Privacy policy

This policy sets out how we will manage and deal with your personal information, whether you’re our customer or any other person we deal with as part of our business.

At PLANPAY Pty Limited (ABN 73 604 105 740) and related companies, (herein referred to as ‘PlanPay', ‘we’, ‘us’, or ‘our’), we recognise the importance of your privacy. Our promise to you is to provide you with the best possible service, while protecting your privacy. We will ensure that your information is secure and handled in accordance with the Privacy Act 1988, including the Australian Privacy Principles (APPs) Code.

This Privacy Policy details the types of personal information we collect from our website (‘Website’) and in the course of providing you with our services (collectively, the ‘Services’), how we store or process personal information about you, with whom we may share it, and the choices available to you regarding our use of the information. We also describe the measures we take to safeguard your personal information and tell you how to contact us regarding our privacy practices. We will only use the personal information collected from you in accordance with this Privacy Policy. 

This Privacy Policy, together with our Terms & Conditions posted on our Website, set forth the general rules and policies governing your use of our Services. This policy is effective as at 1 January 2023. This policy maybe updated – if we do, you’ll always find the most up-to-date version on our website.

1.    Definition of Personal Information

‘Personal information’ or ‘personal data’ means any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. It also includes sensitive information such as health information. 

2.    What Personal Information do we collect and hold

Examples of the types of personal information that we may collect from you include:

  • contact information, such as your name, address (including your geolocation), phone number and email address 

  • financial and credit information, such as your bank account numbers and/or credit or debit card numbers or a tokenised representation of these elements[ES1] 

  • other types of information you provide to us when you enter a competition or promotion we are operating, apply to work with us or contact us for any other reason.

3.    How we collect Personal Information

A.    Information collected directly from you

We typically collect personal information directly from you. We may collect this personal information when you:

  • purchase a product or service from one of our Merchants and use PlanPay as your chosen payment method or interact with our partners, suppliers or third-parties;

  • contact our customer service team, Merchants, third-parties or suppliers (whether via mail, live chat, email or through telephone enquiries);

  • access our Website;

  • respond to a market survey, enter a competition or promotion we are running or engage with us through social media; or

  • apply for employment with us.

B.    Information we collect from third-parties 

In some cases, we may also collect personal information about you from third-parties. These third-parties include:

  • social media sites (e.g., Facebook and Twitter) where you choose to associate your account on that site with us. The personal information we may receive is controlled by that site and your account on that site; and

  • our Merchants, such as the businesses providing the travel products and services, our suppliers and partners who are engaged by us, or who we engage, to provide products and services to you. 

  • If you are providing personal information on behalf of someone else, you must obtain their consent in advance (or the consent of their guardian where they are under 18 years of age);

Our Services are not directed to individuals under 13 years of age. We do not knowingly collect personal information from individuals under 13 years of age without parental or guardian consent.

C.    Information we collect automatically 

We may automatically collect information from you and your devices when you use our Services. We may record usage information, geographical tagging, Cookies and other statistical data. This may include your IP address, date and time of your visit, the type of device you use to access our services, operating system, language preferences, pages visited, information downloaded and the type of browser used to access our services.

We use this information to help us to make decisions about maintaining and improving our Website and services.

4.    Cookies and third-party analytical services

A.    Cookies

When you access our Website we may place small data files on your device. These data files may be cookies, pixel tags, “Flash cookies,” or other local storage (collectively ‘Cookies’). We use Cookies to ascertain which web pages are visited and how often, to make our Website more user friendly, to give you a better experience when you return to our Website and to target advertising to you that we think you may be interested in.

Most web browsers automatically accept Cookies. You can find information specific to your browser under the “help” menu. You are free to decline our Cookies if your browser or browser add-on permits, unless our Cookies are required to prevent fraud or ensure the security of our Website. However, declining our Cookies may interfere with your use of our Website.

If you continue without changing your settings, we will assume that you are happy to receive all Cookies on the Website. You can change your Cookie settings at any time. 

B.    Analytics 

We may use third-party web analytics services on our Website and online services, such as Google Analytics. These third-parties help us analyse how users use our Services.

For more information on analytics please see section 8B of this of this Privacy Policy.

5.    Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our business functions and activities and as necessary to provide our Services to you. We also collect, hold, use and disclose your personal information for related purposes that you would reasonably expect, such as our administrative and accounting functions.

For example, we may use personal information we collect about you for several purposes including:

  • where you have requested products or Services from one of our merchants, to process transactions in a smooth and efficient booking process and to provide you with your requested information, products or services, including sending notices about your transactions;

  • to improve our Services and your user experience and to identify and develop new services. This may include using personal information for statistical analysis, market research and business development;

  • where you have reached out to us, to contact you via telephone, live chat, text (SMS) or email messaging, including for customer service, to respond to your questions or assess your satisfaction with our Services; to resolve disputes and troubleshoot problems;

  • for safety and security, including to investigate and prevent potentially prohibited, illegal, suspicious or fraudulent activities;

  • o consider you for a position with us for which you have applied; and

  • for other purposes to which you have consented.

