Revision Date: 1/10/2019
Online Travel Direct is committed to our client’s privacy and security and to taking
steps designed to secure your personal and financial information. We believe your
private details should be kept just that and when you share personal information with
us, we will make all reasonable endeavours to keep your details secure and private.
We are committed to ensuring that your personal information is protected.
Online Travel Direct understands that privacy is important to you and wants your
experience when dealing with us to be as enjoyable and safe as possible. This policy
describes who Online Travel Direct is and how it handles your personal information
generally as well as when you use our website or mobile apps.
The type of personal information we collect and hold
Personal information is information or an opinion about an identified individual or an
individual who is reasonably identifiable. Generally, Online Travel Direct does not
collect sensitive information about you such as details of your race, political beliefs,
religion or health. However, depending on the products and service you ask us to
provide, we may be required to collect some sensitive information when we are
providing you with specialised services (such as access requirements for a disability).
We will ask for a broad range of personal information which is necessary for us to
provide you with our services. The type of personal information we ask for will depend
on which of the travel products with Online Travel Direct you book on and the type of
product or service you choose.
If we are not able to collect personal information about you, we may not be able to
provide you with the products, services or assistance you require. The collection use
or disclosure of your personal information is needed to provide these.
We will generally ask for the following types of personal information:
• name, address, email and contact details;
• date of birth;
• gender; and/or
• information about your use of our product or service
Depending on the product or service you choose, you may also be asked other types
of personal information such as:
• insurance- travel
• Passport number
• Credit card details
Ways we collect your personal information
We collect your personal information:
• by using written forms;
• through contact over the telephone, your mobile or other messaging technology;
• via the internet, including websites and social media; and/or
• in person to person contact
• Through subscription and entry forms
• Booking forms and requests for further information
• Emails, response devices
We will collect your personal information during the information life cycle, on an adhoc
or a recurrent basis using the above methods. For example, we will collect personal
information when you acquire a product or service from us, when you make changes
to that product, when you enquire on our product and services or request information
on our services. We will combine or link personal information we already know about
you to other personal information we collect about you.
We collect your personal information:
• directly from you by written, by phone or through our online booking engine.
• from a group co-ordinator who is arranging your travel ( If this is the case we
request from the group leader that every member of the group has consented to
them providing this Personal Information to us, in order for us to provide those
products and services).
• from other persons or organisations (including related and third parties).
Please refer to “Parties to whom we disclose and collect your personal information”
section which details the types of organisations we disclose your personal information
to and collect your personal information from.
Our websites rely on “cookies” to provide several services to you. A cookie is a piece
of data that a website sends to your browser and which is then stored on your
computer or other internet enabled device. Cookies are generally one of two types, a
session cookie or a persistent cookie. A session cookie is a temporary cookie that is
placed on the device and remains until you leave one of our websites. A persistent
cookie will remain on your device for a period or duration specified in the cookie
despite you leaving our websites.
Cookies generally allow our websites you are browsing to interact more efficiently with
range of purposes, including; to maintain and improve the operation of our websites;
track user preferences and product requirements to customise our websites and target
and improve advertising or marketing relevance. We may also have an arrangement
with third parties who may use our cookies to improve the relevance of our advertising
to you on third party websites. You can use your browser settings to manage cookies.
These settings may include deleting all or some cookies, not accepting any cookies or
being notified when cookies are being used.
Purposes of collection of personal information
We collect your personal information so we can:
• identify you and provide you with our products and services including notifying you
about new products, services and promotions from time to time.
• understand your requirements and provide you with a product or service;
• set up, administer and manage our products and services,
• get a better understanding of you, your needs, your behaviours and how you
interact with us, so we can engage in product and service research, development
and business strategy including managing the delivery of our services and products
via the ways we communicate with you.
Sometimes we are required to collect your personal information to satisfy specific legal
Use and disclosure
We use and disclose your personal information for the purposes we collected it.
Please refer to “Purposes of collection of personal information” section to understand
what these purposes may be. If your personal information is subject to the Australian
privacy regime, we will use and disclose your personal information for a secondary
purpose related to a purpose for which we collected it, where you would reasonably
expect us to use or disclose your personal information for that secondary purpose. In
the case of sensitive information, any secondary use or disclosure will be directly
related to the purpose of collection.
For example, we will disclose your personal information to third party service providers
so that they can provide the contracted services to Online Travel Direct such as
information technology support or programming, hosting services, telephony services,
mailing or sending of documentation to customers digitally or otherwise.
