TT-Line Company Pty Ltd trading as Spirit of Tasmania (Spirit of Tasmania) is committed to complying with the Personal Information Protection Act 2004 (Tas) (PIP Act) and the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (the Privacy Act).
Spirit of Tasmania is committed to developing a culture that respects the privacy of individuals, customers and staff through ensuring the security of personal information about them. Spirit of Tasmania will protect personal information from misuse, loss, corruption or disclosure.
2. Privacy Officer
Spirit of Tasmania has appointed a Privacy Officer who is responsible for:
4. Collection of Personal Information
Spirit of Tasmania collects, holds, uses and discloses personal information for the following purposes:
a) information that is necessary for Spirit of Tasmania’s functions and activities as a passenger, vehicle and freight service and agent of travel insurance providers;
b) sales and marketing research purposes;
c) to comply with any applicable laws; and
d) any other purpose for which the customer gives his or her consent.
The types of personal information that Spirit of Tasmania collects and holds about a customer may include: a customer’s name, postal or email address, phone number, billing details, payment details, registration information or any other information that Spirit of Tasmania considers to be reasonably necessary.
Generally, Spirit of Tasmania does not need to collect any personal information when customers visit Spirit of Tasmania’s website. Customers have the option to deal with Spirit of Tasmania anonymously where it is lawful and practicable to do so. For example, customers can visit Spirit of Tasmania’s website without telling Spirit of Tasmania who you are or revealing other personal information.
Spirit of Tasmania will, if it is reasonable or practicable to do so, collect personal information directly from customers. This may happen if customers give Spirit of Tasmania personal information over the telephone or through Spirit of Tasmania’s website.
Sometimes Spirit of Tasmania collects personal information about customers from travel agents where it is necessary to do so.
If Spirit of Tasmania needs to collect personal information, then Spirit of Tasmania will operate by these principles:
a) Spirit of Tasmania will expressly ask you for that personal information. The customer can decline to provide the requested personal information;
b) when Spirit of Tasmania asks you for that personal information, Spirit of Tasmania will tell you how Spirit of Tasmania intends to use that personal information if you agree to give it to Spirit of Tasmania. For instance, Spirit of Tasmania may need to use that personal information to:
(i) personalise and tailor Spirit of Tasmania's information, services or products for you;
(ii) to identify who Spirit of Tasmania is communicating with;
(iii) to inform you of further information relating to Spirit of Tasmania’s services or products, or to this website; or
(iv) keep track of the domains from which individuals visit Spirit of Tasmania. Spirit of Tasmania analyses this data for trends and statistics.
5. Use and Disclosure of Information
Personal information Spirit of Tasmania holds about a customer that was collected for a particular purpose will not be disclosed for another purpose, unless:
a) the customer consents to the use or disclosure of the information for another purpose;
b) the access, use or disclosure is otherwise permitted under the Privacy Act and the PIP Act; or
c) the information is used or disclosed for the purpose of procuring travel insurance for a customer’s benefit.
Spirit of Tasmania will not disclose personal information unless Spirit of Tasmania is satisfied that the information will be afforded similar protection as Spirit of Tasmania is required to provide, or where it is necessary to complete insurance arrangements for the customer's benefit.
Where personal information is disclosed Spirit of Tasmania will seek to ensure that the information is held, used or disclosed consistently with the Privacy Act (including the APPs), the PIP Act and any other applicable laws.
If a customer tells Spirit of Tasmania that they do not wish to have their personal information used for a particular purpose, Spirit of Tasmania will respect their wishes and will not use that personal information unless required by law or for law enforcement purposes. Spirit of Tasmania will make customers aware of the implications this may have on the service Spirit of Tasmania can provide.
Spirit of Tasmania will co-operate with all law enforcement bodies in providing personal information when requested.
6. Sales and Direct Marketing
Spirit of Tasmania may use or disclose personal information for sales and direct marketing purposes. However, Spirit of Tasmania will not include customers’ personal details on any of its sales or marketing databases if the customer has requested not to receive direct marketing communications.
