Privacy Policy and Notification


This Privacy Policy and Notification (Policy) describes how Mastercard Travel Solutions Australia Pty Ltd including its related companies which handle personal information collected in Australia (Company) collects, holds, uses and discloses personal information consistent with the Australian Privacy Act 1988.

This Policy also serves as notification to individuals of the matters required to be notified by the Australian Privacy Principles.

An individual who provides personal information to the Company, either directly or through a business partner or service provider, is given access to this Policy.

By providing personal information to the Company and having access to this Policy, either directly or through a business partner or service provider, an individual consents to the Company collecting, holding, using and disclosing personal information in accordance with this Policy.


Personal information collected by the Company includes:

  • Full name
  • Address
  • Fax number
  • Email address
  • Passport details
  • Date of birth
  • Information about the goods or services customers have ordered
  • Information from enquiries/complaints customers have made
  • Credit card information
  • Travel preferences
  • Reward program membership numbers - i.e. frequent flyer number and bank reward membership numbers
  • Company name (if applicable)
  • IATA numbers
  • ABN's of travel agents
  • Bank details

The Company also collects sensitive information, a category of personal information, including:

  • Medical and health information.
  • Copies of certificates/licenses (including marriage, doctors, birth, death and driving)


The Company collects the personal information of individuals directly from those individuals when:

  • The individual registers to use the website where this Policy is located or linked.
  • The individual enters a competition run by the Company.
  • The Company is selling products or services to those individuals.
  • The individual makes a redemption.
  • The individual makes an enquiry or claim about a product or service.
  • Personal information can be collected by electronic interaction, phone, in person, mail or fax.

The Company also collects an individual’s personal information from:

  • Its business partners where the company is responsible for the fulfilment of product or services.
  • Its business partnerswhose program the Company manages and operates.
  • Service providers who are involved with redeeming, selling and delivering products or services to an individual for or in conjunction with the Company.

Personal information received by the Company is held electronically on the information technology systems of the Company and may only be accessed by its authorised employees and contractors who require access in connection with the purposesdescribed in this Policy. Some personal information is held in hard copy such as ticket coupons, copies of certificates/licenses, suppliers confirmations and complaint correspondences. This information is accessible by authorised employees, their managers and the organisations which are contracted by the Company to store and secure that information. Other hard copy personal information may be held for internal Company purposes and administration of the Company’s business.


Without all of the required personal information being provided or consent being given, the Company will not be able to provide the product or service an individual is seeking, and may not be able to handle enquiries or claims in connection with those products or services.


Personal information will be collected, held, used and disclosed for the purposes of:

  • Informing individuals about products, services and opportunities in the form of direct marketing by the company.
  • Facilitating the redemption, purchase and delivery of a product or service.
  • Handling inquiries or claims about a product or service.
  • Security checks to verify the identity of an individual.
  • Internal and external auditing.
  • Administering the information technology systems used by the Company.
  • As required by law or a court or tribunal order.
  • Any related, secondary or ancillary purposes.


Personal information may be used or disclosed to inform individuals about products, services and redemption opportunities by direct marketing. If an individual does not want their personal information used or disclosed for direct marketing, then they may opt out or unsubscribe by selecting the option appearing on the direct marketing communication or by contacting


The Company may disclose personal information to its business partners and third party service providers to perform activities in connection with the purposes described in this Policy. This includes organisations such as:

  • Airlines.
  • Hotels.
  • Vehicle hire companies.
  • Cruise companies.
  • Insurance companies.
  • Ground operators i.e., tour/activity companies, transfer companies.
  • Third party companies i.e., Technology providers.
  • Business partners whose program the Company manages and operates.

Some of the organisations to which the Company will disclose personal information are located outside Australia. They are located worldwide. By accessing the website or opening an email on which this Policy is located or linked, the individual is directed to read it and as a result, giving consent to the collection, handling, use and disclosure of personal information by the Company in accordance with this Policy. One of the things the individual consents to is that the Company is not required to ensure that an overseas recipient of personal information complies with the Australian Privacy Act 1988 (see Australian Privacy Principle 8.1 by going to:

As Mastercard Travel Solutions Australia Pty Ltd is a member of a group of companies, then each member of the group may share and access personal information in connection with the purposes described in this Policy.

An individual may not be informed of each occasion personal information is shared or accessed by group companiesor an overseas recipient.


An individual will need to ensure that the personal information which is provided is accurate, complete and up-to-date at the time it is provided and must notify the Company of any changes.

The Company will take reasonable steps to protect the personal information that it holds from misuse and loss and from unauthorised access, modification or disclosure.The Company’s information technology systems are protected by various technology solutions. However, the Company will not be liable for direct or indirect loss or damage in connection with unauthorised access, use, alteration, destruction or disclosure of personal information.


An individual may see and have a copy of their personal information that the Company holds.

If an individual is able to establish that their personal information is not accurate, complete and up-to-date, then on request the Company will take reasonable steps to correct it.

If the Company is unable to agree whether personal information is accurate, complete or up-to-date, then an individual may ask the Company to place with the information a statement claiming that particular information is not accurate, complete or up-to-date.

An individual who seeks to exercise their rights of access and correction must contact in writing

A charge will apply commensurate with the nature of the request.

If an individual would like to view the Privacy Policy in a hard copy format please request in writing to


An individual may make a complaint in writing to about how their personal information has been dealt with by explaining the nature of the complaint and providing sufficient information to enable the Company to respond.

The Company will respond in writing to a written complaint within 30 days of receipt.

If the complaint remains unresolved, then the individual has the option of notifying the Office of the Australian Information Commissioner.


When an individual accesses the website or opens an emailon which this Privacy Policy and Notification is located or linked, the individual is directed to read it. As a result, the individual is notified of the matters that the Company must notify in accordance with the Australian Privacy Principles and consents to the collection, handling, use and disclosure of personal information by the Company in accordance with this Policy.

Policy last updated: 5 June 2017.