This Privacy Policy explains how Cooee Tours Australia (trading name of Waggie Group Pty Ltd, ABN 12 345 678 901) handles your personal information when you book a Brisbane day tour, Queensland multi-day holiday, accessible tour, or group transport service through www.cooeetours.com.au.
We're committed to protecting your privacy in full compliance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Read alongside our Cookie Policy and Terms & Conditions for a full picture.
1 About This Policy
Cooee Tours (trading name of Waggie Group Pty Ltd, ABN 12 345 678 901, "we", "us", "our") is committed to protecting the privacy of your personal information. This privacy policy explains how we collect, use, store, and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This policy applies to all personal information collected through our website (cooeetours.com.au), our booking platform (cooeetours.rezdy.com), our email and phone communications, and any in-person interactions during tours and events across Queensland, Australia, and New Zealand.
By using our website or services, you acknowledge that you have read and understood this privacy policy. If you do not agree with how we handle your data, please do not use our services.
2 Information We Collect
We collect only the personal information reasonably necessary to deliver our tour services. The categories of information fall into the six groups below:
Contact Details
Name, email address, phone number, and postal address — used to confirm your booking and communicate updates.
Booking Details
Tour preferences, travel dates, number of passengers, and your preferred Brisbane or Queensland pick-up location.
Payment Information
Card details processed securely by our PCI-DSS compliant provider — we never store full card numbers.
Accessibility & Health
Mobility requirements, dietary needs, and relevant medical conditions — only when voluntarily provided by you.
Emergency Contacts
Name and phone number of your nominated emergency contact — used only in genuine emergencies.
Communication Records
Emails, phone messages, feedback, and reviews — kept to maintain service history and improve future tours.
Information collected automatically
- Website usage data: pages visited, time on site, referral source (collected via Google Analytics)
- Device information: browser type, operating system, screen resolution
- IP address: used for analytics and security purposes (not used to identify individuals)
- Cookies: see Section 7 below and our full Cookie Policy
3 How We Collect Information
We collect personal information through the following channels:
- When you make a booking through our website or our Rezdy booking platform
- When you contact us by phone, email, or through our website enquiry form
- When you subscribe to our newsletter for tour news and Queensland travel deals
- When you leave a review or provide feedback after a tour
- When you interact with us on social media (Facebook, Instagram, YouTube)
- Through cookies and analytics tools when you visit cooeetours.com.au
- When you board one of our tours — for example, emergency contact details collected on the day
We only collect personal information that is reasonably necessary for our business activities. We will not collect sensitive information (such as health data) unless you voluntarily provide it and it is directly related to your tour experience.
4 Why We Collect Information
We use your personal information for these specific purposes — and no others without your consent:
- Provide tour services: process bookings, confirm reservations, arrange Brisbane and Queensland pickups, deliver the tour experience
- Communicate with you: send booking confirmations, tour updates, itinerary changes, and respond to enquiries
- Accessibility & safety: accommodate mobility requirements, dietary needs, and health conditions for a safe, comfortable experience
- Process payments: charge for tour services and issue refunds where applicable
- Improve our services: analyse website usage, understand customer preferences, enhance our Brisbane day tours and multi-day holiday offerings
- Marketing: send newsletters and promotional offers — only with your consent, and you can unsubscribe at any time
- Legal compliance: meet our obligations under Australian law including tax, workplace health and safety, and anti-discrimination legislation
5 Sharing Your Information
We share your personal information only with the third parties below, and only to the extent necessary to deliver your tour booking:
Our online booking and ticketing platform — handles your reservation details and confirmation.
PCI-DSS compliant payment gateway for secure credit card processing.
Venues, attractions, restaurants, and accommodation providers — limited to dietary or group-size info.
Anonymised website usage data only — no personally identifiable information shared.
Our newsletter platform — only used if you've subscribed to our Tour News & Deals.
Where required by law — emergency services, tax authorities, regulatory bodies.