Customers must be told that they can opt out of receiving any more marketing or promotional literature.
All Spirit of Tasmania’s marketing correspondence will display a clearly visible and user-friendly opt-out tick box. Spirit of Tasmania may imply consent to receive marketing material where this opt-out box is not ticked.
All personal information held on any marketing databases will be permanently destroyed or de-identified within 45 days of receipt of an opt-out notice or a request to be removed from the database.
A customer may request Spirit of Tasmania to provide its source of the information. If it does so, Spirit of Tasmania must, within a reasonable period after the request is made, (usually within 30 days) notify the customer of the source unless it is impracticable or unreasonable to do so.
7. Loyalty Program/Travel Club
Spirit of Tasmania's Loyalty Program /Travel Club will continue to work on an opt-in basis. Spirit of Tasmania will not send any online marketing material that does not contain an opt-out clause.
8. Cross-border disclosure of personal information
In some circumstances Spirit of Tasmania may need to disclose personal information about a customer to Spirit of Tasmania’s overseas Protection and Indemnity Club (insurer) located in the United Kingdom.
Before Spirit of Tasmania discloses personal information about a customer to its overseas insurer, Spirit of Tasmania must take reasonable steps to ensure that the insurer complies with the APPs in relation to the information, unless one of the exemptions in the Privacy Act applies.
9. Law enforcement
The PIP Act and Privacy Act are not intended to interfere with legal obligations to disclose information for law enforcement and regulatory purposes.
Spirit of Tasmania has a procedure for using and disclosing personal information for the purpose of investigating and reporting suspected unlawful activity to the relevant authorities.
Written note of the disclosure is required, including the date of the disclosure, the personal information disclosed, the relevant law enforcement body and how the information was used, or to whom the information was disclosed.
10. Emergencies and disasters
In the event of an emergency or where Spirit of Tasmania deems it necessary, customers' names and addresses will be provided to any authorities and/or agencies that assist in dealing with any such emergency or disaster.
By booking and travelling with Spirit of Tasmania, customers are deemed to consent to the disclosure of this information to such authorities and/or agencies.
11. Quality of Personal Information
Spirit of Tasmania must take reasonable steps to ensure that any personal information it collects, uses or discloses is accurate, complete, up-to-date and relevant to Spirit of Tasmania's functions or activities.
12. Security of Personal Information
Spirit of Tasmania stores customers’ information in different ways, including paper and electronic form.
Spirit of Tasmania treats all personal information as confidential. Spirit of Tasmania will take all reasonable steps to ensure that personal information is protected from:
a) misuse, interference and loss; and
b) unauthorised access, modification or disclosure.
Some of the ways Spirit of Tasmania does this are:
a) continuing to develop and monitor security measures in order to decrease the risk of unauthorised access to personal information;
b) continuing to engage IT support to maintain computer and network security, including access control for authorised users, data integrity checks, network intrusion systems, host intrusion detection systems and expert monitoring;
c) providing a discreet environment for confidential discussions;
d) protecting its file servers by access privileges and permissions;
e) ensuring that staff are only granted access to files that contain personal information if the operational managers or executive members responsible for those files explicitly authorise the access.
In addition, Spirit of Tasmania takes the following measures to ensure that personal information on its website is protected, including:
a) having electronic website security systems in place, including the use of secure hypertext transfer protocol, network intrusion protection and segregated virtual private networks; and
b) defining and controlling user access to ensure that access to personal information is only granted where the individual seeking access (i.e. customer or staff) is authorised to do so.
If Spirit of Tasmania no longer needs the personal information for any purpose for which it may be used or disclosed by Spirit of Tasmania, Spirit of Tasmania must take reasonable steps to destroy or permanently de-identify the information, unless:
a) it is contained in a Commonwealth record; or
b) Spirit of Tasmania is required by law, or a court/tribunal order, to retain the information.
Permanent de-identification means that Spirit of Tasmania is not able to match the de-identified information with other records to re-establish the identity of individuals.
Permitted destruction of personal information must occur by a secure means. Paper based records should be shredded or disposed of securely by an authorised disposal company. Electronic records should be overwritten before being deleted.
