Privacy Policy

PROTECTING YOUR PERSONAL INFORMATION

1. INTRODUCTION AND PURPOSE OF THIS PRIVACY POLICY

    1.1 Ferry Hawk Pty Ltd ACN 656 469 386 (Ferryhawk, us, we or our) operates an automated booking software via the Ferryhawk Program (the Program) which is specifically supplied to the Customer (Controller, you). The Ferryhawk Program will be used by individuals (Users) and may include Retail Users or Admin Users or both.

    1.2 This privacy policy sets out:

      a. How personal information collected or given to us by our Customers (as Controllers) and Users using the Ferryhawk Program or by any other individual at any time will be handled by us in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and Australian Privacy Principles (together the Privacy Laws); and

      b. how we comply with our obligations under the Privacy Laws regarding the collection, use, disclosure, storage, security and access of personal information belonging to our Customers, Users and other individuals we interact with ("you" in the singular or "you" in the plural (as relevant)).

    1.3 We reserve the right to vary this privacy policy from time to time (at our sole discretion). If we make such a variation, the updated policy will be published at www.ferryhawk.com.au and will apply to all personal information that we hold at the time of variation. Your continued use of our website, a product or service we supply after any change in this privacy policy will constitute your acceptance of such change.

    1.4 This privacy policy does not apply to the services that our Customers provide to their personnel, contractors, visitors and other Users or how our Customers collect, hold and use personal information belonging to its Retail Users. Our Customers have their own policies regarding the collection, use and disclosure of the personal information belonging to their personnel and Retail Users. If you are a Retail User of one of our Customers and wish to learn about how that Customer handles your personal information, we encourage you to read the Customer's privacy policy. Only the Customer can assist you with requests for access, modification or deletion.

2. THE FERRYHAWK PROGRAM AND USER PERSONAL INFORMATION

    2.1 The Ferryhawk Program allows each of our Customers (in this privacy policy our Customer is also referred to as a Controller for the purpose of this policy) to report, distribute, manage and control data and information relevant to their own operations which from time to time will include personal information in respect of its Retail Users.

    2.2 By way of example, a Customer of ours which operates a ferry service which transports passengers, vehicles or goods and requires a booking and ticketing software will procure the Ferryhawk Program for use by or with its Users who may be its employees (including Admin Users), contractors and Retail Users. The Customer (as the Controller) will decide who is given access to the Ferryhawk Program, the rules for accessing and using the Ferryhawk Program (in respect of the Controller's operations or business), what the information relates (eg: ticketing, passengers, vehicle and goods information) and how to manage such access and use. These are matters which we do not control.

    2.3 To use the Ferryhawk Program, from time to time each User will give the relevant Controller personal information which the Controller will access and manage including uploading such information to the cloud run by a third party cloud provider (the Hosting Provider (AWS)) that we have engaged for the Controller. It is then for the Controller to:

      a. maintain and update such information in the cloud; and

      b. provide access to such information, ensuring it is accurately and securely kept.

    2.4 For account administration, operational, and product development purposes, we may put in place controls to allow us to access, manage and record personal information (including keeping phone number details and call logs).

    2.5 The Controller is responsible for managing your personal information on its databases.

    2.6 How the Ferryhawk Program is used to send and receive communications and notifications are matters for, and within the control of, the Controller and the User:

      a. the Controller configures the Ferryhawk Program settings, applies the Ferryhawk Program to its webpage and uses the Ferryhawk Program in accordance with its business policies and procedures, compliance requirements and applicable law;

      b. the Controller is responsible and liable for the collection and management of the data and personal information belonging to Users (including the accuracy and currency of such); and

      c. whether the Controller or the relevant User/s are making certain communications and notifications as required is a matter for the Controller's policies and procedures, compliance requirements and applicable law.

