1. Introduction

VIP Melbourne Boat Charter (“we”, “us”, “our”) is committed to protecting the privacy of our customers and website visitors. This Privacy Policy explains how we collect, use, disclose and safeguard your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our website or booking our services, you consent to the collection and use of your information as described in this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information when you enquire, book or interact with us:

• Full name
• Email address
• Mobile / phone number
• Billing and payment details (processed securely via our payment gateway — see Section 5)
• Postal or residential address (if required for invoicing)
• Event details such as occasion type, group size and preferred date
• Special dietary requirements or accessibility needs

2.2 Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address and browser type
• Pages visited and time spent on site
• Referring website or search terms
• Device type and operating system

This information is collected through cookies and analytics tools (such as Google Analytics) and is used to improve our website and services.

2.3 Information from Third Parties

We may receive information about you from third-party booking platforms, payment processors, or social media platforms if you interact with us through those channels.

3. How We Use Your Information

We use your personal information to:

• Process and confirm charter bookings and payments
• Send booking confirmations, receipts and pre-departure information
• Respond to enquiries made via our website, phone, email or live chat
• Arrange catering, entertainment or event styling you have requested
• Issue tax invoices for corporate bookings
• Send marketing communications about our services (only with your consent)
• Improve our website, services and customer experience
• Comply with our legal and regulatory obligations
• Protect the safety and security of our guests, crew and vessels

4. Disclosure of Your Information

4.1 Third-Party Service Providers

We may share your information with trusted third parties who assist us in operating our business, including:

• Payment processors (e.g. Stripe, Square or bank payment gateways) to securely process credit card transactions
• Online booking platforms (e.g. Rezdy) to manage reservations
• Catering and event suppliers engaged to fulfil your booking requests
• Marketing and email communication platforms (e.g. Mailchimp)
• IT and website service providers

These parties are required to handle your information in accordance with applicable privacy laws and are not permitted to use it for their own purposes.

4.2 Legal Requirements

We may disclose your personal information if required by law, court order, or government authority, or if we reasonably believe disclosure is necessary to protect the rights, property or safety of VIP Melbourne Boat Charter, our guests, crew or others.

4.3 We Do Not Sell Your Data

We will never sell, rent or trade your personal information to third parties for marketing purposes.

5. Credit Card & Payment Information

5.1 How We Handle Payment Data

All credit card transactions on our website are:

• Processed through a PCI DSS-compliant payment gateway
• Encrypted using Transport Layer Security (TLS 1.2 or higher) during transmission
• Never stored in full on our servers — we do not retain your full card number, CVV or expiry date
• Subject to tokenisation — your payment gateway provider stores a secure token in place of your raw card details

5.2 Security Bond (Pre-Authorisation)

A $500 security bond may be pre-authorised on your credit card at the time of boarding. This is a pre-authorisation hold only — your card is not charged unless damage to the vessel or its equipment occurs during your charter. The hold is released within 2–5 business days after your departure if no claim is made.

5.3 Deposit & Balance Payments

A 20% deposit is required to secure your booking. The remaining balance is due 7 days prior to departure. Payments may be made by credit card or direct bank transfer. Tax invoices are available for corporate bookings on request.

5.4 Refunds

Refund eligibility is subject to our cancellation policy. In the event of a qualifying refund, funds will be returned to the original payment method within 5–10 business days. We do not issue refunds to a different card or account than the one used for the original transaction.

6. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyse website traffic and support marketing activities. We use:

• Essential cookies — required for the website to function correctly
• Analytics cookies — to understand how visitors interact with our site (e.g. Google Analytics)
• Marketing cookies — to deliver relevant advertising on third-party platforms (e.g. Facebook Pixel)

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our website.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Booking records and financial information are typically retained for a minimum of 7 years for Australian taxation and accounting compliance. Marketing-related data is retained until you withdraw consent or unsubscribe.

8. Your Privacy Rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or out-of-date information
• Request deletion of your data (subject to our legal retention obligations)
• Opt out of marketing communications at any time by contacting us or clicking ‘unsubscribe’
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

To exercise any of these rights, please contact us at [email protected] or call 0423 593 810.

9. Children’s Privacy

Our website is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a child, please contact us immediately and we will take steps to delete it.

