Backpacker Deals respects the privacy and confidentiality of the information provided by you and adheres to the Australian Privacy Principles.
Backpacker Deals takes responsibility for the processing of your personal data as a data controller.
Data that we collect about you
Personal data means any information that can identify a natural person or any information that can link to an identifiable natural person. Personal data does not include information that is anonymised and where no natural person can be identified.
Personal data that we collect about you:
- First name
- Last name
- Email address
- Contact telephone number
- Dietary requirements
- IP address
- Credit Card details
- Account and profile information
- Profile photo if you wish to upload one
- Passport details
- Social media information if you choose to interact with us on social media platforms or use the social sign-on feature
How do we collect data about you
Backpacker Deal can obtain personal data through different means:
- When you sign up for an account on the Website
- By contacting us through the contact form on the Website
- By contacting us by sending an email
- By contacting us by calling us
- By contacting us through our live chat function on the Website
- By purchasing a product or a service from us
- By starting the booking process, regardless of whether you complete it
- Web beacons and pixels
- Interacting with us on social media platforms
- By contacting us using WhatsApp
Purposes of processing your data
Backpacker Deals rely on the following basis for the legal processing of your personal data:
- Where we need to perform the contract we enter into with you i.e. contractual obligations
- Where it is necessary for Backpacker Deals’ legitimate interests and following a balance test where your fundamental rights do not override those interests
- Where we need to comply with a legal or regulatory obligation
- Where you have provided us with consent
Backpacker Deals shall only use the data collected about you solely for the following purposes:
- To provide you with products and services that you have purchased from us
- To contact you when there are changes to the products and services that you’ve purchased from us
- To send you confirmation and reminder emails of products and services that you’ve purchased from us
- To assist you in completing your bookings
- To ensure your safety when you provide dietary requirements to us
- To contact you when you send us an enquiry
- To prevent fraud, spam, abuse and security incidents
- To improve your experience of the Website
- To improve and develop the Backpacker Deals platform
- To send you information about other tours and experiences you may be interested in
- To send updates regarding our Website and information in the form of a newsletter
- To send you our Review Portal so that you can give an (optional) review of your tour after your attendance
- To comply with our legal obligations
- To enforce our Terms and Conditions
- For protecting our interests - we may use your Personal Data to protect the rights, property or safety of our Website, our customers or third parties. We strive to ensure the security, integrity and privacy of personal information submitted to our Website, and we periodically update our security measures in light of current technologies
You are not required to provide Backpacker Deals with your personal data, however, we may not be able to deliver services to you if you refuse to provide personal data.
Where you provide us with consent to process your personal data, you have the right to withdraw this consent at any time. If you wish to withdraw consent please see the section entitled ‘Your rights’ for more information.
Automated decisions and profiling
We do not process your personal data to create a profile of you and you shall not be subjected to automated decisions.
We will store and process your personal data for the period necessary depending on the purposes of processing and the contractual relationship you may have with Backpacker Deals.
- First name: for as long as you are a customer of Backpacker Deals
- Last name: for as long as you are a customer of Backpacker Deals
- Email address: for as long as you are a customer of Backpacker Deals
- Contact telephone number: for as long as you are a customer of Backpacker Deals
- Dietary requirements: for as long as you are a customer of Backpacker Deals
- Location: for as long as you are a customer of Backpacker Deals
- IP address: for as long as you visit the Website
- Profile picture: for as long as you are a customer of Backpacker Deals
- Credit Card details: for as long as you are a customer of Backpacker Deals and up to 2 years thereafter for fraud prevention purposes. See section entitled ‘Payment and financial data’ for more information
- Account and profile information: for as long as you are a customer of Backpacker Deals
- Passport details: for as long as you are a customer of Backpacker Deals
Transfer of data
We may share your data with the following categories of third parties:
- Employees of Backpacker Deals
- Contractors in order to provide services
- Freelancers and contractors for IT support
- Payment processors in order to process online payments, bank transfers and merchant banks
- Professional advisors such as accountants, auditors
- Legal authorities and law enforcement such as the police, tax authorities
- Mailing software such as the one to manage our newsletters
We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We share data with the following specific third parties:
Backpacker Deals shall not be liable in any way for direct or indirect damages caused by wrongfully or improper use of the personal data by a third party.
Payment and financial data
Backpacker Deals does not store full credit card details. Backpacker Deals collects the last 4-digits of your credit card number and the issuing bank for fraud prevention purposes only. This data is retained by us for a maximum of 2 years only. All payments and transactions are processed by our third-party payment gateway processor Braintree and Braintree guarantees data security by various methods listed here.
