Privacy Policy

Introduction

Unless expressly stated otherwise in this privacy policy, a reference to ‘we’, ‘us’ and ‘our’ means the Tasmanian Walking Company Pty Limited (ACN 127 733 742) and any of our related bodies corporate from time to time. For the avoidance of doubt, this document applies to Heart of Nature Pty Ltd (ACN 658 482 716) (‘Heart of Nature’) and Australian Walking Company Pty Limited (ACN 606 406 384), both being related bodies corporate of Tasmanian Walking Company Pty Limited.

The Privacy Act 1988 (Cth) (‘Privacy Act’) and the Australian Privacy Principles govern the way in which we must manage your personal information and this policy sets out how we collect, hold, use, disclose and otherwise manage personal information about you. This policy also sets out how persons can access their personal information held by us and what they can do if they are unhappy with our treatment of their personal information.

By providing your details, you consent to us collecting, holding, using and disclosing your personal information in accordance with this policy.

We encourage you to check our website(s) regularly for any updates to this privacy policy.

Who does this privacy policy apply to?

This privacy policy applies to any person for whom we currently hold, or may in the future collect, personal information, including our current and prospective employees, our current and prospective clients, contractors, consultants and agents and other individuals that contact or engage with us.

This policy does not apply to acts and practices relating to the ‘employee records’ of our current or former employees, as these are exempt from the Privacy Act.

What information does this privacy policy apply to?

This policy applies to personal information (including sensitive information). In broad terms, 'personal information' is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.

Information is not personal information where the information cannot be linked to an identifiable individual.

There are also references in this policy to ‘sensitive information’, which is a subset of personal information, relating to information or opinions about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health or genetic information about an individual that is not otherwise health information.

Collection

Types of information collected

The personal information we may collect and hold differs depending on the nature of our interaction with you.

We may collect and hold personal information about you and your interactions with us, although such information may include:  

  • sensitive information (see above);
  • contact and identification information, including names, email addresses and passport information;
  • financial information and bank details;
  • date and place of birth;
  • employment arrangements and history;
  • tax file numbers;
  • details of any enquiries you make; and
  • any other personal information required to provide services to you or otherwise engage with you to assist us to provide our services.  

We generally do not collect sensitive information but on occasion we may collect this information if it is relevant to the delivery of our services or to your engagement with us, including in connection with your engagement as a current or prospective employee, contractor, consultant or agent.

In any case, we will not collect sensitive information without the consent of the individual to whom the information relates, unless otherwise permitted under the Privacy Act.

Internet users and web-generated information

If you access our websites (including www.auswalkingco.com.au and other websites owned or operated by us from time to time), we may automatically collect hardware and software information about your computer or device, including:

  • your IP (internet protocol) address;
  • domain names, access times and referring website addresses;
  • your browser type;
  • the types of devices you are using to access our websites;
  • the language and operating system of the device being used; and
  • page clicks, time spent and other automatically collected meta-data.

Our websites may also collect usage information from users. Broadly, this information may relate to how you use and navigate the website, including:

  • information about pages, content or advertisements you have browsed or clicked on;
  • any content, information or material you disclose to us;
  • the location from which you have come to the site and the pages you have visited; and
  • information about the features you have used on our websites.

Also, our websites use ‘cookies’, a text file that is placed on your hard disk by a webpage server. Cookies are uniquely assigned to you. The main purpose of cookies is to identify users and to prepare customised web pages for them. Cookies do not identify you personally, but they may link back to a database record about you. We use cookies to monitor the usage of our website and to create a personal record of when you visit our website and what pages you view so that we may serve you more effectively. A person can choose to reject or block cookies set out by us by changing the browser settings, although note that most browsers automatically accept cookies. To ensure that cookies are not used, you should actively delete or block the cookies, although this may affect your ability to access all or parts of our websites.

Purpose of collection

Generally, we collect personal information about you for the primary purposes of which it was collected.

The primary purpose for which information is collected varies depending on the individual that we are collecting from, but generally, we will collect your personal information for one or more of the following reasons (including but not limited to):

  • providing services to you or someone else you know or otherwise engaging with you;
  • processing an application or enquiry you have made;
  • acting as your agent if you request us to do so;
  • undertaking various activities required by law;
  • providing you with information about other services that we, and other organisations that we have affiliations with offer, that may be of interest to you;
  • us engaging in direct marketing activities, provided that you have consented to receive direct marketing from us;
  • facilitating our internal business operations, including the fulfilment of any legal requirements; and
  • analysing our services and customer needs with a view to developing new and/or improved services.

