Jungle river and rocks

Privacy Policy


Privacy Policy

This privacy policy applies to both Australian and European Union residents.  In the course of carrying out our activities Voyages Indigenous Tourism Australia Pty Ltd ACN 146 482 591 (“Voyages”, “we”, “our” or “us”) will collect, store, use, disclose and process personal information. 

We are committed to the protection of your personal information and to compliance with Australia’s Privacy Act 1998, the European Union’s General Data Protection Regulation and the United Kingdom's General Data Protection Regulation ("GDPR"). 

GDPR - Voyages is a data processor and data controller of your personal data.  References in this policy to personal information is also a reference to personal data.  


Personal Information

We collect and hold personal information about you for the provision of our products and services and the purposes connected to those products and services. If you do not provide us with your personal information we may not be able to provide you with our products or services.

If you are a guest, we may collect and hold your name, date of birth, address, email address, telephone number, payment details, identification information, details of any special requirements, details of your preferences for particular products, services or guest experiences; details relating to your use of our WiFi network or swipe-card systems, your image on our CCTV camera systems or on our security officers’ body worn video equipment (if you enter our properties or other premises controlled by us) and your motor vehicle or caravan registration number (if you use our campgrounds) and other information necessary to provide you with our products and services.

Business partners and contractors
If you are enquiring about entering into a contract with us, we may collect and hold information about your business experience, financial details, qualifications, referees, other credit and finance related personal information and other information you provide as part of our assessment process. 

Anangu Communities Foundation donations
If you have made a donation to the Anangu Communities Foundation via Donation Point Go, then the privacy policy of Quest Payment Systems, which can be found at https://www.questpaymentsystems.com/quest-privacy-policy.html, will apply to any personal information provided by you at the time you made the donation.  Voyages does not collect or hold any of your personal information.  If you have any queries about how your personal information is managed then please refer to Quest Payment Systems’ privacy policy.  Quest Payment Systems is not a related body corporate or entity of Voyages. 


Sensitive Information

In very limited circumstances we may need to collect sensitive information about you such as your medical information if you are ill, injured or involved in some incident on our premises and we require this information to allow us to properly investigate and process your claim and/or report the incident to our insurer and the relevant authorities. We will only ever collect sensitive information for a lawful purpose and/or with your consent.


Methods of Collection

We collect personal information about you in the course of providing you with our products and services.  We collect your personal information directly from you in a number of ways including when you contact us (whether verbally or in writing), register for an account on our website or mobile application, subscribe to receive news and offers on our website or mobile application, access and use our website or mobile application, WiFi network or swipe-card access systems, check-in at our accommodations, enter our properties or other premises controlled by us, participate in our marketing activities such as surveys, questionnaires, competitions and promotions, enquire about entering into a contract with us and apply for a tenancy at one of our properties.

We may also record your image on our CCTV cameras systems or on our security officers’ body worn video equipment when you enter any of our properties or other premises controlled by us.  By entering any of our properties or other premises controlled by us, you consent to us recording your image.

In some instances we may collect personal information from third parties including airlines that use our airport, our business partners, credit reporting agencies, law enforcement agencies and other government authorities or entities.  



We will not use or disclose personal information for any secondary purpose, unless that secondary purpose is related to the primary purpose for which we have collected that information, and you would reasonably expect the disclosure in the circumstances, or unless you consent to that use or disclosure. 

The purposes for which we hold, use, disclose and process your personal information include:
(a)      to conduct our business which includes providing our products and services, or the products or services of a third party, to you;
(b)      for security, safety, operational and risk management purposes (e.g. security monitoring and emergency and incidents monitoring, investigation and reporting);
(c)      to maintain records that we are required to maintain in relation to our airport and our business;
(d)      to communicate information about our products and services or third party products or services that may be of interest to you and other marketing purposes (e.g. e-newsletters, surveys, questionnaires, competitions and promotions); 
(e)      for our internal administrative, record-keeping, research, planning, marketing and product or service development purposes; 
(f)      to comply with any law, regulation, rule or requirement of any government authority; 
(g)     to assess the performance of our website or mobile application and to implement improvements to them; and
(h)     to process and respond to any enquiry or complaint made by you.