3. USER ACKNOWLEDGEMENT

    3.1 By giving your details to a Controller, registering an account with the Customer (who uses the Ferryhawk Program) or by making a booking on the relevant Controller's website, you have agreed and consented to:

      a. your relevant Controller being the entity responsible and liable for handling your personal information, not us;

      b. your relevant Controller using your personal information subject to:

        i. the Controller's privacy policy; and

        ii. the laws applicable to the jurisdiction the Controller is located within;

      c. our use of your personal information in accordance with this privacy policy (including keeping and using such personal information for account administration, operational and product development purposes);

      d. our collection of certain information and data via the Ferryhawk Program, keeping it on a secure cloud database server and using it in accordance with this privacy policy; and

      e. from time to time, and to the extent we cannot anonymise such information or data, we will share your personal information with our third party providers for the purpose of supplying the Ferryhawk Program to you.

    3.2 We may also collect your personal information from your Controller for the purpose of:

      a. assisting or working with the Controller or the User (or both);

      b. assisting or working with our suppliers;

      c. assisting or working with relevant authorities; or

      d. account administration, operational purposes and product development.

4. TYPES OF PERSONAL INFORMATION THE CONTROLLER WILL COLLECT

    4.1 For a Customer to provide the Ferryhawk Program to Users and to support their use, including for Controllers and Users to communicate with each other regarding such use, the Controller will collect personal information including but not limited to the User's:

      a. full name;

      b. mobile phone number/s;

      c. email address/es;

      d. vehicle registration details;

      e. log in details and passwords;

      f. personal information (and personal information of its fellow travellers and dependants) given by the User whilst using the Ferryhawk Program (whether in respect of that User or another); and/or

      g. that which is provided for in the Controller's own privacy policy or document/s for the use of the Ferryhawk Program in accordance with its business rules.

    4.2 What the Controller and its Users do with such information is:

      a. subject to the Controller's policies and procedures (including its privacy policy) and laws applicable to the jurisdiction the Controller is in;

      b. within the control of, and the responsibility of, the Controller and its Users; and

      c. at the full liability of the Controller (and, to the full extent permitted at law, we have no liability for that which we do not keep or access).

    4.3 Generally, personal information provided by Users that is uploaded to our cloud (via the Controller) will be encrypted in transit and at rest.

5. TYPES OF PERSONAL INFORMATION WE WILL COLLECT

    5.1 The amount or type of information and data we collect depends on how the User uses the Ferryhawk Program. If you choose to share additional information with us so that we can better customise your account and our services, we will process that with the same care and respect to that which we usually collect.

    5.2 We will collect and process personal information in different ways when you (being either the Customer or a Retail User) use the Ferryhawk Program:

      a. we process your personal information as a Customer (or potential Customer) of our services (we refer to this information as "Customer Account Data" (eg: your contact information)) when you visit our website, contact us or sign-up with us, have an account with us or use our products or services; and

      b. we process the personal information of Users who use or interact with the Ferryhawk Program. This includes information we use to facilitate communication, route messages and metadata about messages (we refer to this information as "Customer Usage Data") and it also includes the content of communications (we refer to this information as your "Customer Content").

    5.3 Information you may share directly with us includes:

      a. name and contact information;

      b. telephone number;

      c. vehicle details (if applicable);

      d. email address;

      e. postcode.

    We may use these to personalise the Ferryhawk Program for you. We may also use these in connection with improving our internal processes and services or to train our team members.

    5.4 Information we otherwise generate or collect:

      a. we will automatically assign the Customer and each of your End Retail Users a unique ID (or security identifier known as a "SID"), and we will automatically generate an API token for each of your accounts. These are used similar to a username and password to make API requests. Instead of using these API tokens, you can provision API keys and use your API key for authentication when making requests to our APIs. We will keep a record of these credentials so we know it is you making the requests when your application makes requests to our API using these credentials;

      b. when you sign up for an account with us, we ask for certain information such as your contact details and billing information to communicate with you and facilitate payment;

      c. when you interact with our Ferryhawk Program, we collect your IP address and other data through tracking technologies like cookies, web beacons, and similar technologies;

      d. where you type in your information into web forms we make available. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our products and services, and to improve navigation experience on our pages;

      e. we collect IP addresses when you make requests to our APIs and in our server logs. We use this information to understand how Customers and Users are using the Ferryhawk Program, who those Customers and Users are, from which jurisdiction they are logging in or calling from, and to help improve the navigation experience; and

      f. we collect some information automatically, such as your IP address, when you log in to your account or when your software application interacting with the Ferryhawk Program makes requests to our APIs. We use this to understand who is using our services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.

