Privacy Policy
Effective date: 17 July 2026
About this policy
All Star Pathways Pty Ltd (ABN 76 695 008 916) (All-Star Pathways, we, us or our) provides educational, sporting, performing arts and other group travel programs. This Privacy Policy explains how we collect, hold, use and disclose personal information across our website and business operations.
We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles where they apply to us. We may also choose to follow the practices described in this policy where the Privacy Act does not strictly require it.
Application of overseas privacy laws
Where we carry on business in New Zealand or handle personal information in circumstances governed by the New Zealand Privacy Act 2020, we will comply with that Act and its Information Privacy Principles.
If the European Union General Data Protection Regulation, the United Kingdom General Data Protection Regulation or another overseas privacy law applies to our handling of personal information, we will comply with the applicable requirements. The application of those laws depends on the circumstances and does not arise solely because a traveller visits a particular destination.
What personal information we collect
The personal information we collect depends on your relationship with us and the stage of a program. It may include:
- identity and contact details, such as name, date of birth, address, email address and telephone number;
- school, club, association or employer details and your role or relationship to a traveller;
- enquiry and program-planning information, including preferred program, destination, timing, group size and budget;
- traveller information, including passport and visa details, citizenship, travel documents, rooming preferences and frequent flyer details;
- emergency contact and parent, guardian, teacher, tour leader or authorised representative details;
- health, medical, disability, accessibility, allergy, dietary and other welfare information where required to plan or safely deliver a program;
- payment, billing and transaction information, although we do not collect payments through this website;
- communications, feedback, complaints, photographs or other information you provide to us; and
- technical information associated with use of our website, such as IP address, browser type, device information, referring pages and website activity.
Some of this information may be sensitive information under the Privacy Act, particularly health information. We collect sensitive information only where it is reasonably necessary for our functions and with consent, or where collection is otherwise permitted by law.
How we collect personal information
We may collect personal information:
- directly from you through our website enquiry forms, email, telephone, meetings, surveys, documents and other communications;
- from a parent, guardian, school, club, association, employer, tour leader or other authorised representative;
- from travellers and program participants;
- from travel suppliers and service providers where required to manage a booking or program;
- automatically when you use our website; and
- from publicly available sources where lawful and appropriate.
Our website enquiry forms are provided using Zoho Forms. Information submitted through those forms may be transferred to Zoho CRM and used by our team to respond to and manage the enquiry.
If you provide personal information about another person, you must be authorised to do so and, where practicable, make them aware of this Privacy Policy. Schools, clubs and other organisations providing traveller information are responsible for ensuring they have the authority and any necessary consents to provide that information to us.
Where the New Zealand Privacy Act applies and we collect personal information about an individual from someone else, we will take reasonable steps to notify the individual of the collection and the matters required by Information Privacy Principle 3A, unless an exception applies. A school, club or other organisation may assist us to provide that notice to its travellers, students, parents or guardians.
Why we collect, use and disclose personal information
We may collect, use and disclose personal information to:
- respond to enquiries and communicate with prospective and current clients;
- plan, quote, arrange, administer and deliver group travel programs;
- make and manage bookings for flights, accommodation, transport, activities, events and other program services;
- support traveller safety, accessibility, dietary, medical and welfare requirements;
- communicate with schools, clubs, organisations, travellers, parents, guardians, tour leaders, suppliers and emergency contacts;
- process invoices, payments, refunds and financial records outside the website;
- verify identity and travel eligibility and assist with passports, visas or entry requirements where agreed;
- manage incidents, emergencies, complaints, disputes and insurance matters;
- maintain and improve our services, systems, website and business operations;
- protect the security and integrity of our systems and prevent misuse or unlawful activity;
- send information about our services where you have consented or where otherwise permitted by law, with a simple way to opt out; and
- comply with legal, regulatory, insurance and reporting obligations.
If we cannot collect information that is reasonably necessary, we may be unable to respond fully to an enquiry, make a booking, accommodate a traveller's requirements or safely deliver a program.
Who we may disclose personal information to
Where reasonably necessary for these purposes, we may disclose personal information to:
- airlines, accommodation providers, transport operators, venues, activity providers, event organisers, tour operators and other travel suppliers;
- schools, clubs, associations, employers, tour leaders, parents, guardians, travellers and their authorised representatives;
- technology and business service providers, including Zoho Forms, Zoho CRM, Google Workspace, website hosting, security and content-delivery services provided through Cloudflare, and analytics providers if analytics are enabled;
- banks, payment processors, insurers and insurance assistance providers;
- our professional advisers, contractors and consultants;
- government, border, immigration, consular, health, law-enforcement and regulatory authorities where required or authorised; and
- another organisation in connection with a proposed or completed sale, merger or restructure of our business, subject to appropriate confidentiality arrangements.
