The Best of Uruguay (ABN 52 633 104 088) (“TBU”) and its related entities (referred to in this document as we, us or our) are committed to protecting user privacy and complying with the regulatory environment. We recognise that your privacy is very important and we are committed to protecting the personal information we collect from you. We understand that users value their privacy and may have concerns about the information collected and also how it is used, stored and distributed. The Privacy Act 1988 (Cth) (Privacy Act) and Australian Privacy Principles (APPs) govern the way in which we must manage your personal information. This policy sets out how we collect, use, disclose and otherwise manage personal information about you.
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded.
What information we collect
We only collect such information as is necessary to conduct business with you. We may collect and hold personal information about you, that is, information that can identify you, and is relevant to providing you with the services you are seeking. The kinds of information we typically collect include name, gender, occupation, position, address, contact details like phone numbers and email addresses, financial information such as credit card details as well as electronic information from your use of our website (see further below). In addition, we may collect personal information:
(a) when you use any software applications or online applications owned by us or licensed to us; and
(b) from other third parties for supporting services to our business.
How we collect information
Personal information will generally be collected directly from you through the use of any of our standard forms, over the internet, via email, through a telephone conversation with you or through any of our software applications or online applications. There may, however, be other instances where personal information about you will be collected indirectly because it is unreasonable or impractical to collect personal information directly from you. We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.
Why we collect information
The personal information that we collect and hold about you, depends on your interaction with us. We use personal information for the primary purpose for which it was collected, or for secondary purposes which are related to the primary purpose if an exception from the APPs applies. Generally, we will collect, use and hold your personal information and business information if it is reasonably necessary for or directly related to the performance of our functions and for the purposes of:
(a) recording registration information for each product or service you purchase;
(b) providing products, services to you or someone else you know;
(c) provide better customer service to you;
(d) monitoring, auditing and evaluating our products and services;
(e) performing authorised financial transactions with you and your associated financial institutions;
(f) providing you with marketing information about other services that we, our related entities and other organisations that we have affiliations with, offer that may be of interest to you;
(g) facilitating our internal business operations (including modelling data, maintaining our relationship with you, data testing and security);
(h) complying with any legal or regulatory requirements; and
(i) dealing with any complaints or enquiries.
Aggregated data that contains no information specific to a particular person or business may be shared with our business partners, for example, aggregated statistical trends in a particular industry sector.
Use and disclosure
We use the information you supply in many ways necessary for us to do business together: product promotion, tour booking fulfilment, customer service and for secure access to TBU websites.
TBU Website access
Many useful services are currently available at the TBU Website. Your information gives you authorised access so that you can update your personal information with us. Generally, we only use or disclose personal information about you for the purposes for which it was collected (as set out above).We may disclose personal information about you to:
(a) our related entities to facilitate our and their internal business processes;
(c) our related entities and other organisations with whom we have affiliations so that those organisations may provide you with information about services and various promotions; and
(d) any advertisers of goods or services on the TBU website (if any).
In some circumstances, the law may permit or require us to use or disclose personal information for other purposes (for instance where you would reasonably expect us to and the purpose is related to the purpose of collection).
Is my data secure?
TBU has implemented strong security measures. All personal information is stored in a secure database which is protected behind firewalls. The information is hosted in such a way the database itself is not accessible to the outside world.
Where is the data stored?
All data is stored on servers hosted by TBU or a hosting provider which has a Service Level Agreement with TBU. The hosting provider is bound by a privacy agreement with TBU. All data is stored securely, privately and is accessed using encrypted channels. In case of fire or damage to these servers a redundant backup solution exists to ensure no single point of failure.
Your personal information will be stored in servers located in Australia for the purposes set out above. However, due to the nature of the service we provide we may have to disclose personal information to overseas recipients. By giving us your personal information, you consent to the disclosure of this information. By consenting to the disclosure of your information, APP 8.1 will not apply and you agree that we do not have to take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information.
Securing electronic communication
Personal information that is submitted to TBU websites is protected both online and offline.
Our website may contain links to other websites. We are not responsible for the privacy practices of linked websites and linked websites are not subject to our privacy policies and procedures.
We are also committed to protecting your information offline. All of your personal and business information, not just sensitive information, is restricted to only those employees who need it to perform a specific task.
Access and correction
You may access the personal information we hold about you, by making a written request. We will respond to your request within a reasonable period. We may charge you a reasonable fee for providing access to your personal information (but not for making a request for access).
We may decline a request for access to personal information in circumstances prescribed by the Privacy Act, and if we do, we will provide you with a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons).
If, upon receiving access to your personal information or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete and up to date.
If we refuse to correct your personal information, we will provide you with a written notice that set out the reasons for our refusal (unless it would be unreasonable to provide those reasons) and provide you with a statement regarding the mechanisms available to you to make a complaint.
Inquiry or complaint feedback
If you wish to make a complaint about a breach of the Privacy Act, APPs or a privacy code that applies to us, please contact us as set out below and we will take reasonable steps to investigate the complaint and respond to you. If you are not happy with our response, you may complain directly to the Australian Information and Privacy Commissioner.
Street address: PO Box 3014 Newstead QLD 4006
Email address: email@example.com
Our Privacy Officer will respond within 30 days to your enquiry or complaint. If you make a complaint to our Privacy Officer but you are not satisfied with the response that you receive you can telephone the Information Commissioner’s hotline on 1300 363 992 or make a complaint via their website – firstname.lastname@example.org
For more information about privacy in general, you can visit the federal Information Commissioner’s website at www.oaic.gov.au.