About this Policy
Intrepid takes its data protection and privacy responsibilities seriously.
Who is Intrepid?
We are part of a wide group of companies and references to ‘Intrepid’, “Intrepid Group’, ‘we’, ‘our’ and ‘us’ means Intrepid Group Pty Limited and each of our affiliates and branded partners forming part of our group, including Intrepid , Urban Adventures, Wildlands Trekking, Haka Tours and ANZ Nature Tours. It also includes our local destination management companies (Destination Management Companies) forming part of the Intrepid Group who operate and run our tours worldwide, along with tours and travel services operated by our partners including but not limited to Chimu Adventures Pty Ltd ) a joint venture partner of Intrepid and Ocean Endeavour Expeditions Pty Ltd.
For the purposes of relevant data protection laws (including each of the EU and UK General Data Protection Regulation (EU/UK GDPR), the Intrepid entity with whom you contract will be the primary controller of your personal data (for example, if you are a visitor to our website and sign up to purchase one of our trips, the Intrepid entity operating the relevant website or trip; or you are a supplier or travel agent, the Intrepid entity to whom you provide services).
You can find out more about Intrepid and our various brands and companies that comprise the Intrepid Group at https://www.intrepidgroup.travel/our-brands and https://www.intrepidgroup.travel/our-brands/other-partners or by contacting us using the information in the contact us section below.
However, you should also review the online policies of the company that you engage with, where they may have separate notices on how they protect your information to satisfy yourself as to the way in which they process and handle your personal data
What Information do we collect about you?
Making an Enquiry or Booking a Trip
We will collect certain information from you when you make an enquiry or book a trip with us. Depending on your interaction with us and what products and services you use, typically we collect the following personal information:
We also process and store records of the products and services you have enquired about or purchased from us, as well as collect and process information relevant to your booking (such as flights and accommodation details) that you have not booked through Intrepid, where this information has been passed to us by our partners and/or third parties.
We also collect your technical identity data (including IP addresses, browser type and versions, other technology on the device that you use to access our websites, some of which is collected automatically), as well as information about your usage of our websites as you and others browse our websites (see our separate “Cookies” policy for more information).
We may also receive information about you from other sources. These include business partners, such as our affiliate partners, including Urban Adventures, Haka Tours or Wildlands, members of our Intrepid Group, travel providers and tour operators, travel agents and other independent third parties. Anything we receive from these sources may be combined with information provided by you. For example, our services are not only made available via our website and mobile apps, but are also integrated into the services of our affiliate partners that you can find online, such as Urban Adventures. When you use any of these services, you may provide reservation details to our business partners who, where permitted, then forward your details to us.
Travel providers (e.g. accommodation, hotel, transport and other similar local providers (Travel Providers) may also share personal information about you with Intrepid, for example, to ensure fulfillment of your travel reservation, if you have support questions about a tour or trip booked, or if any complaints or disputes arising about your reservation.
Through your user preferences on your Intrepid booking account, if you link you Intrepid user account to a social media account (e.g. Facebook or Twitter) you may exchange information between us and that social media provider – though you can at all times choose not to share that data through the user preferences on your account.
We also integrate with third party service providers (such as Worldline, Ayden) and payment gateways (such as Stripe) to facilitate payments between you and us and our partners and tour operators and agents, as applicable. These service providers share payment information so we can administer and handle your travel services reservation or tour. All of our third-party payments providers are required to be PCI DSS compliant and process all payments on our behalf.
In the majority of cases, to make a payment via credit card for your tour / travel services, you will use the secure online booking engine on the relevant website or platform that you are using or you will call your booking agent directly. In some limited cases you may provide us with your credit card details over the phone; for example if Intrepid needs to provide you with a refund, your bank details may be collected and recorded by us for the purposes of providing the refund only.
We ask that you do not email or send in writing your payment card details to us or any of our partners at any time.
With your consent also, any calls with us, if any, may be recorded, and/or monitored for quality control, coaching and/or training and customer service purposes that assist in addressing your inquiries. As part of the recording. we may collect information such as the identity of the caller, the date and time of the call and the subject and resolution of the issue. For clarity, any financial information that may be provided during a telephone call is not recorded or logged by Intrepid.
