Privacy Policy:

1. INTRODUCTION

Brisbane Family Adventures Pty Ltd (ABN 15 726 359 627) ("we," "us," "our," or "Brisbane Family Adventures") is committed to protecting your privacy and ensuring you have a positive experience on our website and when using our services.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (www.brisbanefamilyadventures.com.au) and when you book or use our private family tour services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our services.

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

When you book a tour or interact with us, we collect the following personal information:

Booking Information:

• Your full name

• Email address

• Phone number

• Number of people in your party

• Ages of children

• Hotel/accommodation name and location

• Pickup location

• Preferred tour date and time

• Any special requests or accessibility requirements

• Emergency contact information

Payment Information:

• Credit/debit card details (processed securely through Stripe)

• Billing address

• Transaction history

Communication Information:

• Emails and messages you send us

• Customer service inquiries

• Feedback and complaints

• Survey responses

Website Information:

• Form submissions

• Newsletter sign-ups

• Any other information you voluntarily provide

2.2 Information Collected Automatically

Website Usage Data:

• Pages visited and time spent on site

• Browser type and operating system

• IP address and location data

• Referring website

• Cookies and similar tracking technologies

Booking Platform Data:

• Savvycal booking information and interactions

• Availability requests

Payment Processing Data:

• Stripe processes and securely handles all payment information

• We do not store your full credit card details on our systems

3. HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes:

3.1 Primary Purposes

1. Tour Booking & Confirmation

   • Processing your tour reservation

   • Sending booking confirmations

   • Tour details and itinerary

   • Guide contact information

2. Payment Processing

   • Processing payment through Stripe

   • Issuing receipts and tax invoices (where applicable)

   • Managing refunds or cancellations

3. Tour Delivery

   • Coordinating pickup and dropoff

   • Managing tour schedules

   • Communicating any changes or updates

   • Providing customer support during your tour

4. Communication

   • Responding to your inquiries

   • Sending tour reminders and updates

   • Providing customer service

5. Safety & Compliance

   • Working with Children Check compliance

   • Public liability insurance requirements

   • Emergency contact procedures

   • Safety protocols and risk assessment

3.2 Secondary Purposes

1. Marketing & Promotional

   • Sending newsletters (only if you opt-in)

   • Promotional offers and special deals

   • Testimonial requests (with your consent)

   • Survey invitations

2. Business Improvement

   • Analyzing tour feedback

   • Improving our services

   • Website optimization

   • Customer experience enhancement

3. Legal & Administrative

   • Complying with legal obligations

   • Protecting our legal rights

   • Resolving disputes

   • Fraud prevention

4. Record Keeping

   • Maintaining business records

   • Financial accounting

   • Booking history

We will not use your information for purposes other than those listed above without obtaining your prior consent.

4. LEGAL BASIS FOR PROCESSING

We process your personal information on the following bases:

1. Contract Performance - Information necessary to book and deliver your tour

2. Legal Obligation - Working with Children Check, tax records, insurance

3. Legitimate Interest - Improving services, fraud prevention, marketing (where you have opted in)

4. Consent - For marketing communications and special requests

5. WHO WE SHARE YOUR INFORMATION WITH

We may disclose your information to the following third parties:

5.1 Service Providers

• Savvycal (booking calendar software) - stores booking details and availability

• Stripe (payment processor) - processes payment securely, does NOT store full card details on our systems

• Email service provider - for sending confirmations and communications

• Google Workspace - for email and document storage (encrypted)

5.2 Legal & Safety

• Working with Children Check - verification of background checks (Queensland requirement)

• Insurance provider - for public liability insurance claims ($20M coverage)

• Government authorities - if required by law (ATO, police, court orders)

• Law enforcement - in response to legal requirements or to protect safety

5.3 Business Requirements

• Your hotel or accommodation provider - ONLY if you explicitly request hotel pickup confirmation

• Emergency contacts - in case of medical or safety emergency during your tour

5.4 Data Processors

We require all third parties to:

• Process data securely and confidentially

• Comply with Australian Privacy Principles

• Not use data for their own purposes

• Return or destroy data upon request

• Have appropriate security measures in place

We do NOT sell your personal information to third parties.

