed or if we determine that the personal information received is required to be destroyed or permanently de-identified:

  • Paper records are commonly shredded or sent for secure destruction.
  • Electronic records are deleted from all locations, to the best of our ability, or encrypted and/or placed beyond use.

Overseas disclosure

In the course of doing business with you, where your travel or accommodation is overseas, we are likely to disclose some of your personal information to overseas recipients. However, we will only do so where:

  • it is necessary to complete the transaction you have entered into; and
  • you have provided consent; or
  • we believe on reasonable grounds that the overseas recipient is required to deal with your personal information by enforceable laws which are similar to the requirements under the APPs; or
  • it is otherwise permitted by law.

Requests for access and correction

We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you.

In most cases, we expect that we will be able to comply with your request.  However, if we do not agree to provide you access or to correct the information as requested, we will give you written reasons why.  For further information, please contact us au.leisure@atpi.com

To assist us to keep our records up-to-date, please notify us au.leisure@atpi.com of any changes to your personal information.

Complaints and Concerns

We have procedures in place for dealing complaints and concerns about our practices in relation to the Privacy Act and the APPs.  We will respond to your complaint in accordance with the relevant provisions of the APPs.  For further information, please contact us au.leisure@atpi.com

Contact

Privacy Officer

The Travel Authority Pty Ltd

Ground Floor, 27 Brisbane Street, Surry Hills, Sydney, NSW 2010
P.O. Box 953, Darlinghurst NSW 1300 Telephone: +61 2 8437 1111

Email: au.leisure@atpi.com