    5.5 We process these categories of personal information differently because the direct relationship we have with our Customers is different from the indirect relationship we have with Retail Users (who "belong to" or have a relationship with the relevant Customer).

    5.6 From time to time, we may share personal information with our suppliers and service providers primarily to provide the services you have requested from us, and as needed for our operational purposes (eg: to do the things we need to do to function as a business, such as collecting payment).

    5.7 We may also use data about our Customers and Retail Users to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and services.

6. INFORMATION YOU SHARE DIRECTLY

    6.1 We will ask you for information in order to respond to your requests, whether through our sales or support staff, or through a webform.

    6.2 We may also ask you for additional information to help us understand you better as a Customer, such as your name and your role at your company. We may use this information to further develop our products and services (including improving the quality of existing products).

    6.3 If you contact us, we will often keep a record of the inquiries we receive from you and from Customers generally so we can improve our products and services and provide training to team members. This information also helps our teams manage our ongoing relationships with our Customers.

7. DATA ABOUT OUR CUSTOMERS' USERS

    7.1 We use Customer Usage Data and Customer Content to provide services to the Customer and the User in order to deliver the Ferryhawk Program (including account administration, operational purposes, product development and improving customer experience).

    7.2 Often, the particular User personal information we process and the reasons we process User personal information, depends on how the Customer and Users use the Ferryhawk Program.

    7.3 In many cases, the Customer can opt to store data and records of your communications or other activities on our cloud or on the Customer's cloud, and these data and records may include your Users' personal information.

8. HOW LONG WE STORE CUSTOMER AND USER DATA

    8.1 We retain Customer Account Data and Customer Usage Data (including any personal information) only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

    8.2 Where a specific timeframe is not mandated by law, we apply a default retention period of seven (7) years from the date of last use or transaction, after which data may be deleted or anonymised unless otherwise instructed.

    8.3 The Ferryhawk Program includes a number of self-service features, including the ability of our Customers and their Retail Users to access your information and data (including that in respect of Users), update any incorrect data, download a copy of your data, delete your data, or restrict the use of your data. You can make various choices about your Customer Account Data through the relevant account portal when you log into your account, whether as an Admin User or Retail User.

    8.4 Further, the Ferryhawk Program enables Customers to store records of your usage of our service, including personal information contained within those records. If the Customer chooses to do so, we will retain these records for as long as instructed, up until the termination of the Customer account (in some cases, use of extended storage may cost more).

    8.5 If the Customer instructs us to delete any data, we will do so subject to our account administration, compliance requirements. Please note that it may take a reasonable period of time for the data to be completely removed from all systems.

    8.6 In some cases, we may retain a copy of your usage records, including the personal information contained in them, to carry out necessary functions such as billing, invoice reconciliation, and troubleshooting, along with detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse. Sometimes legal matters arise that also require us to preserve records, including those containing personal information. These matters include litigation, law enforcement requests, or government investigations.

    8.7 We may also retain or use records after they have been anonymised.

    8.8 We may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person, such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement.

9. UNSOLICITED COLLECTION OF PERSONAL INFORMATION

    9.1 If we receive unsolicited personal information, we will, as soon as practicable, destroy, delete or de-identify the personal information if it is lawful and reasonable for us to do so.