6. DATA SECURITY

6.1 Security Measures

We implement industry-standard security measures to protect your information:

1. Stripe Payment Security

   • PCI-DSS Level 1 compliant

   • Your credit card details are NOT stored on our servers

   • End-to-end encryption for all transactions

   • Tokenization of payment information

2. Website Security

   • SSL/TLS encryption for all data transmission

   • Secure HTTPS connection

   • Squarespace standard security protocols

3. Data Storage

   • Encrypted cloud storage (Google Workspace)

   • Limited staff access with password protection

   • Regular security updates

   • Backup systems for business continuity

4. Access Control

   • Only authorized staff access personal information

   • Confidentiality agreements with all staff

   • Role-based access restrictions

6.2 Data Breaches

In the unlikely event of a data breach affecting personal information, we will:

• Notify affected individuals within 30 days of discovering the breach

• Provide details of what information was compromised

• Outline steps taken to secure the information

• Advise on protective measures individuals can take

• Comply with Notifiable Data Breaches scheme (Privacy Act 1988)

If you believe your information has been compromised, contact us immediately at bookings@brisbanefamilyadventures.com.au

7. DATA RETENTION

We retain your personal information for the following periods:

Information TypeRetention PeriodReasonBooking records7 yearsAustralian tax law (GST records)Payment information7 yearsFinancial records & tax complianceInsurance records7 yearsLiability insurance requirementsWorking with Children CheckDuration of employmentSafety complianceMarketing emailsUntil you unsubscribeConsent-based communicationWebsite cookiesAs per cookie policyUser preference trackingSupport/feedback3 yearsService improvement, dispute resolution

After the retention period expires, we will securely delete or anonymize your information.

Exception: Information required to comply with legal obligations, resolve disputes, or enforce agreements will be retained as long as necessary.

8. YOUR PRIVACY RIGHTS

Under the Privacy Act 1988 (Cth), you have the following rights:

8.1 Right to Access

You can request access to personal information we hold about you.

To request access:

• Email: bookings@brisbanefamilyadventures.com.au

• Include: Your name, tour booking reference, and specific information requested

• Response time: 30 days (may extend to 60 days for complex requests)

• Cost: Free (unless request is complex or voluminous)

8.2 Right to Correct

You can request that we correct inaccurate or incomplete information.

To request correction:

• Email: bookings@brisbanefamilyadventures.com.au

• Include: What information is inaccurate and the correct details

• We will update records within 30 days and notify relevant third parties

8.3 Right to Object

You can object to:

• Direct marketing communications (unsubscribe at any time)

• Use of your information for secondary purposes

• Automated decision-making

To object:

• Reply "UNSUBSCRIBE" to any marketing email

• Email: bookings@brisbanefamilyadventures.com.au

• We will stop processing within 30 days

8.4 Right to Erasure (Delete)

You can request deletion of personal information, except where:

• Required by law (tax records, insurance requirements)

• Necessary to complete a transaction

• Required for safety/liability purposes

• We have a legitimate legal reason to retain

To request deletion:

• Email: bookings@brisbanefamilyadventures.com.au

• We will confirm deletion within 30 days (unless legally required to retain)

8.5 Right to Complain

If you believe we have mishandled your personal information:

Contact us first:

• Email: bookings@brisbanefamilyadventures.com.au

• Include: Complaint details and desired resolution

• Response time: 14 days

If not satisfied, contact:

• Office of the Australian Information Commissioner (OAIC)

• Website: www.oaic.gov.au

• Phone: 1300 363 992

• Email: enquiries@oaic.gov.au

• This is free and independent

9. COOKIES & TRACKING

9.1 What Are Cookies?

Cookies are small files stored on your device that track website usage and preferences.