GDPR - The legal basis for the processing your personal data includes any one of the following:
(a)     you have given your consent;
(b)     to enable us to perform a contract that we have with you or to take specific steps requested by you prior to entering into a contract with you;
(c)     to enable us to comply with our legal obligations;
(d)     for our or a third party’s legitimate interests; or
(e)     to protect your safety or the safety of our employees, guests and visitors to our properties.



We take reasonable steps to ensure the security and integrity of the personal information we hold including restricted server access, encryption and other industry standard security protocol like use of firewalls and complex password protection.

GDPR – Your personal data is held only for as long as the information remains relevant to the purpose for which it was collected.



We will only ever disclose personal information to other individuals or organisations for the purpose for which it was collected, with consent or as permitted by law.  

We may disclose personal information to those parties involved in providing, managing or administering the products or services that we are providing to you. This could include:
(a)     organisations involved in our payment systems including merchants, banks, payment organisations and tolling organisations in the case of airline transactions;
(b)     organisations involved in our business activities including our business partners, agents, contractors and debt collectors;
(c)     organisations with whom we have alliances or business arrangements with for the purposes of promoting our respective products or services e.g. airlines, transport operators, tour operators and service providers;
(d)     organisations that maintain, review and develop our business systems, procedures and technology infrastructure including IT service providers;
(e)     related entities of Voyages; and
(f)     professional advisors such as accountants, auditors, insurers and lawyers.

We may disclose your personal information to overseas recipients who are our business partners, agents, contractors or service providers. We will take reasonable steps to ensure that the overseas recipients comply with the Privacy Act and this privacy policy.

We do not sell your personal information to any third parties.

GDPR – In order to provide you with the products and services that you have requested, it may be necessary for us to transfer your personal data to Australia.  


Direct Marketing

We will only use your personal information to send you direct marketing communications with your consent.  You can withdraw your consent to any direct marketing communications at any time by following the opt-out or unsubscribe instructions given in the communication, by updating your communications preferences in your Voyages’ account or by contacting us using the contact details below.


Access, Correction and Complaints

You have a right to request access to or correction of your personal information. All requests for access or correction must be in writing and directed to our Privacy Officer.  We will respond to your request within a reasonable period after receipt of your request.  If there is a reason under the Australian Privacy Act or any other law for us to refuse your request for access or correction, then we will notify you in writing of those reasons.

If you require us to provide you with copies of your personal information, we may charge you a reasonable fee to cover the administrative costs of providing you with that information.

If you wish to make a complaint about how we have handled your personal information, please submit your complaint in writing to our Privacy Officer.  If you do not consider our response to your complaint satisfactory, you can contact the Office of the Australian Information Commissioner at www.oaic.gov.au. For EU residents, you can contact the European Data Protection Supervisor at https://edps.europa.eu. For UK residents, you can contact the Information Commissioner's Office at www.ico.org.uk.

GDPR - You may also have a right, in certain circumstances, to have the personal data held about you erased. EU and UK residents can submit your erasure requests by completing our GDPR - Right to Erasure Form using this link.

You can also request that we restrict or suspend the processing of your personal data. If you do so, we may not be able to provide our products or services to you.  In some circumstances you have a right to data portability, to withdraw your consent at any time, to object to data processing and to object to processing of data for marketing purposes.  


How to Contact Us

If you have any queries about this policy or wish to contact us about your personal information, you may direct your query to our Privacy Officer using the contact details set out below:

Email: [email protected]

Postal Address:

Voyages Privacy Officer
c/- Company Secretary
Voyages Indigenous Tourism Australia
GPO BOX 3589
SYDNEY   NSW   2001   

Changes to this Policy

We will review and update this policy from time to time as needed without notice. You should review the terms of this policy periodically to make sure that you are aware of how we collect, store, use, disclose and process personal information.

Last updated: 6 November 2023