We are committed to complying with the Personal Information Protection Act 2004 (Tas) (“PIP Act”) and the Australian Privacy Principles (“APPs”) set out in the provisions of the Privacy Act 1988 (Cth) (“Privacy Act”).
2. Scope of this policy
This policy applies to your personal information and includes information about individuals but not companies or other commercial entities.
This policy does not contain information on how we manage personal information collected in connection with a credit application or credit facility. Please refer to the Credit Reporting Policy.
3. Privacy Officer
Our Privacy Officer is responsible for ensuring that this policy and our privacy procedures are fully implemented and working effectively.
5. The types of information that we collect, hold and process
The categories of information that we collect, hold and process about you include (but are not limited to):
- Personal information
- identification information including, your name, postal or email address, phone number or fax number;
- images or photographs of you obtained through CCTV filming whilst on board the Spirit of Tasmania or at the terminal;
- your billing details which may include details such as your name, address and credit card information;
- your vehicle registration information; and
- any other information that we consider to be reasonably
- Technical data
Online identifiers, including cookie identifiers, internet protocol addresses, device identifiers, client identifiers, mobile carriers, time zone settings and operating systems. Information on cookies may be found in section 7.5 below.
- Statistical data
Customer information is also used to derive anonymous statistical data (such as the number of passengers) and is processed solely for analytical purposes.
- Sensitive information
We may collect some sensitive information about you, including health information (e.g. in the case of a medical emergency). Please see section 18 below for more information.
- Website activity
We collect information relating to your use of our website.
- Information required by law
We may collect personal information about you because the collection of the information is required or authorised by law or a court/tribunal order.
- Social media
We may view demographics of users of our social media (for example, users’ gender and location etc.) but we do not collect this information for any other use.
6. Purposes for collection of Personal Information
We collect, hold, use and disclose personal information for the following purposes:
- to conduct functions and activities as a passenger, vehicle and freight service and agent of travel insurance providers;
- to personalise and tailor our information, services or products for you ;
- to identify whom we are communicating with;
- to inform you of further information relating to our services or products, or to our website;
- to keep track of website domain names from which individuals visit our website – we analyse this data for trends and statistics;
- to facilitate your transfer in the event of a medical emergency;
- to assist you or your financial institution to verify purchases;
- for sales and marketing research purposes;
- for marketing and promotional purposes;
- for profiling and targeted marketing purposes;
- for analytical purposes;
- to post photographs of customers on social media websites;
- for administration purposes;
- to comply with any applicable laws;
- for emergency purposes;
- to monitor CCTV footage to detect / prevent fraud and / or other criminal activity; and
- any other purpose for which you consent.
7. Where personal information is collected from
7.1 From you (or your authorised representative)
Where possible, we collect personal information from:
- you; or
- persons whom you have authorised to provide us with your personal information on your behalf,
when either you or your authorised representative gives us this information, for example, over the telephone, in person or via our website.
Generally, we do not need to collect any personal information when you just visit our website. You have the option to deal with us anonymously where it is lawful and practicable to do so. For example, you can visit our website without telling us who you are or revealing other personal information.
7.2 From other sources
Sometimes we collect personal information about you from other sources where it is necessary to do so. This may happen where:
- you have consented to the collection of the information;
- we are required or authorised by law to collect the information; or
- it is unreasonable or impracticable to collect the information from you
Examples of other sources that we may collect personal information from include, but are not limited to:
- travel agents;
- sporting teams/clubs;
- social clubs; and
7.3 Unsolicited personal information
If we collect personal information about you that we did not ask for, we will check whether we could have collected that information ourselves. If we could have collected the information, we will handle it in the same way we handle other information we collect from you.
- we could not have collected the personal information; and
- the information is not contained in a Commonwealth record (as defined in the Archives Act 1983 (Cth)),
we will destroy the information or de-identify the information provided it is lawful and reasonable to do so.
