Privacy Policy

Last Updated 11 November 2022.

MANAGEMENT OF PERSONAL INFORMATION

At APT, we recognise the importance of your privacy and understand your concerns about the security of the personal information you provide to us.  This privacy policy explains how we use any personal information we collect about you, and your rights to access and correct the personal information we hold about you.

In this policy, APT means the entities within the APT Travel Group, including Australian Pacific Touring Pty Ltd, Australian Pacific (Holdings) Pty Ltd, and their subsidiaries and related entities which operate the APT, Travelmarvel, TravelGlo, Botanica World Discoveries, Captain’s Choice and OneTomorrow brands.  APTis the controller responsible for your personal data (collectively referred to “we”, “us” or “our” in this Privacy Policy).

We comply with the Australian Privacy Principles (APPs) as contained in the Privacy Act 1988 (Cth) and the European Union General Data Protection Regulation (GDPR).  Along with other regional regulations like the GDPR, the APPs detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them. 

There are different kinds of data, below are some examples:

• Identity Data includes first name, last name, date of birth and gender.
• Contact Data includes address, email address and telephone numbers.
• Financial Data includes bank account and payment card details.
• Technical Data includes IP address, your login data, and your browser type.
• Profile Data includesyour username and password and survey responses.

We may collect anonymised details about your use of the websites for the purposes of aggregate statistics or reporting purposes. Aggregated data (your data combined with other people’s data) may come from your personal data but if it does not directly or indirectly reveal your identity, it is not considered personal data. For example, we may combine and analyse your use of the website to work out the number of users accessing a specific website feature.

Personal information is information or an opinion about an identified individual, or about an individual who is reasonably identifiable.  We collect personal information from and about our prospective and current customers, as well as from and about travel agents, business partners and other travel suppliers.

Sensitive Information, a sub-set of personal information, includes information or an opinion about an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, as well as health, genetic and biometric information.  We collect sensitive information from and about our customers where such information is included in Government-issued identity documents (e.g. passport), and from health and mobility questionnaires.

Health Information is information or an opinion about an individual’s health or disability, the health services provided or to be provided to them, their expressed wishes for the provision of future health services, personal information collected to provide a health service, personal information collected in connection with organ and body-part donation, and predictive genetic information.

This policy details how APT manages personal information about you (including sensitive information and health information), whether you are a customer, a travel agent, an employee or another kind of travel supplier to our business.

In the course of offering our travel products and services, the collection of personal information is necessary and unavoidable.  However, we aim to only collect personal information that is reasonable and fair in order to deliver the best possible travel products and services.

We take our obligations very seriously and have appointed a Privacy Officer for Australia, New Zealand and North America and a Data Protection Officer for Europe and the United Kingdom (together and separately (as applicable) the “DPO”) who are responsible for overseeing questions or concerns you may have about this Privacy Policy, including any requests to exercise your legal rights.  The APT contact details are shown at the end of this policy.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

WHAT PERSONAL INFORMATION WE COLLECT AND HOLD

The kinds of personal information we collect from you or about you depend on the transaction you have entered into with us, the travel products / services you or your organisation have contracted us to provide, and the travel products / services you or your organisation are interested in. 

If you are a customer, the kinds of personal information and sensitive information that we commonly collect and hold from you or about you include:  your name, address, phone, fax and mobile numbers, email address, date of birth, nationality, religion, drivers licence details, passport details (including number, nationality, issue date, expiry date), bank account details, travel preferences and experiences, travel insurance and travel rewards and loyalty program membership.  We also collect health information relating to your current and previous health status, current and previous medical conditions, and your religious, cultural and dietary requirements.  We also collect personal information, sensitive information and health information from or about your family members, next of kin, emergency contact details and/or other members of your travelling party.

If you are an employee or contractor of APT (or a prospective employee or contractor), the kinds of personal information that we commonly collect and hold from you or about you may include:  your name, address, gender, date of birth, telephone numbers, voice and image, email address, education, qualifications and employment experience, proof of citizenship or passport details to verify proof of ability to work in the designated country, CV or resume, statements addressing the criteria, background checks, referee checks, notes recorded during the application process, banking, tax and superannuation accounts and identification numbers, next of kin or emergency contact details, and medical certificates or health information you supply. We generally collect personal information directly from you, but may also collect personal information from other sources (e.g. recruitment agents).

We record anonymous clickstream information from every visitor to our website.  We use this information to ensure that our website remains relevant and appropriate for the majority of users.  We do not make any association between this information and your personal details.  For further information, please see our Cookies Policy.