As a travel portal, Online Travel Direct offers products and services on behalf of
several other providers including but not limited to cruise lines and insurance
companies. Online Travel Direct maybe required to disclose your Personal Information
to these providers to enable them to provide you with their services and to assist in
making your experience a satisfying one. As these providers require this Personal
Information when making your booking, if it is not provided, we will not be able to
finalise your booking.
There will be other instances when we may use and disclose your personal information
in accordance with the Australian and New Zealand privacy regimes including where:
• you have expressly or implicitly consented to the use or disclosure;
Collection use and disclosure of personal information for marketing
Online Travel Direct has a large range of travel services. Marketing is an important
part of our business. We want to collect, use and disclose your personal information
to keep you up to date with the range of products and services available from Online
Travel Direct and which we think may be of interest to you. We use a wide variety of
marketing strategies including mail, SMS, telephone and other internet-based
marketing including targeted online advertising and online behavioural marketing.
Third party marketing service providers may combine the personal information we
disclose to them with information they already hold about you, in order to serve you
with more relevant advertising about our products and services.
We want you to be able to exercise your marketing preferences. Details of how to
exercise your preferences can be made to our privacy officer whose contact details
Parties to whom we disclose and collect your personal information
As detailed in “Ways we collect your personal information” section there are a range
of people and organisations (‘parties’) to whom we disclose your personal information
and collect personal information from – that are not you. These may be parties related
to Online Travel Direct or third parties. The particular party will depend on which
company or brand in Online Travel Direct you do business with and what product or
service you receive.
Some examples of the parties to whom we may disclose your personal information to
and collect personal information from are:
• other companies within the Online Travel Direct and other trading divisions or
departments within the same company
• customer, product, business or strategic research and development organisations;
• a third party with whom we have contracted to provide travel services,
administrative or other business services – for example:
• information technology providers,
• marketing agencies and other marketing service providers;
• travel providers whose product you are travelling on;
• print/mail/digital service providers; and
• imaging and document management services
• data warehouses,
• social media and other virtual communities and networks where people create,
share or exchange information;
• publicly available sources of information;
• clubs, associations, member loyalty or rewards program providers and other
industry relevant organisations;
• any other organisation or person where you have asked them to provide your
personal information to us or asked us to obtain personal information from them,
(e.g. your parent or group organiser).
We will send your personal information overseas and collect personal information from
overseas. Instances when we will do this include:
• when you have asked us to do so or we have your consent;
• when we are authorised or required by an Australian or New Zealand law or a
court/tribunal to do so;
• when we have outsourced a business activity or function to an overseas service
• certain electronic transactions.
We will disclose all kinds of personal information overseas but only to the extent it is
necessary to perform our functions and services. In order to engage in our business
activities and functions we will disclose your personal information to and collect your
personal information from parties in several countries.
Please view here to see a list of countries in which those parties are likely to be located
in the United States of America, European Economic Area, United Kingdom, Japan,
Philippines, India, Thailand, Fiji and New Zealand. We will need to from time to time
disclose your personal information to and collect your personal information from other
countries not on this list.
This will be on an adhoc or case by case basis and for the purposes for which we
collected your personal information.
Security of your personal information
We hold your personal information in:
• computer systems;
• electronic databases;
• digital records;
• telephone recordings; and
• in hard copy or paper files.
These storage mechanisms may be managed in several ways. They may be managed
or administered internally by a company in Online Travel Direct and may be held locally
in Australia. Or they could be managed by a third-party storage provider with whom
Online Travel Direct has a contractual relationship and be either managed locally
We will take all reasonable steps to protect your personal information from misuse,
interference and loss, as well as unauthorised access, modification or disclosure. The
ways we do this include:
• limiting physical access to our premises;
• restricting electronic and physical access to personal information we hold;
• having in place stand-by systems and information backups to deal with major
• maintaining technology security products;
• requiring any third party providers to have acceptable security measures to keep
your personal information secure; and
We maintain industry standard technology and procedures in respect of our
information management and provision of online services. Online Travel Direct has an
ongoing program of review and enhancement of its security measures. The reviews
and updates address such matters as security and information management policies,
processes and procedures, and technology reviews such as software, virus protection
and fire wall settings. Online Travel Directs’ systems and information technology
infrastructure are regularly audited both by internal and external experts.
