TRAVLR Pty Ltd - Privacy Policy

TRAVLR respects your privacy and the importance of protecting your personal information. This Privacy Policy informs you about how we use and look after your personal information (also referred to as personal data), including any personal information you may provide through the TRAVLR Platform or when you request information from TRAVLR or otherwise communicate with us, and when your personal information is provided to us relating to our business.

Where applicable privacy laws provide for exceptions or exemptions, we may rely on those exceptions or exemptions in our information handling practices.

Who we are

TRAVLR Pty Ltd is responsible for your personal information (referred to as "TRAVLR", "we", "us" or "our" in this Privacy Policy). TRAVLR is also responsible for the TRAVLR Platform.

Our Privacy Department is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights (including any opt-out mentioned in this Privacy Policy), please contact the Privacy Department using the details set out below.

Contact details

Our contact details are:

  • Name of legal entity: TRAVLR Pty Ltd (ABN 19 613 747 845)
  • Email address of the Privacy Department: privacy@travlr.com
  • Key definitions

In this Privacy Policy:

  • "APPs" means the Australia Privacy Principles set out in the Privacy Act;
  • "personal information" has the meaning set out in the Privacy Act, and (in summary) means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or otherwise;
  • "Privacy Act" means the Privacy Act 1988 (Cth);
  • "sensitive information" has the meaning set out in the Privacy Act, and includes certain specific types of personal information such as health information, and information about a person's racial or ethnic origin, sexual orientation or practices, criminal record, religious beliefs or affiliations, political opinions, membership of a political, professional or trade association, and biometric and genetic information; and
  • "TRAVLR Platform" means, collectively, the website, mobile application and any other related applications, which are owned or operated by TRAVLR and includes the websites located at www.travlr.com and discoverbeyond.com

Contents:

  1. Types of Personal information we collect and how we collect it
  2. For what purposes to we handle your personal information
  3. Messages to you (including direct marketing)
  4. Disclosure of personal information
  5. External links and social media sites
  6. Where we store personal information
  7. Changes of Business Ownership and Control
  8. Security and data retention
  9. Access and correcting your personal information
  10. Complaints process
  11. Changes to this Policy

-------------------------------------------------------------------------

1. Types of Personal information we collect and how we collect it

Where reasonably practicable to do so, we will collect your personal information directly from you. For example you may give us personal information when you buy products or services from us through the TRAVLR Platform, when you contact us either directly or through the TRAVLR Platform or social media pages, in the course of administering and performing any contracts or services for us or through our recruitment or engagement processes.

The types of personal information we collect about you depends on the circumstances in which the information is collected. The personal information we generally collect includes the following:

  • name;
  • gender;
  • date of birth;
  • passport number and passport country;
  • interests, travel experience, objectives, preferences, plans and photos;
  • contact details (e.g. email address, postal address, phone number and mobile number);
  • hotel check-in date and check-out date;
  • airport departure and arrival time; and
  • any other information in connection with your travel plans and / or experience.
  • If you are a customer, we also collect: transactional details (e.g. products and services purchased, dates of order, payments you make, method of payment and any refunds).
  • If you are an employee, individual contractor or apply for a role with us, in addition to name and contact details, we may also collect information relevant to your engagement with us including qualifications, length of engagement, resume, current and former employment details, pay rate and salary, bank details, feedback from supervisors and referees, training records and logs of your usage of our equipment (e.g. phones, computers and vehicles).
  • In certain cases we may also collect personal information about you from publicly available sources and third parties, such as suppliers, recruitment agencies, referees, contractors, our customers and business partners.

We also collect personal information automatically when you use the TRAVLR Platform and when you navigate through the TRAVLR Platform. Information collected automatically may include:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page, usage details, geo-location data, IP addresses and other data collected through cookies and other tracking technologies.

For more information on our use of these technologies, see our Cookie Policy which explains how you can opt out of certain non-essential cookies.

If you give us personal information about other people (for example members of your family) then you confirm that you have their consent to do so and will make them aware of the information in this policy about how we will use their personal information.