Third party external links
We do not and will not sell or deal in personal or customer information. We will never disclose your personal details to a third party except the necessary information required by providers of products or services you have purchased or to protect the rights, property or safety of Backpacker Deals, our customers or third parties or if required by law.
We may, however, use in a general sense without any reference to your name, your information to create marketing statistics, identify user demands and to assist it in meeting customer needs generally. In addition, we may use the information that you provide to improve our Website and services but not for any other use.
Please keep in mind that whenever you voluntarily make your personal information available for viewing by third parties online – for example on message boards, web logs, through email, or in chat areas – that information can be seen, collected and used by others besides us. We cannot be responsible for any unauthorised third-party use of such information.
Transfer of ownership
Please also note that as our business grows, we may buy or sell various assets. In the unlikely event that we sell some or all of our assets, or one or more of our websites is acquired by another company, information about our users may be among the transferred assets. You will be notified of this event if it occurs and you have the right to restrict processing of your personal data and/or withdraw consent.
Due to the global nature of our operations, these transfers will involve transferring your data within and outside the European Economic Area. We ensure that there is an adequate level of protection for personal data in the receiving entity.
We may use the following methods to safeguard the transfer of data internationally:
- Transfer of personal data to a country that has officially been deemed to provide an adequate level of protection for personal data by the European Commission (‘adequacy decisions’)
- We may use Standard Contractual Clauses approved by the European Commission
- We may transfer data to the US if they are part of the Privacy Shield. If the receiving third party is not a part of the Privacy Shield then we may use the Standard Contractual Clauses
- We may use Binding Corporate Rules that ensure that all Group entities will have an adequate level of protection for personal data
We have implemented an appropriate technical and organizational measures, procedures and safeguards are in place to prevent the destruction, loss, adjustment, accidental notification to a third party, removal and unauthorized access of personal data.
We only allow access to your personal data to those employees, contractors and other third parties who have a business need to know. They only process your personal data on our instructions and are subject to a duty of confidentiality.
All payments are processed by the third-party payment gateway Braintree and we not store full credit card details.
We use Amazon and Norton SSL certificates to secure each and every transaction that occurs on our Website. All data collected from the customer is encrypted in transition between our website and customers’ devices.
All our servers are secured by Amazon and we use 2-factor authentication for logging into to our platform and servers.
When you use the Website, your device or browser may be sent cookies from third parties, for example when using embedded content and social network links. It's important for you to know that we have no access to or control over cookies used by these companies or third-party websites. We suggest you check the third party websites for more information about their cookies and how to manage them.
Under the General Data Protection Regulation, data subjects within the European Economic Area are entitled to the following rights:
- Right of access – you have the right to be informed on how we use your personal data and you have the right to request access to the personal data that we have collected about you
- Right of rectification – you have the right to correct inaccurate information that we may have about you
- Right to object – you have the right to object to us processing your personal data
- Right to restrict processing – you have the right to request us to suspend processing under certain circumstances
- Right to data portability – you have the right to obtain a copy of your personal data in an easily readable format in order to transfer to another service
- Right to erasure – otherwise known as the ‘right to be forgotten’ meaning that you have the right to request that we delete all the personal data that we have on you (with certain legal exceptions)
- Right to withdraw consent – where the processing is based on consent, you have the right to at all times, withdraw your consent
We extend the above rights to data subjects outside of the EEA, and we also adhere to the rights of the user under the Privacy Act 1988 and the Australian Privacy Principles.
If you wish to exercise any of your rights, please contact us by sending mail to:
Privacy Office Travello Pty Ltd 321 Brunswick St Fortitude Valley QLD 4006 Australia +61390163720
Or electronically to email@example.com
Please note that you will be requested to provide specific identification information in order to verify your identity before your request can be processed. This is a security measure that we have implemented to ensure that there is no unauthorized access to personal data by third parties.
We are committed to providing you with a response to your request within 30 days. However, if there are delays in providing you with your request, we will notify you of the delay, the reason for the delay and extend our response time.
Right to make a complaint.
You have the right to make a complaint anytime to:
- EEA region: the supervisory authority or Data Protection Authority of your country of residence
- Australia: Individuals in Australia may make a complaint to the Office of Australian Information Commissioner
- Elsewhere: relevant and competent authority in matters of privacy and data protection
For all other enquiries please contact firstname.lastname@example.org
Effective: 25th May 2018