Image Credit Tourism Western Australia

Privacy Policy

Booking Aggregator Pty Ltd
Effective Date: 23/03/2026

1. Introduction

Booking Aggregator Pty Ltd (“we”, “our”, or “us”) provides a Software-as-a-Service (SaaS) platform that enables Visitor Centres, tourism operators, and end users to search, book, and manage tourism products.

We are committed to protecting personal information in accordance with:

  • The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)

  • The General Data Protection Regulation (GDPR) (where applicable)

This Privacy Policy explains how we collect, use, disclose, and protect personal information across our platform, including when you interact with:

  • Booking Aggregator directly

  • A Visitor Centre (tenant) using our platform

  • A tourism operator or supplier

  • A third-party booking system or channel

2. Platform Roles and Data Responsibility (Important)

Because Booking Aggregator operates as a multi-tenant SaaS platform, different parties may be involved in handling your personal information:

  • Booking Aggregator Pty Ltd – platform provider and data processor/controller (depending on context)

  • Visitor Centres (Tenants) – organisations using the platform to provide booking services

  • Tourism Operators / Suppliers – fulfil bookings

  • Third-Party Platforms

Key Principle:

We act as:

  • A data controller for platform operations, analytics, and account management

  • A data processor where we process data on behalf of a Visitor Centre or operator

3. What Personal Information We Collect

We may collect:

Personal & Contact Information

  • Name, email, phone number, address

Booking Information

  • Travel dates, destinations, booking details, preferences

Account Information

  • Login credentials, account activity

Payment Information

  • Processed securely via third-party payment providers (we do not store full card details)

Technical Data

  • IP address, browser type, device identifiers, cookies

Communication Data

  • Customer service enquiries, emails, feedback

Sensitive Information

We do not intentionally collect sensitive information unless:

  • It is necessary for a booking (e.g. accessibility requirements), and

  • You provide explicit consent

4. How We Collect Information

We collect data:

  • Directly from you

  • From Visitor Centres or operators

  • From third-party booking platforms

  • Automatically (cookies, analytics tools)

5. Legal Basis for Processing (GDPR)

Where applicable, we rely on:

  • Contractual necessity – to process bookings

  • Legitimate interests – platform improvement, fraud prevention

  • Legal obligations – tax, compliance

  • Consent – marketing, cookies

6. How We Use Personal Information

We use your information to:

  • Facilitate and manage bookings

  • Communicate booking confirmations, updates, and support

  • Enable Visitor Centres and operators to deliver services

  • Process payments (directly or via third parties)

  • Improve platform functionality and performance

  • Prevent fraud and ensure platform security

  • Comply with legal obligations

7. Booking Channels and Third-Party Services

Bookings made through the platform may be fulfilled via:

  • Direct bookings

  • Third-party systems  

  • Operator-managed systems

Important:

Depending on the booking:

  • Your data may be shared with the relevant provider

  • That provider’s privacy policy will also apply

8. Disclosure of Personal Information

We may disclose personal information to:

  • Visitor Centres managing your booking

  • Tourism operators or service providers

  • Third-party booking platforms and channel managers

  • Payment gateways and financial service providers

  • Cloud hosting and IT providers

  • Legal and regulatory authorities

9. Cross-Border Data Transfers

Your data may be transferred outside Australia, including to:

  • Cloud infrastructure providers

  • International booking platforms

  • Payment processors

We take reasonable steps to ensure:

  • Compliance with APP 8

  • GDPR safeguards (e.g. standard contractual clauses)

10. Data Retention

  • Personal data is retained for up to 2 years after booking completion

  • Financial records may be retained longer to comply with Australian law

  • Data is then:

    • Deleted; or

    • De-identified for analytics

11. Data Security

We implement:

  • Encryption and secure storage

  • Access controls and authentication

  • Monitoring and audit processes

However, no system is completely secure.

12. Your Rights

Australian Privacy Rights:

  • Access your data

  • Request correction

  • Make a complaint

GDPR Rights (if applicable):

  • Access, rectify, or delete your data

  • Restrict or object to processing

  • Data portability

  • Withdraw consent

  • Lodge a complaint

13. Cookies and Tracking

We use cookies to:

  • Improve functionality

  • Analyse usage

  • Support platform performance

You can manage cookies via your browser.

14. Complaints

Contact us at: [email protected]

If unresolved, you may contact:

  • Office of the Australian Information Commissioner (OAIC)

  • Relevant EU supervisory authority (if applicable)

15. Changes to This Policy

We may update this policy periodically. Updates will be published with a revised effective date.

16. Contact Us

Booking Aggregator Pty Ltd  – [email protected]