7.4 General principles
If we need to collect personal information, then we will operate by the following principles:
- we will expressly ask you for that personal You may decline to provide the requested personal information however we may not be able to provide you with the requested services; and
We use Google Analytics in accordance with section 7.6 below. By using our website you consent to the processing of your personal information by Google in accordance with Google’s policy which can be found at the following link: www.google.com/policies/privacy/partners/
We use the Facebook pixel to measure the effectiveness of our advertising. The Facebook pixel is a piece of code which lets us measure, optimise and build audiences for our advertising campaigns. We use the Facebook pixel to measure the performance of our ads, optimise the delivery of our ads to our customers and customise our website for our customers.
To opt-out of collection and use of your information for ad targeting, a browser tool is available at the following link: http://www.aboutads.info/choices.
7.6 Google Analytics
We use Google Analytics, a website analysis service provided by Google LLC to better understand our customers and provide targeted advertising to suit our customer’s interests and preferences.
We also use Google Analytics to measure marketing activity and monitor website usage and other online statistical and analytical data. This enables us to generate detailed statistics about traffic to our website, traffic sources and how users interact with our website and third party websites. We also measure and record conversions and sales.
The information collected includes how often users visit our website, what links they click, the user’s IP address, geolocation, browser and operating system and what other sites a user visited before coming to our website.
The information collected by Google Analytics is governed by Google Analytics’ Terms of Service, which can be found at the following link:
Further information about how Google Analytics collects and processes your personal information can be found at the following link:
8. Use and Disclosure of Personal Information
We may only use and disclose your personal information for the purposes it was collected unless:
- you consent to the use or disclosure of the information for another purpose;
- the access, use or disclosure is otherwise permitted under the Privacy Act and the PIP Act; or
- you would reasonably expect us to use or disclose the information for another purpose (e.g. disclosing personal information to a travel agent for the purpose of procuring travel insurance for you).
8.1 Disclosing personal information to third parties
Sometimes we may disclose personal information about you to third parties. Examples of third parties that we may disclose your personal information to include, but are not limited to:
- our nominated travel insurance provider;
- travel agencies, marketing agencies and our other marketing service providers;
- our research agencies conducting research;
- emergency services;
- Biosecurity Tasmania or any other applicable quarantine authority;
- as required or authorised by law or a court/tribunal order;
- the third parties listed in section 11 below; and
- any other person where you have given your consent.
We may disclose your photograph on social media websites but we will seek your consent first.
Where your personal information is disclosed, we will take reasonable steps to ensure that the information is held, used or disclosed consistently with the Privacy Act (including the APPs), the PIP Act and any other applicable laws.
If you tell us that you do not wish to have your personal information used for a particular purpose, we will not use that personal information for that purpose unless required by law or for law enforcement purposes. Please note however that this may mean we are not able to provide the requested services to you.
We will co-operate with all law enforcement bodies in providing personal information when requested to do so.
9. Sales and Direct Marketing
We may use or disclose personal information (excluding sensitive information) for sales and direct marketing purposes.
If at any time you decide that you do not want to receive any more marketing material from us, you may:
- contact the Privacy Officer at firstname.lastname@example.org (for non-members); or
- opt-out of receiving any more marketing material via any opt-out mechanism contained in our marketing emails or via your member page (for members).
Our marketing materials display a clearly visible and user-friendly opt-out option. We may infer that consent to receive marketing material has been given where. this opt-out option is not chosen.
All personal information held on any sales and marketing databases will be permanently destroyed or made anonymous within a reasonable time period following receipt of an opt-out notice or a request to be removed from the database.
10. Online Loyalty Program and electronic mailing lists
If you opt-in to our loyalty program including the Sailors Club and Frequent Travellers or any of our electronic mailing lists, we will collect the following personal information about you:
- identification information including, your name, postal or email address, phone number or fax number; and
- your booking information to track travel history.
11. Cross-Border Disclosure of Personal Information
We are based in Australia and your personal information will be transmitted to our offices and appointed agents within Australia.
