We take our obligations under the Privacy Act 1993 (the Act) very seriously and we have implemented practices, procedures and systems to ensure we comply with the Act and codes of practice. We are committed to maintaining the confidentiality and security of your personal information and managing it in an open and transparent way.
1.Collection of personal information
Generally, the type of personal information that we may collect about you is the information that is needed to facilitate your travel arrangements. Such personal information may include:
(a) your name, postal address, email address, phone numbers, date of birth;
(b) your credit card details;
(c) your dietary restrictions (which may disclose your religious beliefs);
(d) any health issues you may have (any health information will be collected in accordance with the Health Information Privacy Code 1994);
(e) your passport details;
(f) details about your participation in loyalty or awards programs and applicable membership number;
(g) your travel details (e.g. flight, hotel, insurance and car hire); and
(h) any special assistance requests.
1.1 Collection from you
We may collect your personal information when you:
(a) communicate with us in person, by email, telephone, facsimile, direct mail or visit our website;
(b) purchase or make enquiries about our products or services;
(c) provide information for a booking;
(d) create your travel profile;
(e) subscribe to one of our services;
(f) enter competitions, register for promotions or loyalty programs;
(g) subscribe to receive marketing materials or request brochures or other information from us; and
(h) complete surveys, other research or provide us with feedback.
1.2. Collection from a third party
If we receive your personal information from a third party without having asked you for it, then within a reasonable time, we will determine whether we could have collected it in the ways outlined in section 1.1 above. If we determine that it could not have been collected in one of those ways and it is lawful and reasonable to do so, then as soon as practicable we will:
(a) destroy the information; or
(b) ensure that it is de-identified.
1.3. Automatic Collection
Each time you visit our website we automatically collect information on our server logs from your browser, including your IP address, browser type, browser language, information about your device type, operating systems and type of operating system (e.g. iOS or Android) cookies, and the pages you request.
(b) Geo-location information. You may disable our collection of your location information at any time by turning location services off at the device level.
(c) Google analytics. For information on how Google uses your information when you visit our website please go to: www.google.com/policies/privacy/partners/. You may choose to opt-out of Google Analytics using the Google Analytics Opt-out Browser Add-on.
2. How we may use your personal information
We may use your personal information for the following purposes:
(a) to send you notifications about your booking and to communicate with you generally.
(b) to assist with arrangements and bookings with suppliers (such as airlines, tour operators, car hire operators, hotels and insurance providers).
(c) providing you with services and tools you choose to use (for example, saving travel preferences on our website(s) to a wishlist or saving personal information to allow for pre-population of online forms);
(d) to complete and manage your booking with us.
(e) to provide you with information about other products or services that may be of interest to you, including information about our related entities and brands. Please see section 5 “Opt-out Policy” for further information about receiving direct marketing.
(f) identification of fraud or error;
(g) regulatory reporting and compliance;
(h) developing and improving our products and services and those of our related entities;
(i) servicing our relationship with you by, among other things, creating and maintaining a customer profile to enable our brands to service you better or presenting options on our website we think may interest you based on your browsing and preferences;
(j) involving you in market research, gauging customer satisfaction and seeking feedback regarding our relationship with you and/or the service we have provided;
(k) to facilitate your participation in loyalty programs;
(l) for research and analysis in relation to our business and services, including but not limited to trends and preferences in sales and travel destinations and use of our websites;
(m) internal accounting and administration;
(n) comply with our legal obligations and any applicable customs/immigration requirements relating to your travel;
(o) to enable us to diagnose and prevent service or technology problems; and
(p) other purposes as authorised or required by law (e.g. to prevent a threat to life, health or safety, or to enforce our legal rights).
3. How we may share your personal information
We may share your personal information with third parties in the following circumstances:
(a) To our related entities and brands for the same purpose that you provide the information to us.
(b) To a third party that has paid for your travel, or where we reasonably believe that it is necessary to prevent or lessen a serious and imminent threat to somebody’s life or health
(c) To travel service providers such as airlines, hotels, and cruise operators who are providing services to you.