Photo and Video
When you are travelling with us on a tour or branded trip, as part of your experience a photo or video may be taken either by the Intrepid group leader, an employee of Intrepid or one of our partners or another passenger. We care about your privacy so if you do not wish for your photograph to be taken at any time, or to be included in any video, please let your tour group leader or the photographer know. Any photos taken by Intrepid staff (including employees and group leaders) will not be used for marketing purposes without your prior knowledge. Whilst we take every precaution to protect your privacy, we are not responsible for passengers who may take your photograph or video you without our knowledge.
On some occasions, we may engage professional photographers to take and obtain photos to use in our marketing materials. We ensure that all of our customers are notified prior to travelling on our trips if a professional photographer is being engaged and you have the right to say no or opt-out of being included in any photos being taken for these purposes, including any subsequent content or images use.
Marketing and Other Interactions
We collect the following personal information from you for marketing purposes (as more fully described below):
We may contact you to seek your interest in taking part in research projects, surveys feedbacks and interviews. This may include contacting you with a post-booking or post-trip feedback survey and asking to provide a score and comment on your experience.
As part of this contact, we may collect your full name, email address, booking number and departure code. You will be asked to provide a score and comment on your trip experience. This information will be linked to any comments you make about your trip.
Where you have provided the relevant details, we may also contact you in response to your feedback to discuss your comments.
The Intrepid Foundation
We operate a non-for-profit foundation known as the Intrepid Foundation, more information on which is set out here https://www.intrepidtravel.com/about/intrepid-foundation. Depending upon your engagement with the Foundation, we will collect and process your personal information. For example, if you subscribe to the Intrepid Foundation newsletter, or link a challenging trip to any fundraising campaign or activity, we may collect your full name, date of birth, postal address, telephone number and email address.. If you make a donation to the Foundation, we may additionally collect and process your country location and donation amount, including as may be required for one of our partners.
If you apply for a job with us, we will collect your CV details and supporting documents which include personal information. We will also request you fill in a form and will ask for your personal information, where necessary, such as your full name, contact details, home address, date of birth, sex, ethnicity (optional), accessibility requirements and details in relation to your passport and immigration information.
Why do we collect your information?
We collect, hold and handle your personal information for a variety of business purposes (further information on each of which is set out below), including to:
Under applicable privacy and data protection laws (including EU/UK GDPR), for Intrepid to collect, hold, use, share and process your information we must have a purpose and legal basis to do so. The legal basis may differ depending on your interaction with us and what information we collect and process, which will fall under:
Necessary for the performance of a contract – When you make an enquiry or book a trip with us or any of our partners, we rely on the legal basis that the processing of your personal information is necessary for the performance of your contract with us i.e. completing a travel reservation as part of your planned itinerary and administering your booking.
Legitimate Interest – Our legitimate interest means your information has a commercial business purpose and is necessary in order to provide a product or service to you and does not override your rights and freedoms as an individual. For example; as a travel customer, we collect your email address for the purpose of communicating with you when necessary to communicate about the product or service you’re requesting or booking, and for Intrepid to provide you with relevant information. If you are a business partner, we may process your contact information in order to manage our relationship with you. We also rely on our legitimate interests to improve our products and services, and to prevent fraudulent activity on our online platforms and accounts (as set out more specifically below). When using personal data to serve our or a third party's legitimate interest, we will always balance your rights and interests in the protection of your personal information against our rights and interests or those of the third party, including by using your information in a way which is proportionate and respects your privacy.
Legal Obligations - in certain circumstances we will need to use your information to comply with our legal obligations, for example, to comply with local laws in the country you are visiting.
Vital Interest – we rely on the legal basis of vital interest in certain limited circumstances where it is essential to you and your health that we process your personal information; for example, to contact medical providers / insurance providers in the case of any medical emergency.
Consent – where required by applicable laws, we will obtain your prior consent prior to processing your personal information, including before sending you electronic marketing materials or as otherwise required by law.
You can revoke your consent or object to our marketing in certain circumstances; please see ‘WHAT ARE YOUR RIGHTS’ for further information.
Providing your personal data to us is voluntary. However, we may not be able to fulfill your reservation and your experience may be affected if certain personal information is not provided. We may only be able to provide you with some products and services if we can only collect some personal data. For example, we can’t process your travel booking if we don’t collect your name and contact details.
Making an Enquiry or Booking a Trip
We use your personal information to arrange and provide you with the products and services you have requested and booked. This includes booking any flights, transportation, accommodation and activities. The following will provide more insight into these purposes:
Other than where it is in your vital interests or required by relevant laws, medical/health information can only be used by Intrepid with your consent. This is because medical/health information is considered sensitive and by consenting, you are showing us that you understand and agree to us processing this information. Providing medical/health information and consenting to its use by Intrepid is optional, however, it is highly recommended that information be provided (including if requested) for your safety and wellbeing.
