Your GDPR rights

Transparency of processing

• Legal bases: performance of a contract (providing proposals and bookings), legitimate interests (service improvement and security), consent (marketing), legal obligations (accounting, compliance).
• Purposes: respond to enquiries, prepare itineraries, complete reservations, support travel, comply with laws.
• Data categories: contact details, trip preferences, booking data, payment references (processed by payment providers), technical logs and cookies.
• Recipients: accommodation and activity partners, payment processors, IT/hosting providers, and authorities where required.

Data subject rights

• Access: request a copy of your data
• Rectification: correct inaccurate or incomplete details
• Erasure: request deletion where no longer needed or upon withdrawal of consent (subject to legal obligations)
• Restriction: limit certain processing during verification or objections
• Portability: receive data in a structured, commonly used, machine-readable format where applicable
• Objection: object to processing based on legitimate interests or direct marketing
• Withdraw consent: opt out of marketing at any time

How to make a request

1. Email [email protected] with your request and the scope (e.g., access or deletion).
2. Verification: we may ask for reasonable proof of identity.
3. Response times: we aim to respond within one month, extendable by two months for complex cases.

Contact for privacy: Level 7, 189 Kent Street, Sydney NSW 2000, Australia · +61 2 8355 9472 · [email protected]

Transfers outside the EEA/UK

Where data is transferred to countries without an adequacy decision, we use appropriate safeguards, including Standard Contractual Clauses, and assess partner practices for security and confidentiality.