Policy updated on Wednesday 23 December 2020 at 14:45
3. TYPES OF INFORMATION THAT WE COLLECT AND HOLD
“Personal Information” means information that can be used to personally identify you such as your name, contact details, birth date, and payment details. We do not knowingly collect or process the Personal Information of anyone under the age of 13 without the consent of their parent or guardian.
“Sensitive Information” is a special type of Personal Information that relates to health information (including dietary requirements), political beliefs, ethnicity, membership of a professional or trade association, sexual preferences, philosophical beliefs, or criminal record. We will not collect Sensitive Information except with your consent, and only if collection of such information is necessary for any of our Goods and Services.
“Usage Information” means anonymous aggregate data that is automatically collected through your use of our Collection Points or in connection to the Goods and Services. This includes information that identifies your device, your operating system, your IP address, and dates and times that you access and use the Collection Points. This information is used to resolve any technical issues that may arise, or for statistical analysis to help us to improve our Goods and Services.
4. DATA COLLECTION
We may collect your Personal Information directly from you when you:
- use our Goods and Services;
- make purchases from us or from any of our related entities or official business partners;
- access, browse, use, or interact with our Collection Points (including the ‘O’);
- sign up, or subscribe, to any of our mailing lists or clubs;
- enter a contest, giveaway, or promotion organised by us;
- complete a survey or questionnaire provided by us;
- contact our support team via our Collection Points, phone, text, email or other platform;
- appear on our CCTV footage.
It is your choice to provide Personal Information to us. Wherever it is lawful and practicable, you have the option not to identify yourself when interacting with us. Please be aware that, if you do not wish to provide your Personal Information, this may limit our ability to provide or your ability to enjoy the Goods and Services.
Sometimes we collect Personal Information about you from other sources where it is necessary to do so. This may happen where:
- you have consented to the collection of the information from someone else (including for purposes of contact tracing);
- we are required or authorised by law to collect the information from someone else (including for purposes of contact tracing);
- it is unreasonable or impracticable to collect the information from you personally; or
- the information is contained in a Commonwealth Record.
If we collect your Personal Data from third parties in circumstances where you may not be aware that we have collected such Personal Data, we will either take reasonable steps to notify you of the collection and circumstances surrounding the collection, or we will take steps to de-identify the information.
Unless the collection of Sensitive Information is permitted under the Privacy Act, we will only collect sensitive information with your consent where that information is reasonably necessary for our functions.
We may collect Usage Information from the Collection Points which utilises cookies, pixel tags and other tracking technologies (collectively “Cookies”). Cookies are small packets of data that are downloaded onto your device when you access a website. Cookies hold specific information that help us ‘remember’ our users and guests’ actions and preferences over time. These are the types of Cookies that we may use to operate the Collection Points:
- Strictly Necessary Cookies – these Cookies are essential to ensure that the Collection Points work correctly, and record information that allows you to move around the Collection Points and navigate their features;
- Performance Cookies – these Cookies collect information about how you use the Collection Points, such as how often you access the Collection Points and if you encounter any errors;
- Functionality Cookies – these Cookies allow the Collection Points to remember the choices you make to provide a more personalised experience;
- Targeting/Advertising Cookies – these Cookies deliver targeted advertising to you based on your interests and use of the Collection Points.
Cookies can stay on your device temporarily or until you manually delete them. Please note that adjusting your settings to block or restrict Cookies may limit our ability to provide the Goods and Services to you in a fully operational form.
To request a full list of the individual Cookies and tracking technologies we use, please email our Privacy Officer.
6. THIRD PARTY SITES
We do not have access to, or control over, the technologies that Third Party Sites may use to collect information about you. We disclaim any and all liability in connection with the services of any Third Party Sites integrated or otherwise linked to the Goods and Services, and we encourage you to reach out to them directly should you have any questions in connection with their services. For a full list of Third Party Sites integrated or otherwise linked to our Goods and Services, please email our Privacy Officer.
7. PURPOSES OF COLLECTION
We collect, use and disclose your Personal Data for legitimate purposes including, but not limited to:
- providing you with Goods and Services;
- direct and indirect marketing purposes (including surveys) which we think you may find interesting (unless and until you ‘opt out’);
- facilitating and enabling the creation of online user accounts;
- internal data analysis, statistical and reporting purposes;
- issuing a reimbursement/refund (if applicable);
- confirming your identity;
- processing payments for Goods and Services;
- communicating with you in relation to your use of the Goods and Services;
- preventing, detecting, and investigating potential illegal activities, security breaches and fraud;
- complying with applicable laws, regulations, and codes of practice;
- other purposes for which you have given your consent; and
- select you for employment or suitability for participation in events.
For the avoidance of doubt, we will only use your Personal Data for purposes that you would reasonably expect us to use your Personal Data for in connection with providing the Goods and Services to you, or where we are required by law to collect your Personal Data. We will not sell, rent, or license your email address or any of your Personal Data.
We recognise your right under the Spam Act 2003 (Cth) and the GDPR to opt out from direct marketing. You can opt out at any time by unsubscribing from such direct marketing communications.
Please note certain non-marketing related correspondence from us, including messages relating to payment, will be automatically sent to you by virtue of your use of the Collection Points and you may not have the option to unsubscribe from receiving this correspondence.
8. DISCLOSURE OF DATA
Sometimes we may disclose your Personal Data to third parties. You agree and consent to us disclosing your Personal Data (on a need to know basis) to:
- our directors, officers, employees, contractors, agents, and associated entities;our business partners (including Mona Roma (Derwent Cruises Pty Ltd trading as Navigators);
- our contracted external service providers with whom we have entered into an agreement with to help us provide the Goods and Services, including but not limited to e-commerce platforms, marketing agencies, financial services providers, payment gateways, technical support and more. For a full list of our current service providers, please email our Privacy Officer;
- Third Party Sites;
- our accounting, legal, and other professional advisors;
- government and regulatory authorities;
- any third party with your express approval; and
- where we are required to disclose such information by law or to otherwise prevent harm.
We will take reasonable steps to ensure that these third parties are bound by Australian privacy laws.
You can withdraw your consent for us to share your Personal Data with third parties at any time by emailing our Privacy Officer, but please note that withdrawal of such consents may affect your ability to access and use our Goods and Services.
9. YOUR RIGHTS TO YOUR DATA
You have a general right to access or modify any Personal Information that is held about you by us, unless a valid exception applies. You can request this at any time by contacting our Privacy Officer.
You acknowledge that it is your responsibility to maintain the truth, accuracy, and completeness of your information and your failure to do so may inhibit our ability to provide the Goods and Services to you. You acknowledge and agree that you remain solely responsible for maintaining the truth, accuracy, and completeness of your information at all times, and we shall have no liability to you or any third party arising from your failure to do the same.
In accordance with the GDPR, we acknowledge the additional rights of EU subjects to:
- have their data erased that is no longer being used for a legitimate purpose;
- request a copy of all Personal Data held about them in a readable format, along with supplementary information to verify that such Personal Data is being processed lawfully; and
- request restricted processing of their Personal Data whilst any complaints or concerns are being resolved.
To erase, request, or restrict processing of your Personal Data, please email our Privacy Officer.
10. STORAGE AND SECURITY OF DATA
We store your personal information in different ways, including in physical and electronic form, via cloud and other third party data storage providers.
You acknowledge that no security measures are, however, 100% secure, and that we cannot guarantee the security of your information or data at any time. To the extent permitted by law, we accept no liability for any breach of security, or direct hacking of our security measures, or any unintentional disclosure, loss or misuse of any information or data, or for the actions of any third parties that may obtain any information or data.
Notwithstanding the above, we acknowledge our obligation to report any data breach that is likely to risk the rights and freedoms of natural persons to the Australian Information Commissioner and, where our data breach involves the information of EU subjects, report to the European Data Protection Supervisor. We will also inform you, where possible, if your data has been breached in the circumstance where it poses a risk of serious harm or your rights and freedoms.
We may, in the course of providing the services to you, transfer your Personal Data to overseas countries that are deemed by the EU Commission as having an ‘adequate’ level of Personal Data protection. Where we transfer data to a third party in a country where no adequacy decision has been made, we will take reasonable steps to ensure person or entity handling your data in those countries are bound under contract to meet the requirements of the Privacy Act and GDPR (as applicable).
11. MAKING A PRIVACY COMPLAINT
If you have any feedback about the way we handle your Personal Data, or wish to make a privacy complaint, please contact our Privacy Officer.
If you are not happy with the outcome of the Privacy Officer’s investigation or we have not replied to you within a reasonable time, then you can raise you concern with the Office of the Australian Information Commissioner (“OAIC”) (for more information please see www.oaic.gov.au) or with the European Data Protection Supervisor (for more information, please see https://edps.europa.eu).