10. Third-Party Links

Our website may contain links to third-party websites including our booking platform (Rezdy), payment processors, and sister brands (boat4hire.com.au and aquadonut.com). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing personal information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The effective date at the top of this document will be updated accordingly. Continued use of our website or services after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

12. Security Policy Overview

VIP Melbourne Boat Charter is committed to maintaining robust security practices to protect the personal and financial information of our customers, the integrity of our website, and the safety of data entrusted to us. This Security Policy outlines the technical and organisational measures we apply.

13. Website & Data Transmission Security

13.1 SSL / TLS Encryption

Our website uses SSL/TLS encryption (HTTPS) across all pages. Data transmitted between your browser and our website — including personal details, booking information and payment data — is encrypted in transit to prevent interception.

13.2 Secure Hosting

Our website is hosted on a reputable cloud hosting provider with enterprise-grade physical and network security, including firewalls, DDoS mitigation and regular security patching.

13.3 Content Security

We apply appropriate controls to prevent cross-site scripting (XSS), SQL injection, and other common web application attacks. Our website platform and plugins are kept up to date to minimise vulnerability exposure.

14. Payment Card Security

14.1 PCI DSS Compliance

All credit card transactions are processed by a PCI DSS (Payment Card Industry Data Security Standard) Level 1 compliant payment provider. Our payment gateway ensures:

• Card data is encrypted end-to-end from your browser to the payment processor
• No raw card numbers, CVV codes or expiry dates are stored on our systems
• Tokenisation is used so that recurring payments or refunds can be processed without re-exposing card details
• All payment pages are served over HTTPS with valid SSL certificates

14.2 Accepted Payment Methods

We accept Visa, Mastercard, and Australian bank transfers. All online card payments are subject to 3D Secure authentication where supported by your card issuer, providing an additional layer of protection against fraud.

14.3 Fraud Prevention

We use fraud detection tools provided by our payment gateway to monitor transactions for suspicious activity. Transactions that fail verification checks may be declined or subject to additional identity confirmation.

15. Access Controls & Internal Security

Access to customer data and booking systems is restricted to authorised VIP Melbourne Boat Charter personnel on a need-to-know basis. Our internal security practices include:

• Unique login credentials for all staff accessing customer records
• Password complexity and rotation requirements
• Two-factor authentication on critical accounts and platforms
• Regular review and revocation of access for departed staff
• Booking and customer data accessed only through encrypted, authenticated connections

16. Data Storage & Backup

Customer data is stored on secure, access-controlled systems. We maintain regular encrypted backups to protect against data loss. Backup data is stored separately from production systems and is subject to the same access controls.

We do not store full credit card numbers or CVV codes at any point — these are handled exclusively by our PCI-compliant payment gateway.

17. Live Chat & Chatbot Security

Our website uses a live chat and AI-assisted chatbot service (Zoho SalesIQ) to assist customers. Conversations are handled in accordance with Zoho’s privacy and security standards. We advise customers:

• Do not share full credit card numbers or passwords through the chat
• Our team will never ask for your card details via chat — all payment is processed through our secure checkout
• Chat transcripts may be retained for quality assurance and training purposes

18. Third-Party Platform Security

We use the following third-party platforms, each of which maintains their own security certifications:

• Rezdy (booking platform) — PCI DSS compliant booking and payment management
• Zoho SalesIQ (live chat) — ISO 27001 certified, SOC 2 Type II compliant
• Google Analytics — data processed in accordance with Google’s security and privacy standards
• Email marketing providers — compliant with the Australian Spam Act 2003

19. Data Breach Response

In the event of a suspected or confirmed data breach involving personal information likely to result in serious harm, we will:

• Contain and assess the breach as quickly as possible
• Notify affected individuals as required under the Notifiable Data Breaches (NDB) scheme
• Report the breach to the OAIC within 30 days as required by law
• Take remedial action to prevent recurrence

If you suspect your data has been compromised in connection with our services, please contact us immediately at [email protected] or call 0423 593 810.

20. Physical & On-Vessel Security

In addition to digital security, VIP Melbourne Boat Charter maintains physical security standards for our operations:

• Payment terminals and devices are kept secure and inspected for tampering
• Paper-based records containing personal information are stored securely and disposed of by secure shredding
• Boarding procedures include identity verification where required
• Our vessels are operated by licensed, professional skippers and comply with all Marine Safety Victoria requirements

21. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or Security Policy, please contact us:

For privacy complaints that we are unable to resolve to your satisfaction, you may contact the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001