Close icon

Privacy Policy - Australia

Last updated: 09 June 2026
Sky Pay Group Pty Ltd (ACN 621 979 431) trading as Paylater Travel is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information. We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au This policy (together with our Terms & Conditions and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By using Paylater Travel (“our Website/Site”) you are accepting and consenting to the practices described in this policy.

1. Personal Information

a. Personal Information means any information from which your identity is apparent or can be reasonably ascertained.

b. Sensitive information is a subset of Personal Information that is given a higher level of protection under the Privacy Act. It includes information about your health, religious beliefs, racial or ethnic origin, and certain other categories. We only collect sensitive information where it is reasonably necessary for, or directly related to, one or more of our functions or activities and with your consent (which may be implied where you voluntarily provide the information in the course of a booking, for example, a meal preference indicating a religious belief or health condition), unless we are otherwise required or authorised by law to collect it.

c. Where it is lawful and practicable to do so, you may interact with us anonymously or by using a pseudonym. In most cases (including where you make a booking), we will need to know your identity in order to provide our services to you, verify payments, and comply with our legal obligations.

2. Purposes

a. We may collect personal information including your name, age, gender, username, e-mail address contact details, residential address, date of birth, geographic location, passport information, credit card information, details of products or services you have purchased, payment details as well as details of your interactions with us.

b. Your data may be used for the following purposes:

i. In the course of providing you with the Services or access to the Website, we will be collecting, using, disclosing, storing and/or processing data, including your personal data.

ii. To communicate with you regarding your bookings, including sending you booking confirmations, changes in bookings, availability of services, and force majeure circumstances.

iii. To respond to your queries, feedback, claims or disputes, whether directly or through our outsourced customer service agents.

iv. Payment card verification and screening; processing payment information for accounting, billing and audit purposes; and detecting or preventing fraudulent activities. For the avoidance of doubt, Pay Later Travel is not a credit provider and does not provide credit; we receive your payment for travel services in instalments before the date of travel.

v. To compare information, and verify with third parties in order to ensure that the information is accurate.

vi. To ascertain your identity for fraud detection purposes.

vii. To administer your account (if any) with us.

viii. To verify and carry out financial transactions in relation to payments you make online.

ix. To improve the layout or content of the pages of the Website and customize them for users.

x. To carry out research on our users’ demographics and behaviour.

xi. To provide you with information we think you may find useful or which you have requested from us, including information about our or third party sellers’ products and services, provided you have indicated that you have not objected to being contacted for these purposes.

xii. To display your name, username or profile on the Website.

xiii. To process any complaints, feedback, enforcement action and take-down requests in relation to any content you have uploaded to the Website.

xiv. To derive further attributes relating to you based on personal data provided by you (whether to us or third parties), in order to provide you with more targeted and/or relevant information.

xv. Administrative or legal purposes: we use your data for statistical and marketing analysis, systems testing, customer surveys, maintenance and development, or in order to deal with a dispute or claim. We may perform data profiling based on the data we collect from you for statistical and marketing analysis purposes, but only with your prior consent, and by making best endeavours to ensure that all data it is based on is accurate. By providing any personal data you explicitly agree that we may use it to perform profiling activities in accordance with this privacy policy.

xvi. Security, administrative, crime prevention/detection: we may pass your information to government authorities or enforcement bodies for compliance with legal requirements.

xvii. Customer service communications: we use your data to manage our relationship with you as our customer and to improve our services and enhance your experience with us.

xviii. Provide tailored services: we use your data to provide information we believe is of interest to you, prior to, during, and after your interactions with us, and to personalise the services we oPer to you, such as special oPers.

c. Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:

i. Technical information, including the Internet protocol (“IP”) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.

ii. Information about your visit, including the full Uniform Resource Locators (“URL”) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

d. Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.

e. We will ordinarily provide you with an explanation as to why we are collecting your personal information at the time that we collect it. Sometimes, we are required by law to collect your personal information, for example, to comply with our legislative or legal obligations. While there may be some circumstances where it will be possible for you to interact with us on an anonymous basis or using an alias, these are rare and we will generally need to know who you are in order to comply with our legal obligations and to assist you.

f. We will only process your personal data where we have a legal basis to do so, which will depend on the reasons for which we have collected and need to use your personal data.