We never sell, rent, or trade your personal information to third parties for their marketing purposes. All third-party service providers are contractually required to handle your information in accordance with their own privacy obligations and applicable Australian law.
6 Overseas Disclosure
Some third-party services we use (such as Google Analytics and our booking platform) may store or process data on servers located outside Australia, including in the United States. Where this occurs, we take reasonable steps to ensure that overseas recipients handle your information in accordance with the Australian Privacy Principles.
We will not transfer your personal information overseas for any purpose other than delivering the services described in this policy.
7 Cookies & Website Analytics
Our website uses cookies — small text files stored on your device — to improve your browsing experience and help us understand how visitors use cooeetours.com.au.
Types of cookies we use
- Essential cookies: required for the website to function (sessions, security tokens, booking forms)
- Analytics cookies: Google Analytics cookies that help us understand traffic, popular tour pages, and visitor navigation. Anonymised — does not identify you personally.
- Performance cookies: used to optimise page load times and deliver a faster browsing experience
- Marketing cookies: used with your consent for relevant advertising on Google and Meta platforms
Managing cookies
You can control or delete cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being set. Disabling essential cookies may affect website functionality, including the booking forms. See our full Cookie Policy for the complete cookie list, durations, and opt-out instructions. For general cookie information, visit allaboutcookies.org.
How We Keep Your Data Secure
Cooee Tours takes practical, layered steps to safeguard your personal information against misuse, loss, or unauthorised access:
- Secure HTTPS connections using industry-standard TLS encryption
- PCI-DSS compliant payment processing — full card numbers never stored
- Password-protected access to booking and customer management systems
- Regular staff privacy training and signed confidentiality agreements
- Role-based access — only staff who need data to do their job can see it
- Australian-hosted backups with encryption at rest
8 Data Security
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:
- Secure (HTTPS) website connections with TLS encryption
- Payment processing through PCI-DSS compliant providers — we do not store full credit card numbers
- Password-protected access to booking and customer management systems
- Multi-factor authentication on staff administrative accounts
- Staff training on privacy obligations and data handling procedures
- Limiting access to personal information to staff who need it to perform their role
- Regular security reviews and software updates
A note on internet security: While we take all reasonable precautions, no method of electronic storage or internet transmission is 100% secure. We cannot guarantee absolute security, but if a data breach ever occurs that's likely to cause serious harm, we'll notify affected individuals and the OAIC as required under the Notifiable Data Breaches scheme.
9 Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by Australian law:
- Booking records: retained for 7 years for tax and legal compliance purposes (per ATO record-keeping rules)
- Newsletter subscribers: retained until you unsubscribe — one-click opt-out in every email
- Website analytics: anonymised data retained for up to 26 months (Google Analytics default)
- Enquiry correspondence: retained for 2 years unless related to an active booking
- Customer reviews: retained indefinitely on third-party platforms (Google, TripAdvisor) per their policies
When personal information is no longer needed, we take reasonable steps to destroy or de-identify it securely.
10 Your Rights Under Australian Privacy Law
Under the Australian Privacy Principles, you have clear rights regarding the personal information we hold about you:
Right to Access
Request a copy of the personal information Cooee Tours holds about you — we'll respond within 30 days.
Right to Correct
Ask us to update or correct any inaccurate or out-of-date information in our records.
Right to Opt Out
Unsubscribe from newsletters and promotional emails any time — one-click in every email or contact us directly.
Right to Complain
If we've mishandled your data, contact us first or escalate to the OAIC for an independent investigation.
To exercise any of these rights, please contact us using the details in Section 14. We respond to access and correction requests within 30 days of receipt, free of charge for reasonable requests.
11 Children's Privacy
Our website and services are not directed at children under 18. We do not knowingly collect personal information from children without parental consent. If a child under 18 wishes to participate in a tour, the booking must be made by a parent or legal guardian, who provides consent for any necessary information collection on the child's behalf.
If you believe we have inadvertently collected personal information from a minor, please contact us immediately at contact@brisbanehirebus.com.au and we'll delete it promptly.