When you browse our website, contact us electronically, or engage with us on social media, we may also record: geographical tagging, cookies, your IP address and statistical data from your activity. When engaging with us on social media channels, your data may also be collected and used for the purpose of targeted advertising.

By using our Digital Channels, you agree to our privacy and cookie policies and consent to the use of cookies and similar technologies by us and our carefully selected third party partners as described in these policies. 

Credit card details are processed via a secure and Payment Card Industry compliant payment gateway and not stored on APT’s servers when you book, or pay for travel products through our website or contact centre systems.  If you would like more details on how we process credit card payments please send a request to the contact details given at the end of this document.

HOW WE COLLECT AND HOLD PERSONAL INFORMATION

We aim to collect personal information only directly from you, unless it is unreasonable or impracticable for us to do so.  For example, if you are a customer of APT, we collect personal information from you or about you from your letters, emails, and telephone calls with us, and from your activity and inputs on our website and social media platforms.  We also collect personal information from you or about you from booking forms, application forms, customer satisfaction and post-trip surveys, requests you submit in person or through our website for a brochure, and other documents that you submit to or through us.  We may collect personal information about you as submitted by your family members and/or other members of your travelling party.

However, in many instances we may also receive personal information about you, your family members and/or other members of your travelling party as submitted by third parties, such as your travel agent/s who are making the travel arrangements for you, travel insurers, airlines, hotel partners, tour operators and providers and affiliated travel suppliers. 

You can be anonymous or use a pseudonym when dealing with us, unless:

• the use of your true identity is a legal requirement (eg. booking travel arrangements); or

• it is impracticable for us to deal with you on such basis.

Other instances where we may collect information are, when you:

1. Visit our website or social media (e.g. through cookies);
2. Create a travel reservation with us – either in person or via a travel agent;
3. Enter a competition or promotion;
4. Sign up for our mailing list/newsletter;
5. Enquire about or order products through our Website or via phone, fax, email, post or in person;
6. Create a travel reservation online;
7. Select optional or paid services when on tour;
8. Request assistance when on tour;
9. Provide feedback;
10. Fill in a form on our Website; and/or
11. Otherwise contact us.

Personal information may be collected by us and by our third party service providers who assist us in operating the website. Including:

1. Google Analytics:
   1. We use Google Analytics to help analyse how you use our website. Google Analytics generates statistical and other information about website use by means of cookies. Google will store this information.
   2. If you do not want your website visit information reported by Google Analytics, you can install the Google Analytics opt-out browser add-on. For more details on installing and uninstalling the add-on, please visit the Google Analytics opt-out page at https://tools.google.com/dlpage/gaoptout.
2. Click Stream Information

In common with many websites, when you read, browse or download information from our website, we or our internet service provider may also collect information such as the date and time of your visit to the Website, the pages accessed and any information downloaded. This information is used for statistical, reporting and website administration, maintenance and improvement purposes only.

If you are an employee or contractor of APT, we collect personal information from you or about you for the purposes related to your employment or engagement.

USING YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data using more than one lawful ground depending on the specific purpose for which we are using your data. Please refer to our contact details at the bottom of this policy if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
To register you as a new customer	(a) Identity (b) Contact	Performance of a contract with you
To provide our travel products and services to you or your organisation	(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications	Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us)
To process and deliver your travel booking including: Manage payments, fees and charges Collect and recover money owed to us	(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications	Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy Asking you to leave a review or take a survey	(a) Identity (b) Contact (c) Profile (d) Marketing and Communications	Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or complete a survey	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications	Performance of a contract with you Necessary for our legitimate interests (to study how customers use our products/ services, to develop them and grow our business)
To enable us to safely and efficiently provide the travel and accommodation products and services which you have purchased	(a) Identity (b) Contact (c) Profile (including essential medical information)	Necessary for our legitimate business conduct, to safely deliver your travel services and meet legal obligations in your selected travel destinations
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	(a) Identity (b) Contact (c) Technical	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences	(a) Technical (b) Usage	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you	(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile	Necessary for our legitimate interests (to develop our products/services and grow our business)
To manage our employment and contractor relationships and other company administration functions	(a) Identity (b) Contact (c) Financial	Necessary for our legitimate interests (for the running of our business) Necessary to comply with a legal obligation

Change of purpose: We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with or reasonably related to the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

WHY WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION

We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our business functions and activities (please see the table above for further details). 

