“Controller” means Inverted Atlas.
“Information Commissioner” means the relevant commissioner in charge of the state or territory where a Personal Data breach occurs.
“Overseas” means a state or country that is not located within Australia.
“Personal Data” means any information relating to an identified or identifiable person who has submitted personal information to Inverted Atlas.
“Processor” means an individual or entity that processes the personal data on behalf of the Controller.
“Third Party” means an individual or entity (located in Australia or Overseas), other than Inverted Atlas who under direct authority are authorised to process Personal Data.
- What Personal Data does Inverted Atlas collect and store about me?
Inverted Atlas generally collects the following information that has been voluntarily submitted in order to process bookings. We have a lawful basis to retain Personal Data when bookings are made and will usually include:
- Name, contact details (such as home address, work address, email address and telephone number)
- Date of birth
- Place of birth
- Passport details
- Special requirements pertaining to disability or any medical condition impacting travel arrangements
- Previous travel experiences with Inverted Atlas
In the event that you do not provide us with Personal Data, we will be unable to provide you with certain information specific to your request. In the event that we do not require any Personal Data from you in order to process a request or inquiry we will make this clear.
- How does Inverted Atlas collect and hold Personal Data?
Inverted Atlas collects Personal Data when you request information, enter competitions, make a travel booking with Inverted Atlas or when you register on the Inverted Atlas website. We do not collect Personal Data unless it has been submitted to us.
We take full responsibility for ensuring that proper security measures are in place to protect your information. Personal booking information is captured securely and will not be stored for longer than necessary. We may therefore delete your Personal Data after a reasonable and responsible period of time.
Personal and insurance information will be collected from all clients during the booking process. Once you have travelled, you will be asked to complete a client survey where we will collect further details about you and the trip you travelled on. You may also be asked to review your trip on trusted review websites or we may share these reviews with trusted review websites on your behalf.
- Why Inverted Atlas collects, stores and uses personal information?
Inverted Atlas collects and uses Personal Data for several purposes. These purposes are:
- To enable Inverted Atlas to arrange bookings for travel and accommodation services for you. We only use personally identifiable data for the purpose or service that it has been submitted. Your personally identifiable information is not publicly accessible and is only accessed by Inverted Atlas for handling your enquiry.
- With your permission to provide you with direct marketing offers. Inverted Atlas may provide you with direct marketing offers to tell you about products, services and travel destinations that Inverted Atlas believes may be of interest to you for planning, product development and research purposes and to give you discount offers, and other benefits associated with being a Inverted Atlas client. You will not be sent any unlawful marketing or spam.
- We will always work to fully protect your rights and comply with our obligations under the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 and you will always have the opportunity to opt-out or manage your preferences and this option is published at the end of each newsletter. You have the right to direct us to cease further contact or to destroy the Personal Data we have collected about you.
Social Media, Photographs, Videos and Testimonials
Inverted Atlas intend to keep track of the domains from which people visit its website and will analyse this data for trends and statistics.
If you make use of any Inverted Atlas social media features, either on our website, an App or otherwise through a social media provider, we may access information about you via that social media provider in accordance with their policies. When using a social media feature and if you have chosen to include it in your social media account, we may access information such as your name, profile picture, gender, birthday, email address, town or district and any other information you have chosen to make available. Depending on the privacy settings of you and your friends, we may access information that you provide to a social media provider regarding your respective locations (“Location Data”) to provide you with relevant content. Please note that your Location Data may also be shared with your friends on a social media provider in accordance with your privacy settings for that social media provider. We may also access information from social media providers about your use of an App that we run on their website.
When on a trip, employees, agents and/or other travellers of Inverted Atlas may from time to time take photographs or make recordings of you and trip activities that may identify you. Inverted Atlas reserves the right to use any or all photographs and/or recordings made on a trip for promotional reasons in printed materials, on the Internet or other media. In using such images, Inverted Atlas undertakes not to reveal your name, contact details or other personal information. You consent to the use of such images or recordings by Inverted Atlas and you acknowledge that you will not be entitled to payment or other compensation for the giving of consent or for the use of such images or recordings. Inverted Atlas may keep such images or recordings of you on record. If you do not wish for images or recordings of you to be collected, stored or used you must advise Inverted Atlas to that effect at the time of booking. Additionally, any photographs, video and text sent to Inverted Atlas must be the client’s own and by sending it, the client agrees that Inverted Atlas can use it for advertising and marketing purposes.
Feedback supplied to Inverted Atlas may also be used in print and online for marketing and advertising purposes. This includes but is not limited to, third party review sites and questionnaires supplied to us pre or post-trip.
- Who does Inverted Atlas share your Personal Data with?
Inverted Atlas may provide your Personal Data to the following third parties:
- Airlines, railways, other transportation companies, accommodation facilities and trip/tour operators for the purposes of making travel bookings.