(d) To businesses that provide underlying support of our services, including any person that hosts or maintains any underlying IT system or data centre that we use to provide our website. A business that supports our services may be located outside of New Zealand. This may mean your personal information is held and processed outside of New Zealand.
(e) Where it is legally required by a third party of law enforcement authority in any jurisdiction (in which case we will generally require a production order or similar court order unless necessary to prevent or lessen a serious threat to public health or public safety or the life or health of someone else).
(f) To protect and defend our rights, property or safety or that of third-parties, to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person.
4. Consequences if all or part of the requested personal information is not provided
You may choose not to provide some or all of the information we request, however, as a result, we may not be able to provide you with some or all of our services, including completing a booking on your behalf.
5. Opt-out policy
We will always provide a simple means for you to “opt-out” from receiving marketing communications from us, which typically involves an “opt-out” or “unsubscribe” link on emails, or through a pop-up on your screen when you provide personal information online. We will not use or disclose your personal information for the purposes of direct marketing material if you have previously told us not to. If at any time in the future you do not want us (or one of our service providers) to send you direct marketing material or you wish to cancel a previous consent, please inform us by contacting us at [email protected]. We will affect the change in a reasonable time and without charge.
6. Cross-border disclosure of personal information
We will always endeavour to store your information on a New Zealand or Australian server. However, in circumstances where this is not possible, we may disclose your personal information to an overseas entity when we:
(a) have taken reasonable steps to ensure that they also treat it in accordance with the Act; or
(b) reasonably believe that the overseas entity is subject to the same or similar laws to that found in the Act and there are ways that you can take action to enforce those overseas laws; or
(c) expressly inform you of your option to consent to that disclosure and you then provide us with informed consent to do so; or
(d) are required or authorised by law; or
(e) a permitted general purpose exists; or
(f) a permitted health situation exists; or
(g) we reasonably believe it is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body. In this circumstance we will make a note of such disclosure.
7. Adoption and use of government related identifiers
We will not adopt a government related identifier as your identifier unless:
(a) we are required or authorised by law; or
(b) it is reasonably necessary to verify your identity for the purposes of our activities or functions.
8. Quality of personal information
We will take such steps (if any) as are reasonable in the circumstances to ensure that your personal information we collect, use or disclose is accurate, up-to-date, complete and relevant.
9. Security of personal information
No data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you provide to us and you do so at your own risk. Once we receive your personal information. We will take such steps as are reasonable in the circumstances to protect your personal information:
(a) from misuse, interference and loss; and
(b) from unauthorised access, modification or disclosure.
You are also responsible for helping to protect the security of your personal information. For instance, never give out your password, and safeguard your user name and password when you are using the Services. You are responsible for maintaining the security of any device on which you access the Services.
When we no longer need your personal information for a permitted purpose and we are not required to keep it to comply with any laws, we will take such steps as are reasonable in the circumstances to destroy your personal information or to ensure that the information is de-identified.
10. Access to personal information
Subject to certain grounds for refusal set out in the Act, you have the right to request confirmation from us that we hold personal information about you, and a copy of such personal information. You are also entitled to request the correction of the information we hold about you.
If you would like to exercise either of these rights, please contact us at [email protected]. Your email should provide evidence of who you are and the details of your request (e.g. the personal information, or the correction, that you are requesting).
11. Correction of personal information
11.1. Correction of personal information
We will take reasonable steps to correct your personal information (at no charge) if we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading. This extends to third parties that we have provided your personal information to unless it is impracticable or unlawful to do so.
11.2. Circumstances when we decline to make corrections
In certain circumstances we may decline to correct your personal information. When this occurs we will provide you with a written notice that sets out:
(a) the reasons for the refusal; and
(b) the mechanisms available to complain about the refusal.
12. Making a complaint
If you have a concern or complaint relating to our handling of your personal information please notify us at [email protected] by outlining the nature of your complaint. We will endeavour to respond to your complaint within 30 days of receipt.
14. NZ Law