In some circumstances we may need to disclose personal information about you to recipients outside Australia, including to our:
- overseas Protection and Indemnity Club located in the United Kingdom;
- electronic data storage provider currently located in the United States;
We may store your personal information in cloud or via other types of electronic data storage. As data storage can be accessed from various countries via an internet connection, it is not always practicable for us to know what country your personal information may be held in. As such, disclosures may sometimes occur in countries other than those listed above.
Before we disclose your personal information to any overseas recipient, we will take reasonable steps to ensure that the overseas recipient complies with the APPs in relation to the information, unless one of the exemptions in the Privacy Act applies.
12. Law Enforcement
The PIP Act, and Privacy Act are not intended to interfere with legal obligations to disclose information for law enforcement and regulatory purposes.
We have a procedure for using and disclosing personal information for the purpose of investigating and reporting suspected unlawful activity to the relevant authorities.
A written record of the disclosure is required, including the date of the disclosure, the personal information disclosed, the relevant law enforcement body and how the information was used, or to whom the information was disclosed.
13. Emergencies and Disasters
In the event of an emergency or where we deem it necessary, your name and address will be provided to any authorities and/or agencies that assist in dealing with any such emergency or disaster.
By booking and travelling with us, you are deemed to consent to the disclosure of this information to such authorities and/or agencies in such circumstances.
14. Quality of Personal Information
We will take reasonable steps to ensure that any personal information we collect, use or disclose is accurate, complete, up-to-date and relevant to our functions or activities.
If you believe that your personal information is not accurate, complete or up to date, please contact the Privacy Officer in accordance with paragraph 20 of this policy.
15. Security of Personal Information
We store your personal information in different ways, including in paper and electronic form and via third party data storage providers.
We treat all personal information as confidential. We will take all reasonable steps to ensure that personal information is protected from:
- misuse, interference and loss; and
- unauthorised access, modification or
Some of the ways we do this are by:
- continuing to develop and monitor security measures in order to decrease the risk of unauthorised access to personal information;
- continuing to engage information systems support to maintain computer and network security, including access control for authorised users, data integrity checks, network intrusion systems, host intrusion detection systems and expert monitoring;
- providing a discrete environment for confidential discussions; and
- protecting its file servers by access privileges and
In addition, we take the following measures to ensure that personal information on our website is protected, including:
- having electronic website security systems in place, including the use of secure hypertext transfer protocol, network intrusion protection and segregated virtual private networks; and
- defining and controlling user access to ensure that access to personal information is only granted where the individual seeking access is authorised to do
If we no longer need the personal information for any purpose for which it may be used or disclosed by us, we will take reasonable steps to destroy or permanently make anonymous the information, unless:
- it is contained in a Commonwealth record (as defined in the Archives Act 1983 (Cth)); or
- we are required by law, or a court/tribunal order, to retain the
Permanent anonymity means that we are not able to match the anonymous information with other records to re-establish the identity of individuals.
Permitted destruction of personal information must occur by a secure means. Paper based records are shredded or disposed of securely by an authorised disposal company. Electronic records are overwritten before being deleted.
16. Access to personal information
You have a legal right to access personal information we hold about you, unless an exception in the Privacy Act and the PIP Act applies.
Factors affecting a right to access include:
- access would pose a serious threat to the life or health of any individual;
- access would have an unreasonable impact on the privacy of others;
- a frivolous or vexatious request;
- the information relates to existing or anticipated legal proceedings between us and you, and would not be accessible by the process of discovery in those proceedings;
- access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- access would be unlawful;
- denying access is required or authorised by or under any law or a court/tribunal order;
- access would prejudice the taking of appropriate action in relation to unlawful activity or serious misconduct relating to our functions or activities;
- access would be likely to prejudice a law enforcement related activity; or
- access would reveal evaluative information generated within our business in connection with a commercially sensitive decision-making
You can request an electronic copy of your personal information by contacting our Privacy Officer in accordance with section 20 of this policy.
You do not have to give a reason when asking for access to your personal information.
We will respond to a request for access within a reasonable time (usually within 30 days), and may give access in the manner requested, if it is reasonable and practicable to do so. We may need to verify your identity before we give you access to your personal information.
