We take our obligations under the Privacy Act 2020 (the “Act”) very seriously and we have implemented practices, procedures and systems to ensure we comply with the Act and codes of practice. We are committed to maintaining the confidentiality and security of your personal information and managing it in an open and transparent way.
1. Collection of personal information
1.1. Collection from you
We may collect your personal information when you:
(a) contact us (e.g. via telephone by direct mail) we may collect your name, address/telephone number, and any information you provide to us;
(b) subscribe to hear more about our latest deals, or enquire about our services, we collect your first, last name, email address and phone number or make enquiries about our products or services;
(c) provide information for a booking we collect your name, email address, passport details, contact details and the same details for those travelling with you on the same booking
(d) create your travel profile we collect your name, email address and your travel preferences;
(e) enter competitions, register for promotions or loyalty programs we may collect your name and email address; or
(f) complete surveys, other research or provide us with feedback we collect you contact details (name and email address) and other information you provide to us.
1.2. Collection from a third party
If we receive your personal information from a third party without having asked you for it, then within a reasonable time, we will determine whether we could have collected it in the ways outlined in section 1.1 above. If we determine that it could not have been collected in one of those ways and it is lawful and reasonable to do so, then as soon as practicable we will destroy the information or ensure that it is de-identified.
1.3. Automatic Collection
Each time you visit our website we automatically collect information on our server logs from your browser, including your IP address, browser type, browser language, information about your device type, operating systems and type of operating system (e.g. iOS or Android) cookies, and the pages you request.
(b) Geo-location information. You may disable our collection of your location information at any time by turning location services off at the device level.
(c) Google analytics. For information on how Google uses your information when you visit our website please go to: www.google.com/policies/privacy/partners/. You may choose to opt-out of Google Analytics using the Google Analytics Opt-out Browser Add-on.
2. How we may use your personal information
We may use your personal information for the following purposes:
(a) to send you notifications about your booking and to communicate with you generally. to assist with arrangements and bookings with suppliers (such as airlines, tour operators, car hire operators, hotels and insurance providers).
(b) providing you with services and tools you choose to use (for example, saving travel preferences on our website(s) to a wishlist or saving personal information to allow for pre-population of online forms);
(c) to complete and manage your booking with us.
(d) to provide you with information about other products or services that may be of interest to you, including information about our related entities and brands. Please see section 5 “Opt-out Policy” for further information about receiving direct marketing.
(e) identification of fraud or error;
(f) regulatory reporting and compliance;
(g) developing and improving our products and services and those of our related entities;
(h) servicing our relationship with you by, among other things, creating and maintaining a customer profile to enable our brands to service you better or presenting options on our website we think may interest you based on your browsing and preferences;
(i) involving you in market research, gauging customer satisfaction and seeking feedback regarding our relationship with you and/or the service we have provided;
(j) to facilitate your participation in loyalty programs;
(k) for research and analysis in relation to our business and services, including but not limited to trends and preferences in sales and travel destinations and use of our websites;
(l) internal accounting and administration;
(m) comply with our legal obligations and any applicable customs/immigration requirements relating to your travel;
(n) to enable us to diagnose and prevent service or technology problems; and
(o) other purposes as authorised or required by law (e.g. to prevent a threat to life, health or safety, or to enforce our legal rights).
3. How we may share your personal information
We may share your personal information with third parties in the following circumstances:
(a) with our related entities and brands for the same purpose that you provide the information to us;
(b) To a third party has paid for your travel, or where we reasonably believe that it is necessary to prevent or lessen a serious and imminent threat to somebody’s life or health
(c) with travel service providers, such as airlines and hotels and cruise operators
(d) with business that provide underlying support of our services, including any person that hosts or maintains any underlying IT system or data centre that we use to provide website. A business that supports our services may be located outside New Zealand. This may mean your personal information is held and processed outside New Zealand;
(e) where it is legally required by a third party or law enforcement authority in any jurisdiction (in which case we will generally require a production order or similar court order unless necessary to prevent or lessen a serious threat to public health or public safety or the life or health of someone else) and including the reporting of privacy breaches to you and the Privacy Commissioner if required by the Act; or
(f) to protect and defend our rights, property or safety or that of third-parties, to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person; or
4. Consequences if all or part of the requested personal information is not provided
You may choose not to provide some or all of the information we request, however, as a result, we may not be able to provide you with some or all of our services, including completing a booking on your behalf.
5. Opt-out policy
We will always provide a simple means for you to “opt-out” from receiving marketing communications from us, which typically involves an “opt-out” or “unsubscribe” link on emails, or through a pop-up on your screen when you provide personal information online. We will not use or disclose your personal information for the purposes of direct marketing material if you have previously told us not to. If at any time in the future you do not want us (for one of our service providers) to send you direct marketing material or you wish to cancel a previous consent, please inform us by contacting us at firstname.lastname@example.org We will affect the change in a reasonable time and without charge.
6. Cross-border disclosure of personal information
We will always endeavour to store your information on a New Zealand or Australian server. However, in circumstances where this is not possible, we may disclose your personal information to an overseas entity when we:
(a) have taken reasonable steps to ensure that they also treat it in accordance with the Act; or
(b) reasonably believe that the overseas entity is subject to the same or similar laws to that found in the Act and there are ways that you can take action to enforce those overseas laws; or
(c) expressly inform you of your option to consent to that disclosure and you then provide us with informed consent to do so; or
(d) are required or authorised by law; or
(e) a permitted general purpose exists; or
(f) a permitted health situation exists; or
(g) we reasonably believe it is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body. In this circumstance we will make a note of such disclosure.
7. Quality of personal information
We will take such steps (if any) as are reasonable in the circumstances to ensure that your personal information we collect, use or disclose is accurate, up-to-date, complete and relevant.
8. Social media platforms
When you post on one of our social media sites, such as Facebook or Instagram, the personal information you share is visible to other users and can be read, collected, or used by them. You are responsible for the personal information you choose to submit in these instances.
To request the removal of your personal information from one of our social media pages, please contact us using the information provided in section 11 “Contacting us”. In some circumstances, we may not be able to remove your personal information.
9. Security of personal information
No data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you provide to us and you do so at your own risk. Once we receive your personal information. We will take such steps as are reasonable in the circumstances to protect your personal information from misuse, interference and loss; and from unauthorised access, modification or disclosure.
You are also responsible for helping to protect the security of your personal information. For instance, never give out your password, and safeguard your user name and password when you are using the Services. You are responsible for maintaining the security of any device on which you access the Services.
When we no longer need your personal information for a permitted purpose and we are not required to keep it to comply with any laws, we will take such steps as are reasonable in the circumstances to destroy your personal information or to ensure that the information is de-identified.
9.3. Privacy breaches
A privacy breach occurs where there is an unauthorised or accidental access to, or disclosure, alteration, loss, or destruction of, personal information held by us or an action that prevents us from accessing personal information on either a temporary or a permanent basis. If we learn of a privacy breach involving personal information we hold, YOU Travel Tauranga will assess whether the privacy breach is likely to cause serious harm to you. If YOU Travel Tauranga assessment finds that the privacy breach has caused or is likely to cause you serious harm we will notify you and the Privacy Commissioner if required by the Act.
10. Access to personal information
Subject to certain grounds for refusal set out in the Act, you have the right to request confirmation from us that we hold personal information about you, and a copy of such personal information. You are also entitled to request the correction of the information we hold about you.
If you would like to exercise either of these rights, please contact us at email@example.com Your email should provide evidence of who you are and the details of your request (e.g. the personal information, or the correction, that you are requesting).
11. Contacting us
13. NZ Law