Please read the following carefully

This Privacy Policy ("Policy") explains in general terms how ISO Certification and controlled entities ("We" "our" or "us") protects the privacy of your personal information. This Policy sets out how ISO Certification aims to protect the privacy of your personal information, your rights in relation to your personal information managed by ISO Certification and the way ISO Certification collects, holds, uses and discloses your personal information.

We are firmly committed to protecting the privacy and confidentiality of personal information and maintain robust physical, electronic and procedural safeguards to protect personal information in our care.

1. What is personal information?

Personal information is information or an opinion, in any form (whether true or not) about a natural person whose identity is apparent or can reasonably be ascertained from the information or opinion.

Sensitive information may be required to be collected in order for ISO Certification to provide you with products and/or services. Sensitive information is a type of personal information and will only be collected where it is reasonably necessary for one or more of ISO Certification functions and/or activities. An example of sensitive information and its use includes when we ask of you to disclose any medical issues or conditions that may be of relevance for your booking.

2. How do we collect personal information?

Where practical we will collect personal information directly from you. Generally this will be collected by us when you deal with us either in person, by telephone, letter, facsimile, email or when you visit our website. We may request information about you when you purchase or make enquires about accommodation or other products and services; when you enter competitions, register for promotions or when you request brochures or other information. We may also collect information when we invite you to complete surveys or provide us with feedback or when you register as a member and complete your personal profile and preferences.

Other organizations may also provide us with your information in order to allow us to facilitate the provision of a product and/or service of ours.

3. Why do we collect personal information?

ISO Certification collects, holds, uses and discloses your personal information where it is reasonably necessary for the purposes of:

- accounting, billing and other internal administrative purposes;

- developing and facilitating a business relationship with you or an entity with which you are connected; and

- Identifying and informing you of services that may be of interest to you.

4. What personal information do we collect?

Generally, the type of personal information we collect about you is the information that is needed to facilitate services and products to you. For example, we may collect details such as your name, mailing address, telephone number, email address, credit card number and expiry date, dietary requirements (if any) and health issues relevant to your travel arrangements. We also collect information that is required for use in the business activities of ISO Certification including, for example, financial details necessary in order to process various transactions and any other information you may elect to provide to us. In some circumstances ISO Certification may also hold other personal information that has been provided by you.

We are required by law to obtain your consent to the collection of sensitive information. In order for us to provide the services you request, you consent to the collection of all information which is provided to us for use in accordance with this Policy, unless you tell us otherwise.

5. When we act as agent

When we sell products and services to you, we usually do so as agent for the wholesaler or provider of those products and services. This means that we usually collect personal information about you both for our internal purposes, and on behalf of the parties for whom we act as agent for their internal purposes. Accordingly, the consent you provide under this Policy to the collection of personal information by us, applies equally to the parties whose products and services we sell.

We act as agent for many hundreds of companies, so it is not possible for us to set out in this statement exactly how each of these companies will use your personal information, but we are happy to provide more specific information to you if you contact us via the details provided in section 12 of this Policy. Where personal information is used or disclosed, ISO Certification takes steps reasonable in the circumstances to ensure it is relevant to the purpose for which it is to be used or disclosed. You are under no obligation to provide your personal information to ISO Certification. However, without certain information from you, ISO Certification may not be able to provide its products and/or services to you.

6. How do we use personal information?

We may use and disclose your personal information for the purposes for which it was collected, or for a related or ancillary purpose such as any one or more of the following purposes:

- identification of fraud or error;

- regulatory reporting and compliance;

- developing, improving and marketing our products and services;

- servicing our relationship with you by, among other things, providing updates on promotions and services we think may interest you or you have identified an interest in;

- involving you in market research gauging customer satisfaction and seeking feedback regarding our relationship with you;

- to facilitate your participation in loyalty programs;

- for marketing activities; and

- internal accounting and administration

7. Direct Marketing

ISO Certification may use and disclose your personal information in order to inform you of products and/or services that may be of interest to you. Should you no longer wish to receive information on promotions and services we think may be of interest to you, participate in market research, or if you would like to opt-out of receiving any promotional or marketing communications, kindly e-mail us via our contact page.

