Privacy Policy — Cairns Dive Adventures
Last updated: [07.06.2026]
Cairns Dive Adventures (ABN 84 966 211 662) ("CDA", "we", "us") is an independent Cairns-based tour booking agency. We act as a booking facility connecting customers with third-party tour operators; we are not a tour operator ourselves.
We respect your privacy and are committed to handling your personal information openly and honestly. This policy explains what personal information we collect, why, how we use and protect it, who we share it with, and the choices and rights you have. You can browse most of our website without giving us any personal information.
If you have any questions about this policy or your personal information, contact us at reservations@cairnsdiveadventures.com or 103 The Esplanade, Cairns QLD 4870, Australia.
What personal information we collect
We deliberately collect very little. When you make a booking or enquiry, we collect:
- Lead passenger first name and last name
- Email address
- Phone number
- For tours with an optional bus pickup, the pickup hotel you select from the operator's list
- A count of additional travellers in your party (for example "2 adults, 1 child") — we do not collect names or contact details for anyone other than the lead passenger
When you pay, our payment provider Stripe collects the information needed to process your card payment, which may include a billing name, billing email, and billing address.
We do not collect dive certification details, dietary requirements, allergies, medical or health information, emergency contact details, next of kin, passport details, or date of birth. If a tour operator requires any of that information, you provide it to the operator directly — not to us.
Note on payments and card details: We do not store your full credit card number on our systems. Card payments are processed by Stripe, a PCI-DSS compliant payment provider.
Note on identity checks at the tour: Some tour operators require you to present photo ID (and may retain a copy) when you check in for your tour. This is collected by the tour operator, under their own privacy policy — not by CDA.
How we use your personal information
We use your personal information to:
- Process and confirm your booking and pass the necessary details to the relevant tour operator so they can deliver your tour
- Contact you about your booking, including changes, confirmations, and reschedules
- Respond to your enquiries
- Send you marketing about our tours and special offers where you have not opted out — you can unsubscribe at any time (see "Your choices" below)
- Understand how customers find and move through our website so we can improve it (see "Analytics and cookies" below)
We do not sell your personal information, and we do not share it with third parties for their own marketing.
Analytics and cookies
Our website uses cookies and similar technologies to understand how visitors find and use our site — for example which pages are viewed and how people move toward a booking. We use this to fix problems and improve the website. The tools we use are:
- Google Analytics (GA4) — website usage and visitor-journey analytics (Google; data processed internationally).
- Statcounter — website visitor statistics (Statcounter; data processed internationally).
- Meta (Facebook) Pixel — a Meta advertising/analytics tag. We are not currently running Facebook advertising, but the tag is present on our site and, when enabled, sends visit information to Meta in the United States. It is only active where you have accepted analytics/ advertising cookies (see banner below).
We display a cookie consent banner. Non-essential analytics and advertising cookies — including all three tools above — are not set until you accept them, and you can change or withdraw your choice at any time.
You can also control cookies through your browser settings. Blocking cookies may affect how parts of the site work.
Our internal analytics tools (including AI assistance)
We operate an internal, staff-only business-intelligence dashboard to analyse our own booking and website data — for example, which marketing channels lead to bookings. This includes an AI-assisted feature that lets authorised staff ask plain-language questions about our business data.
- This tool is internal and staff-only. It is not accessible to customers or the public.
- It is used to produce information and reporting for our staff. It does not make any automated decision about you.
- Where this feature uses an AI service (Anthropic's Claude), only the staff member's typed question and a description of our database structure are sent to that service. Your personal information (your booking records) is not sent to the AI service.
- By default, the tool masks personal details (such as names and emails) from the staff member viewing results.
Who we share your information with
We share personal information only as needed to run our business and deliver your booking:
- Tour operators — we pass the booking details needed for the operator to provide your tour
- Stripe — to process your payment
- Service providers that host or support our systems and website, including our database and website hosting providers, and our analytics providers (Google Analytics, Statcounter, Meta) [Supabase, Netlify, WP Engine]
- Anthropic — for the internal AI analytics feature described above (question and schema only; not your booking data)
We may also disclose personal information where required or authorised by law, or to protect the safety of individuals or the public.
Storage and overseas handling
Your booking data is held in our database, which is hosted on servers located in Australia & USA (AWS, Sydney region, via Supabase).
Some of our service providers are located, or process data, overseas:
- Google (Analytics) and Statcounter process website-analytics data internationally.
- Meta Platforms receives data via the Meta Pixel (when active and consented to) in the United States.
- Stripe processes payment information and operates internationally.
- Anthropic (our internal AI analytics provider) is based in the United States. As noted above, only staff questions and database structure — not your booking records — are sent to this service.
Where we use overseas providers, we take reasonable steps to ensure they handle personal information consistently with this policy and applicable data-protection terms.
How long we keep your information
We keep booking-related personal information for as long as needed to provide our service, meet our business and legal obligations (such as tax and financial records), and resolve any disputes.
Keeping your information secure
We take reasonable steps to protect your personal information from loss, misuse, unauthorised access, modification, or disclosure. These steps include access controls and restricting who can view personal information, hosting data with reputable providers, and limiting the personal information we collect in the first place.
No system is perfectly secure, but we work to protect your information and to limit what we hold.
Your choices and rights
You can:
- Access the personal information we hold about you
- Correct information that is inaccurate or out of date
- Opt out of marketing at any time, by using the unsubscribe link in our emails or contacting us
- Ask us to delete your information, where we are not required to keep it
To make any of these requests, email reservations@cairnsdiveadventures.com. We will respond within a reasonable time. There is no charge to ask.
Complaints
If you are concerned about how we have handled your personal information, please contact us first at reservations@cairnsdiveadventures.com so we can try to resolve it. If you are not satisfied, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the "last updated" date above and, where appropriate, place a notice on our website.
This document is a plain-language privacy policy prepared to accurately describe Cairns Dive Adventures' current data practices.