- Persons or companies who are contracted to perform part of Inverted Atlas’ service delivery. This includes organisations such as local agents overseas and third-party contractors such as tour operators and tour guides.
- Government instrumentalities (both in Australia and overseas) for the purpose of securing appropriate visas and other travel authorisations necessary to enable entry and travel in the destination countries and for the purpose of complying with the local law in destination countries. Inverted Atlas may also supply your Personal Data to your government for consular purposes. Third parties to whom we may disclose Personal Data to may be located in Australia, the United Kingdom and other countries including any countries where you are booked to travel to on an Inverted Atlas trip.
- Mail houses for the distribution of marketing material.
- Payment processing facilities.
- IT system administrators.
Inverted Atlas will take reasonable and responsible steps to protect any Personal Data that it holds about you from misuse and loss and from unauthorised access, modification and disclosure and will not disclose your Personal Data to organisations outside Inverted Atlas for any purpose (other than as outlined in this policy) without your express consent.
In accordance with Article 46 of the GDPR, the Controller or Processor has appropriate safeguards with any third party in order to protect your Personal Data. This may be by way of the following:
- A legally enforceable contract;
- Binding corporate rules;
- Standard data protection clauses;
- An approved code of conduct; or
- An approved certification mechanism to apply appropriate safeguards.
It is possible that your Personal Data will be transferred to an Overseas third party, who is located in a jurisdiction where you will not be able to seek redress under your local data protection laws and the Overseas third party does not have an equivalent level of protection for your Personal Data. To the extent permitted by local data protection laws, we will not be liable for how these Overseas third parties handle, store and process your Personal Data.
We strongly suggest that you review any third parties’ privacy policies.
Copies of relevant safeguard documents can be made available upon request. Please see clause 9 below for our contact details.
- Storing your Secure Information
We are committed to protecting Personal Data and implementing the strictest security measures to ensure all Personal Data provided by you is not unlawfully or accidentally disclosed. Inverted Atlas regularly reviews our security procedures to ensure your Personal Data is protected at all times.
Once your Personal Data is no longer required by us, it will be destroyed.
- Personal Data Breaches
In the event there is a Personal Data breach, Inverted Atlas (if required by the APP or GDPR) will notify the relevant Information Commissioner within 72 hours of the breach and shall at least:
- Describe the nature of the personal data breach, and approximate number of personal data records concerned;
- Communicate about where more information of the breach can be obtained;
- Describe the likely consequences of the breach;
- Describe the measures taken to address the breach.
After the Information Commissioner has been notified of a breach we will then notify all affected individuals in writing at their last known email address.
- Rights and Remedies
The following rights are available to individuals:
- the right of access: the individual shall have the right to obtain information from the Controller as to where their Personal Data is being processed;
- the right to rectification: the individual shall have the right to provide correct information that is incorrectly recorded by the Controller;
- the right to erasure: the individual shall have the right to erase all of their Personal Data without undue delay when any of the following apply:
- Personal Data no longer necessary;
- there is no legal ground for their information to be processed
- the individual objects to the processing of their information;
- the Personal Data has been unlawfully processed;
- Personal Data is to be erased in compliance with a legal obligation; or
- the individual is below the age of sixteen (16) years;
- the right to restriction of processing: the individual can restrict the processing of data if:
- the accuracy of data is contested;
- the erasure of Personal Data is opposed;
- the Controller no longer requires the Personal Data, but is required to retain information due to the establishment, exercise or defence of legal claims;
- the individual has objected to processing; however, the Controller can provide compelling evidence to override the request of the individual;
- the right to data portability: the individual shall have the right to receive data concerning their own Personal Data and shall have the right to send that data to another Controller without hindrance from the current Controller;
- the right to object: the individual has the right to object to the processing of Personal Data.
Any requests for the above rights will be addressed within thirty (30) days.
- The following remedies are available to individuals:
- the right to lodge a complaint with a supervisory authority;
- the right to an effective judicial remedy against a Controller or Processor;
- the right to appoint a body to represent them in respect of the exercise of the rights under point 8(b)(i) and 8(b)(ii) above; and
- the right to compensation from Controllers and Processors.
- Feedback/Complaints/Contact us
Upon receiving your request in writing, we will endeavour to reply within thirty (30) days. There is no charge for making a request. In the event your request is unable to be responded to within thirty (30) days, we will contact you and advise of an approximate time to respond. In some limited circumstances we may be legally required to share certain Personal Data, which might include yours, if we are involved with any legal proceedings or required to comply with legal obligations.
Your privacy is of the upmost important to us and in order to fulfil your requests, we have the right to use or disclose any information as needed to satisfy any law, regulation or legal request, to protect the integrity of the site, to fulfil your requests, or to cooperate in any legal investigation.