Photo and Video
Taking a photo or video is something many people love to do, especially as a way to capture special moments. This is likely to be the reason why you may be included in visual media taken on your trip. On occasion, visual media captured by Intrepid group leaders and employees are so good our Studio team may wish to use them in our brochures or on our website for promotional purposes. There may also be a professional photographer scheduled on your trip for the purpose of taking promotional images. In these cases, a consent and waiver form will be provided to you You do not have to sign this consent or waiver form and providing such information is entirely voluntary. We will respect your privacy and your preferences when processing any personal information collected using visual media.
Marketing and Other Interactions
Intrepid may use your information for marketing purposes including:
These products and services may be offered by us our associated companies, or our brand partners.
We will only engage in direct marketing in accordance with the laws of the relevant country or jurisdiction you are located in.
To protect privacy rights and to ensure you have control over how we manage marketing with you we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you based on the products and services which you have purchased or have registered your interest in purchasing to date.Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication. For example, if you are subscribed to any promotional marketing newsletters, you have the choice to unsubscribe from these communications by scrolling to the bottom of the e-mail enclosing the newsletter and clicking the ‘unsubscribe’ link at any time. You can also change and manage your marketing preferences at any time on your preference centre. Alternatively, or in case of any issue, you can contact us at email@example.com.
You can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser. We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.
We conduct research and analyse your information, including feedback and comments, to help us improve our products and services and to enhance your customer experience, including customising online content, and to improve your booking and website experience. We also look for trends and future destinations and itinerary opportunities.
We may use your de-identified data for internal reporting (i.e. if a partnership was successful), creating new marketing strategies and to identify trends.
We may contact you to seek your interest in taking part in research projects, surveys and interviews. These interactions are designed to help us gain insight and understand certain things such as how to improve the services we provide, help us to understand our customers’ needs and expectations, what media they consume, what their concerns are, why do they travel, etc. Your information and details from our research activities may be stored or kept on file for future reference if relevant and will be de-identified where possible.
The Intrepid Foundation
Intrepid may use your information to promote the activities of the Intrepid Foundation including to:
Information collected from job applicants will be used to process your application, decide if you are right for the role you are applying for and for us to communicate with you. We will also use your de-identified information to analyse and understand who is applying for our jobs, understand where barriers might exist and to improve our job offerings and recruitment processes in future.
If you are successful in your application, the details you have provided to us will be transferred through to our Human Resources system to begin building your employee profile.
How do we collect your information?
Your information may come to us in a variety of different ways. You may provide information directly to us or our sales agents, travel agents, business partners, including tour operators and guides, and other third parties (including insurance and medical providers) when communicating via email, phone, letter, web chat or in person. Please see more information here. You may also provide us with your information by filling in an online or printed form, leaving feedback, completing a survey, donating to the Intrepid Foundation, subscribing to a newsletter or a loyalty program.
Your information may also be provided to us by a friend/family member who is booking on your behalf.
Sharing your information
Making an Enquiry or Booking a Trip
In order to handle your enquiry, fulfil your product or service request or manage your booking, we may share your personal information with the following:
For clarity, for example, if you book flights through Intrepid, or your trip includes a flight, the relevant personal information will be provided to the applicable airline. Similarly, if your trip is operated by a non-Intrepid affiliated tour company, your personal information will be provided to that company for them to confirm you on the trip and provide the relevant services. We also share your personal information with any travel providers or third-party local operators for the purpose of improving services and experiences, and to investigate complaints and/or disputes, where necessary.
You should famillarise yourself with the privacy policies of all travel providers and tour operators you select to provide a trip or travel-related services. We are not responsible for the privacy practices of third-party travel providers and tour operators with whom you may choose to book travel product and services.
We share your personal information with third parties that help us operate, provide, improve, integrate, customize, support and market our products and services. This includes the following:
We seek to ensure that your information is protected at all times including that these third parties have agreed confidentiality restrictions and only use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us.
Sharing within the Intrepid Group
As we are a large international group, your information may be shared within the Intrepid Group and any of our related entities worldwide, including Destination Management Companies forming part of our Group, including our IT shared services centre located in Columbo, Sri Lanka. Where permitted, we may share your personal information with the Intrepid Foundation for the purpose of promoting charitable causes.
