4WD Tours R Us Privacy Policy

4WD Tours r Us ( Sandboarding Australia) is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au

What is Personal Information and why do we collect it?

Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses and phone numbers.

This Personal Information is obtained in many ways including correspondence, by telephone, letters and email, and via our website www.4wdtoursrus.com.au, and from third parties sites that sell our product. We don’t guarantee website links or policy of authorised third parties.

We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing at 4wdtoursrus@gmail.com

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party. When booking trough a third party site e.g. Groupon, Adrenaline, Scoopon , Cudo etc we do use your email for you booking ref and you will receive a feedback form from this but we will never sell or pass on your details to third parties.

Employee Records

We will manage personal information contained in employee records relying on the employee exemption in the Act, where this exemption is applicable.

Disclosure of Personal Information

Your Personal Information may be disclosed in a number of circumstances including the following:

  • Third parties where you consent to the use or disclosure; and
  • Where required or authorised by law.

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files, which will be kept by us for a minimum of 7 years.

Payment Gateway Security at Stripe

Security is one of the biggest considerations in everything we do. If you have any questions after reading this, or encounter any issues, please let us know.

Securing your integration

For more about being PCI compliant and establishing good security practices, check out our integration security guide.

Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we make use of best-in-class security tools and practices to maintain a high level of security at Stripe.

HTTPS and HSTS for secure connections

Stripe forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard.

  • Stripe.js is served only over TLS
  • Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection

We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.

Encryption of sensitive data and communication

All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).

PGP

Stripe has two PGP keys to encrypt your communications with Stripe, or verify signed messages you receive from Stripe. Which key you make use of is dependent on the information needing to be transmitted:

If you’re unfamiliar with PGP, check out GPG, and start by importing a public key.

Vulnerability disclosure and reward program

Our security team rapidly investigates all reported security issues. If you believe you’ve discovered a bug in Stripe’s security, please get in touch at security@stripe.com (optionally using our general PGP key). We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by Stripe.

We understand the hard work that goes into security research. To show our appreciation for researchers who help us keep our users safe, we operate a reward program for responsibly disclosed vulnerabilities. Stripe rewards the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users’ data (such as by bypassing our login process, injecting code into another user’s session, or instigating action on another user’s behalf).

Access to your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing at 4wdtoursrus@gmail.com

4WD Tours R Us (Sandboarding Australia) will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.

In order to protect your Personal Information we may require identification from you before releasing the requested information.

Links on our website

Our website may contain links to third party websites. We advise that the terms of this privacy policy do not apply to external websites. If you wish to find out how any third parties handle your personal information, you will need to obtain a copy of their privacy policy.

Policy Updates

This Policy may change from time to time and is available on our website.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at:

4WD Tours R Us

James Paterson St Anna Bay

4wdtoursrus@gmail.com

02 49819352 or 0429206009

OCT 2018