Privacy Policy

APP 1 Open and transparent management of personal information

We are committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles (APPs). Our Privacy Policy is freely available on our website in HTML formats, PDFs can emailed upon request to contact@travelassessments.com. We develop and review comprehensive internal practices, procedures and systems to ensure ongoing APP compliance, including staff training, regular audits, and a dedicated privacy officer to handle all privacy-related policy development, implementation, inquiries and complaints.

Personal Information We Collect

We collect and store your information securely and only use it for the purposes specified in this policy. Sensitive information is only collected with your explicit consent and is handled with additional security measures.

Personal information including:

  • Names

  • Phone numbers

  • Email addresses

  • Physical addresses

  • Payment information

  • Social Media identifiers

Sensitive information relating to:

  • Race

  • Religion

  • Sex and gender

  • Health

Purpose of Collection

  • To communicate with new and former customers

  • To process payments

  • We collect Sensitve information to identify potential risks based on personal characteristics when traveling to specific regions

  • To conduct analysis of operational performance to identify opportunities for increased efficiency and effectiveness.

  • To aggregate data for strategic planning and the development of new or enhanced business practices.

  • To perform internal studies on workflows and procedures to streamline and improve our internal processes.

How We Handle Your Information

We collect and store your information using ISO 27001 certified third-party providers (Microsoft Corporation & Google LLC) who maintain privacy standards aligned with the Australian Privacy Principles (APPs). This ensures enterprise-grade security and privacy protection for your data.

Security Standards

  • ISO 27001 certified information security management systems

  • Enterprise-grade encryption and security protocols

  • Regular security audits and compliance assessments

  • Strict access controls and monitoring

Sensitive Information Handling

  • Only collected with your explicit consent during onboarding or throughout the period of agreed service

  • Protected by additional security measures

  • Stored in secure, encrypted environments

  • Accessed only by authorized personnel

  • Handled according to strict privacy protocols aligned with APP requirements

Third-Party Providers

  • Maintain ISO 27001 certification for information security

  • Adhere to privacy policies compatible with APP requirements

  • Regularly demonstrate compliance through independent audits

  • Provide transparent security and privacy documentation

Complaints

Our complaint handling process includes: acknowledging your complaint within 30 business days, investigating the issue, consulting relevant staff members, and providing a detailed written response. If you are unsatisfied with our initial response, you may request an internal review or contact the Office of the Australian Information Commissioner.

APP 2 Anonymity and Pseudonymity

Where practicable, you may choose to remain anonymous or use a pseudonym when dealing with us. However, this may not be possible for certain services, particularly where:

  • You (customer) request a consultantation or qoute for our services.

  • We need to verify your identity

  • We are processing payments for services

  • We are conducting threat and vulnerability assessments that require accurate personal information

  • We are required by law to collect your personal information

For general inquiries about our services, you may choose to remain anonymous or use a pseudonym.

APP 3 Collection of Personal Information

How and why we collect your personal information

We only collect personal information by lawful and fair means where it is reasonably necessary for our business functions and activities specified in this policy. Also we only collect personal information directly from you unless it is unreasonable or impracticable to do so. Sensitive information is only collected with your explicit consent and is handled with additional security measures.

To ensure the integrity of our services and manage security risks, we may need to verify the information you provide. This process may involve checking your details against publicly and commercially available sources. By using our services, you acknowledge and consent to this verification process.

What are the kinds of Personal we collect?

Personal information including:

  • Names

  • Phone numbers

  • Email addresses

  • Physical addresses

  • Payment information

  • Social Media identifiers

What we use your personal information for:

  • To communicate with new and former customers

  • To process payments

  • To conduct analysis of operational performance to identify opportunities for increased efficiency and effectiveness.

  • Strategic planning and the development of new or enhanced business practices.

  • To perform internal studies on workflows and procedures to improve our internal processes.

Sensitive Information

Sensitive information relating to:

  • Race

  • Religion

  • Sex and gender

  • Health

We only collect sensitive information (such as details about your race, religion, sex, or gender) when:

  • You have given explicit consent for its collection

  • The information is reasonably necessary for providing our travel safety assessment services

  • Collection is required to identify potential risks in specific travel destinations

  • Collection is required or authorised by Australian law

What we use your sensitive information for

We collect sensitive information to identify potential risks based on personal characteristics when traveling to specific regions.

Collection Methods

We collect information through:

  • Direct communication with you

  • Our website and online forms

  • In-person or online consultantions

  • Questionnaires after onboarding and throughout the service period

  • Secure payment processing systems

APP 4 Handling Unsolicited Personal Information

If we receive personal information that we did not request (unsolicited information), we will:

  • Determine whether we could have lawfully collected this information under APP 3 if we had solicited it

  • If we determine we could not have collected the information under APP 3:

    • Securely destroy or de-identify the information as soon as practicable

    • Protect the information from unauthorized access or disclosure during this process

  • If we determine we could have collected the information under APP 3:

    • Handle the information in accordance with APPs 5-13

    • Treat it in the same way as solicited personal information

APP 5 Notification of Collection

When collecting your personal information, we will notify you about:

  • Our identity and contact details

  • The purpose for collecting your information

  • The consequences if we cannot collect your information

  • Whether your information is required by law or a court/tribunal order

  • How you can access and correct your information

  • How you can complain about a privacy breach

Timing of Notification

We will notify you about these matters:

  • At or before the time we collect your personal information, or

  • If this is not practicable, as soon as possible after collection

Method of Notification

We will provide this information through:

  • Our online collection forms

  • Written notices during travel assessment processes

  • Verbal notification during phone conversations (followed by written confirmation)

  • Privacy collection statements on relevant documents

At or before the time we collect your personal information (or as soon as practicable after), we will take reasonable steps to ensure you are aware of the following:

  • Our identity and contact details.

  • The specific purposes for which we are collecting your information.

  • The main consequences for you if we cannot collect that information.

  • Our Disclosure Practices: We do not disclose your personal information to any third parties unless required to do so by an Australian law or a court/tribunal order, such as a warrant.

  • Overseas Disclosure: To provide our services and communicate with you, we use global technology providers such as Microsoft and Google. As a result, your personal information may be stored on servers located outside of Australia, including in the United States of America.

  • Our Privacy Policy: Our full Privacy Policy contains detailed information about how you can access and correct your information, and how to make a complaint.

  • Whether the collection is specifically required or authorised by an Australian law or a court/tribunal order.

APP 6 Use and Disclosure of Personal Information

Primary Purpose

We will only use or disclose your personal information for the primary purpose for which it was collected, which includes:

  • Providing travel safety and vulnerability assessments

  • Processing payments for our services

  • Communicating with you about our services

Secondary Purpose

We will only use or disclose your personal information for secondary purposes where:

  • You have consented to the secondary use or disclosure

  • You would reasonably expect us to use or disclose the information for the secondary purpose, which is directly related to the primary purpose

  • The use or disclosure is required or authorised by Australian law or a court/tribunal order

  • A permitted general situation exists (such as to reduce or prevent a serious threat to life, health or safety)

  • We reasonably believe the use or disclosure is necessary for enforcement-related activities by an enforcement body

Sensitive Information

We will only use or disclose your sensitive information (such as race, religion, or gender) for a secondary purpose if:

  • You have consented to the secondary use or disclosure

  • The secondary purpose is directly related to the primary purpose of collection

  • The use or disclosure is required to prevent a serious threat to life, health or safety

APP 7 Direct Marketing

Use of Personal Information for Direct Marketing

We will only use your personal information for direct marketing purposes where:

  • We where you have opt-in and consented to recieving marketing materials

  • You would reasonably expect us to use the information for direct marketing

  • We have provided a simple way to opt out of direct marketing

  • You have not already requested to opt out of direct marketing

  • We have provided opt-out options through email to contact@travelassessments.com

Sensitive Information

We will not use or disclose sensitive information for direct marketing purposes unless you have explicitly consented to this use.

Opt-Out Mechanism

In all direct marketing communications, we will:

  • Include a prominent statement about your right to opt out

  • Provide a simple and free way to opt out

  • Implement opt-out requests within 7 business days

Third-Party Direct Marketing

If we receive your personal information from a third party, we will only use it for direct marketing if:

  • You have consented to receive direct marketing from us, or

  • It is impracticable to obtain your consent, but we provide a simple opt-out mechanism

Direct Marketing Communications

Upon request, we will:

  • Tell you where we obtained your personal information

  • Provide this information within a reasonable time and free of charge

APP 8 Cross-border Disclosure of Personal Information

Our Position on Overseas Disclosure

As an international service, the handling of your personal information may occur across borders. We do not sell or actively disclose your personal information to any third-party recipients overseas.

Any cross-border transfer of your information is a necessary part of our own secure data processing and service delivery, as detailed below.

How Your Information Crosses Borders

To provide our services, we use secure, global technology infrastructure provided by Microsoft Corporation and Google LLC. This means that when you interact with us or when we work on your assessment, your data is processed and stored on servers that may be located outside of Australia.

For example:

  • An email you send us may be routed through a server in the United States.

  • The file containing your travel assessment may be stored in a secure cloud data centre in Europe or Asia.

In all cases, this data remains within our own secure business accounts with these providers (e.g., our Microsoft 365 or Google Workspace environment) and is not shared with any other entity.

Our Accountability and Your Protection

We are required to take reasonable steps to ensure that any overseas recipient of your data has privacy protections similar to those in Australia. We meet this obligation by:

  • Partnering with trusted providers: We have selected global providers (Microsoft and Google) who are subject to comprehensive security and privacy schemes and who are contractually obligated to protect your data.

  • Remaining Accountable: If an overseas provider handles your personal information in a way that would breach the Australian Privacy Principles, we remain accountable for that breach as if we had done it ourselves.

Your Consent

By engaging our international services and providing us with your personal information, you acknowledge and consent to this necessary cross-border handling of your information as described in this policy.

APP 9 Government-Related Identifiers

As a standard business practice, we do not collect, use, or adopt government-related identifiers (such as passport numbers, tax file numbers, or Medicare numbers) as our own identifier for an individual.

In the rare event that we are required by an Australian law or a court/tribtribunalrder to handle such an identifier, we will do so only in accordance with our legal obligations and the Australian Privacy Principles.

APP 10 Quality of Personal Information

Collection Quality

We take reasonable steps to ensure that the personal information we collect is:

  • Accurate and not misleading

  • Up to date at the time of collection

  • Complete for its intended purpose

Use and Disclosure Quality

Before using or disclosing your personal information, we take reasonable steps to ensure it is:

  • Accurate and not misleading

  • Up to date for the purpose of use or disclosure

  • Complete for the purpose of use or disclosure

  • Relevant for the purpose of use or disclosure

Quality Assurance Measures

To maintain the quality of personal information, we:

  • Regularly review and update our records

  • Provide secure methods for you to update your information

  • Verify information accuracy when it is collected and used

  • Maintain audit trails of information updates

  • Cross-check information with reliable sources where necessary

  • Notify users 7 days before implementing material Privacy Policy changes

Correction Procedures

If we discover that personal information is inaccurate, out of date, incomplete, irrelevant or misleading, we will:

  • Take reasonable steps to promptly correct the information

  • Notify any third parties to whom we have disclosed the information

  • Update our records accordingly

APP 11 Security of Personal Information

We take reasonable steps to protect your personal information from:

  • Misuse, interference and loss

  • Unauthorized access, modification or disclosure

Security Safeguards

Our security measures include:

  • Physical and Digital secure storage systems with restricted access

  • Encryption of digital information

  • Multifactor Authentication

  • Staff training on information security procedures

  • Regular security audits and updates

  • Secure disposal methods for physical documents

Retention and Destruction

We will:

  • Only retain personal information for as long as necessary to fulfill the purpose for which it was collected

  • Securely destroy or de-identify personal information when:

    • It is no longer needed for any purpose for which it was collected

    • We are no longer required by law to retain it

    • The retention period specified in our data retention policy has expired

Data Breaches

In the event of a data breach, we will:

  • Take immediate steps to contain the breach

  • Assess the potential harm that may result from the breach

  • Notify affected individuals and the Office of the Australian Information Commissioner if required

  • Take steps to prevent similar breaches in the future

APP 12 Access to Personal Information

Your Right to Access

You have the right to request access to the personal information we hold about you. We will provide access unless:

  • We reasonably believe giving access would pose a serious threat to the life, health or safety of any individual

  • Giving access would have an unreasonable impact on the privacy of other individuals

  • The request is frivolous or vexatious

  • The information relates to existing or anticipated legal proceedings

  • Giving access would be unlawful or prejudice law enforcement activities

How to Request Access

To request access to your personal information:

  • Submit your request in writing to our Privacy Officer at [contact details]

  • Provide proof of identity

  • Specify what information you wish to access

Our Response

We will:

  • Respond to your request within 30 days

  • Provide the information in the manner requested if reasonable and practicable

  • Notify you in writing if we refuse access, explaining the reasons and available complaint mechanisms

  • Not charge you for making a request, but may charge reasonable fees for providing access

Format of Access

We will provide access to your personal information in the format you request where reasonable, which may include:

  • Electronic copy

  • Physical copy

  • Viewing the information in person

  • Explaining the information verbally

APP 13 Correction of Personal Information

Your Right to Request Correction

You have the right to request correction of the personal information we hold about you if you believe it is:

  • Inaccurate

  • Out of date

  • Incomplete

  • Irrelevant

  • Misleading

How to Request Correction

To request correction of your personal information:

  • Contact our Privacy Officer at contact@travelassessments.com with subject heading "Privacy Request"

  • Specify what information needs correction

  • Provide evidence supporting your correction request

  • Indicate how you would like the information corrected

Our Response

When we receive a correction request, we will:

  • Respond within 30 days

  • Take reasonable steps to verify the information's accuracy

  • Make requested corrections if we are satisfied they are warranted

  • Provide written notice if we refuse to correct the information, explaining our reasons

  • Offer to attach a statement to your record noting your requested corrections

  • Not charge you for making or processing correction requests

Notifying Third Parties

If we correct your personal information, we will:

  • Notify any third parties to whom we previously disclosed the information

  • Take reasonable steps to ensure the correction is passed on

  • Provide you with a list of recipients who have been notified, if requested