10. OUR USE OF PERSONAL INFORMATION

    10.1 Although the Controller manages your personal information, broadly speaking, we may also use your information (including Customer Account Data and Customer Usage Data) to further our legitimate interests and to assist a Controller or a User. As such, we will primarily use personal information for the following purposes:

      a. understand who our Customers and potential Customers are and their interests in our product and services;

      b. to supply the Ferryhawk Program;

      c. to carry out our obligations and enforce our rights arising from any contracts entered into between our Customers and us, including for billing and collections;

      d. to supply and support our products and services, administer your account, and provide information in respect of such;

      e. manage our relationship with you and other Customers (including service and support);

      f. to deal with public authorities as required by law;

      g. to allow our Customers (as Controllers) to maintain an account with us, and so that we can communicate effectively with our Customers (for example by email in relation to the Customer account and orders);

      h. carry out core business operations such as accounting, filing taxes, record keeping and fulfilling regulatory obligations;

      i. detect, prevent, or investigate security incidents, network exploits, fraud, or abuse and misuse of our platform and services;

      j. debug, troubleshoot, or investigate security incidents;

      k. undertake research and development of our products and services; or

      l. as stated elsewhere in this policy or any other agreement we may have with you.

    10.2 We do not sell personal information or share personal information with third parties for those third parties' own business interests or marketing purposes. We will only disclose personal information to a third party:

      a. if it is consistent with a purpose listed in paragraph 10.1;

      b. who is a Controller (in connection to you);

      c. who is a relevant government authority, agency or regulator;

      d. if we reasonably believe that disclosure is compelled by applicable law, regulation, legal process, or a government request (including to meet national security, emergency services, or law enforcement requirements);

      e. to enforce our agreements and policies;

      f. to protect the security or integrity of our services and products;

      g. to protect ourselves, our other Customers, or the public from harm or illegal activities;

      h. to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury;

      i. where the disclosure is consistent with this privacy policy;

      j. the User has consented (including implicitly consented by giving your contact details to be sent elsewhere);

      k. in order to provide our Ferryhawk Service and Program to you;

      l. who is a related body corporate of ours;

      m. in order to go through a corporate sale, merger, reorganisation, dissolution or similar event (as the personal information we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction); or

      n. the disclosure is required or authorised at law, by a court order, or by a decision of a government agency or department.

    10.3 We might also share data about our Customers with third parties if the data has been de-identified or aggregated in a way so it cannot be used to identify you or your Users.

    10.4 In any event, we may also disclose your personal information where a "permitted general situation" exists as defined in the Privacy Act, such as:

      a. use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety and it is unreasonable or impracticable to obtain consent;

      b. we have reason to suspect that unlawful activity or misconduct of a serious nature has been (or may be) engaged in and use or disclosure is necessary in order for us to take appropriate action;

      c. use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim; or

      d. use or disclosure is reasonably necessary for a confidential alternative dispute resolution process. This may be the case where the counter party to your transaction is based overseas.

11. OVERSEAS DISCLOSURES

    11.1 Personal information may be kept in the cloud in Australia or in a jurisdiction where the Controller resides, the Users reside, or in a jurisdiction foreign to both.

    11.2 We have no control over the cloud or databases being located where the Controller or Users reside as we do not control or manage the Controller or the Users or the cloud or database they provide or use.

    11.3 Certain of our service providers are multinational entities and as such we may need to transfer your personal information to those service providers located in various countries and jurisdictions around the world. We will do this where:

      a. the Controller makes a service or support request or otherwise instructs us to do so;

      b. you request it; or

      c. if it is consistent with this privacy policy.

    11.4 If we transfer personal information to service providers or systems outside the country in which the data was originally collected, we will ensure appropriate safeguards are in place. These may include:

      a. Entering into standard contractual clauses or equivalent agreements that offer a comparable level of protection;

      b. Requiring cloud providers and processors to comply with data protection frameworks that are substantially similar to those required under the Australian Privacy Principles or other international standards such as the GDPR;

      c. Taking reasonable steps to ensure the data is encrypted in transit and at rest.

    11.5 We may also provide your personal information to overseas recipients where:

      a. you give your consent, or a User communicates the consent you have given;

      b. we are required or authorised by law to do so; or

      c. we suspect that unlawful activity or misconduct of a serious nature is being or may be engaged in.