Customers have a legal right to access the information Spirit of Tasmania hold about them, unless an exception in the Privacy Act and the PIP Act applies.
Factors affecting a right to access include:
a) access would pose a serious threat to the life or health of any individual;
b) access would have an unreasonable impact on the privacy of others;
c) a frivolous or vexatious request;
d) the information relates to existing or anticipated legal proceedings between Spirit of Tasmania and the individual, and would not be accessible by the process of discovery in those proceedings;
e) access would reveal the intentions of Spirit of Tasmania in relation to negotiations with the individual in such a way as to prejudice those negotiations;
f) access would be unlawful;
g) denying access is required or authorised by or under any law or a court/tribunal order;
h) access would prejudice the taking of appropriate action in relation to unlawful activity or serious misconduct relating to Spirit of Tasmania’s functions or activities;
i) access would be likely to prejudice a law enforcement related activity; or
j) access would reveal evaluative information generated within Spirit of Tasmania in connection with a commercially sensitive decision-making process.
Depending on the nature of the request Spirit of Tasmania may charge the customer a fee for giving them access to that personal information.
The rules regarding a customer's access to information means that customers may have a right to access comments about them.
Spirit of Tasmania must respond to a request for access within a reasonable time (usually within 30 days), and give access in the manner requested by the customer, if it is reasonable and practicable to do so.
If Spirit of Tasmania refuses to give a customer access, then Spirit of Tasmania will:
a) take such steps as are reasonable to give access in a way that meets Spirit of Tasmania’s needs as well the customers;
b) provide the customer with written reasons for the refusal provided it is reasonable to do so; and
c) provide the customer with the mechanisms available to complain about the refusal.
14. Correction of Personal Information
If Spirit of Tasmania holds personal information about a customer, and:
a) Spirit of Tasmania is satisfied that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading; or
b) the customer requests Spirit of Tasmania to correct the information,
Spirit of Tasmania must take reasonable steps to correct that information, having regard to the purpose for which the information is held.
If Spirit of Tasmania refuses to correct the personal information, then Spirit of Tasmania will provide the customer with:
a) written reasons for the refusal provided it is reasonable to do so; and
b) the mechanisms available to complain about the refusal.
Spirit of Tasmania must respond to a correction request within a reasonable time (usually within 30 days).
15. Sensitive Information
Spirit of Tasmania does not usually collect sensitive information, which includes information about a person's ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a profession or trade association, membership of a trade union, details of health, disability, sexual orientation or criminal record.
However, Spirit of Tasmania does collect health information for the purposes of its Passenger Monthly Accident/Illness Reports and as required or permitted by health and safety laws. Health information is regarded as sensitive and as such, must be treated as highly confidential. Health information should only be accessible to authorised persons for permitted purposes and should not be entered on any sales or marketing databases.
If this information is collected the customer will be told of the purpose of collection by the relevant officer at the point of collection. This health information must not be collected without the customer’s consent.
Spirit of Tasmania must not collect sensitive information about a customer unless the customer consents or an exemption in the Privacy Act and the PIP Act applies. Such circumstances would usually only be in an emergency or when the person had lost consciousness and collection is necessary to prevent or lessen a serious and imminent threat to life, health or safety of any individual or to public health or safety.
16. Breach of Privacy
The Tasmanian Ombudsman and the Commonwealth Information Commissioner have the power to investigate complaints made by individuals about the way organisations manage personal information or to investigate any act or practice that may be a breach of privacy, even if no complaint has been made.
17. Queries or Concerns
If you have any queries or concerns about the way Spirit of Tasmania handles your personal information after reading this policy, or if you become aware of a potential breach of privacy, please contact Spirit of Tasmania’s Privacy Officer immediately on the contact details set out below:
Telephone: (03) 6421 7311
Postal address: P O Box 168 E
East Devonport Tas 7310
If Spirit of Tasmania’s Privacy Officer is unable to resolve the matter, it will be escalated (internally or externally) as appropriate to facilitate resolution.