9.2 Cookies We Use

Cookie TypePurposeDurationEssentialWebsite functionality, security, payment processingSession or 1 yearAnalyticsUnderstanding user behavior, page views, traffic sources2 yearsMarketingTargeted advertisements, retargeting1-2 yearsPreferenceRemembering your choices (language, theme)1 year

9.3 Third-Party Cookies

We use:

• Google Analytics (website usage data)

• Stripe (payment processing)

• Savvycal (booking information)

• Squarespace (website platform analytics)

9.4 Managing Cookies

You can:

• Disable cookies in your browser settings

• Use private/incognito browsing mode

• Clear cookies after each session

Note: Disabling cookies may affect website functionality.

10. EXTERNAL LINKS & THIRD-PARTY WEBSITES

Our website may contain links to external websites (Google Maps, tour attraction websites, etc.).

We are not responsible for:

• Privacy practices of external sites

• Content of external websites

• Data collection by external sites

Please review the privacy policies of external websites before providing information.

11. CHILDREN'S PRIVACY

Our tours are family-oriented and we collect information about children (ages, names, special needs).

11.1 Parental Consent

• We only collect children's information with parental or guardian consent

• Parents/guardians are responsible for all children's information provided

• Parents/guardians must provide emergency contact details

11.2 Children's Data Protection

• Children's information is protected with the same security as adult information

• We do not use children's information for marketing

• Children's information is retained only as long as necessary for tour delivery

11.3 Working with Children Check

We maintain a Queensland Working with Children Check (Blue Card) as required by law. This requires:

• Background screening

• Ongoing compliance monitoring

• Confidentiality of screening information

12. INTERNATIONAL DATA TRANSFERS

Your information is stored and processed primarily in Australia. However, some data may be transferred to:

• United States (Stripe payment processing, Google Workspace)

• Other countries where our service providers are located

These transfers comply with:

• Australian Privacy Principles (APP 1)

• Privacy Act 1988 requirements

• Adequate security standards

We ensure all international transfers have equivalent privacy protections.

13. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect:

• Changes in our business practices

• Changes in law or regulations

• New privacy best practices

• Feedback from customers

We will:

• Post updates on our website

• Update the "Last Updated" date

• Notify you of material changes via email (if we have your email)

Your continued use of our services after updates constitutes acceptance of the revised policy.

14. CONTACT US

If you have questions about this Privacy Policy or our privacy practices:

Email:
bookings@brisbanefamilyadventures.com.au

Mail:
Vinay Koshy
Brisbane Family Adventures
5/26 Navigator Place, Suite #123
Hendra, QLD 4011
Australia

Response time: We aim to respond within 5 business days

Privacy Officer:
Vinay Koshy
(Same contact details as above)

15. COMPLAINT RESOLUTION PROCESS

Step 1: Contact Us

Email your complaint to bookings@brisbanefamilyadventures.com.au with:

• Your name and booking reference

• Details of the privacy concern

• What resolution you seek

• Date complaint was discovered

Response time: 14 days

Step 2: Escalation (if not satisfied)

If we don't resolve your complaint, you can contact:

Office of the Australian Information Commissioner (OAIC)

• Website: www.oaic.gov.au

• Phone: 1300 363 992 (free call)

• Email: enquiries@oaic.gov.au

• Online complaint form: www.oaic.gov.au/privacy/privacy-complaints

The OAIC is independent and free.

16. KEY PRIVACY PRINCIPLES WE FOLLOW

1. Collection Limitation - We only collect information necessary for our services

2. Use Limitation - We only use information as disclosed in this policy

3. Data Quality - We maintain accurate and up-to-date information

4. Security - We protect information from unauthorized access

5. Openness - We are transparent about our privacy practices

6. Individual Participation - You can access and correct your information

7. Accountability - We take responsibility for our privacy practices

END OF PRIVACY POLICY

This Privacy Policy is effective as of December 2025 and complies with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs).