Privacy Policy

1. Scope of this policy
   This Privacy Policy applies only to Grey History’s tour operations, including enquiries, bookings, payments, trip administration, and delivery of multi day tours (Tour Services).

It does not apply to the Grey History podcast, podcast website content, podcast memberships, podcast newsletters, sponsorship activity, or any other non tour parts of the Grey History business. Those activities are covered by separate privacy information and terms presented in those channels.

2. Who we are and how to contact us
   Data controller for Tour Services:
   William Chase Clark, operating as Grey History
   ABN 60 228 206 314
   Address: 33 Adelaide Street, Surry Hills NSW 2010, Australia
   Email: Support@greyhistory.com
   Tour emergency contact (during travel): +44 7517 982 882

Privacy enquiries should be sent to Support@greyhistory.com with the subject line “Privacy”.

3. The information we collect
   We collect personal information that is reasonably necessary to provide the Tour Services. This may include:

3.1 Booking and identity information
Full name, date of birth, nationality, passport details (where required for suppliers), and booking reference details.
3.2 Contact information
Email address, phone number, and residential address.
3.3 Emergency contact information
Emergency contact name, relationship, and phone number.
3.4 Payment and transaction information
Amounts paid, currency, payment status, refunds, chargebacks, and receipts. We do not receive or store full card details. Payments are processed by our booking and payment platform and its payment providers.
3.5 Trip administration information
Rooming preferences, accessibility requirements, dietary requirements, allergies, and similar trip planning details.
3.6 Health and other sensitive information
You may choose to provide health information relevant to participation or safety (for example mobility limitations or allergy risk information). This may be sensitive information under Australian law and special category data under UK and EU data protection laws. We only collect it where you provide it and where it is reasonably necessary for Tour Services, safety, or legal compliance.
3.7 Communications
Emails, messages, complaint information, and your responses to pre departure questions.
3.8 Website and device information (tour pages)
If you use our tour webpages, we may collect information such as IP address, browser type, device identifiers, pages viewed, and approximate location inferred from IP address. We may use cookies and similar technologies for site functionality and analytics.

4. How we collect information
   We collect information:
   (a) directly from you when you enquire, book, complete forms, or communicate with us
   (b) via our booking and payment platform (for example booking details and payment status)
   (c) from suppliers where necessary to fulfil the Tour Services (for example confirmation that tickets were issued)
   (d) from publicly available sources where relevant to safety, fraud prevention, or legal compliance
5. Why we collect, use, and disclose your information
   We use personal information to:
   (a) respond to enquiries and administer bookings
   (b) process payments, refunds, and chargebacks
   (c) arrange and deliver the tour, including accommodation, transport, meals, guiding, and tickets
   (d) manage rooming, accessibility needs, dietary requirements, and safety planning
   (e) contact you with operational updates about your booking and the tour
   (f) provide assistance in an emergency
   (g) handle complaints, incidents, and insurance related matters
   (h) meet legal and regulatory obligations, including record keeping and tax obligations
   (i) prevent fraud, investigate misuse, and protect our rights and property
   (j) improve our tour operations, customer service, and tour webpages

Tour marketing
We may send you communications about Grey History tours (for example future departures or related tour announcements) where permitted by law. You can opt out at any time by using the unsubscribe option (where provided) or by emailing Support@greyhistory.com.

6. Lawful bases for processing (UK/EU where applicable)
   Where UK GDPR or EU GDPR applies to your personal data, we process it on the following lawful bases:
   (a) Contract: to take bookings, take payment, and deliver the tour
   (b) Legal obligation: to meet tax, accounting, regulatory, and safety obligations
   (c) Legitimate interests: to operate and improve Tour Services, prevent fraud, manage disputes, ensure network and information security, and communicate operational information
   (d) Consent: for marketing where required by law, and for special category data where required

Special category data
Where required by UK/EU law, we process health, dietary, and accessibility information on the basis of your explicit consent and/or where necessary for health and safety and the provision of Tour Services, as permitted by law. You can withdraw consent at any time, but this may affect our ability to safely provide Tour Services.