12. INTEGRATED FUNCTIONALITY

    12.1 The Ferryhawk Program is integrated with third party functionality and, from time to time, data that includes personal information will travel between us and the relevant service or product provider. You acknowledge and agree we do this so that you can enjoy the benefit of an integrated transport, booking and ticketing process.

    12.2 When we work with such providers overseas, we endeavour to do so using anonymised or encrypted information. Where we do wish to transmit personal information overseas:

      a. we will use encryption to the extent it is practicable to do so;

      b. we will not do so in a manner that is inconsistent with this privacy policy or, failing that, without the consent of, as relevant, the Controller or User; and

      c. paragraph 11 of this privacy policy will apply.

13. MAILOUTS AND DIRECT MARKETING

    13.1 Except in cases where you explicitly request or provide consent for us to do so, we do not:

      a. use User personal information for direct marketing or mail-outs to Users; and

      b. we do not supply any personal information to be used by third parties for their own marketing purposes.

    13.2 If you are a Customer or potential Customer, we use your email address to send you information about our products, services or events in which we think you may be interested. You can opt-out of receiving marketing communications from us at any time through your marketing preferences page by clicking the "unsubscribe" link at the bottom of any marketing email you receive from us.

    13.3 However, our Customers and Users may receive correspondence from us even if they opt-out of receiving marketing material. You cannot opt-out of service emails from us, such as product maintenance and support information, password reset emails, billing emails, or notifications of updates to our terms. If this remains an issue, please contact us directly.

14. SECURITY OF PERSONAL INFORMATION

    14.1 We take reasonable steps to protect User personal information from misuse, interference, loss, or unauthorised disclosure. We do this using encrypted technologies and engaging third party cloud service providers and third party security providers. From time to time, we will monitor and review our third party provider information security capabilities for currency with industry standards; however, we will not be responsible for data security held by third parties as:

      a. It is the Controller's responsibility to upload, maintain and download Retail User data to and from the cloud;

      b. We usually do not access User data (however we will access User data when we provide assistance to the Customer or to test a software feature update);

      c. The Controller and Users are responsible for account access and login information, including passwords.

    14.2 Where it is no longer required for record keeping purposes or the Controller has ended its relationship with us, we may destroy or delete information and data stored on the servers we pay for (unless we are keeping it for administrative or record keeping purposes or are otherwise required or authorised by law to retain it).

15. RIGHT TO BE FORGOTTEN

    15.1 Under the Privacy Act, in Australia you do not have "the right to be forgotten".

    15.2 We will retain personal information in accordance with this privacy policy.

    15.3 Please note that the Controller and/or Ferryhawk may anonymise personal information to the extent that it has the actual or practical effect of deleting your personal identifiers, or that we cannot identify it as yours to remove or delete.

16. CONSENT AND RESPONSIBILITY

    16.1 If at any time the Controller provides us with personal information about someone other than itself (eg: a Retail User), it warrants that it has the relevant individual's explicit consent to provide such information for the purpose specified. The Controller acknowledges that we may require proof of such consent to be given to us.

    16.2 The Controller acknowledges that it is responsible and liable for the management of the Retail Users' personal information consistent with this privacy policy. What the Controller does with the User's personal information is the responsibility and full liability of the Controller.

    16.3 The Controller warrants that it has given all relevant notices and obtained all relevant consents for it to use the Ferryhawk Program with its Users.

17. ACCESS AND CORRECTION REQUESTS

    17.1 If you are a User seeking to access, correct, delete, or restrict the processing of your personal information, please contact the relevant Controller (i.e. the ferry operator or customer you booked with) in the first instance. The Controller is responsible for managing such requests in accordance with its applicable privacy laws and policy.

    17.2 It is the Controller's responsibility and liability to respond to requests for access to personal information and must do so within a reasonable period of time. When doing so, the Controller shall generally provide the User with the following:

      a. confirmation of whether personal information is being collected and used (or not);

      b. the purpose/s of collecting and using personal information;

      c. the categories of personal information that it holds about the User (please refer to paragraph 4 of this privacy policy);

      d. the recipients or categories of recipients to whom the personal information has been or will be disclosed to;

      e. the period of time that personal information will be stored (where possible); and

      f. notification of the User's rights.

