Skip to:
Wilderluxe
Outsiders Club
Wilderluxe
Outsiders Club
Cart (0)
Cart (0)
Alt text
Home/
Privacy Policy

Privacy Policy

Updated 18 September 2025

Reflections Holidays respects and values the privacy of its customers and for that reason we will only deal with your personal information as set out in our privacy policy. To download the full policy head here.

Policy statement

Reflections Holidays is committed to protecting the privacy and personal information of individuals who interact with our services, including guests, website visitors, competition participants, and marketing subscribers. We understand the importance of safeguarding personal data and are dedicated to handling it in a lawful, fair, and transparent manner in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and other relevant laws.

This Privacy Policy outlines how Reflections Holidays collects, uses, stores, and discloses personal information, as well as the rights individuals have in relation to their data. We aim to ensure that all individuals are informed about their privacy rights and how their information is managed across all our touchpoints.

Purpose

The purpose of this Privacy Policy is to outline Reflections Holidays’ approach to ensuring compliance with its legislative obligations in relation to the management of personal information. This Privacy Policy:

  • Clearly communicates how Reflections Holidays complies with the relevant legislation dealing with privacy in New South Wales;
  • Describes the personal information handling practices of Reflections Holidays to enhance the transparency of its operations;
  • Provides individuals with a better understanding of the type of personal information Reflections Holidays holds, and the way the organisation handles such information;
  • Provides details on how individuals can obtain more information or make a complaint in relation to Reflections Holidays handling their personal information.

Scope

This policy applies to all personal information collected by Reflections Holidays in connection with the provision of its products and services. This includes, but is not limited to:

  • Bookings and guest registrations at Reflections Holidays parks and reserves.
  • Website interactions and online service usage.
  • Customer service enquiries and feedback.
  • Participation in competitions, promotions, and surveys.
  • Subscription to marketing communications.
  • Use of mobile applications or digital platforms provided by Reflections Holidays.

This policy covers personal information collected through our physical locations, websites, mobile applications, third-party booking platforms, third party marketing data collection platforms, email, phone, or other means of communication.

This policy does not apply to personal information relating to employees, contractors, or job applicants, which is addressed in a separate Employee Privacy Policy or HR Privacy Notice.

Collection of personal information

Reflections Holidays collects personal information from guests, visitors, contractors, and members of the public, including by tracking website interactions through cookies each time the website is accessed. Personal information may also be obtained from other sources, such as when consent has been provided, or from an authorised agent or third party, for instance if an individual is visiting a park as part of a group.

The information collected will be for lawful purposes directly related to the function or activity of Reflections Holidays. Reflections Holidays will only collect information that is reasonably necessary for our lawful purposes.

If personal information is not provided to Reflections Holidays, it may not be possible to supply the requested services.

The type of personal information Reflections Holidays collects, includes but is not limited to:

  • Name, address and telephone number/s
  • Email address
  • Driver licence number and/or passport number
  • Vehicle details including registration, vehicle make and model
  • Financial information, including payment information (i.e. credit cards, PayPal and/or bank details)
  • Details of previous dealings
  • Social media preferences
  • Loyalty program details
  • Special needs or preferences (which could include health information).

Reflections Holidays will take all reasonable measures to ensure that each individual, providing personal information, is informed and understands the purpose of collecting the information and the consequences (if any) of providing incomplete or inaccurate information.

Personal information and how we will use it

5.1 Bookings and provision of services

Reflections Holidays collects personal information primarily to facilitate and manage guest access to its holiday parks and nature reserves. This information is essential for verifying bookings, processing payments, issuing confirmations and updates, and ensuring that each guest enjoys a secure, streamlined, and high-quality holiday experience. By necessity, certain personal information attached to a booking is retained to assist in the resolution of disputes, including the investigation and management of chargebacks related to a guest’s stay.

Reflections Holidays uses secure, PCI DSS-compliant third-party payment processors to handle all payment transactions. To facilitate future transactions—such as new bookings, booking modifications, cancellations, refunds, or incidentals—tokenised card information may be securely retained on file.

Tokenisation replaces your actual card details with a secure, non-sensitive identifier (token) that cannot be reverse-engineered to reveal your card number. Reflections Holidays does not store full card details, and the token can only be used within our authorised systems for approved purposes related to your booking or stay.

This approach enables convenience and added security, reducing the need for guests to re-enter card details while also minimising the risk of unauthorised access to payment information.

You may request the removal of your tokenised card details from our systems at any time, subject to any legal or operational obligations (e.g. pending transactions or refund processing).

5.2 Promotion and marketing

Personal information collected by Reflections Holidays may be used to identify and offer products, services, or experiences that are relevant to a guest’s preferences or interests. Such promotional activities may include personalised recommendations, targeted content, and special offers. For these purposes, we may use or disclose your personal information, including to third parties. Reflections Holidays will only use personal information for marketing purposes if the guest has provided explicit consent. All marketing communications will include a clear option to opt out, ensuring that individuals can withdraw from receiving further promotional material at any time.

Reflections Holidays utilises a cookie function on our website for ''remarketing" purposes to collect an individual’s personal information while they are using the website and for the purposes of tailoring advertisements to the individual, based on the sections of the website recently viewed by the individual.