We do not disclose your personal information without your permission, unless the disclosure is:

1. In accordance with this Privacy Policy or any agreement you enter into with us;
2. To our related companies;
3. To third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets; or
4. Required or authorised by law.

We will routinely disclose some of your personal information to other Australian entities within the APT Group of travel companies in connection with the purposes set out in the table above.

Our business also necessarily works closely with external travel agents, travel suppliers, airlines, hotel partners, ground tour operators, caterers and travel insurers etc.  We routinely disclose your personal information to these third parties for them to assist us in carrying out our business functions and activities.  In some instances, these external businesses (especially travel agents) may have direct access to our CRM database for the purpose of providing streamlined booking and reservation services etc.

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

We may collect sensitive information from you or about you where there is a legal requirement to do so, or where we are otherwise permitted by law.  For example, we routinely collect and hold the details on your passport, such as your nationality.   Otherwise, we will specifically seek your consent to the collection, use and disclosure of sensitive information.  For example, we may seek to collect sensitive information about you where it is necessary or desirable for your travel experience.

If we do not collect, hold, use or disclose your personal information, or if you do not consent, then we may not be able to answer your enquiry, complete the transaction you have entered into, or provide the travel products and services that you or your organisation have contracted us to provide.

We also collect, hold, use and disclose your personal information for related purposes that you would reasonably expect, such as our administrative and accounting functions, identification checks, fraud checks, providing you with information about other travel products and services offered by us, sending you marketing communications and promotions via email or SMS, market research, customer feedback and quality assurance surveys, newsletter and magazine communications, statistical collation and website traffic analysis.  Some of these functions may be carried out directly by us, or through outsourcing to business partners such as mailing houses. 

Where we wish to use or disclose your personal information for other purposes, we will obtain your consent.

MARKETING

Promotional offers from us: Where we use your personal information for marketing and promotional purposes, it is because you have asked to hear from APT, you have entered a competition and agreed to join our mailing list, or a friend / colleague has requested it on your behalf and you have confirmed this to us.

Third-party marketing: We will get your express opt-in consent before we share your personal data with any other company for marketing purposes.

Opting out: You can opt out of our direct marketing efforts at any time by contacting info@aptouring.com.au or by notifying us. Opt out procedures are also included in our marketing communications.

We may also disclose your personal information to third parties (including government departments and enforcement bodies) where required or permitted by law.

CONTESTS

When you enter a contest or other promotional feature on our website, we may ask for your personal information so that we can administer the contest and notify winners. Participation in these contests is completely voluntary and you therefore have a choice whether or not to disclose the required information in order to participate.

ONLINE SURVEYS

We also value opinions and comments from our customers, and you may have the opportunity to give us your feedback through website and other surveys.  In conducting these surveys, we may ask for your personal information so that we can appropriately identify you.  Survey and personal information collected will be aggregated and used to make improvements to our website and to improve our products and services. Participation in these surveys is completely voluntary and you therefore have a choice whether or not to disclose the required information in order to participate.

REVIEWS

APT/The APT Travel Group may contact you via email to invite you to review any services and/or products you received from us in order to collect your feedback and improve our services (the “Purpose”). We use an external company, Trustpilot A/S (“Trustpilot”), to collect your feedback which means that we will share your name, email address and reference number with Trustpilot for the Purpose. If you want to read more about how Trustpilot process your data, you can find their Privacy Policy here. 

HOW WE HOLD AND STORE PERSONAL INFORMATION

APT takes the security of any personal information we hold very seriously.

Your personal information is held and stored on paper and/or by electronic means, (including in Cloud-based systems).  We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference and loss, and from unauthorised access, modification and disclosure:

• Data held and stored on paper is stored in lockable filing cabinets, within secure premises, with secured entry and monitored alarms.
• Data held and stored electronically (including in the Cloud) is protected by internal and external firewalls, limited access via file passwords, and files can be designated read-only or no access.  We also require our IT contractors and other third parties to implement privacy safeguards.
• Data stored or archived off-site is contained within secure facilities.  We also require our storage contractors to implement privacy safeguards.
• Where we disclose personal information to third parties (including contractors and affiliated businesses located locally and overseas), our contractual arrangements with them include specific privacy requirements.
• Our staff receive regular training on privacy procedures.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

While we take great care to protect your personal information in all of our business systems, unfortunately no information transmission over the Internet can be guaranteed to be 100% secure. Accordingly, we cannot ensure or warrant the security of any information you send to us or receive from us online. This is particularly true for information you send to us via email. We have no way of protecting that information until it reaches us.