In addition to the types of personal information identified above, we may collect personal information as otherwise permitted or required by law. If you do not provide personal information that we request, it may mean that we are unable to provide you with the products or services you have requested or consider you for the role you have applied for.

2. For what purposes to we handle your personal information

As a general rule, we only collect, use and process personal information for purposes that would be considered relevant and reasonable in the circumstances. The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it. Whenever practical we endeavour to inform you why we are collecting your personal information, how we intend to use that information and to whom we intend to disclose it at the time we collect your personal information.

We may use or disclose your personal information:

  • for the purposes for which we collected it (and related purposes which would be reasonably expected by you);
  • for other purposes to which you have consented; and
  • as otherwise authorised or required by law.
  • In general, we collect, use and disclose your personal information so that we can do business together and for purposes connected with our business operations including in planning your trips, to provide products and services we offer and to provide you with travel related information.
  • Some of the specific purposes for which we collect, hold, use and disclose personal information are as follows:
  • to establish, maintain and administer your account;
  • to offer and provide our products and services to you (such as assisting with your travel plans and making reservations or bookings in connection with your future trips);
  • to provide technical and customer support and training and to improve our products and services and the TRAVLR Platform;
  • to administer our relationship with you, our business and our third-party providers;
  • to personalise your experience with our products and services. We may also retain your browsing and usage information to make your searches within our services more relevant and use those insights to target advertising to you online on the TRAVLR Platform;
  • to deliver and suggest tailored content such as news about new products and services and travel and destinations. We analyse the way you use the TRAVLR Platform to make suggestions to you for products or services that we believe you will also be interested in, and so that we can make our services more user-friendly;
  • to assist and facilitate payments for any travel bookings or reservations made by you via the TRAVLR Platform;
  • for our administration and accounting functions and fraud checks;
  • to allow you to share your review, experience, feedback, opinions, photos and/or other content to all or some users of the TRAVLR Platform and measure interest in a particular destination;
  • to contact you in relation to, and conduct, surveys or polls you choose to take part in and to analyse the data collected for market research purposes;
  • to provide you with newsletters and other marketing as permitted by law including to send you news, promotional or other information about tours, accommodations, flights and/or other products and/or services offered by us and/or our partners;
  • for reporting, research and analysis purpose in order to help develop tourism;
  • to meet our internal and external audit requirements, including our information security obligations;
  • to enforce our terms and conditions;
  • to protect our rights, privacy, safety, networks, systems and property, or those of other persons;
  • for the prevention, detection or investigation of a crime or other breach of law or requirement, loss prevention or fraud;
  • to comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence;
  • in order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or shares;
  • to address any issues or complaints that we or you have regarding our relationship; and
  • to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner.

Sensitive Information

We only collect sensitive information about you with your consent, or otherwise in accordance with the Privacy Act. The main types of sensitive information we may potentially collect include:

  • details of injuries (ie. health information) that may occur arising through the use of our products and / or services;
  • if you visit one of our premises (for example, you are a supplier or contractor that comes on site), details of disabilities or allergies (i.e. health information) so we can accommodate any special requirements when you attend our premises.
  • If you do provide sensitive information to us for any reason (for example, if you provide us with information about an injury or a disability you have), you consent to us collecting that information and to us using and disclosing that information for the purpose for which you disclosed it to us and as permitted by privacy law and other relevant laws.

3. Messages to you (including direct marketing)

We may send you messages (by telephone, post, text, email, SMS and other digital means) to help you track your orders and keep you informed about our terms and conditions and features of the TRAVLR Platform.

We may also send you marketing messages (usually via email or SMS), to inform you about products and services (including those of others) that may be of interest to you where:

  • you have consented to us doing so; or
  • it is otherwise permitted by law.

You can opt out of receiving direct marketing messages at any time by contacting us (see Contact Us at the beginning of this Privacy Policy) or by following the unsubscribe instructions in our marketing messages.