8. Is the information disclosed to third parties?

We may disclose your personal information:

- as permitted or required by law;

- to various regulatory bodies and law enforcement officials and agencies to protect against fraud and for related security purposes;

- to our third party service providers as well as to our related entities;

- to third parties such as hotels and other accommodation providers and other service providers for the purpose for which the information was collected or for a related purpose, for example to facilitate and process your accommodation arrangements;

- to third parties we have contracted with who may involve you in market research for the purpose of servicing our relationship with you and improving the services we provide.

The third parties to whom we disclose your personal information may also be taken to have collected your personal information in their own right, for their internal use. For more information, see the heading above, titled “When we act as agent”.

Where we engage third party contractors to perform services for us those third party contractors may be required to handle your personal information. Under these circumstances those third party contractors must safeguard this information and must only use it for the purpose for which it was supplied.

Other than the above, we will not disclose your personal information without your consent unless disclosure is either necessary to prevent a threat to life or health, authorized or required by law, reasonably necessary to enforce the law or necessary to investigate a suspected unlawful activity.

9. Trans-border data flows

In providing our services to you it may be necessary for us to forward personal information to relevant overseas third party service providers.

Given the nature of the travel industry it is inherently difficult for us to disclose as part of this Policy each of the specific countries in which the recipients are likely to be located.

Before disclosing any personal information to an overseas recipient, ISO Certification takes steps reasonable in the circumstances to ensure the overseas recipient complies with the Australian Privacy Principles or is bound by a substantially similar privacy scheme unless you consent to the overseas disclosure or it is otherwise required or permitted by law.

10. Security of information

ISO Certification has implemented stringent physical, electronic and managerial security procedures in order to protect personal information from loss, misuse, alteration or destruction. ISO Certification regularly reviews security and encryption technologies and will strive to protect information to the fullest extent possible.

11. Access and correction of personal information

ISO Certification takes steps reasonable in the circumstances to ensure the personal information it holds is accurate, up-to-date, complete, relevant and not misleading. Under the Privacy Act, you have a right to access and seek correction of your personal information that is collected and held by ISO Certification. If at any time you would like to access or correct the personal information that ISO Certification holds about you, or you would like more information on ISO Certification approach to privacy, please contact ISO Certification via the contact page on our website. ISO Certification will grant access to the extent required or authorized by the Privacy Act or other law and take steps reasonable in the circumstances to correct personal information where necessary and appropriate.

To obtain access to your personal information:

- you will have to provide proof of identity to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected;

- ISO Certification requests that you be reasonably specific about the information you require; and

- ISO Certification may charge you a reasonable administration fee, which reflects the cost to ISO Certification for providing access in accordance with your request.

If ISO Certification refuses your request to access or correct your personal information, ISO Certification will provide you with written reasons for the refusal and details of complaint mechanisms. ISO Certification will also take steps reasonable in the circumstance to provide you with access in a manner that meets your needs and the needs of ISO Certification.

ISO Certification will endeavor to respond to your request to access or correct your personal information within 30 days from your request.

12. Changes to our Policy

From time to time it may be necessary for us to review and revise this Policy. We reserve the right to change our Policy at any time, should this occur the amendment would be posted on our website.

13. About our website

13.1. When You Visit Our Website

If you visit ISO Certification website to browse, read or download information, our system will log these movements. These web site logs are not personally identifiable and ISO Certification makes no attempt to link them with the individuals who browse the site. When you come on to our website we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyze how people use our site, such that we can improve our services.

13.2. Use of Cookies

A cookie is a small piece of text that is placed within the memory of a computer and can be later retrieved by web page servers. We use cookies to enhance your interaction and convenience with our website and do not use cookies to record any personal information.

13.3. Linked Sites

Our website may contain links to other sites. We are not responsible for the privacy practices or the content of such web sites that you directly interact with. We encourage you to read the privacy statements of any linked sites as their privacy policy may differ from ours.