    17.3 The Controller shall take reasonable steps to correct personal information, taking into account the purpose for which it is held, its accuracy, the reasonableness and the relevance of a User's correction request.

    17.4 If the Controller refuses a request for access or a correction, it shall give reasons for the refusal and information about the complaint mechanism/s that are available. If personal information the subject of a correction has been disclosed to a third party, the Controller will take reasonable steps to notify the third party of any such correction.

    17.5 We are unable to access or correct the User's personal information without receiving consent via the Controller or unless compelled to by a relevant government authority.

    17.6 If you contact us for access to or for the correction of your personal information, we may refuse the request on the basis that the Controller has not communicated your consent or where the relevant government authority has not compelled us to provide such access or correction.

18. COOKIES AND WEB BEACONS

    18.1 We use common information-gathering tools such as cookies, web beacons, pixels and other similar tracking technologies to automatically collect information from your account with us and as you navigate our website.

    18.2 Cookies are small pieces of information stored by a browser or other application and used to connect your computer with information stored about your online activity, searches, preferences, product purchases and use of the Ferryhawk Program. This makes navigating and interacting with our website, the Ferryhawk Program or your account more efficient, easy and meaningful for you.

    18.3 You can disable or limit cookies and beacons, but if you do so you may not be able to participate in certain activities and you may limit our ability to tailor promotions and communications to you. Our website does not control or guarantee the effectiveness of browser-based tools for managing cookies.

    18.4 Please note that certain required cookies and beacons cannot be disabled and if you decide to opt-out of certain functional cookies, certain functionality of our website or your account may be impacted.

    18.5 We also use beacons to gather data about your use of our website and your account. Web beacons are clear electronic images that can recognise certain types of data on your computer, like when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon. We use web beacons to operate and improve our website and email communications to you.

19. GLOBAL COMPLIANCE

    19.1 We recognise that our Customers and Users may be located in various jurisdictions, each with its own privacy requirements. Ferryhawk is committed to complying with all applicable privacy and data protection laws in the jurisdictions in which our Customers and Users reside. This includes, but is not limited to:

      a. The Australian Privacy Act 1988 (Cth),

      b. The Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada,

      c. The Grenada Data Protection Act 2023, and

      d. Other equivalent data protection laws globally.

    19.2 Where no local privacy legislation exists, Ferryhawk applies best practice standards based on the Australian Privacy Principles and the core principles of the General Data Protection Regulation (GDPR).

20. MAKING A COMPLAINT

    20.1 If you have a complaint to make regarding your privacy in respect of the Ferryhawk Program, we ask that you first make a complaint to the Controller who gave you access to the Ferryhawk Program (and is responsible for the management of it).

    20.2 If you think we have failed to comply with our privacy obligations in respect of the Ferryhawk Program, we will ask that you contact us. We will acknowledge your complaint in a prompt manner and give you an estimated timeframe for our response. We are committed to dealing with your complaint in a reasonable and effective manner.

    20.3 If we are unable to resolve your complaint or if you are unhappy with the outcome, you may lodge a complaint with the Office of the Australian Information Commissioner (www.oaic.gov.au).

21. INTERPRETATION

    21.1 If you or the Controller has a Contract with us, this privacy policy is to be read with the Ferryhawk Terms & Conditions and SAAS terms and other relevant terms and policies that form part of that Contract. Except as expressly provided for in this privacy policy, terms used in this privacy policy have the same meanings used in the Ferryhawk Terms & Conditions.

22. CHILDREN'S PRIVACY

    22.1 The Ferryhawk Program is not intended for use by individuals under the age of 16 without parental or guardian consent. We do not knowingly collect personal information from children without appropriate authority. If we become aware that personal data of a child has been collected without such consent, we will take steps to delete it as soon as possible.

23. CONTACT US

    23.1 If you have any questions about this privacy policy, please contact us at [email protected].

Last updated 2 June 2025