In the case of potential employees, clients, contractors, consultants and agents, the primary purpose that the information is collected for is to assess the individual’s suitability for the relevant role.

We may also collect, hold, use and disclose personal information for secondary purposes that are within your reasonable expectations and that are related to the primary purpose of collection. For example, we may collect and use your personal information to provide you with updates and alerts that are relevant to our activities.

Methods of collection

Personal information will generally be collected directly from you, for example, through the use of any of our electronic or physical forms, over the Internet, via email, invoices, meetings, or through a telephone conversation with you.

There may, however, be some instances where personal information about you will be collected indirectly because either you have consented to such collection or it is unreasonable or impracticable to collect personal information directly from you. We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected. For example, we may also collect personal information from the following:

  • government bodies (such as regulatory authorities, relevant departments, etc);
  • through referrals from individuals or other entities;
  • third party platforms or websites that you may use, including social media platforms and websites;
  • our business partners;
  • our employees, contractors, consultants and agents;
  • the employees, contractors, consultants and agents of third parties; and
  • through marketing and business development events.

Anonymity and failure to provide information

We will take reasonable steps to destroy or permanently de-identify personal information if that information is no longer needed for the purposes for which we are authorised to use it.

You do not have to provide your personal information to us, but if you do not provide the information requested by us, or the information you provide to us is incomplete and/or inaccurate, we may be unable to provide you, or someone else you know, with the services you, or they, are seeking or we may otherwise be unable to engage with you.

In limited circumstances, it may be possible for you to use a pseudonym or remain anonymous when dealing with us. If you would like to use a pseudonym or remain anonymous you should notify us when making first enquiries. We will use our best endeavours to accommodate your request, subject to our ability to interact with you without having your personal information.

Marketing and SMS messaging

The data we collect from you on our websites may also be stored in HubSpot or other customer relationship management systems (‘CRMs’). Tracking cookies and matching this to your personal information, allows us to display and send you content that is most relevant to you. Through using CRMs we may also carry out various activities, including but not limited to:

  • improving your browsing experience by personalising our websites, based on criteria such as your location, other personal information or your activity on our websites;
  • sending you information that we think may be of interest to you by email, or other means;
  • sending you promotional offers, content and information about our products and trips; and
  • tracking and analysing your website behaviour and interaction with our emails and social media pages, and automatically sending follow-up emails based on this information.

We send out electronic communications, including by way of direct marketing and SMS messaging, to contacts who have opted-in to receive direct marketing communications, including by submitting an online enquiry and/or made an online booking.

We will not use or disclose your personal information for the purpose of direct marketing and SMS messaging unless you have provided us with your consent to the use or disclosure of your information for that purpose.

If you no longer wish to receive direct marketing from us, you may opt-out of receiving such direct marketing by contacting us at the contact details specified in this policy or by unsubscribing following the instructions provided in any direct marketing communication.

Use and Disclosure

Generally, we only use and disclose personal information about you for the primary purposes for which it was collected (as set out above).

We may from time to time disclose personal information to third parties, including but not limited to:

  • government bodies (such as regulatory authorities, relevant departments, etc);
  • our external auditors, financiers, legal advisers and other professional advisers;
  • our contractors, consultants, employees and agents;
  • our service providers, including those who assist us in operating our business, who may not be required to comply with our privacy policy;
  • other service providers who provide the various services that you have requested and we have arranged, who may not be required to comply with our privacy policy;
  • our business partners;
  • law enforcement agencies;
  • a bona fide purchaser of all or substantially all of the assets of our business;
  • a bona fide investor in our business or acquirer of equity in our business; and
  • our third parties with whom we have a commercial relationship, including those that we have affiliations with for the purposes of providing you with information about services and various promotions that might be of interest to you.

We will only disclose personal information to third parties or other related bodies corporate of Tasmanian Walking Company Pty Limited (ACN 127 733 742) if:

  • we are required or authorised by law to do so;
  • we have received express consent to the disclosure, or consent may be reasonably inferred from the circumstances; or
  • we are otherwise permitted to disclose the information under the Privacy Act (including the Australian Privacy Principles).

As set out above, we may also use and disclose personal information for secondary purposes that are within your reasonable expectations and that are related to the primary purpose of collection.

Data Quality

We will take reasonable steps to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date.

Data Security - how do we hold personal information?

We take data security very seriously. Your personal information is stored in different ways, including as follows:

  • physically, in paper files stored securely at our premises; and
  • electronically, in computer systems, applications, databases and cloud servers, either operated by us or our third-party service providers. 

