Privacy Policy

Last updated: April 2026

Who we are

PASSIA Travel is operated as a sole trader business (ABN 79 351 805 697). Our website is passia.co. In this policy, "we", "us", and "our" refers to PASSIA Travel.

We take your privacy seriously. This policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.

This policy complies with the Australian Privacy Act 1988 (including the Australian Privacy Principles) and, where applicable, the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

What data we collect

Information you provide directly:

  • Name and email address (when joining our waitlist, completing our survey, or making a purchase)
  • Shipping address and payment information (when placing an order)
  • Survey responses and product preferences
  • Any information you provide when contacting us

Information collected automatically:

  • IP address and browser type
  • Pages visited and time spent on our website
  • Referring website
  • Device type and operating system
  • Cookie identifiers and browsing behaviour on our site

Information from third parties:

  • If you interact with our social media advertising, Meta (Facebook/Instagram) may share data with us via the Meta Pixel in accordance with their own privacy policy
  • Google Analytics 4 and Google Ads may share aggregated and anonymised data about how users find and interact with our website

How we collect data

We collect data through:

  • Our Shopify-powered website (passia.co), which uses Shopify's own data infrastructure
  • Our email marketing platform, Mailchimp, when you subscribe or submit a form
  • Google Analytics 4, installed on our website to understand traffic and user behaviour
  • Microsoft Clarity, installed on our website to record anonymised session behaviour and heatmaps
  • The Meta Pixel (Facebook/Instagram), installed on our website for advertising and audience building purposes
  • Google Ads remarketing tags, used to show relevant advertising to previous website visitors
  • Cookies and similar tracking technologies (see our Cookie Policy below)

Why we collect data and our legal basis

Australia (Privacy Act 1988):

We collect personal information only where it is reasonably necessary for our business functions. The primary purposes are:

  • Processing and fulfilling orders
  • Communicating with you about your order or enquiry
  • Sending marketing communications where you have opted in
  • Improving our products and website
  • Complying with legal obligations

UK and EU (UK GDPR / EU GDPR):

Where GDPR applies, our legal bases for processing are as follows:

  • Processing orders and fulfilment: Contract performance
  • Responding to enquiries: Legitimate interests
  • Sending marketing emails: Consent
  • Analytics and website improvement: Legitimate interests
  • Advertising and remarketing: Consent (via cookie consent tool)
  • Legal compliance: Legal obligation

Cookies and tracking technologies

Our website uses cookies and similar tracking technologies. A cookie is a small file stored on your device that helps us recognise you and understand how you use our site.

We use the following types of cookies:

  • Strictly necessary cookies: Required for the website to function. These cannot be disabled.
  • Analytics cookies: Google Analytics 4 and Microsoft Clarity use cookies to collect anonymised information about how visitors use our site. This helps us improve our website and content. These cookies do not identify you personally.
  • Marketing and advertising cookies: The Meta Pixel and Google Ads remarketing tags use cookies to track your visits to our site and show you relevant advertising on other platforms. These cookies link your visit to your social media or Google profile.
  • Functional cookies: Shopify uses cookies to maintain your shopping session, remember your cart, and process your order.

You can manage your cookie preferences using the cookie consent tool on our website. You can also control cookies through your browser settings, though disabling certain cookies may affect website functionality.

How we share your data

We do not sell your personal data. We share data only with the following third parties where necessary to operate our business:

  • Shopify: Our ecommerce platform, which stores order and customer data. Shopify is GDPR compliant.
  • Mailchimp: Our email marketing platform, which stores subscriber data and email preferences. Mailchimp is GDPR compliant.
  • Google: For analytics (Google Analytics 4) and advertising (Google Ads). Data may be processed in the United States under Google's standard contractual clauses.
  • Meta (Facebook/Instagram): For advertising and remarketing via the Meta Pixel. Data may be processed in the United States under Meta's standard contractual clauses.
  • Microsoft: For session recording and heatmap analytics via Microsoft Clarity. Data may be processed in the United States.
  • Payment processors: Shopify Payments or Stripe process payment data. We do not store full card details.

All third-party processors are required to handle your data in accordance with applicable privacy laws.

International data transfers

As a business operating across Australia and the UK, and using US-based technology platforms, your data may be transferred internationally. Where data is transferred outside Australia or the UK, we ensure appropriate safeguards are in place, including standard contractual clauses where required under GDPR.

How long we keep your data

  • Order data: 7 years for tax and legal compliance purposes
  • Email marketing data: Until you unsubscribe or request deletion
  • Survey data: Up to 3 years for product development purposes
  • Analytics data: As determined by the relevant platform's retention settings (typically 14 months for Google Analytics)
  • Cookie data: As set by each cookie, typically between session-only and 2 years

Your rights

Australian residents have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Make a complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

UK and EU residents have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data (right to be forgotten)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk (UK) or your local data protection authority (EU)

To exercise any of these rights, contact us at hello@passia.co. We will respond within 30 days.

Children's privacy

Our website and products are not directed at children under the age of 16. We do not knowingly collect personal data from children.

Changes to this policy

We may update this policy from time to time. When we do, we will update the date at the top of this page. Where changes are material, we will notify subscribers by email.

Contact

For privacy enquiries: hello@passia.co