5.3 Competitions

When a guest chooses to participate in a competition, Reflections Holidays may use and, where necessary, disclose personal information to third parties directly involved in the competition’s administration, fulfilment, or prize distribution. This use of information is limited to what is necessary for managing the competition and delivering the associated benefits or prizes. Guests will be informed of any such sharing of information at the time of entry and will have the option to decline participation.

Security of information

Reflections Holidays takes the security of personal information seriously and implements a range of measures to protect it from misuse, interference, loss, unauthorised access, modification, or disclosure.

6.1 Data security practices

We adopt industry-standard security protocols to protect personal information both in transit and at rest. These measures include, but are not limited to:

  • Secure Sockets Layer (SSL)/Transport Layer Security (TLS) encryption for all online transactions and communications.
  • Firewalls, intrusion detection systems, and role-based access controls.
  • Regular security monitoring, vulnerability assessments, and system audits.
  • Access controls and staff training to ensure only authorised personnel can access sensitive data.

6.2 Tokenised payment information

For payment transactions, Reflections Holidays uses secure, PCI DSS-compliant third-party payment gateways that implement tokenisation. This means that actual credit or debit card numbers are not stored or transmitted by Reflections Holidays. Instead, a secure, non-sensitive token is generated and stored to reference the card for future transactions (e.g., booking changes or refunds).

This tokenisation process ensures that sensitive payment details remain encrypted and inaccessible, reducing the risk of fraud or unauthorised use.

6.3 Third-party providers

Where personal or payment information is processed by third-party service providers (such as payment processors or booking systems), we ensure these partners meet strict data security and privacy requirements through contractual agreements and due diligence.

6.4 Data retention

We retain personal information only as long as it is necessary for the purposes it was collected, or as required by law. Tokenised payment references are retained only as needed for the management of bookings, refunds, chargebacks, and audit compliance.

Compliance with information protection principles

The Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act), outlines 12 Information Protection Principles (IPPs) as detailed in Sections 8 to 12 of the PPIP Act.

To support these principles, Reflections Holidays will:

7.1 Collection

  • Lawful: Only collect an individual's personal information for a lawful purpose. It must be needed for the agency's activities.
  • Direct: Collect the information from only the Individual, unless exemptions apply, including the exemptions contemplated at Part 4 of this Policy.
  • Open: Tell the individual that the information is being collected, why and who will be using it and storing it. The individual must be told how to access it and make sure it's correct.
  • Relevant: Make sure that an individual's personal information is relevant, accurate, current and non-excessive.

7.2 Storage

  • Secure: Store your personal information securely. It should not be kept longer than needed and disposed of properly.

7.3 Access and accuracy

  • Transparent: Provide you with details about the personal information they are storing, reasons why they are storing it and how you can access it if you wish to make sure it's correct.
  • Accessible: Allow you to access your personal information in a reasonable timeframe and without being costly.
  • Correct: Allow you to update, correct or amend your personal information when needed.

7.4 Use

  • Accurate: Make sure that your personal information is correct and relevant before using it.
  • Limited: Only use your personal information for the reason they collected it.

7.5 Disclosure

  • Restricted: Only release your information if you consented. An agency, however, may also release your information if it's for a related reason and can be reasonably assumed that you would not object. OR your information is needed to deal with a serious or impending threat to someone’s health and safety including your own.
  • Safeguarded: Reflections Holidays is committed to protecting sensitive information and will not collect, use, or disclose such information without your explicit consent, except in exceptional circumstances permitted by law. Sensitive information includes but is not limited to: racial or ethnic origin, religious or philosophical beliefs, sexual orientation, health information.
  • Reflections Holidays will only handle sensitive information where it is directly relevant and necessary for the purpose of providing services and where consent has been clearly obtained.
  • In rare and limited situations, sensitive information may be disclosed without consent if it is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health, or safety.

Website privacy notice

Reflections Holidays will ensure that a clear and accessible Privacy Notice is displayed on its website and any relevant digital platforms at the point of data collection. This notice will inform individuals about the nature of the personal information being collected, the purpose of collection, how the information will be used and disclosed, and how individuals can access or correct their information or make a complaint.

The Privacy Notice will be prominently linked or displayed wherever personal information is collected online, such as on booking pages, contact forms, competition entries, newsletter sign-ups, and feedback submissions. This ensures that individuals are adequately informed at the time their data is provided, in line with our obligations under applicable privacy laws.

Access to information

You may request access to your own personal information by sending a written request toprivacy.alert@reflectionsholiday.com.au

Personal information collected will not be disclosed to any other person or body unless Reflections Holidays is required or authorised by law.

Privacy reporting or breach of PPIP Act or HRIP Act

Individuals may raise concerns and complaints about the way in which Reflections Holidays has handled their personal information. A privacy complaint should be sent in written form to privacy.alert@reflectionsholiday.com.au

Where Reflections Holidays becomes aware of a breach, it will take appropriate steps to identify and address the breach. Reports of breaches or potential breaches should be sent in written form to privacy.alert@reflectionsholiday.com.au

Any questions? Get in touch