GDPR Compliance
Your data rights under European Union law
Last Updated: January 2024
GDPR Overview
While Twinkle Voyage is an Australian company, we respect the rights of European Union residents under the General Data Protection Regulation (GDPR). This page explains your specific rights and how we comply with GDPR requirements.
Legal Basis for Processing
We process your data based on: contract performance, legitimate interests, legal obligation, and consent. You can withdraw consent at any time.
Your GDPR Rights
EU residents have the right to: access your data, rectification, erasure, restrict processing, data portability, object to processing, not be subject to automated decision-making, and lodge complaints with supervisory authorities.
Data Controller
Twinkle Voyage Pty Ltd is the data controller. Contact: [email protected], Level 3, 142 King Street, Sydney NSW 2000, Australia. We do not have an EU representative as we don't meet the threshold requiring one.
International Data Transfers
Your data will be transferred to Australia for processing. Australia is not covered by an EU adequacy decision. We rely on appropriate safeguards including Standard Contractual Clauses and your explicit consent when booking tours.
Data Retention
We retain personal data only as necessary: Booking data 7 years, Marketing data until you unsubscribe or 3 years of inactivity, Website analytics 26 months, Correspondence 3 years after resolution.
Security Measures
We implement appropriate technical and organizational measures including encryption, access controls, regular security assessments, employee training, and incident response procedures.
Data Breach Notification
In the event of a data breach likely to result in high risk to your rights, we will notify you within 72 hours of becoming aware, in accordance with GDPR requirements.
Making a Request
To exercise your GDPR rights, contact [email protected] with your full name, booking reference (if applicable), specific request, and proof of identity. We respond within 30 days, extendable to 60 days for complex requests.
Complaints
If unsatisfied with our response, you can lodge a complaint with your local EU supervisory authority or the Office of the Australian Information Commissioner (OAIC) at [email protected].