Privacy Policy
This Privacy Policy (“Policy”) sets out how Chasin Tours (“we” “our” or “us”) and related bodies corporate protect the privacy of your personal information. We need to collect, use and disclose your personal information in order to perform our business functions and activities, including making and managing travel bookings on your behalf. We are firmly committed to protecting the privacy and confidentiality of personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in our care.
By providing your personal information to us (either directly or allowing another person to do so on your behalf), you agree that this Policy will apply to how we handle your personal information, and you consent to us collecting, using and disclosing your personal information as detailed in this Policy. If you do not agree with any part of this Policy, you must not provide your personal information to us. If you do not provide us with your personal information, or if you withdraw a consent to use that information you have given under this Policy, this may affect our ability to provide services to you or negatively impact the services we can provide to you. For example, most travel bookings must be made under the traveller’s full name and must include contact details and appropriate identification (e.g. passport details). We cannot make bookings for you without that information.
There may be instances where your local data protection laws impose more restrictive information handling practices than the practices set out in this Policy. Where this occurs, we will adjust our information handling practices in your jurisdiction to comply with these local data protection laws.
Personal information has the meaning given under your local data protection law. Personal information generally means information which relates to a living individual who can be identified from that information, or from that information and other information in a person’s possession, including any expression of opinion, whether true or not, and whether recorded in material form or not, about an identified or reasonably identifiable individual, and any indication of intention in respect of an individual.
Generally, the type of personal information we collect about you is the information that is needed to facilitate your travel arrangements and bookings and to arrange travel related services and/or products on your behalf. For example, we may collect details such as your name, residential/mailing address, telephone number, email address, passport details, information about your dietary requirements and health issues (if any), and other details relevant to your travel arrangements or required by the relevant travel service provider(s) (e.g. accommodation or tour providers).
We will collect personal information directly from you unless it is unreasonable or impracticable to do so. Generally, this collection will occur when you deal with us either in person, by telephone, letter or email.
We will disclose your personal information to certain overseas recipients, as set out below, which we will do in accordance with your local data protection laws.
In cases where the information is transferred to the overseas recipients located in a jurisdiction, you will not be able to seek redress under your local data protection laws and may not enjoy an equivalent level of data protection as in your jurisdiction. To the extent permitted by your local data protection laws, we will not be liable for how these overseas recipients handle, store and process your personal information. By providing your personal information to us for the purpose of booking and otherwise arranging travel related products and services for you, you consent to our disclosure of your personal information to these overseas recipients for that purpose.
In providing our services to you, it may be necessary for us to disclose personal information to relevant overseas travel service providers. The relevant travel service providers will receive your personal information in the country in which we will provide the services to you.
We may also disclose your personal information to third parties located overseas for the purpose of performing services for us, including the storage and processing of such information. Generally, we will only disclose your personal information to these overseas recipients in connection with facilitation of your travel booking and/or to enable the performance of administrative and technical services by them on our behalf.
You are entitled to access any personal information we may hold about you in accordance with your local data protection laws. Where personal information we hold about you is not accurate, complete or up-to-date or the information is irrelevant or misleading, you may ask us to correct that personal information, and we will respond to your request within a reasonable time. We reserve the right to confirm the identity of the person seeking access or correction to personal information before complying with such a request. We reserve the right to deny you access for any reason permitted under applicable law. If we deny access or correction, we will provide you with written reasons for such denial.
You must always provide accurate information and you agree to update it whenever necessary. You also agree that, in the absence of any update, we can assume that the information submitted to us is correct, unless we subsequently become aware that it is not correct.
If you have any enquiries, comments or complaints about this Policy or our handling of your personal information, please contact your consultant or contact us at:
contact@chasincleancoasts.com
Last updated on 17.09.2019
Personal Data Processing Principles
Data sourced in the EU
- Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex A or subsequently authorized by the data subject.
- Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
- Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter.
- Security and confidentiality: Technical and organizational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.
- Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organizations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organization may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
- Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under Directive 95/46/EC.
- Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to ‘opt-out’ from having his data used for such purposes.
- Automated decisions: For purposes hereof ‘automated decision’ shall mean a decision by the data exporter or the data importer which produces legal effects concerning a data subject or significantly affects a data subject and which is based solely on automated processing of personal data intended to evaluate certain personal aspects relating to him, such as his performance at work, creditworthiness, reliability, conduct, etc. The data importer shall not make any automated decisions concerning data subjects, except when:
- such decisions are made by the data importer in entering into or performing a contract with the data subject, and
- the data subject is given an opportunity to discuss the results of a relevant automated decision with a representative of the parties making such decision or otherwise to make representations to that parties;
or
- where otherwise provided by the law of the data exporter.
Annex A
Description of the Data Transfer
DATA SUBJECTS | The personal data transferred concern the following categories of data subjects: Chasin Tours, as data recipient, may receive Personal Data relating to the following categories of data subjects: ● Prospective customers; ● Prospective and actual employees, suppliers, contractors, service providers or business contacts. |
PURPOSES OF THE TRANSFER | The transfer is made for the following purposes: ● allowing data subjects to purchase Chasin Tours’ products and services; ● allowing data subjects to purchase products and services ancillary to Chasin Tours’ products and services e.g. excursions operated by third parties ● maintaining and improving Chasin Tours’ products and services ● marketing Chasin Tours’ products and services ● customer service |
CATEGORIES OF DATA | The personal data transferred concern the following categories of data: Chasin Tours may receive Personal Data which may include, but is not limited to the following categories of Personal Data: ● First and last name ● Physical home address ● Email address ● Passport information (number, expiration date) ● Purchase history |
RECIPIENTS | The personal data transferred may be disclosed only to the following recipients or categories of recipients: Employees and contractors of Chasin Tours Certain processors of personal data, vendors, service providers or suppliers of Chasin Tours To the extent applicable, regulators and governmental bodies |
SPECIAL CATEGORY DATA
| The personal data transferred concern the following categories of special category data: Health data |
Contact points for data protection enquiries
Data importer:
Chasin Tours
81 Thomas Street,
Birkdale
Queensland
Australia
Email: Hello@chasincleancoasts.com
