Privacy Policy
Compliance with Privacy and Data Protection Laws
We recognise that your privacy is important to you and we value the privacy of every individual and are committed to the protection of personal data. Our privacy policy complies with applicable privacy laws in processing personal data including the Privacy Act 1988 (Cth) and the General Data Protection Regulation (“GDPR”) (which gives certain rights to individuals who are based in the European Union (“EU”) during their interactions with us). Our policy sets out how we collect, use, disclose and otherwise manage personal information about you. We invite you to check our website regularly for any updates to this privacy policy.
Types of Information Collected
We may collect and hold personal information about you, that is, information that can identify you, such as your name, email address, phone number, country of residence and other information relevant to providing you with the services you are seeking.
Purposes of Collection & Usage
We will collect and use your personal information for the following reasons:
- providing information and services to you or someone else you know;
- processing an application or request you have made;
- providing you with information about other services that may be of interest to you that we, our members, preferred travel distributors or other affiliated organisations, may offer;
- providing you with promotional information about us, our members, preferred travel distributors and other affiliated organisations via e-newsletters;
- undertaking various activities required by law;
- facilitating our internal business operations, including compliance with any legal requirements; and
- analysing our services and customer needs with a view to developing new or improved services.
If you agree, Conservation Travel Australia will share your data with preferred travel distributor partners and other affiliated organisations, for the purposes of providing you with information about product, services and various promotions that might be of interest to you.
We may also disclose personal information about you to:
- service providers who assist us in operating our business. These service providers may not be required to comply with our privacy policy;
- other service providers who provide the various services that you have requested or that we have arranged with your express or implied consent.
Method of Collection
Personal information will generally be collected directly from you through the use of our standard forms, or over the internet, or through interaction with our social media channels, or via email or through telephone conversations or meetings with you. There may, however, be some instances where personal information about you will be collected indirectly because it is impractical to collect personal information directly from you. We may obtain personal information about you from our members or other affiliated organisations, where the transfer of your information to us is appropriate and lawful, and in keeping with this privacy policy.
Failure to Provide Information
If the personal information you provide to us is incomplete and/or inaccurate, we may be unable to provide you, or someone else you know, with the services you or they are seeking.
Internet Users
If you access our website, we may collect information about your connection session in the form of your IP (Internet Protocol) address and domain name.
Links to Other Websites
This website contains hyperlinks to websites owned and operated by third parties. You acknowledge that we will not be liable in respect of any breach of data protection or privacy laws arising out of your interaction with a third party or third party website (whether or not you have accessed the third party website via a link from our website).
Security of personal data
If and when we provide your personal information to our distribution partners or other affiliated organisations, we will use our reasonable endeavours to ensure that those third parties have in place adequate policies in order to provide similar protection of your personal data and privacy in accordance with applicable privacy laws. However we do not accept any responsibility or liability for the privacy practices for any third parties.
Storage of your personal information
We keep your personal information for as long as is reasonably necessary for the purposes for which it has been collected. In most communication we send you, there will be the option for you to unsubscribe. We will actively review the personal data we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or consumer need for it to be retained.
Security
We store your personal information in different ways, including on paper and in electronic form. We take commercially acceptable measures and comply with all applicable privacy laws to ensure that your personal information is stored safely to protect it from misuse, loss, unauthorised access, modification or disclosure. These may include both electronic and physical security measures.
Access
Conservation Travel Australia would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:
- The right to access – You have the right to request copies of your personal data.
- The right to rectification – You have the right to request correction of any information you believe is inaccurate. You also have the right to request completion of the information you believe is incomplete.
- The right to erasure – You have the right to request erasure of your personal data, under certain conditions.
- The right to restrict processing – You have the right to request restriction processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object processing of your personal data, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at via the contact details in this website.
Reporting data and privacy incidents
If you become aware of a data or privacy incident, including an actual or suspected data breach, you should immediately report this incident via the Contact Us page on our website. A data or privacy incident means an actual or suspected data breach as defined under applicable privacy laws including:
- the use or disclosure of personal data for a purpose that is not authorised by the individual or by law; or
- the loss, accidental or unlawful destruction, misuse, unauthorised access, alteration or unauthorised disclosure of personal data.
Complaints relating to how we handle your personal data
If you are concerned that your personal data has not been handled in accordance with our data protection and privacy policy, you may lodge a written complaint to us and your complaint will be appropriately investigated and a response provided to you as soon as practicable. If you are unhappy with the way that we are using your personal data, or if you are not satisfied with our response to a complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (to the extent that the Privacy Act 1988 (Cth) applies) or, if the GDPR applies, with the Data Protection Authority.
More information
For more information about privacy in general, including advice regarding making a complaint or notifying of a data breach, you can visit the office of the Australian Information Commissioner at www.oaic.gov.au This privacy policy may change from time to time. The policy was last updated in November 2019.