We may share or transfer information in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the services if a transaction takes place, as well as any choices you may have regarding your information.
We may share your information with relevant regulators, which may include privacy regulators and supervisory authorities in other jurisdictions, and with courts and law enforcement to comply with all applicable laws, regulations and rules, and requests of law enforcement (e.g. police), regulatory and other governmental agencies
We also share personal information with insurance providers and/or medical personnel, which may be for identification of fraud or error, for regulatory reporting and compliance, or if we believe the disclosure is necessary to lessen or prevent a threat to life, health or safety.
We may share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our advertisers.
We do not and will not sell your personal information under any circumstances.
As we have stated earlier, it is necessary for us to share your information with our Group entities, partners and third parties, many of which are located overseas. When we transfer your information overseas, we seek to ensure appropriate privacy, confidentiality and security measures are in place, and that we comply with all applicable data protection and privacy laws.
Further, we operate with different service providers in over 120 countries, across all regions of the world, so it is not possible for us to provide a list of all these countries in this Policy. Our key service providers are located in Australia and the United States. If you have any specific questions about where or to whom your personal information will be sent, please see the Contact Us section below.
In some jurisdictions, including the EEA, the UK and Australia, data protection laws restrict transferring personal information outside the jurisdiction. We take appropriate steps to ensure that your personal information receives an adequate level of protection (by putting in place appropriate safeguards, such as contractual clauses e.g. EU approved standard contractual clauses), or that we are able to rely on an appropriate derogation under applicable privacy and data protection laws. You have a right to request access to any safeguard which we use to transfer your personal information outside of the UK and the EEA.
Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments).
We want you to feel reassured that you have control of the information you provide to us. Subject to certain exemptions, and depending on relevant data protection laws, including in some cases upon our legal basis for processing your information there are certain rights you have over your personal information. These include:
Where possible we will comply with your request, however, there may be instances where we cannot fulfil your request, or there will be consequences if we were to fulfil your request. We will always communicate with you about any consequences before going forward, or give you written reasons for any refusal.
Under certain data protection laws, including the EU/UK GDPR, you may also (subject to certain exceptions):
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
We will only perform the activities outlined above to the extent that such activities will not compromise privacy, security or any other legal interests.
You may also wish to make a complaint about the way we have handled your personal information or other interference with your privacy rights.
You can exercise any of these rights at any time by contacting us (see the Contact Us section) or your relevant privacy or data protection authority.
Intrepid Data Protection Officer
If you would like to exercise your rights, as listed above, you can also do this by contacting the privacy team via the below form.
One of our Privacy Officers will contact you within a reasonable time frame after receiving your enquiry or request to verify who you are in order to locate any accounts or bookings you may have with us or ask any follow up questions to better understand your enquiry.
For the Intrepid Foundation, please contact us at the details below:
We will inform you whether we will conduct an investigation and the estimated completion date for the investigation process. After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view. If you are unsatisfied by our final response, you may escalate your complaint to the relevant regulatory body.
Complaint to the Data Protection Authority
If you have any concerns or complaints about how we are collecting or processing your personal information, you can complain to your local data protection authority. We would ask that you first contact us to seek to resolve the concern or complaint in the first instance.
If you are in the UK/EU, please follow this link to locate the data protection authority most relevant to you: https://edpb.europa.eu/about-edpb/board/members_en
If you are in Australia, you may contact the Privacy Commissioner at the Office of the Australian Information Commissioner (www.oaic.gov.au/).
We retain and store most information about you in computer systems and databases operated by either us or our external service providers. Some information about you may be recorded in paper files that we store securely.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
How we keep your information secure
Intrepid is dedicated to keeping your personal information secure. We have implemented various physical, electronic and managerial security procedures in order to protect your information and reduce the risk of loss and misuse, and from unauthorized access, modification, disclosure and interference.
We have put in place adequate procedures to deal with any actual or suspected personal information breach and will notify you and any applicable regulator of any data breach where we are legally required to do so.
Whilst we take all reasonable steps to ensure that your personal information is secure, we would ask you to be aware that the internet is inherently insecure, so please take precautions when disclosing any personal information online to us.
Links to Third Party Sites
Cookies & Website Usage
Our websites use a standard technology called ‘cookies’ and web server log. To find out more about the cookies we use, please see our Cookies Policy.