The website (“Website”) is operated by Nabooki Services Pty Ltd ACN 631 417 724 trading as Peregian Blue (“Peregian Blue”, “we” or “us” or “our” in this document). This privacy policy (“Privacy Policy”) applies to individuals or entities that use Peregian Blue’s websites, products and services (collectively, “Services”). In this Privacy Policy, an individual or an entity that uses our Services is referred to as “User”, “Users” or “you”.
The purpose of the Privacy Policy is to outline how we collect, store, use and transfer personal information through the Services supplied by Peregian Blue, and what your rights associated with that information are.
In this policy, “Personal Information” means any information stored by Peregian Blue that could lead to an individual person being identified either directly or indirectly. Examples of Personal Information we collect include (but are not limited to) individual’s name, email address, telephone numbers, street or postal address, date of birth, credit card details (if you are paying online), IP address etc. By registering for Peregian Blue or using Peregian Blue’s Website or Services you acknowledge and consent to the collection, transfer, storage, processing, disclosure and other uses of your information as outlined in this Privacy Policy.

There are five categories of Personal Information that we collect:
1. User information. When you register to use our Services or make an online enquiry, we request Personal Information from you. We require this information to supply our Services.
2. Non-personally identifying information. Peregian Blue collects various non-personally identifying information, such as for example the number of visitors coming to the website etc. This is collected to help us understand the way our website is used and to improve our Services.
3. Public forum. You may provide information of a personal nature through participation in additional services provided such as chat, discussion groups, social media etc. This information can be viewed by the users with access to the website. If you respond voluntarily to our surveys or other interactive communications, we collect the responses and use the information to improve the quality and range of Services.
4. Information provided by consumers when they make or manage bookings. Peregian Blue collects and stores information about consumers and their transactions, including information about their identity, details of the bookings they have made and other information that is provided at the time of booking.
5. Consumer information added by Users. Any information that is submitted to or collected by Users of Services, Users of our Services are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as all privacy policies, relating to the collection of personal information of individuals with whom our Users interact. We collect this information under the direction of our Users, and have no direct relationship with individuals whose personal information we process in connection with the use of our Services. If you are a User providing information (including personal information) about someone else, you must have the legal ability to do so and, if necessary, notify them regarding the use of their personal information. If you are an individual who interacts with a User using our Services – that User is the controller of your information and you should contact them directly for assistance with any requests or questions relating to your personal information.

We collect and use your Personal Information to operate our website and deliver our Services to you. We will also use your Personal Information to provide you with sales, technical and account management support, notify you of product upgrades and important product information.
Personal Information that you choose to share with us when you register for an account, subscribe to emails, newsletters and alerts and which you provide to us when using our services, including information entered into our booking platform and included in your comments, reviews or survey responses. In the course of making a booking or submitting reviews, you might voluntarily provide us with sensitive personal data if relevant to the service that you are requesting or reviewing (relating to your health or ethnicity, for example).
If you have opted to access Peregian Blue through one or more partner websites or platforms, such as for example loyalty and reward platforms etc (“Partner Platform”) or if your account within Peregian Blue has been originated from a partner or affiliate that enabled or authorised the registration of your account, or your use of the Services is predominately connected with your use of the Partner Platform, we provide the relevant Personal Information to such Partner Platform. These companies may use your personal information to provide their service and communicate with you. We are not responsible for the privacy practices of any such Partner Platform. When you transact through a Partner Platform or opt in to be activated on a Partner Platform through Peregian Blue, you should familiarise yourself with the privacy statement of that Partner Platform prior to providing your Personal Information, as this Privacy Policy only applies to Personal Information collected by us or through our Website.
We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.
We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Peregian Blue’s terms of use, or as otherwise required by law.
Peregian Blue displays targeted advertisements based on personal information. Advertisers (including ad serving companies) may assume that people who interact with, view, or click targeted ads meet the targeting criteria—for example, men ages 18-24 from a particular geographic area.
On some occasions you agree that information we collect may be transferred outside of Australia in order to perform one or more of Peregian Blue’ functions or activities.
We transfer information about you if Peregian Blue is acquired by or merged with another company. In this event, Peregian Blue will notify you before information about you is transferred and becomes subject to a different privacy policy.
We also use your Personal Information in the following ways:
1. to provide and to improve our business services,
2. to confirm your identity; and
3. to enable both us and the third party provider of services for which you utilise the booking to engage in direct marketing purposes.
For direct marketing purposes, your Personal Information will be added to our database and that of the third party provider of services. The databases may be used for ongoing marketing and educative purposes. The type of marketing and educative activities that we undertake includes forwarding material to you so that you are kept updated in relation to various issues and our services.
If at any time you do not wish to continue receiving this information, we provide an “opt-out” procedure in each communication to you.

Peregian Blue works with a number of third party service providers to perform a range of our Services and obligations. Some of our third party service providers are located outside of Australia.
Some of those third parties need access to the information we have collected in order to perform our business functions.
Where we share your Personal Information with third-party service providers, they will be contractually bound to use the information only for the purposes of providing the Services or performing the functions required by us and to store the information securely.

All transactions are secured by 128 bit SSL encryption. SSL technology encodes information as it is being sent over the Internet, helping to ensure that the information transmitted remains confidential. Our servers are deployed to Amazon Web Services (AWS), which is a PCI DSS Level 1 compliant provider.
Only staff who need to have access to your personal information in order to perform their job function are authorised to access the database. In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us.

We will retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
The length of time we have an ongoing relationship and provide the Services to you (for example, for as long as you have an account with us or keep using the Services); or
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them).

You have rights to:
1. Know what Personal Information we hold about you, and to make sure it is correct and up to date.
2. Request a copy of your Personal Information or ask us to restrict processing of or delete it.
3. Object to our continued processing of your Personal Information and to request a permanent deletion of your data.
If you are not satisfied with how we are processing your Personal Information, you have the right to complain to your local information protection authority. Your local data protection authority will be able to give you more information on how to submit a complaint.
You can request to exercise these rights by emailing our Privacy Officer at [email protected]. We will process your request within 30 days of receiving your request, accompanied by a relevant proof of identification.

You may be required to have a browser, which allows cookies and other online usage tracking devices to fully access the Website. A cookie is a piece of data stored on your computer tied to information about you. Cookies may be used to track your Internet browsing activities and the websites you have visited.
We may, for statistical, security or quality purposes, use cookies and other online usage tracking tools to perform and improve our Services.
Specific uses of your information include but are not limited to record:
1. your internet protocol (IP) address;
2. the date and time of your visit;
3. the pages you have accessed and documents downloaded; and
4. the type of browser you were using.
You can disable cookies on your web browser, although this may interfere with your use and enjoyment of the Services.

Our Website may contain links to other websites. Please note that we are not responsible for the privacy practices of these sites. When you leave our Website, you should familiarise yourself with the privacy statement of that website prior to providing your Personal Information, as this Privacy Policy only applies to Personal Information collected by us or through our Website.

Our Services are not directed to children, and you may not use our Services if you are under the age of 18. You must also be old enough to consent to the processing of your Personal Data in your country (in some countries we may allow your parent or guardian to do so on your behalf).

If you wish to exercise any of your rights under this Privacy Policy, have any questions, comments or complaints regarding our practices, or if you are of the view that we have not adhered to this Privacy Policy, you may contact our Privacy Officer at [email protected].
If you have any questions about our handling of Personal Information, or if you wish to make an access or correction request or complaint, you should contact us at: [email protected].

This policy was issued on 22 July 2021