In addition, we use information collected online using Cookies and other automated means. This information is used to:

  • recognise your computer when you visit our Website;

  • track you as you navigate the Services, and to enable the use of e-commerce capabilities;

  • offer and provide products, services and information to you;

  • display content on our Website;

  • adapt our Website to the needs of your device or to allow you to log in to our Website;

  • improve the Website usability and manage the Services;

  • analyse your use of the Services;

  • personalise the Services, including targeted advertisements that may be of particular interest to you;

  • help diagnose technical and service problems;

  • identify users of our Services; and

  • gather broad demographic information about our users for identified, aggregated use.

We may also use your personal information for purposes which are required by law such as sharing your personal information in order to comply with legal obligations to which we are subject.

6.    What happens if you don't provide us with your personal information

If all or some of your personal information is not collected or cannot be verified, we may be unable to provide you with our Services or a customised experience, engage with you, or do business with you.

7.    Lawful basis for processing your personal information 

If the General Data Protection Regulation 2016/679 (GDPR) applies, our lawful basis for collecting and using the personal data described in this Privacy Policy will depend on the information concerned and the specific context in which we collect or use it.

We normally collect or use personal data from you where we have your consent to do so, where we need the data to perform a contract with you or to provide our Services or Products to you upon your request, or where the processing is in our legitimate interests and not overridden by your data protection interests or rights and freedoms.

For example, when we:

  • use data to create and manage your account with us, we need it to provide the relevant Services;

  • use data to effect a transaction you have requested, we need it in order to provide you with the services you are purchasing;

  • use names and email addresses for email marketing purposes, we do so with your consent (which you can revoke at any time by contacting us; see section 18); and

  • gather usage data and analyse it to improve our Services, we do so based on our legitimate interest in safeguarding and improving our Services.

If you have questions about or need further information concerning the lawful basis on which we collect and use your personal data, please contact us using the contact details outlined in section 18 of this Privacy Policy. 

8.    Disclosure of Personal Information

A.    Information shared to third-parties 

We will disclose personal information to third-parties if it is necessary for the primary purpose of collecting the information, or for a related secondary purpose, if the disclosure could be reasonably expected. Where such a disclosure is necessary, we will require that the third-party undertake to treat the personal information in accordance with all applicable privacy laws to which we are bound.

For example, we may share your personal information with:

  • our merchants, partners, suppliers and third-parties who help with our business operations including in relation to fraud prevention, identity verification, payment collection, marketing, customer service, and technology services;

  • the third-party that supplies the products or services you purchased, so that they can provide products or services to you (or people you nominate) or respond to a complaint by you, or to help them improve the quality and standard of service they provide to you;

  • your nominated referees so that we may check your references if you are applying for a position with us; and

  • other third-parties with your consent or direction to do so.

We will only share your personal information with third-parties as described in this Privacy Policy or as otherwise notified to you at the time of collection or with your prior consent.

Otherwise, we will only disclose your personal information to third-parties without your consent if the disclosure is:

  • necessary for the purposes of our legitimate interests or those of any third-party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms;

  • necessary to prevent or lessen a serious threat to a person’s health or safety;

  • required or authorised by law; or

  • permitted by another exception in the applicable privacy laws.

In addition, you should note that merchants, partners, suppliers and third-parties that you buy products or services from or contract with (even if such products or services are purchased using our Services) have their own privacy policies. We strongly advise you to review the Privacy Policy and terms and conditions of every third-party you contract with. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites, products or services.

B.    Third-party analytics services

We sometimes work with online advertising vendors to provide you with relevant and useful ads on or through our Website and/or those of other companies. These ads may be based on your personal information .

Our Website uses Google Analytics. Google Analytics uses Cookies to monitor traffic to, and use of, our Website. Google uses this information on our behalf to evaluate your Website usage, to compile reports on the activities on our Website, and to provide additional services connected with our Website. We will not identify you to Google and will not merge personal and non-personal information collected through this service. You can prevent the use of Google Analytics Cookies by adjusting the settings on your browser. You may not be able to fully use all the functions of our Website if you do so.

In addition to Google Analytics, we may also use other third-party analytics tools to monitor, analyse and collect information about your use of our Website.

C.    Company reorganisation 

If there is a change of control of our business or a sale or transfer of business assets, we may transfer our user databases, together with any personal information and non-personal information contained in those databases, to the purchaser. This information may also be disclosed to a potential purchaser in the due diligence process subject to appropriate confidentiality undertakings.

9.    Protecting personal information

We respect the privacy of your Personal Information and will take reasonable steps to keep it strictly confidential .

Your personal information may be held and stored by electronic means. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure.

The steps we take to protect your personal information include the following:

  • Data held and stored electronically is protected by internal and external firewalls

  • Your personal data is stored in an encrypted data base and when necessary transmitted using secure standards such as HTTPS.