g. In most cases, we will need to process your personal data so that we can enter into our contract and fulfil the provision or delivery of goods or services to you.

h. We will not retain your data for longer than is necessary to fulfil the purpose for which it is being processed. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it, and whether we can achieve those purposes through other means.

i. The retention period varies depending on the type of information and the purpose for which it was collected. In general, we retain:

  • Booking and transaction records: for 7 years from the date of the booking, to comply with our taxation, accounting and audit obligations.
  • Identity verification records: for 7 years from the end of our customer relationship, to comply with our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) where applicable.
  • Customer service and dispute records: for 7 years from the date of the relevant interaction or resolution of the dispute, to manage and respond to any subsequent claims or queries.
  • Marketing preferences and unsubscribe records: for as long as the relevant marketing list is maintained, to ensure we honour your opt-out.
  • Website analytics and cookie data: typically for 12 to 24 months, depending on the type of cookie. Where personal information is no longer needed for any of these purposes (and we are not required to retain it by law), we will take reasonable steps to destroy or de-identify it.

3. Disclosure

a. We do not disclose personal information to third parties unless we are permitted or required to do so by law, or if you have given us your consent to do so.

b. We may share your personal data with the following third parties for the purpose described in this privacy policy:

i. Government authorities, law enforcement bodies and regulators for compliance with legal requirements.

ii. Other companies, contractors or agents to provide services to you including delivery, marketing, or marketing platform providers, communications, legal services, debt collection, administration services, customer services, information technology providers, credit card or other payment methods to conduct transactions.

iii. Credit and debit card companies which facilitate your payments to us, and for anti-fraud screening, which may need information about your method of payment to process payment or ensure the security of your payment transaction. Before entering your personal details we suggest that you read and become familiar with the privacy policy for any such third-party provider.

iv. Legal and other professional advisers, law courts and law enforcement bodies in countries in which we operate, in order to enforce our legal rights in relation to our
contract with you.

c. We store your personal information in Australia. Where we disclose your personal information to third parties, those third parties may store, transfer or access personal information outside of Australia, including but not limited to, USA, UK, Canada and Philippines. In addition, as an online travel service, we necessarily disclose your personal information to overseas airlines, accommodation providers, tour operators and other travel suppliers in the destination country of your booking, in order to facilitate that booking. Before disclosing your personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the Australian Privacy Principles in relation to your information. These steps typically include contractual data protection obligations equivalent to the APPs. You acknowledge that, where you make a booking to a destination country, we may not be able to take such steps in respect of the airline, hotel or other supplier in that country, and you consent to that disclosure. By providing your information for a booking, you agree to your information being disclosed overseas for that purpose.

4. Cookies

a. The website uses cookies to help keep track of items you put into your shopping cart including when you have abandoned your cart and this information is used to determine when to send cart reminder messages via SMS.

b. We may collect data from other sources which may not always be obvious, such as through the use of “cookies”. We may also gather information from both online and offline data providers. This information could include internet browsing behaviour, demographic data or interest-based data.

c. Cookies are a small text file placed on your computer by our website provider. We use cookies when you visit our website so we can improve your user experience. To opt-out of cookies, you can alter the settings on your internet browser to accept or reject a website from using cookies. This may affect the functionality of the website. Some third parties may use cookies and other technologies. We recommend that you read their privacy policies or policies relating to the use
of cookies and technology.

5. Choice OR opt-out

a. We give you the choice regarding the collection and usage of your personally identifiable information. Again, you don't need to register to access and use our Site. You may, therefore, choose to opt-out of providing such information.

b. Further, once you are registered at the site, you will have the option at any stage to inform us that you no longer wish to receive future e-mails and you may "unsubscribe" by contacting on support@paylatertravel.com.

6. Third-Party Links

a. Our Website may contain links to external websites. Please be aware that we are not responsible for the privacy practices of such other sites. When you go to other websites from here, we advise you to be aware and read their privacy policy.