7. Who we share information with
   We share personal information only as needed for the purposes above, including with:

(a) Booking and payment platforms
Bookings are processed through our booking and payment platform (currently WeTravel) and its payment providers. They process personal data under their own privacy policies and security standards. We receive booking, contact, and payment status information needed to administer and deliver the tour, but we do not receive or store full payment card details.
(b) Tour suppliers and operators
Hotels, transport providers, guides, venues, ticketing providers, and restaurants, to the extent required to deliver the tour.
(c) Professional advisers
Insurers, lawyers, accountants, auditors, and other advisers where necessary.
(d) Authorities and emergency services
Where required by law, or to protect health and safety in an emergency.
(e) Business transfers
If we restructure, sell, or transfer the tour operations (in whole or part), your information may be disclosed to advisers and a prospective or new owner, subject to appropriate safeguards.

We do not sell personal information.

8. International transfers
   We are based in Australia and we use suppliers and service providers who may store or process information in Australia and other countries. This means your personal information may be transferred internationally.

Likely recipient locations include Australia, France (where tours operate), the United Kingdom, the United States (where some service providers are based), and any other country where our booking, communications, and cloud service providers operate.

Where UK or EU data protection laws apply, we take reasonable steps to implement appropriate safeguards for international transfers where required, such as contractual protections with service providers.

9. Retention of information
   We keep personal information only as long as necessary for the purposes in this policy, including to meet legal, accounting, taxation, and insurance requirements, and to establish, exercise, or defend legal claims. As a guide:

(a) Booking and payment records: generally 7 years
(b) Insurance, incident, and complaint records: generally 7 years after the matter is closed (or longer if required)
(c) Passport details (if collected): generally deleted within 90 days after the tour ends unless required by suppliers, insurance, or law
(d) Dietary, allergy, and health information: generally deleted within 90 days after the tour ends unless required for incident/insurance handling or legal claims
(e) Tour marketing lists: kept until you unsubscribe or ask us to delete your details, subject to legal requirements

10. Security
    We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Measures may include access controls, limited access permissions, reputable cloud services, and operational procedures. No method of transmission or storage is completely secure, but we apply safeguards appropriate to the nature of the information.
11. Data breaches
    If we become aware of a suspected or actual data breach, we will take reasonable steps to investigate and mitigate it. Where required by law, we will notify affected individuals and relevant regulators.
12. Your choices and rights

12.1 Access and correction (Australia)
You may request access to, or correction of, personal information we hold about you. We may need to verify your identity before responding. If we cannot provide access, we will explain why, subject to applicable law.

12.2 UK and EU rights (where applicable)
If UK GDPR or EU GDPR applies to your information, you may have rights including access, rectification, erasure, restriction, objection, portability, and the right to withdraw consent where processing is based on consent. Some rights are subject to limits and exceptions.

12.3 Opt out of marketing
You can opt out of tour marketing communications at any time.

To exercise your rights, email Support@greyhistory.com.

13. Cookies and analytics for tour webpages
    Our tour webpages may use cookies and similar technologies for basic functionality and to understand site usage (for example analytics provided by third party services). You can usually control cookies through your browser settings. Disabling cookies may affect site functionality.
14. Children
    Our tours are intended for adults. We do not knowingly collect personal information from children under 16 in connection with tour bookings.
15. Complaints
    If you have a privacy complaint, contact us at Support@greyhistory.com and include your name, booking reference (if applicable), and details of your complaint. We will acknowledge your complaint within 7 days and aim to respond substantively within 30 days.

If you are not satisfied:
(a) Australia: you may complain to the Office of the Australian Information Commissioner (OAIC)
(b) UK: you may complain to the Information Commissioner’s Office (ICO)
(c) EU: you may complain to your local data protection authority

16. Changes to this policy
    We may update this Privacy Policy from time to time. The updated version will be published on our tour privacy policy page with a revised “Last updated” date.