Privacy Act
Our business is bound by the Privacy Act 1988 (Cth) (hereinafter referred to as “the Act”) and the
Australian Privacy Principles (APP). Our business is an APP entity as defined in s 6(1) of the Act.
We collect and hold personal information relating to our clients and to other people and entities
associated with our clients as may be provided or disclosed to us in the course of business. Such
personal information may include, but is not limited to, names, addresses, telephone numbers,
email addresses, and occupations.
Personal information is collected from our clients in the following ways:
− by providing it to us directly;
− by authorising third parties to provide it to us;
− by other parties providing it to us either voluntarily or pursuant to compulsory processes we
conduct on our client’s behalf.
How is personal information received and held?
Personal information may be received and held either as a hard copy, paper, or a soft copy being
electronic data, in any available form. In either case, we take the security of personal information
seriously. We secure hard copy documents carefully in and out of our office. We use cyber-security
systems to protect soft copy documents. We never ask for bank details or other sensitive
information by email.
For what purpose is personal information collected, held, used and disclosed?
All data is processed by the business on a lawful basis. The purposes for which we collect, hold, use
and disclose personal information are:
− to offer our services to our clients. In doing so we may disclose personal information to other
people or entities involved in the provision of the product or service, such as government
departments and individuals. Unless compelled by law, we will never disclose personal
information without the client’s knowledge and consent;
− to facilitate our internal and external administrative processes including financial and business
operations and reporting requirements;
− to obtain, maintain and comply with the terms of our professional indemnity and other
insurance policies; and
− to comply with applicable laws.
How can personal information be accessed or corrected?
Clients may access their personal information and seek correction of it at any time by applying to our
office in person or in writing.
Clients will be formally identified before releasing or amending any personal information.
Use of cookies
When you visit our website, a small data file called a “cookie” may be stored on your internet
enabled device. We use cookies or similar digital markers to maintain user sessions and track the
behaviour of website visitors. This enables us to keep our site relevant and useful. However,
generally this information will not identify you. We do not link this information back to your identity
or other information that you have provided to us.
We and our service providers also use cookies and other digital markers (e.g. Clear GIFs’) to assist us
with our online marketing services and advertise to our website visitors on other third-party
websites or platforms (e.g. Google Ads Services or LinkedIn). Cookies placed on third party websites
help us to monitor the efficacy of our business relationships with third parties, improve performance
as well as personalise your experience when you visit our and our service providers’ websites. When
you visit other websites or platforms, you may see an advertisement for Ghost Elite Yacht Charters
Pty Ltd’s products or services because you have previously visited our website. Ghost Elite Yacht
Charters Pty Ltd may disclose the information collected via use of cookies on our websites to third
parties for marketing purposes.
By using our website(s) and not opting-out of cookies, you consent to our use of cookies in
accordance with the terms of this Privacy Policy.
Most web browsers are set by default to accept cookies. However, if you do not wish to receive
cookies you may set your browser to either prompt or refuse cookies (including Ghost Elite Yacht
Charters Pty Ltd’s cookies). If you use your browser settings to block all cookies, you may not be able
to access and/or use all or parts of our website.
Access to other websites
Sometimes our website contains links to other websites, for your convenience and information.
When you access a website other than www.ghostcharters.com.au , please understand that Ghost
Elite Yacht Charters Pty Ltd is not responsible for the privacy practices of that site. We suggest that
you review the privacy policies of each site you visit.
What is the complaints process relating to personal information?
If there is a breach of this privacy policy, either of the Act or the Australian Privacy Principles (APP), a
complaint may be made by the client to:
− our customer services team; or
− the Office of the Australian Privacy Commissioner, http://www.privacy.gov.au/.
Data breaches
All staff are responsible for protecting the confidentiality of client information and business
information. Refer any data breaches, or suspected data breaches, to the customer services team as
soon as possible.
What is an eligible data breach?
An eligible data breach, defined in s 26WE(2) of the Act, is when:
(a) both of the following conditions are satisfied:
(i) there is unauthorised access to, or unauthorised disclosure of, the information;
(ii) a reasonable person would conclude that the access or disclosure would be likely to
result in serious harm to any of the individuals to whom the information relates; or
(b) the information is lost in circumstances where:
(i) unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
(ii) assuming that unauthorised access to, or unauthorised disclosure of, the information
were to occur, a reasonable person would conclude that the access or disclosure would
be likely to result in serious harm to any of the individuals to whom the information
relates;…
If there is a suspicion of a breach
If we suspect that there has been an eligible data breach, a reasonable and expeditious assessment
will be conducted within 30 days.
If we believe or have reasonable grounds to believe there has been a breach then a statement will
be prepared setting out:
− the business’s details;
− a description of the breach;
− the kind or kinds of information concerned; and
− recommendations about the steps that we will take in response to it.
If practicable, we will advise the contents of the statement to each of the affected clients who may
be at risk from the breach. If this is not practicable, we will publish the statement on our website and
take other reasonable steps to publicise its contents. Communications with individuals will be via
their preferred communication method.
The statement will be submitted to the Privacy Commissioner.
Exception to reporting
Mandatory notification requirements are waived if remedial action can be taken that results in a
reasonable person concluding that the access or disclosure is not likely to result in serious harm to
any of those individuals.