Koro Sun Resort is committed to our client’s privacy and security and to taking steps designed to secure your personal and financial information. We believe your private details should be kept just that and when you share personal information with us, we will make all reasonable endeavours to keep your details secure and private.
We are committed to ensuring that your personal information is protected.
Koro Sun Resort understands that privacy is important to you and wants your experience when dealing with us to be as enjoyable and safe as possible. This policy describes who Koro Sun Resort is and how it handles your personal information generally as well as when you use our website.
The type of personal information we collect and hold
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable. Generally Koro Sun Resort does not collect sensitive information about you such as details of your race, political beliefs, religion or health. However depending on the products and service you ask us to provide, we maybe required to collect some sensitive information when we are providing you with specialised services (such as access requirements for a disability).
We will ask for a broad range of personal information which is necessary for us to provide you with our services. The type of personal information we ask for will depend on which of the travel products with Koro Sun Resort you book on and the type of product or service you choose.
If we are not able to collect personal information about you we may not be able to provide you with the products, services or assistance you require. The collection, use or disclosure of your personal information is needed to provide these.
We will generally ask for the following types of personal information:
• name, address , email and contact details;
• date of birth;
• gender; and/or
• information about your use of our product or service
Depending on the product or service you choose, you may also be asked other types of personal information such as:
• insurance- travel
• Passport number
• Credit card details
WAYS WE COLLECT YOUR PERSONAL INFORMATION
We collect your personal information:
• by using written forms;
• through contact over the telephone, your mobile or other messaging technology;
• via the internet, including websites and social media; and/or
• in person to person contact
• Through subscription and entry forms
• Booking forms and requests for further information
• Emails, response devices
We will collect your personal information during the information life cycle, on an adhoc or a recurrent basis using the above methods. For example, we will collect personal information when you acquire a product or service from us, when you make changes to that product, when you enquire on our product and services or request information on our services. We will combine or link personal information we already know about you to other personal information we collect about you.
We collect your personal information:
• directly from you by written, by phone or through our online booking engine.
• from a group co-ordinator who is arranging your travel (If this is the case we request from the group leader that every member of the group has consented to them providing this Personal Information to us, in order for us to provide those products and services).
• from other persons or organisations (including related and third parties).
Please refer to “Parties to whom we disclose and collect your personal information” section which details the types of organisations we disclose your personal information to and collect your personal information from.
Our websites rely on “cookies” to provide a number of services to you. A cookie is a piece of data that a website sends to your browser and which is then stored on your computer or other internet enabled device. Cookies are generally one of two types, a session cookie or a persistent cookie. A session cookie is a temporary cookie that is placed on the device and remains until you leave one of our websites. A persistent cookie will remain on your device for a period of time or duration specified in the cookie despite you leaving our websites.
PURPOSES OF COLLECTION OF PERSONAL INFORMATION
We collect your personal information so we can:
• identify you and provide you with our products and services including notifying you about new products, services and promotions from time to time.
• understand your requirements and provide you with a product or service;
• set up, administer and manage our products and services,
• get a better understanding of you, your needs, your behaviours and how you interact with us, so we can engage in product and service research, development and business strategy including managing the delivery of our services and products via the ways we communicate with you.
Sometimes we are required to collect your personal information to satisfy specific legal obligations.
USE AND DISCLOSURE
We use and disclose your personal information for the purposes we collected it. Please refer to “Purposes of collection of personal information” section to understand what these purposes may be.
If your personal information is subject to the Australian privacy regime, we will use and disclose your personal information for a secondary purpose related to a purpose for which we collected it, where you would reasonably expect us to use or disclose your personal information for that secondary purpose. In the case of sensitive information, any secondary use or disclosure will be directly related to the purpose of collection.
For example, we will disclose your personal information to third party service providers so that they can provide the contracted services to Koro Sun Resort such as information technology support or programming, hosting services, telephony services, mailing or sending of documentation to customers digitally or otherwise.
As a travel agent, Koro Sun Resort offers products and services on behalf of a number of other providers including but not limited to cruise lines and insurance companies. Koro Sun Resort maybe required to disclose your Personal Information to these providers to enable them to provide you with their services and to assist in making your experience a satisfying one. As these providers require this Personal Information when making your booking, if it is not provided we will not be able to finalise your booking.