We do not sell personal information.
Overseas disclosure
International travel necessarily involves disclosing traveller information outside Australia. Recipients may be located in any country included in a traveller's itinerary or in which a relevant airline, supplier, government authority or service provider operates. Our programs may include, for example, New Zealand, the United States, the United Kingdom, countries in Europe and Asia, and other destinations agreed with a client.
Some cloud and technology providers may also store or process information outside Australia, including in countries where they or their subcontractors operate. The locations may change over time. Where the Australian Privacy Principles apply, we take reasonable steps in the circumstances to ensure overseas disclosures are handled consistently with applicable Australian privacy requirements. Overseas recipients may also be subject to the laws of their own country.
New Zealand cross-border disclosures
Where the New Zealand Privacy Act applies to personal information that we disclose outside New Zealand, we will comply with Information Privacy Principle 12. Depending on the circumstances, this may include confirming that the recipient is subject to the New Zealand Privacy Act, using contractual or other safeguards that provide comparable protection, relying on another permitted basis, or obtaining the individual's express authorisation after explaining that the recipient may not be required to protect the information in a way that is comparable to New Zealand law.
Sending information to a service provider that stores or processes it solely on our behalf may be treated differently from disclosing it for the recipient's own purposes. We will assess the relevant data flow and safeguards in the circumstances.
Website, cookies and analytics
Our website and its service providers may use essential cookies and similar technologies for security, reliable operation, form functionality and performance. You can control cookies through your browser settings, but disabling them may affect parts of the website.
If we add website analytics, we may collect information such as pages visited, time spent on the website, general location, device and browser information, and referring websites. We will update this policy and implement any consent controls required for the analytics technology used.
We do not currently use the website to accept bookings or payments, and this policy does not state that we use advertising, AdSense or remarketing cookies.
Direct marketing
We may use contact details to send information about All-Star Pathways services where you have consented or where otherwise permitted by law. You can opt out at any time by using an unsubscribe link or contacting us. Transactional and operational communications about an enquiry, booking or program are not marketing messages.
Storage, security and retention
We may hold personal information electronically and, where necessary, in hard copy. We take reasonable steps to protect it from misuse, interference, loss, unauthorised access, modification and disclosure. These steps may include access controls, passwords, multi-factor authentication, staff procedures, secure service providers and system monitoring. No method of electronic storage or transmission is completely secure.
We retain personal information only for as long as reasonably necessary for the purpose for which it was collected and to meet legal, accounting, insurance, dispute-resolution and record-keeping requirements. When information is no longer required, we take reasonable steps to delete or de-identify it, subject to backup and archival processes.
Children and young people
Our programs often involve school students and other young people. We seek to collect only the information reasonably necessary to plan and safely deliver a program. Depending on the person's age, maturity, circumstances and the type of information involved, consent or authority may be obtained from the young person, a parent or guardian, or an authorised school or organisation representative. We expect organisations providing information about young people to have the necessary authority and consents.
Access, correction and additional rights
You may ask to access personal information we hold about you or request that it be corrected. We may need to verify your identity. We will respond within the period required by applicable law, or otherwise within a reasonable period, and will provide reasons if applicable law permits or requires us to refuse a request. We do not charge for making a request, although we may charge reasonable costs for providing access where permitted by law.
If European Union, United Kingdom or another overseas privacy law applies, you may have additional rights concerning deletion, restriction, objection and data portability. These rights are not absolute and apply only where provided by the relevant law. To exercise an applicable right, contact our Privacy Officer.
Privacy complaints
If you have a privacy question or complaint, contact us using the details below. Please provide enough information for us to understand and investigate the issue. We will acknowledge and respond within a reasonable period.
If you are not satisfied with our response and the Australian Privacy Act applies to the matter, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au. If the New Zealand Privacy Act applies, you may contact the New Zealand Office of the Privacy Commissioner at www.privacy.org.nz. Other applicable privacy laws may provide a right to complain to the relevant supervisory authority.
Data breaches
We maintain processes for responding to suspected data breaches. Where the Australian Notifiable Data Breaches scheme applies and a breach is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner as required by law.
Where the New Zealand Privacy Act applies and a privacy breach has caused, or is likely to cause, serious harm, we will notify the New Zealand Privacy Commissioner and affected individuals as soon as practicable as required by law. Where another applicable privacy law imposes breach assessment or notification obligations, we will comply with those requirements.
Third-party websites
Our website may link to third-party websites. Those websites are governed by their own privacy practices, and we are not responsible for their content or handling of personal information.
Changes to this policy
We may update this Privacy Policy from time to time. The current version will be published on our website with its effective date.
Contact us
Privacy OfficerAll Star Pathways Pty Ltd
Level 1, 21–23 Atherton Road
Oakleigh VIC 3166
Email: travel@allstarpathways.com