4. Disclosure of personal information

We will treat all your personal information as private and confidential (even when you are no longer a customer). We may disclose your personal information to third parties in connection with the purposes described in section 2 of this Privacy Policy. This may include disclosing your personal information to the following types of third parties:

Our third party service providers. These may include for example:

  • BBC Global News Limited (“BBCGN”), to whom we may provide data for auditing, consultation and financial purposes based on BBCGN’s legitimate interest as an investor within the ROP Platform. BBCGN will not use any such data for its own marketing purposes and will handle all data in ways that are consistent with this policy and their own Privacy Policy located at: https://www.bbcglobalnews.com/privacy/. BBCGN will also retain such data within Australia unless otherwise agreed or required by law;
  • Amazon Web Services, Inc. They provide us with [insert description]. [Your data is stored through Amazon’s data storage databases and general Amazon Web Services application. They store your data on a secure server behind a firewall;
  • Microsoft Corporation (Microsoft Azure). They provide us with platform services and cloud hosting and storage.
  • Campaign Monitor. They provide us with email sending services. Your data is stored in AWS and their Privacy Policy can be viewed at https://www.campaignmonitor.com/policies
  • Intercom. They provide us with live chat functionality and customer service tools and services. Their Privacy Policy can be viewed at https://www.intercom.com/terms-and-policies
  • Fullstory. They provide us with user experience optimisation tools and services. Their Privacy Policy can be viewed at https://www.fullstory.com/legal/privacy
  • Zendesk. They provide us with customer service call centre functionality and customer service tools and services. Their Privacy Policy can be viewed at https://www.zendesk.com/company/customers-partners/privacy-policy
  • Airtickets. They provide us with live chat functionality and customer service tools and services. Their Privacy Policy can be viewed at https://www.airtickets.com.au/Page/Privacy-Policy
  • Amadeus. They provide us with Airline ticketing and tools and services. Their Privacy Policy can be viewed at www.amadeus.com/msite/global-report/2013/en/privacy.html
  • Expedia. They provide us with accommodation inventory and tools and services. Their Privacy Policy can be viewed at https://www.expedia.com/p/info-other/privacy-policy.htm
  • Adara. They provide us with retargeting tools and marketing plug-ins. Their Privacy Policy can be viewed at https://www.adaragroup.org/privacy-policy
  • Hero Travel. They provide us with product and direct to supplier inventory, tools and services. Their Privacy Policy can be viewed at http://hero.travel/privacy-policy
  • XERO. They provide us with financial reporting and transaction data. Their Privacy Policy can be viewed at https://www.xero.com/au/about/terms/privacy
  • NETSUITE. They provide us with financial reporting and transaction data. Their Privacy Policy can be viewed at https://www.netsuite.com/privacy
  • Google. Google & Google AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads. Google also recommends installing the Google Analytics Opt-out Browser Add-on - https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy
  • Facebook. Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950. To opt-out from Facebook's interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217. Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu, or opt-out using your mobile device settings. For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation
  • Third parties where we have a duty to or are permitted to disclose your personal information by law (e.g., government agencies, law enforcement, courts and other public authorities);
  • Third parties where reasonably required to protect our rights, customers, systems and services (e.g. legal counsel, accountants, insurers, auditors, and information security professionals and other professional advisors);
  • our related entities (who may use and disclose the information in the same manner we can);
  • in the unlikely event that we or our assets may be acquired or considered for acquisition by a third party, that third party and its advisors; and
  • any third parties to whom you have directed or permitted us to disclose your personal information (e.g. referees).

Before we disclose personal information to a third party, we take steps to ensure that the third party will protect personal information in accordance with applicable privacy laws and in a manner consistent with this policy.

Sometimes the third party will be located outside of Australia, in which case see section 6 for more information.

Payments

If you choose a direct payment gateway to complete your payment, then Stripe stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your payment transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Stripe’s Terms of Service or Privacy Statement. Once you leave the TRAVLR Platform or are redirected to a third party website or application you are no longer governed by this Privacy Policy or the TRAVLR Platform’s terms of service.