E-mail transmissions to Online Travel Direct, are not necessarily secure. If you have
any concern about the security of the contents of your e-mail or any other transaction
over the Internet, then you should consider contacting us by other means. Online
Travel Direct does however employ strong encryption techniques and the use of
firewalls similar to financial institutions and internet transaction systems globally.
If you make a transaction involving the submission of personal information over the
Internet to Online Travel Direct using one of our online forms, then the Online Travel
Direct employs that encryption technology. Once Online Travel Direct has received
your personal information, it is stored and protected by a range of security controls,
including firewalls, user identification requirements and audit trails.
Online Travel Direct trains its employees and representatives in their privacy
obligations, applies confidentiality obligations and provides authorised persons with
user identifiers, passwords or other access codes to control access to your personal
You may not be a customer of ours, but you may interact with one of our companies.
You may interact with one of our companies by using our transactional websites,
entering a competition or commenting via social media. We will collect, use and
Privacy Statement you may receive when you interact with us. Please see our Online
Terms found on our transactional websites for more information about interacting with
us via the Internet.
Anonymity and Pseudonymity
If you are subject to the Australian privacy regime, you have the option of not
identifying yourself or of using a pseudonym unless we are required or authorised
under Australian law or a court/tribunal to identify you or it is impracticable to deal with
you anonymously or by a pseudonym.
Australia – Access and Correction of Personal Information
You have the right to request access to personal information we hold about you. We
can deny access to some or all of your personal information in specified
circumstances. We will provide reasons for any refusal in writing.
If you would like to request access to the personal information we hold about you
please contact us by using the relevant Access or Correction contact in the Online
Travel Direct Privacy Contact Information details, which can be found below as we
may be able to provide you this information within our normal business processes.
If not, the staff member will be able to commence the privacy access request process
for you which may require you to complete a privacy access request form. These
requests may incur a fee and you will be advised of an estimated fee and the payment
options at the time of written acknowledgement. This is usually provided to you within
5 business days.
Our response to your request will usually be completed within 30 days of receipt of the
request. If we require further time, we will contact you in writing to advise of this and
provide our reasons for the further time that is required.
We rely on the accuracy of the personal information we hold about you to provide our
products and services to you. You have the right to request us to correct any
inaccurate, out-of-date, incomplete, irrelevant or misleading personal information. We
will take such steps that are reasonable in the circumstances regarding the purpose
for which your personal information is held to make a correction. We may refuse to
correct your personal information and will provide reasons for refusal in writing.
If we refuse to correct your personal information you have the right to associate with
the information a statement that the information is inaccurate, out-of-date, incomplete,
irrelevant or misleading. We will take such steps that are reasonable in the
circumstances to associate that statement with all records containing the relevant
information. You can contact us to request the correction to the personal information
we hold about you by using the relevant Access or Correction contact in the Online
Travel Direct Privacy Contact Information table below.
Australia – Complaints Handling
If you have a complaint about how we collect, hold, use or disclose your personal
information or a privacy related issue such as refusal to provide access or correction,
please use our complaints process so that we can help. It is important to follow the
complaint handling process in order to resolve your complaint effectively and
If you are subject to the Australian privacy regime, please note how we will deal with
Let us know
If you would like to make a complaint, please let us know by contacting us. A response
is usually provided to you within 5 business days by our privacy officer. You can
contact us by using the relevant Complaints contact in the Online Travel Direct Privacy
Contact Information below.
Review by our Internal Privacy team
If you are not satisfied with the outcome of the business review you can request the
complaint be referred to the Management Team for review or you can contact them
directly. Should additional information be required from you, we will contact you to
discuss. The Management Team will usually contact you with a decision within 25
business days of receiving your complaint. You can contact the Senior Management
team by using the relevant contact in the Online Travel Direct Privacy Contact
Seek review by an external service
We expect our procedures will deal fairly and promptly with your complaint. However,
if you remain dissatisfied, you may be able to access the services of an External
Dispute Resolution Scheme such as the below.
Australia Office of the Australian Information Commissioner (OAIC)
Complaints must be made in writing
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Removal from our marketing lists:
If you do not want to receive email or posted offers from Online Travel Direct please
let us know by sending an email message to firstname.lastname@example.org. Or
if you simply follow the instructions for ‘un-subscribing” included as part of Online
Travel Directs’ regular mail and email offers your name will be removed from the