This Policy is subject to the General Data Protection Regulation 2016/679 (“GDPR”) if you are based in the European Union or UK during your interactions with us (other than when you are in the European Union or UK solely for travel purposes) (“EU Individual”).
If you are an EU Individual, please refer to sections 17 and 18, which deals with matters specific to EU Individuals.
- clearly communicate the personal and sensitive information handling practices of A’qto;
- enhance the transparency of A’qto’s information collection processes; and
- to give individuals a better understanding of the sort of personal information that A’qto, and the way A’qto handles that information.
- Personal Information
information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in material form or not.
Personal information may include your name, address (including previous addresses), information about you (including medical information), contact telephone number(s), e-mail addresses, bank account and credit card details, and details about flight, hotel, transfers and other related travel details and/or other information that is necessary for the delivery of our services to you.
- Sensitive Information
We will only collect your sensitive information with your consent and where information is reasonably necessary for one or more of our services.
We will only use and disclose your sensitive information for the primary purpose for which it was collected or a purpose that is directly related to this primary purpose and is reasonably expected. You consent to the use and disclosure on this basis. If for example we have collected information about any medical conditions you are suffering, then you consent to us disclosing this information to our service providers (for example ground operators) if they reasonably have a need to know such information in order to safely supply services for your benefit.
We will not otherwise collect, use or disclose sensitive information about you unless required to do so by law.
- Collection of personal information
In the course of regular business activity and in order to use the website and/or our services, A’qto will from time to time collect, require and otherwise deal with your personal and/or sensitive information.
If you do not want any of your personal and/or sensitive information collected, you can stop using the website and/or our services at any time (subject to applicable contracts), however we may not be able to provide our services to you.
A’qto collects personal and/or sensitive information from individuals in numerous ways, including when an individual:
- visits or uses the website or social media channels;
- contracts or corresponds with A’qto in person or via telephone, email, mail or directly through our website;
- makes a purchase(s) from A’qto or enquires about travel arrangements with us;
- makes payment of an invoice; or
- provides us with personal and/or sensitive information, including for example allowing information on social media to be shared with us or signing up for a promotion or competition or when you subscribe to receive marking from us (e.g. a newsletter).
We may also collect personal and/or sensitive information about you from third parties or where A’qto is required to do so by law
A’qto does not generally take steps to:
- verify personal and/or sensitive information about any individual disclosed to it; or
- seek additional personal and/or sensitive information about any individual on the basis of information disclosed to it,
except in circumstances where it is reasonably necessary for us to do so or as may be required by law, including (but not limited to) confirming the identity of an individual seeking access to personal and/or sensitive information.
You may control, refuse and/or delete cookies by using the appropriate setting on your browser as you wish, however, if you do so you may not be able to access portions of our website.
- Use of personal information
- Direct marketing communications
We may contact you using the contact details, which you provide to us in order to provide you with direct marketing communications about our services in accordance with the law.
You may opt out of receiving direct marketing communications from us at any time by contacting us using the details set out below or by functionality within such communications.
We may disclose personal and/or sensitive information we hold to:
- our directors, officers, employees and other associated companies or related entities or organisations;
- our contracted service providers;
- credit card providers, credit reporting and fraud checking agencies;
- government, regulatory and law enforcement agencies where the disclosure is required or authorised by law;
- our professional advisors, including our accountants, auditors and lawyers;
- third party suppliers of products or services which you have selected (such as airlines, ground operators, hotels and insurance providers);
- third party travel service providers who assist in fulfilling the booking you have made;
- our online booking facility operator and host and others who assist in providing these services;
- third party sponsors or co-sponsors of promotions on our website. Only information collected during a promotion will be disclosed to these parties;
- third parties when we contract out some of our functions and activities, such as call centre operators. In these circumstances, we prohibit third parties from using your personal information, except for the specific purpose for which we supply it.
- Overseas Disclosure
We may disclose personal and/or sensitive information to overseas recipients in order to provide services.
Generally, we will only disclose your personal information to these overseas recipients in connection with our services such as facilitation or fulfilment of your travel booking and/or to enable the performance of administrative and technical services by them on our behalf.
- Access to personal information
If you would like access to your personal and/or sensitive information, please contact our office directly via the contact details found below under “Contact”.
- Correction of personal information
If A’qto holds personal and/or sensitive information about you and you believe that any of the information we hold about you is inaccurate, out of date, incomplete, please make a request to our office for correction. Contact details can be found below.
- Storage and Security
A’qto will take reasonable steps to protect the personal and/or sensitive information we hold from misuse, interference, loss and unauthorised access, modification or disclosure. A’qto may store personal information physically and/or electronically.
- Links – external websites
- GDPR compliance
If you are a resident of the European Union (or following Brexit, you are a resident of the UK and the UK has laws equivalent to the GDPR in effect) you have certain rights and protections under the GDPR (or the UK equivalent) regarding the processing of your personal data. This section sets out the additional information that we are required to provide to you under the GDPR. Please note that references to the GDPR also includes references to any UK equivalent.
Where the GDPR applies, the meaning of “personal information” has the same meaning as “personal data” and the meaning of “sensitive information” will apply as information concerning the processing of special categories of personal information (“sensitive data”) under the GDPR.
For the purposes of the GDPR we will either be the “data processor” or “data controller” for any personal information you provide to us in connection with our relationship. The precise role we will be assuming is dependent on the context of our relationship with you and the purpose of the processing being undertaken.
Under the GDPR, use of personal information must be based on a legal basis and we are required to provide you with information about this use. We rely on lawful means of processing your personal data, including the following:
- where it is necessary to fulfil a contract with you. This includes where we collect your personal data to enable us to provide you with our services;
- where you have given us valid consent to use your personal data. We will rely on that consent and only use the personal data for the specific purpose for which you have given consent;
- where it is to further our legitimate interests which could include usage statistics, analytics and internal analysis so we can improve our services to you.
We note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. If you need details about the specific legal ground A’qto is relying on to process your personal data, please contact A’qto.
- Your right as an European Union of UK resident
Under certain circumstances or if you are a resident of the European Union or UK, you have various rights under the GDPR in relation to your personal information, including the:
- right to be informed;
- right of access;
- right to rectification;
- right to object/ withdraw consent;
- right to restriction of processing;
- right to erasure or to be forgotten;
- right to data portability; and
- right not to be subject to automated processing.
To exercise any of these rights please contact A’qto via the contact details set out below under “Contact”.
- Withdrawing your consent
You can withdraw your consent to our collection or processing of your personal data. You can do so by contacting us or by opting out of email newsletter communications by following the instructions in those emails or by clicking unsubscribe. If you withdraw your consent to the use of your personal data, you may not have access to our services and we might not be able to provide you with our services. In some circumstances, where we have a legal basis to do so, we may continue to process your information after you have withdrawn consent. For example, if it is necessary to comply with an independent legal obligation or if it is necessary to do so to protect our legitimate interest in keeping our services secure.
If you have any questions or concerns about how we handle your personal or sensitive information or if you wish to access or amend personal and/or sensitive information we hold about you, please make a request in writing.
All correspondence should be directed to:
Post: Po Box 5113, Middle Park, Victoria, Australia, 3206
Phone: +61 410 651 573
If you decide to contact us for any of the reasons above, we request that you provide us with sufficient details regarding your reason for getting in touch with us.
We note that if necessary, we will ask you to provide us with a copy of your ID, passport or other valid identity document.
We will investigate and consider any complaint received by us and a response will be provided to the complainant as soon as practicable.
Last Updated: 6th October 2020