TRAVLR does not hold or have access to the payment information you provide to Stripe or Humm, or its payment service providers, such as your credit card or bank account details, although we do have access to the method of payment and card issuer.

5. External links and social media sites

The TRAVLR Platform and our services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave the TRAVLR Platform, we encourage you to read the privacy policy of every website you visit.

Communication, engagement and actions taken through external social media platforms are subject to the terms and conditions as well as the privacy policies of those social media platforms.

The TRAVLR Platform may use social sharing buttons which help share web content directly from our web pages to the social media platform in question. Where you use such social sharing buttons you do so at your own discretion. You should note that the social media platform may track and save your request to share a web page respectively through your social media platform account. Please note these social media platforms have their own privacy policies, and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these social media platforms.

6. Where we store personal information

Some of the third parties to whom we disclose personal information are located outside Australia. The countries in which such third party recipients are located depend on the circumstances. In the ordinary course of business we commonly disclose personal information to recipients located in the United Kingdom, Singapore, Ireland, Spain, United States and New Zealand.

From time to time we may also engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider.

Countries outside Australia where personal information relating to you may be stored and/or processed, or where recipients of personal information relating to you may be located, may have privacy and data protection laws which differ to those under the Privacy Act. By providing your personal information to us, you:

accept that personal information relating to you may be transferred, stored or processed in this way. We take measures to ensure that any international transfer of information is managed carefully and in accordance with applicable data protection laws; and consent to us disclosing your personal information to any such overseas recipients for purposes reasonably in the course of operating our business, and agree that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the APP's, that entity will not be bound by, and you will not be able to seek redress under, the Privacy Act.

7. Changes of Business Ownership and Control

We may, from time to time, expand, reduce or sell our business, and this may involve the transfer of certain divisions or the whole business to other parties. Personal information relating to you will, where it is relevant to any division so transferred, be transferred along with that division to prospective buyers and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use personal information relating to you for the purposes.

8. Security and data retention

Security

The security of personal information received from or about you is a high priority. We take such steps as are reasonable to store personal information regarding you so that it is protected from unauthorised use or access, misuse, loss, modification or unauthorised disclosure. We only use third party service providers (such as Amazon or Microsoft) whom we are satisfied look after personal information securely and in accordance with privacy laws. This includes both physical and electronic security measures. Examples include:

  • storing information on secured networks consistent with industry standards, which are only accessible by those employees who have special access rights to such systems;
  • using industry-standard encryption technologies when transferring or receiving personal data, such as SSL technology;
  • the use of two factor authentication on accounts with access to data;
  • adherence to PCI standards by our payment service providers;
  • restrictions are placed on the electronic transfer of files;
  • our IT networks undergo regular necessary vulnerability testing to identify and remedy potential opportunities for unauthorised data access; and
  • robust management of boundary firewalls, access controls, malware protection and patch release processes towards protecting customer data.
  • Destruction of records

We will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.

9. Access and correcting your personal information

You may contact our Privacy Department (see the contact details section at the start of this Privacy Policy) to request access to the personal information that we hold about you and/or to make corrections to that information, at any time. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you reasonable costs incurred for providing you with access to the personal information we hold about you.

We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.

We will respond to all requests for access to or correction of personal information within a reasonable time.

We ask that you contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.

10. Complaints process

If you have any questions, concerns or complaints about this Privacy Policy or how we handle your personal information, including if you believe we have breached the APPs, please contact our Privacy Department (see the contact details section at the start of this Privacy Policy).

When contacting us please provide as much detail as possible in relation to your question, concern or complaint.

We take all complaints seriously, and will respond to your complaint within a reasonable period. We request that you cooperate with us during this process and provide us with any relevant information that we may need.

If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner,

Office of the Australian Information Commissioner

GPO Box 5218, Sydney NSW 2001

Telephone: 1300 363 992

Email: enquiries@oaic.gov.au

11. Changes to this Policy

We review and amend our Privacy Policy from time to time. Any changes we make to this Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Privacy Policy. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the TRAVLR Platform.

Last updated: October 2021