  • At least once per year we perform security testing to ensure our systems and therefore your data is secure

  • Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

Submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our Website whilst it is in transit over the internet and any such submission is at your own risk.

10.    Third-Party Websites

Our Website may contain social media features or links to third-party websites. Social media features are either hosted by a third-party or hosted directly on our Services. Your interactions with these features and third-party websites are governed by the Privacy Policy of the company providing it.

We are not responsible for the privacy or security and privacy practices of other organisations, which may be different to ours as set out in this Privacy Policy.

11.     Marketing

We may send you marketing materials from time to time about products and services offered by us, our merchants, partners, suppliers and our third-parties.

Where required by applicable law, we will obtain your consent before sending you any marketing communications. You may withdraw your consent to the use of your personal data for marketing purposes at any time. We will never provide your information to third-parties for marketing purposes without receiving your consent.

If you signed up to receive newsletters or other marketing communications from us, you can opt-out any time by clicking the unsubscribe link at the bottom of the message. You can also contact us via the information outlined in section 18 of this Privacy Policy.

After you opt-out or update your marketing preferences, please allow us sufficient time to process your marketing preferences.

If you opt-out of receiving marketing communications from us, we may still contact you for transactional or informational purposes. These include, for example, customer service issues, cancellations or booking-related inquiries, outstanding payment inquiries, or any questions regarding a specific booking and/or transaction.

12. Overseas transfer of information

When we carry out the activities described in this Privacy Policy, we may share your personal information to overseas recipients. By using our Services you consent to such disclosure. We will only disclose your personal information to such locations if permitted by law.

If your personal information is disclosed to another country we will ensure that any disclosure is in accordance with the relevant laws, and that appropriate safeguards are put in place. This includes the use of standard contractual clauses (or an alternate legal tool) to require the third-party to protect your personal information, and to provide you with the same level of protection as required under Australian law or, if relevant, under the GDPR.

If you would like further information regarding where your personal information is stored please contact us using our contact details in section 18 of this Privacy Policy.

13.      Accessing, correcting, updating or deleting personal information

We will strive to ensure that personal information about you is accurate when we collect or use it. If you wish to obtain access to and/or correct your personal information held by us, please contact us using our contact details in section 18 of this Privacy Policy.

Subject to some exceptions under the relevant privacy laws, we will let you see the personal information we hold about you and correct it if it is inaccurate, incomplete or out-of-date. If we do not grant you access to your personal information or do not agree to correct your personal information we will tell you why. If we do not agree to correct your personal information, we will notify you of the reasons we do not agree and will make a note of your request on the records we hold about you. If you are dissatisfied with our refusal to provide you with access to, or correct, your personal information you may also complain to the applicable regulator in your jurisdiction.

Unless we do not agree to your request for access to personal information, in most cases we will provide you with access as soon as reasonably possible following receipt of your request. If you request corrections to your personal information and we agree with your request, these changes will be made as soon as practicable. Subject to the terms set out in our Terms & Conditions, you can also close your account with us. If you close your account, we may retain information from your account for a period of time to resolve disputes, troubleshoot problems, assist with any investigations, prevent fraud or risk, enforce our Terms & Conditions, or take other actions as required or permitted by law.

14.     Retention of Personal Information

We will only retain your personal information for as long as is reasonably necessary in relation to the purposes for which it was collected. We will also retain personal information to ensure compliance with any applicable statutory or regulatory obligations imposed on us in relation to the retention of records.

Where you have requested we stop processing your personal information for marketing purposes, we may retain a record of your request to ensure we abide by your request in the future.

15.     Destruction and de-identification

When your information is no longer needed, or if you request that we delete any personal information which we hold about you, we will use secure methods to destroy or to permanently de-identify your personal information when it is no longer needed. For example, any electronic records are deleted from all locations, to the best of our ability, or permanently de-identified.

16.     Children 

Our services are not directed at children under the age of 13. We do not knowingly collect personal information from children under the age of 13 unless the personal information is provided by their guardian for the purposes of using our Services. 

17.     Resolving your concerns

If you have a complaint regarding our management of your personal information, please prepare your complaint in writing and email it to the Data Privacy Officer at

We will provide written acknowledgement of your complaint within 7 days of receipt. We will generally investigate and advise you of the steps we have taken to resolve your complaint within 30 days of receipt of your complaint.

You may also make a complaint to the Office of the Australian Information Commissioner (OAIC), including if we fail to respond to your complaint within a reasonable time or if you are dissatisfied with our response. Details of how to contact the OAIC are located at

18.     Contacting us

If you need to contact us for any reason, you can reach us at:

Mailing address: Planpay, Level 8, Sydney Startup Hub, 11 York Street Sydney NSW

Email address: 

Phone number: 1800 780 880 

19.     Privacy Policy changes 

We reserve the right to change this Privacy Policy from time to time. Please visit the Website regularly and check our respective current Privacy Policy. Your continued use of the Website and our Services after any change to this Privacy Policy will constitute your acceptance of such change.

This Privacy Policy was last updated in January 2023.