If we refuse to grant you access, then we will:
- take reasonable steps to give you access in a way that meets our needs as well as yours;
- provide you with written reasons for the refusal provided it is reasonable to do so; and
- provide you with the mechanisms available to complain about the refusal.
Depending on the nature of the request, we may charge you a reasonable fee to access that information.
You may request us to provide our source of the personal information. If you do so, we will, within a reasonable period after the request is made, (usually within 30 days) notify you of the source unless it is impracticable or unreasonable to do so.
17. Correction of Personal Information
You may make a request to correct personal information held by us if you think any of the personal information we hold about you is incorrect, incomplete, out-of-date, irrelevant or misleading by contacting the Privacy Officer in accordance with section 20 of this policy.
If we hold personal information about an individual and we are made aware that the information may be incorrect, out-of-date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information, having regard to the purpose for which the information is held.
If we refuse to correct the personal information, then we will provide you with:
- written reasons for the refusal provided it is reasonable to do so; and
- the mechanisms available to complain about the
We will respond to a correction request within a reasonable time (usually within 30 days). We may need to verify your identity before we correct any personal information.
18. Sensitive Information
We generally try to limit the circumstances where we collect your sensitive information, which includes information about a person’s ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a profession or trade association, membership of a trade union, details of health, disability, sexual orientation or criminal record.
However, we do collect health information for the purposes of our accident/illness reports and as required or permitted by health and safety laws. Health information is regarded as sensitive and as such, is treated as highly confidential. Health information is only accessible to authorised persons for permitted purposes and is not entered on any reservations, sales or marketing databases.
If this information is collected, you will be told of the purpose of collection by the relevant officer at the point of collection.
We will not collect sensitive information about you unless you consent and that information is reasonably necessary for our functions or an exemption in the Privacy Act or the PIP Act applies. Such circumstances would usually only be in an emergency or when the person had lost consciousness and collection is necessary to prevent or lessen a serious and imminent threat to life, health or safety of any individual or to public health or safety.
Our website is not intended to be used by children under the age of 16 and we cannot ascertain the age of persons who use our website.
If a minor (according to applicable laws) has provided personal information to us without the consent of a parent or guardian, that parent or guardian should contact us at the details provided in section 20 and may request us to remove this information.
If we become aware that a minor has provided us with their personal information without the consent of a parent or guardian, we will delete their personal information.
20. Who we are and how you can contact us
TT-Line Company Pty Ltd is the legal name of the company (i.e. the legal entity) which holds your personal information.
We are registered in Tasmania, Australia with ACN: 061 996 174.
Our contact details are as follows:
Spirit of Tasmania
PO Box 168E
East Devonport Tasmania 7310
Telephone/Fax (general enquiries):
Phone: 1800 634 906 (in Australia)
Phone: +61 3 6419 9320 (International)
Fax: 1800 636 110
If you are deaf or have a hearing impairment or speech impairment, you can contact us through the National Relay Service.
- TTY users phone 1800 555 677 then ask for 1800 634 906;
- Speak and Listen users phone 1800 555 727 then ask for 1800 634 906;
- Internet relay users connect to the NRS then ask for 1800 634 906.
Privacy related queries:
Telephone: (03) 6419 9073
Postal address: PO Box 168E East Devonport Tasmania 7310
How to complain:
If you have any complaints about data privacy, please contact our Privacy Officer at the contact details above.
If our Privacy Officer is unable to resolve the matter, we will escalate it as appropriate to facilitate resolution.
If you are not happy with the outcome of the Privacy Officer’s investigation or if we have not replied to you within a reasonable time, then you can raise your concern with the Tasmanian Ombudsman or the Office of the Australian Information Commissioner (OAIC).
Complaints can be made to the Tasmanian Ombudsman in the following ways:
Telephone: 1800 001 170
Mail: GPO Box 960, Hobart 7001 TAS
Complaints can be made to the OAIC in the following ways:
Telephone: 1300 363 992
Mail: Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001