7. Text Marketing

a. By entering your phone number in the checkout and initialising a purchase of our products or services, you agree that we may send you text notifications (for your order, including, without limitation, abandoned cart reminders) and text marketing oPers (collectively, “Text Marketing”). We will not exceed two (2) Text Marketing messages per month. You can unsubscribe from further Text Marketing by replying STOP. Message and data rates may apply.

b. We will only use information you provide through the Site to transmit the Text Marketing and respond to you, if necessary. This includes, but is not limited to, sharing information with platform providers, phone companies, and other vendors who assist us in the delivery of Text Marketing. WE DO NOT SELL, RENT, LOAN, TRADE, LEASE, OR OTHERWISE TRANSFER FOR PROFIT ANY PHONE NUMBERS OR CUSTOMER INFORMATION COLLECTED THROUGH THE SITE TO ANY THIRD PARTY. Nonetheless, we reserve the right at all times to disclose any information as necessary to satisfy any law, regulation or governmental request, to avoid liability, or to protect our rights or property.

8. Direct Marketing and the Spam Act 2003 (Cth)

a. The Spam Act 2003 (Cth) regulates the sending of commercial electronic messages in Australia. We will only send you commercial electronic messages where we have your consent (which may be express or inferred from your relationship with us). Every commercial electronic message we send will identify Paylater Travel as the sender and include a functional unsubscribe facility. You can unsubscribe from our marketing communications at any time using the unsubscribe link in the message or by contacting us using the details in clause 11.

9. Access and Correction of Information

a. You may request access to Personal Information about you that we hold and you may ask us to correct your Personal Information if you find that it is not accurate, up-to-date or complete. You may also make a complaint about our handling of your Personal Information.

b. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly completely unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

c. To protect your privacy and the privacy of others, we will need evidence of your identity before we can grant you access to information about you or change it.

10. Report of Data Breaches

a. Under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act, where there has been unauthorised access to, unauthorised disclosure of, or loss of, personal information we hold, and the breach is likely to result in serious harm to one or more affected individuals, we are required to notify those individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.

b. An eligible data breach occurs where there has been unauthorised access to, unauthorised disclosure of, or loss of, personal information we hold, in circumstances where a reasonable person would conclude that the breach would likely result in serious harm to one or more affected individuals.

c. If you or someone you know suspect there has been a data breach, please contact us so we can assess.

d. Where an eligible data breach occurs, we will notify affected individuals as soon as practicable. If it is not practicable to notify each affected individual directly, we will publish a statement on our website and take reasonable steps to publicise the contents of that statement.

11. Automated Decision-Making

We use computer programs (including automated systems and machine learning) to make, or substantially assist in making, some decisions about you in the course of providing our services. The kinds of personal information used by these systems include your identity information, transaction information, payment information, location and device information, and information from third-party verification and fraud-prevention providers. The kinds of decisions that are made by automated systems, or to which automated systems substantially contribute, include: (a) verifying your identity; (b) detecting, investigating and preventing fraud, money laundering and other suspected illegal activity; (c) screening payments; (d) tailoring marketing communications and special offers that may be of interest to you; and (e) selecting which messages or notifications you receive in connection with your booking. Where an automated decision could reasonably be expected to significantly affect your rights or interests (for example, a decision to decline a transaction or to suspend an account on suspicion of fraud), our processes provide for human review on request. You may contact us using the details in clause 13 to request a review of any such decision.

12. Children

Our services are not directed at children under 18, and you must be at least 18 years of age to use them. We do not knowingly collect personal information directly from children. Where a child is a passenger on a booking made by an adult, the adult booking customer warrants that they have the appropriate authority to provide that child’s personal information to us, and consents on the child’s behalf to our handling of that information in accordance with this policy.

13. Contact Us

a. If you have any concerns please regarding your privacy or wish to discuss this policy, please contact us at support@paylatertravel.com

b. If you wish to make a complaint about how we have handled your personal information, please send the complaint in writing to support@paylatertravel.com, marking it for the attention of the Privacy Officer. We will acknowledge your complaint within 7 days of receipt and aim to provide a substantive response within 30 days. We may need to contact you for further information in order to investigate your complaint.

c. If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Mail: GPO Box 5288, Sydney NSW 2001

d. We may update this Privacy Policy from time to time to take into account changes in our practices for the handling of personal information. We do so by publishing amended Privacy Policies on our website. You should regularly review the most recent version available online. You can contact us if you have difficulties accessing our policy.