Last Updated: October 2025
Who We Are
Our website address is: https://www.lighthorseadventures.com
Lighthorse Adventures is committed to protecting your privacy and personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Australian privacy laws.
Data Controller: Lighthorse Adventures
Contact: bookings@lighthorseadventures.com
Location: 2 Swamp Road, Glenorchy, Otago, 9372, New Zealand
What Personal Data We Collect and Why
Booking and Enquiry Forms
When you make a booking or enquiry through our website, we collect:
- Name and contact details (email, phone number)
- Booking preferences and special requirements
- Payment information (processed securely through our payment provider)
- Any medical or accessibility information you choose to share for safety purposes
Legal basis: Contract performance and legitimate business interests
Purpose: To process your booking, communicate with you, and ensure your safety during activities
Comments
When visitors leave comments on the site, we collect the data shown in the comments form, your IP address, and browser user agent string to help with spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Legal basis: Legitimate interests (spam prevention and community management)
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Newsletter Subscriptions
If you subscribe to our newsletter, we collect your email address and name. You can unsubscribe at any time using the link in every email we send.
Legal basis: Consent
Purpose: To send you updates, offers, and news about Lighthorse Adventures
Cookies
We use cookies to improve your experience on our website. Here’s what we use:
Essential Cookies:
- Session cookies to remember your preferences during your visit
- Login cookies (last for two days)
- Screen options cookies (last for one year)
Comment Cookies: If you leave a comment, you may opt-in to saving your name, email address, and website in cookies for your convenience. These last for one year.
Analytics Cookies: We use analytics tools (such as Google Analytics) to understand how visitors use our site. This helps us improve your experience. These cookies collect anonymized data about your visit, including pages viewed, time spent on site, and how you arrived at our website.
You can control cookie preferences through your browser settings. Blocking some cookies may impact your experience on our site.
Embedded Content from Other Websites
Articles on this site may include embedded content (e.g. videos from YouTube, Google Maps). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction if you have an account and are logged in to that website.
Who We Share Your Data With
We only share your personal data when necessary:
Payment Processors: To process your booking payments securely (e.g., Stripe, PayPal). They handle your payment information according to PCI-DSS standards.
Email Service Providers: To send you booking confirmations and newsletters (if subscribed).
Analytics Providers: Anonymized data is shared with Google Analytics to help us improve our website.
Legal Requirements: We may disclose your information if required by law or to protect our rights and safety.
We do not sell, rent, or trade your personal information to third parties.
International Data Transfers
Some of our service providers may be located outside Australia or the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.
How Long We Retain Your Data
Comments: If you leave a comment, the comment and its metadata are retained indefinitely. This allows us to recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
User Accounts: For users that register on our website, we store the personal information you provide in your user profile. You can see, edit, or delete your personal information at any time (except your username). Website administrators can also see and edit that information.
Booking Data: We retain booking and payment records for 7 years for accounting and legal purposes.
Marketing Data: If you subscribe to our newsletter, we retain your data until you unsubscribe.
Analytics Data: Anonymized analytics data is retained according to our analytics provider’s retention policy.
Your Rights Under GDPR
You have the following rights regarding your personal data:
Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data (except where we have legal obligations to retain it).
Right to Restrict Processing: Request that we limit how we use your data.
Right to Data Portability: Receive your data in a structured, commonly used format.
Right to Object: Object to processing based on legitimate interests.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.
Right to Lodge a Complaint: You can complain to your local data protection authority if you believe we’ve mishandled your data.
To exercise any of these rights, please contact us at [your email address].
Where We Send Your Data
Visitor comments may be checked through an automated spam detection service (Akismet). This helps us maintain a safe and welcoming community space.
How We Protect Your Data
We take data security seriously and implement appropriate technical and organizational measures:
- SSL encryption for data transmission
- Secure password protection for user accounts
- Regular security updates and backups
- Limited access to personal data (only authorized staff)
- Secure payment processing through PCI-DSS compliant providers
Data Breach Procedures
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours
- Inform affected individuals without undue delay
- Take immediate steps to contain and remedy the breach
- Document the breach and our response
Automated Decision Making and Profiling
We do not use automated decision-making or profiling that would have legal or similarly significant effects on you.
Third-Party Data Sources
We only collect data that you provide directly to us. We do not purchase or receive personal data from third-party data brokers.
Children’s Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting a notice on our website or sending you an email.
Contact Us
If you have any questions about this privacy policy or how we handle your personal data, please contact us:
Email: bookings@lighthorseadventures.com
Phone: +64 21 766 437
Address: 2 Swamp Road, Glenorchy, Otago, 9372, New Zealand
For GDPR-related enquiries, you can also contact our data protection representative at [email address].
This privacy policy was last updated on October 2, 2025.