We implement and maintain reasonable security measures to ensure that your personal information is stored safely to protect it from misuse, interference and unauthorised access, modification or disclosure. Some of these processes include:

  • using 128-bit SSL (secure sockets layer) encryption technology that protects information as it is sent from your browser to our secure server; and
  • using unique usernames, passwords and other protections on systems that can access personal information.

However, we do not guarantee that personal information cannot be accessed by an unauthorised person (e.g., a hacker) or that unauthorised disclosures will not occur.

Payments made by you over the internet

By utilising NAB (National Australia Bank Ltd) Transact - Direct Post we ensure no sensitive card payment data enter our environment directly. Payment card details are posted directly from your web browser direct to the NAB Transact payment gateway via HTTPS. NAB in turn confirm the payment has been received by providing only a masked card number, expiry date and card type. By utilising NAB Transact - Direct Post for our payment processing we can offer our customers complete PCI DSS compliance while still hosting our own payment page.

Payments by card received from you other than through our website

Card details received from you over the phone or any means other than through our website is entered over a HTTPS connection by our staff into NAB Transact, the National Australia Bank’s eCommerce payment solution. Any physical record of sensitive card information is destroyed.

Links to other websites

Our website may contain links to other websites. We are not responsible for the privacy practices of linked websites and so linked websites are not subject to our privacy policies and procedures.

Will we disclose personal information outside Australia?

If we hold your personal information in connection with you engaging with Heart of Nature, then Heart of Nature may disclose that personal information to Heart of Nature’s suppliers and commercial relationship partners located overseas for the purpose of Heart of Nature supplying its services. The location of such suppliers and commercial relationship partners will depend on the services relevant to you, but may include Chile, Japan, Nepal, Slovenia, France, Norway, Scotland and/or Italy. 

We otherwise do not directly disclose personal information outside of Australia unless you expressly request us to do so. However, we may utilise a cloud or other outsourced IT services which may result in personal information being stored overseas. This may include the operator of the US-based third-party provider of the ‘Peak 15’ software that we utilise, who may store certain personal information on US-based (or other overseas) servers.

We may also use services from time to time to manage and improve our services and the third-party service providers we engage may be located, or have their IT services, located overseas.

Access to and correction of personal information

It is important that the information we hold about you is up-to-date. If you believe that any information we hold about you is incorrect, please contact us so we can make the necessary change(s).

If the personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.

You may request access to the personal information we hold about you, or ask us for your personal information to be corrected, by using the contact details set out below. We will provide you with access to the information requested within a reasonable time, subject to the request circumstances.

We may charge you a reasonable fee for processing your request. The fee (if any) will be disclosed prior to being levied.

We may decline a request for access to personal information where the Privacy Act (including the Australian Privacy Principles) requires or permits us to do so.

In keeping with our commitment to protect the privacy of personal information, we may not disclose personal information to you without proof of identity.

We may deny access to personal information if:

  • the request is unreasonable, frivolous or vexatious;
  • providing access would have an unreasonable impact on the privacy of another person;
  • providing access would pose a serious and imminent threat to the life or health of any person;
  • providing access would compromise our professional obligations;
  • denying access is required or authorised by or under an Australian law or court/tribunal order; or
  • there are other legal grounds to deny the request.

If we refuse to provide you access to your personal information, or in the manner that you request, we must take such steps (if any) as are reasonable in the circumstances to give access in a way that meets both our needs as well as yours. We will also provide you with written notice setting out the reasons for the refusal and mechanisms available to complain about the refusal.

Complaints

If you wish to complain about an interference with your privacy, then you must follow the following process.

  • The complaint must be firstly made to us in writing, using the contact details in this policy. We will have a reasonable time to respond to the complaint.
  • If the privacy issue cannot be resolved, you may take your complaint to the Office of the Australian Information Commissioner.

Feedback

A person may make a complaint or request to access or correct personal information about them held by us. Such a request must be made in writing to the address below.

If you otherwise have any questions regarding our privacy policy, please feel free to contact us at:

Privacy officer: Head of Corporate Services
Postal address: PO Box 7686, Launceston TAS 7250
Email address: privacy@taswalkingco.com.au
Telephone: 03 6392 2211

More Information

For your information about privacy in general, you can visit the Federal Policy Commissioner’s website at www.privacy.gov.au.

Changes to the policy

We may update, modify or remove this policy at any time without prior notice. Any changes to the privacy policy will be published on our website(s) or otherwise notified to you.

This policy is effective 7 August 2025. If you have any comments on this policy, please contact the privacy officer at the contact details set out above.