12 Third-Party Links
Our website contains links to third-party websites — attractions, accommodation providers, review platforms, and our booking platform Rezdy. These websites have their own privacy policies, and Cooee Tours is not responsible for their privacy practices. We encourage you to read the privacy policy of any website you visit before providing personal information.
13 Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. Any changes will be posted on this page with an updated "last reviewed" date. We encourage you to review this page periodically.
For material changes — such as a new category of data collection or a new third-party service — we'll communicate via our website homepage and newsletter where practical, giving you a chance to review before continuing to use our services.
14 Contact Us About Privacy
If you have any questions about this privacy policy, wish to access or correct your personal information, or want to make a privacy complaint, please contact our Brisbane-based privacy team:
- Phone: +61 409 661 342 — Monday to Friday, 9am–5pm AEST
- Email: contact@brisbanehirebus.com.au
- Post: Cooee Tours — Waggie Group Pty Ltd, Brisbane, Queensland, Australia
- Online: Contact & Enquiry form
We'll acknowledge your complaint within 7 business days and aim to resolve it within 30 days. If you're not satisfied with our response, you may escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.
📖 Privacy Glossary — Plain English
Privacy terminology can be confusing. Here are the key terms in plain English:
- Personal information
- Any information that can identify you — name, email, address, phone, even an IP address linked to you.
- Sensitive information
- A higher-protection category — health, racial/ethnic origin, religious beliefs, sexual orientation, biometric data.
- APP (Australian Privacy Principles)
- The 13 principles in the Privacy Act 1988 that govern how Australian businesses must handle personal information.
- OAIC
- Office of the Australian Information Commissioner — the federal regulator for privacy and freedom of information.
- Data breach
- An incident where personal information is accessed, disclosed, lost, or modified without authorisation.
- Notifiable Data Breaches scheme
- The Australian scheme requiring businesses to notify individuals and the OAIC of breaches likely to cause serious harm.
- PCI-DSS
- Payment Card Industry Data Security Standard — the global certification for secure card payment handling.
- TLS encryption
- The technology that secures data in transit between your browser and our website (the padlock icon you see).
❓ Frequently Asked Privacy Questions
Common questions from Brisbane and Queensland travellers booking with Cooee Tours:
No — never. We don't sell, rent, or trade your personal information for marketing purposes. The only third parties we share data with are service providers needed to deliver your booking: our booking platform Rezdy, our payment processor, and the tour partners who'll host you on the day. Each of those is contractually required to handle your data per Australian privacy law.
Email contact@brisbanehirebus.com.au with the subject "Privacy access request" and your full name. We'll verify your identity and provide a copy of the personal information we hold within 30 days, free of charge.
We retain booking records for 7 years to comply with ATO record-keeping requirements. Newsletter subscribers stay on our list until they unsubscribe. General enquiries with no booking attached are deleted after 2 years. See Section 9 for full retention periods.
No. Full card numbers are never stored on Cooee Tours systems. Payments are processed through a PCI-DSS compliant payment gateway that handles all sensitive card data on our behalf. We only see a token reference and the last 4 digits — enough to identify the transaction, not enough to make a charge.
If you're booking from the European Economic Area or the United Kingdom, GDPR / UK GDPR applies in addition to our Australian Privacy Act obligations. You get extra rights including data portability and the right to be forgotten. Email us to exercise any GDPR rights and we'll handle them within the GDPR's 30-day deadline.
If a data breach occurs that's likely to cause serious harm, we'll notify affected individuals directly and report to the OAIC under the Notifiable Data Breaches scheme. We'll explain what happened, what data was affected, and what steps you should take. We've never had a notifiable breach.
📌 In summary: We collect only what we need to deliver your tour, store it securely, never sell it, share it only with service providers who help us run your booking, and give you full rights to access, correct, or complain. Our Brisbane team is here to answer any privacy question — call 0409 661 342 or email contact@brisbanehirebus.com.au.