DESTRUCTION AND DE-IDENTIFICATION

We will retain your personal information whilst it is required for any of our business functions, or for any other lawful purpose. 

We use secure methods to destroy or to permanently de-identify your personal information when it is no longer needed:

• Paper records are commonly shredded, pulped or disintegrated, or sent for secure destruction.
• Electronic records are deleted from all locations, to the best of our ability, or encrypted and/or placed beyond use.

OVERSEAS DISCLOSURE

Our business is part of the international APT Group of companies.  We will routinely disclose some of your personal information to overseas entities within the APT Group.  Our related entities are located in Germany, New Zealand, the UK, Canada and the USA. 

APT contact details are shown at the end of this policy if you want further information about the specific mechanisms we use when transferring your personal data outside of the EEA. 

Our business is also necessarily affiliated with a range of third party businesses and travel suppliers located overseas.  In the course of doing business with you, we will routinely disclose some of your personal information (including sensitive information and health information) to these overseas recipients, but only when we can ensure an adequate level of protection.  Our third party overseas affiliates are located in our APT Destinations, including Africa, Asia, Canada, Alaska, the USA, Egypt, Jordan, Europe, New Zealand, Russia, Scandinavia, the Baltics, South America and the South Pacific.

We will only disclose your personal information to overseas recipients where it is necessary to complete the transaction you have entered into, and:

• you have provided consent; or
• we believe on reasonable grounds that the overseas recipient is required to deal with your personal information by enforceable laws which are similar to the requirements under the APPs; or
• it is otherwise permitted by law.

LEGAL RIGHTS UNDER THE GDPR

Under certain circumstances, the GDPR grants you certain rights under information protection laws in relation to your personal information. You have the right to:

1. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
3. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
4. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
5. Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
   1. if you want us to establish the information’s accuracy;
   2. where our use of the information is unlawful but you do not want us to erase it;
   3. where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or
   4. you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
6. Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
7. Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, our contact details are shown at the end of this policy.

NO FEE USUALLY REQUIRED  

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

WHAT WE MAY NEED FROM YOU  

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

TIME LIMIT TO RESPOND  

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

REQUESTS FOR ACCESS AND CORRECTION

We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you.

In most cases, we expect that we will be able to comply with your request.  However, if we do not agree to provide you access or to correct the information as requested, we will give you written reasons why.  Please contact us using the regional guidelines listed below for further information. 

To assist us to keep our records up-to-date, please notify us of any changes to your personal information.

COMPLAINTS AND CONCERNS

For Residents of Australia

We have procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act and the Australian Privacy Principles.  We will respond to your complaint in accordance with the relevant provisions of the Australian Privacy Principles.  Please use our Australian contact address below for further information. 

It is also important that you contact us immediately in the unlikely event that you have reason to believe that your privacy has been breached. In turn, we undertake to inform you as soon as possible in the unlikely event that we have cause to believe that your privacy information may have been breached by any error in our systems. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

While you have the right to make a complaint at any time to the Office of the Australian Information Commission (OAIC), we will appreciate the opportunity to address your concerns first. As such, we shall be grateful if you will contact us before approaching the Office of the Australian Information Commission (OAIC). 

For Residents of EU & EEA countries including the United Kingdom

Where your data controller is an APT Group company located in the UK or another EU or EEA Member State, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) or any other applicable EU national supervisory authority. However, we will appreciate the opportunity to address your concerns first. As such, we shall be grateful if you will contact us before approaching the ICO.

For Residents of other countries

Please contact our Australian office at the address below with regard to any complaints or concerns you have with regard our Privacy Policy. Where we are obliged to follow privacy laws in the country of purchase we shall do so. To the extent permissible, the principles which apply in Australia will apply. 

 

LINKS

APT’s website may contain links to other websites. Please note that when you click on one of these links, you are entering another website. APT encourage you to read the privacy statements of these linked sites as their privacy policy may differ from ours.

Other websites linked to / from the APT website may not be affiliated or associated with, or controlled by, us.  We are not responsible for any content contained on those websites, or any loss you may suffer in relation to the use of those websites.  If you visit those websites, you will visit them entirely at your own risk and release us (including our employees and agents) from any and all liability resulting from or in connection with the inclusion of links to other websites or your use of those websites.

We do not endorse or represent the companies, products or content linked to this website and we reserve the right to terminate any link or linking program at any time.