PRIVACY POLICY

Issued by MTB Detour Pty Ltd (ACN 693 200 289)

Version 1.0 — Effective 1 January 2026

 

1. Purpose

1.1 This Privacy Policy (“Policy”) explains how MTB Detour Pty Ltd (“the Operator”, “we”, “us”, “our”) collects, stores, uses, discloses, and protects personal information provided by Participants, Guardians, staff, contractors, and third parties (“you”).

1.2 This Policy complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1.3 This Policy applies to all tours, coaching sessions, races, events, equipment hire, and related activities (“Activities”).

 

2. Scope

2.1 This Policy applies to:

(a) all Participants and Guardians;

(b) Minors and their Guardian-provided information;

(c) staff, volunteers, and contractors;

(d) website visitors, marketing subscribers, and event entrants.

 

3. Definition

3.1 “Personal Information” means any information identifying an individual.

3.2 “Sensitive Information” includes health data, medical conditions, disabilities, and information about Minors.

3.3 “Guardian” means the lawful parent or legal guardian of a Minor.

3.4 “Activity Information” means booking, participation, and operational records.

 

4. What Information We Collect

4.1 We may collect the following types of Personal Information:

(a) name, date of birth, gender;

(b) contact information (email, phone, address);

(c) emergency contact details;

(d) booking and payment details;

(e) Media Content (photos, video) captured during Activities;

(f) communication preferences.

4.2 We may collect Sensitive Information, including:

(a) medical conditions, injuries, allergies;

(b) fitness levels or mobility considerations;

(c) medication requirements;

(d) psychological or behavioural information relevant to safety;

(e) information relating to Minors.

4.3 We may collect technical information from website visitors:

(a) IP address;

(b) browser and device type;

(c) usage analytics;

(d) cookies and tracking preferences.

 

5. How We Collect Information

5.1 We collect information when you:

(a) make a booking;

(b) complete medical or consent forms;

(c) participate in Activities;

(d) engage with our website or digital platforms;

(e) enter events or promotions;

(f) provide feedback or make complaints;

(g) apply for employment or volunteer roles.

5.2 We collect information directly from:

(a) Participants;

(b) Guardians (for Minors);

(c) emergency services during incidents;

(d) third-party booking platforms;

(e) AusCycling or event sanctioning bodies (where applicable).

 

6. Purpose of Collecting Personal Information

6.1 We collect Personal Information to:

(a) deliver Activities safely and professionally;

(b) assess suitability and fitness to participate;

(c) manage bookings and payments;

(d) respond to emergencies;

(e) comply with legal obligations;

(f) communicate Activity details;

(g) provide customer support;

(h) deliver promotional or educational content (where opted-in).

6.2 We collect Sensitive Information solely for safety and operational purposes.

 

7. Use & Disclosure of Personal Information

7.1 We may use Personal Information for:

(a) operational planning;

(b) risk management;

(c) medical or emergency response;

(d) incident reporting;

(e) equipment allocation;

(f) marketing (with consent).

7.2 We may disclose Personal Information to:

(a) emergency services;

(b) medical providers;

(c) insurers and legal advisors;

(d) land managers where required;

(e) AusCycling for event licensing or compliance;

(f) third-party contractors assisting in Activity delivery;

(g) cloud service providers located in Australia or overseas.

7.3 We do not sell or rent Personal Information.

 

8. Photography & Media Content

8.1 Media Content is managed according to the Photography, Media & Digital Content Policy.

8.2 Minors require explicit Guardian consent for promotional use.

 

9. Storage & Security

9.1 Personal Information is stored securely in:

(a) encrypted digital systems;

(b) restricted-access databases;

(c) locked physical storage where necessary.

9.2 Security measures include:

(a) password protection;

(b) role-based access controls;

(c) staff training;

(d) secure disposal methods.

9.3 Sensitive Information involving Minors receives enhanced protection.

10. Cross-Border Disclosure

10.1 Personal Information may be stored or processed on servers outside Australia.

10.2 Where this occurs, we take reasonable steps to ensure APP-compliant protection.

 

11. Data Retention

11.1 Personal Information is retained according to the Data Retention & Records Management Policy, including:

(a) 7 years for waivers and incident records;

(b) until age 25 for minor-related incident documentation;

(c) 2+ years for medical disclosures.

 

12. Access & Correction

12.1 Individuals may request:

(a) access to their Personal Information;

(b) corrections to inaccurate or outdated information;

(c) removal of Media Content where possible.

12.2 Requests may be made in writing to info@mtbdetour.com.

 

13. Data Breaches

13.1 We comply with the Notifiable Data Breaches Scheme.

13.2 If a breach is likely to cause serious harm, we will:

(a) investigate promptly;

(b) notify affected individuals;

(c) notify the Office of the Australian Information Commissioner (OAIC) where required.

 

14. Complaints About Privacy Handling

14.1 Complaints may be lodged via email to info@mtbdetour.com.

14.2 We will acknowledge complaints within 3 Business Days.

14.3 If unresolved, individuals may contact the OAIC.

 

15. Children’s Privacy

15.1 We only collect information about Minors from their Guardians.

15.2 All Minor-related information is handled in accordance with the Child Safety & Protection Policy.

 

16. Jurisdiction

16.1 This Policy is governed by the laws of Queensland.

16.2 Federal privacy legislation applies in addition.

 

17. Acceptance Statement

“By interacting with MTB Detour Pty Ltd (ACN 693 200 289) or participating in its activities, I acknowledge that I have read, understood, and agree to the Privacy Policy.”