Privacy Policy (Australia)
Effective date: 15 Sep 2025
Last updated: 15 Sep 2025
Who we are
Wave Australia Intellectual Property Pty Ltd (ACN 690 399 038) (we, us, our) operates wave.boats (the Site) and related services. We manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
What this policy covers
This policy explains: the kinds of personal information we collect and how we collect and hold it; purposes of collection and use; disclosure (including overseas); security and retention; access and correction; complaints; and the APP 5 collection notices we display at or before collection.
1) Personal information we collect
- Identity & contact: name, email, phone, postal address.
- Account & transactions: profile, bookings/orders, payment method tokens (from payment processors), invoices/receipts.
- Usage & device: IP address, device/browser type, pages viewed, session times, referral source, app events and crash logs.
- Support & communications: messages you send us (forms, chat, email, support tickets), call notes.
- Operator information (if you apply to operate on our platform): business details (e.g., ABN/ACN), licensing/verification data, vessel information and documentation.
- Cookies/analytics and similar technologies (see section 5).
- Sensitive information: We generally do not seek sensitive information. If you voluntarily provide it (e.g., accessibility needs), we will handle it with your consent or as otherwise permitted by law.
2) Anonymity and pseudonymity (APP 2)
Where lawful and practicable, you may interact with us without identifying yourself (e.g., browsing the Site). Some services require identification (e.g., creating an account, making a booking, or operator verification).
3) How we collect personal information
- Directly from you: when you create an account, make a booking/purchase, submit a form, or contact support.
- Automatically: via cookies, pixels, SDKs, server logs and analytics when you use the Site/app.
- From third parties: payment providers, identity/verification services, sign-in providers, or partners where you have permitted sharing.
- Unsolicited information: If we receive personal information we did not request, we will assess whether we could have collected it lawfully. If not, we will destroy or de-identify it where reasonable and lawful (APP 4).
4) Why we collect and use personal information
We use personal information to: provide, operate and improve the Site and our services; create/manage accounts; process bookings, orders and payments; provide support; communicate service updates; personalise content and run analytics; verify operators and keep the platform safe; prevent/detect misuse, fraud or security incidents; and comply with legal obligations.
Direct marketing: We may send marketing (email/SMS/push) consistent with the Spam Act 2003 (Cth). You can opt out at any time using the unsubscribe link or by contacting us. We do not sell or trade your personal information.
5) Cookies, analytics and tracking technologies
We use cookies and similar technologies to operate the Site, remember preferences, and perform analytics/measurement. You can control cookies in your browser; some features may not work if cookies are disabled. If we use pixels or similar tech for direct marketing/retargeting, we will provide a simple, free opt-out.
6) Disclosing personal information
We may disclose personal information to:
- service providers (hosting/cloud/CDN, analytics, email/SMS, payment processing, identity/verification, customer support, security and fraud prevention);
- professional advisers (accountants, lawyers, auditors);
- regulators or law enforcement where required or authorised by law; and
- operators or partners where needed to fulfil your booking or service request.
Overseas disclosures (APP 8): Some recipients may be outside Australia. Where practicable, we identify likely countries below; otherwise, we will provide this on request. We take reasonable steps to ensure overseas recipients handle personal information in accordance with the APPs and acknowledge we may be accountable for their mishandling (s 16C).
7) How we hold and secure personal information
We take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure. Measures include access controls, encryption in transit, role-based permissions, logging/monitoring and staff confidentiality obligations. We host data with reputable cloud providers. No method is 100% secure; if a data breach occurs, see section 9.
8) Data quality, retention and destruction
We take reasonable steps to keep personal information accurate, up-to-date and complete. Please tell us if your details change. We retain personal information only as long as needed for our functions and activities or as required by law (e.g., tax/audit). When no longer required, we will destroy or de-identify it where reasonable and lawful.
9) Notifiable data breaches
If an eligible data breach occurs (likely to result in serious harm), we will promptly assess, and where required, notify affected individuals and the Office of the Australian Information Commissioner (OAIC), including recommended steps you should take.
10) Access and correction
You may request access to the personal information we hold about you, and correction if it is inaccurate, out-of-date, incomplete, irrelevant or misleading. We may need to verify your identity. We aim to respond within 30 days. If we refuse access or correction, we will provide reasons and how to complain.
11) Children
Our services are not directed to children under 16. If you are under 16, you should only use our services with a parent/guardian's consent.
12) Complaints
Please contact us first with any privacy concern or complaint. We aim to respond within 30 days. If you are not satisfied, you may contact the OAIC (www.oaic.gov.au) for guidance and complaint options.
13) Changes to this policy
We may update this policy to reflect operational or legal changes. The latest version will be posted here with an updated "Last updated" date. We will take reasonable steps to notify material changes.
14) APP 5 collection notices (how we notify you at or before collection)
We take reasonable steps to notify you of certain matters at or before we collect personal information (APP 5). Below are the short notices we use in common scenarios. Each notice links back to this policy for full details and tells you how to contact us, how to access/correct information, how to complain, the purposes of collection, usual disclosures (including overseas), and any consequences of not providing information.
14.1 Standard short notice for site forms (contact/enquiry)
Why we collect: We collect your name, email and message to respond to your enquiry and provide customer support.
If you don't provide it: We may be unable to respond.
Disclosures & overseas: We use service providers (e.g., email, hosting, support tools) and some may be located overseas (see Section 6 for likely countries).
More info: See our Privacy Policy for how to access/correct your information or make a complaint, or contact operations@wave.boats.
14.2 Account sign-up / booking checkout
Why we collect: We collect identity and contact details and account/transaction details to create your account, process your booking/purchase, prevent fraud, and provide support.
If you don't provide it: You cannot create an account or complete a booking/purchase.
Disclosures & overseas: Payment processors and cloud/hosting providers (some overseas—see Section 6).
More info: See our Privacy Policy or contact operations@wave.boats.
14.3 Marketing subscriptions (email/SMS/push)
Why we collect: We collect your contact details to send you news and promotions.
Opt-out: You can unsubscribe at any time (link in messages or contact us).
Disclosures & overseas: Email/SMS delivery platforms (some overseas—see Section 6).
More info: See our Privacy Policy or contact operations@wave.boats.
14.4 Operator applications / verification (if applicable)
Why we collect: We collect business identifiers (e.g., ABN/ACN), licensing/verification data and vessel information to assess and verify your application as a platform operator and for safety/compliance.
If you don't provide it: We cannot verify or onboard you as an operator.
Disclosures & overseas: Identity/verification services, cloud/hosting, and as required by law (some recipients may be overseas—see Section 6).
More info: See our Privacy Policy or contact operations@wave.boats.
14.5 Cookies/analytics and tracking
Why we collect: We use cookies/SDKs to operate the Site/app, remember preferences, and measure performance.
Choice: Control cookies in your browser; some features may not work if disabled.
Marketing tech: If we use pixels/SDKs for retargeting, we will provide a simple, free opt-out.
More info: See Sections 5–6 of our Privacy Policy.
15) Contact us
Email: operations@wave.boats
Postal: PO Box 449, Double Bay NSW 1360, Australia