There will be other instances when we may use and disclose your personal information in accordance with the Australian and New Zealand privacy regimes including where:
• you have expressly or impliedly consented to the use or disclosure;
COLLECTION USE AND DISCLOSURE OF PERSONAL INFORMATION FOR MARKETING
Koro Sun Resort has a large range of travel services. Marketing is an important part of our business. We want to collect, use and disclose your personal information to keep you up to date with the range of products and services available from Koro Sun Resort and which we think may be of interest to you. We use a wide variety of marketing strategies including mail, sms, telephone and other internet based marketing including targeted online advertising and online behavioural marketing. Third party marketing service providers may combine the personal information we disclose to them with information they already hold about you, in order to serve you with more relevant advertising about our products and services.
We want you to be able to exercise your marketing preferences. Details of how to exercise your preferences can be made to our privacy officer whose contact details are below.
PARTIES TO WHOM WE DISCLOSE AND COLLECT YOUR PERSONAL INFORMATION
As detailed in “Ways we collect your personal information” section there are a range of people and organisations (‘parties’) to whom we disclose your personal information and collect personal information from – that are not you. These may be parties related to Koro Sun Resort or third parties. The particular party will depend on which company or brand in Koro Sun Resort you do business with and what product or service you receive.
Some examples of the parties to whom we may disclose your personal information to and collect personal information from are:
• other companies within the Koro Sun Resort and other trading divisions or departments within the same company
• customer, product, business or strategic research and development organisations;
• a third party with whom we have contracted to provide travel services, administrative or other business services – for example:
o information technology providers,
o marketing agencies and other marketing service providers;
o travel providers whose product you are travelling on;
o print/mail/digital service providers; and
o imaging and document management services
• data warehouses,
• social media and other virtual communities and networks where people create, share or exchange information;
• publicly available sources of information;
• clubs, associations, member loyalty or rewards program providers and other industry relevant organisations;
• any other organisation or person where you have asked them to provide your personal information to us or asked us to obtain personal information from them, (e.g. your parent or group organiser).
We will send your personal information overseas and collect personal information from overseas. Instances when we will do this include:
• when you have asked us to do so or we have your consent;
• when we are authorised or required by an Australian or New Zealand law or a court/tribunal to do so;
• when we have outsourced a business activity or function to an overseas service provider; and
• certain electronic transactions.
We will disclose all kinds of personal information overseas but only to the extent it is necessary to perform our functions and services. In order to engage in our business activities and functions we will disclose your personal information to and collect your personal information from parties in a number of countries. Please view here to see a list of countries in which those parties are likely to be located – United States of America, European Economic Area, United Kingdom, Japan, Philippines, India, Thailand, Fiji and New Zealand. We will need to from time to time disclose your personal information to and collect your personal information from other countries not on this list. This will be on an adhoc or case by case basis and for the purposes for which we collected your personal information.
SECURITY OF YOUR PERSONAL INFORMATION
We hold your personal information in:
• computer systems;
• electronic databases;
• digital records;
• telephone recordings; and
• in hard copy or paper files.
These storage mechanisms may be managed in a number of ways. They may be managed or administered internally by a company in Koro Sun Resort and may be held locally in Australia. Or they could be managed by a third party storage provider with whom Koro Sun Resort has a contractual relationship and be either managed locally and/or overseas.
We will take all reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. The ways we do this include:
• limiting physical access to our premises;
• restricting electronic and physical access to personal information we hold;
• having in place stand-by systems and information backups to deal with major business interruptions;
• maintaining technology security products;
• requiring any third party providers to have acceptable security measures to keep your personal information secure; and
We maintain industry standard technology and procedures in respect of our information management and provision of online services. Koro Sun Resort has an ongoing program of review and enhancement of its security measures. The reviews and updates address such matters as security and information management policies, processes and procedures, and technology reviews such as software, virus protection and fire wall settings. Koro Sun Resort’s systems and information technology infrastructure are regularly audited both by internal and external experts.
E-mail transmissions to Koro Sun Resort, are not necessarily secure. If you have any concern about the security of the contents of your e-mail or any other transaction over the Internet then you should consider contacting us by other means. Koro Sun Resort does however employ strong encryption techniques and the use of firewalls similar to financial institutions and internet transaction systems globally. If you make a transaction involving the submission of personal information over the Internet to Koro Sun Resort using one of our online forms then the Koro Sun Resort employs that encryption technology. Once Koro Sun Resort has received your personal information, it is stored and protected by a range of security controls, including firewalls, user identification requirements and audit trails.
Koro Sun Resort trains its employees and representatives in their privacy obligations, applies confidentiality obligations and provides authorised persons with user identifiers, passwords or other access codes to control access to your personal information.
ANONYMITY AND PSEUDONYMITY
If you are subject to the Australian privacy regime, you have the option of not identifying yourself or of using a pseudonym unless we are required or authorised under Australian law or a court/tribunal to identify you or it is impracticable to deal with you anonymously or by a pseudonym.
Australia – Access and Correction of Personal Information
You have the right to request access to personal information we hold about you. We are able to deny access to some or all of your personal information in specified circumstances. We will provide reasons for any refusal in writing.
If you would like to request access to the personal information we hold about you please contact us by using the relevant Access or Correction contact in the Koro Sun Resort Privacy Contact Information details, which can be found below as we may be able to provide you this information within our normal business processes. If not, the staff member will be able to commence the privacy access request process for you which may require you to complete a privacy access request form. These requests may incur a fee and you will be advised of an estimated fee and the payment options at the time of written acknowledgement. This is usually provided to you within 5 business days.
Our response to your request will usually be completed within 30 days of receipt of the request. If we require further time we will contact you in writing to advise of this and provide our reasons for the further time that is required.
We rely on the accuracy of the personal information we hold about you to provide our products and services to you. You have the right to request us to correct any inaccurate, out-of-date, incomplete, irrelevant or misleading personal information. We will take such steps that are reasonable in the circumstances with regard to the purpose for which your personal information is held to make a correction. We may refuse to correct your personal information and will provide reasons for refusal in writing. If we refuse to correct your personal information you have the right to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will take such steps that are reasonable in the circumstances to associate that statement with all records containing the relevant information. You can contact us to request the correction to the personal information we hold about you by using the relevant Access or Correction contact in the Koro Sun Resort Privacy Contact Information table below.
Australia – Complaints Handling
If you have a complaint about how we collect, hold, use or disclose your personal information or a privacy related issue such as refusal to provide access or correction, please use our complaints process so that we can help. It is important to follow the complaint handling process in order to resolve your complaint effectively and efficiently.
If you are subject to the Australian privacy regime please note how we will deal with a complaint:
Step 1. Let us know
If you would like to make a complaint, please let us know by contacting us. A response is usually provided to you within 5 business days by our privacy officer. You can contact us by using the relevant Complaints contact in the Koro Sun Resort Privacy Contact Information below.
Step 2. Review by our Internal Privacy team
If you are not satisfied with the outcome of the business review you can request the complaint be referred to the Senior Management Team for review or you can contact them directly. Should additional information be required from you, we will contact you to discuss. The Senior Management Team will usually contact you with a decision within 25 business days of receiving your complaint. You can contact the Senior Management team by using the relevant contact in the Koro Sun Resort Privacy Contact Information below.
Step 3. Seek review by an external service
We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you may be able to access the services of an External Dispute Resolution Scheme such as the below.
Australia Office of the Australian Information Commissioner (OAIC)
Complaints must be made in writing
Office of the Australian
GPO Box 5218
Sydney NSW 2001
REMOVAL FROM OUR MARKETING LISTS:
If you do not want to receive email or posted offers from Koro Sun Resort please let us know by sending an email message to firstname.lastname@example.org. Or if you simply follow the instructions for ‘un-subscribing” included as part of Koro Sun Resort’s regular mail and email offers your name will be removed from the mailing list.
Changes and getting a copy of the Policy:
If you would like further information about privacy in Australia in general, please contact the Office of the Federal Privacy Commissioner by calling 1300 363 992 or visit www.privacy.gov.au