Legal
Privacy Policy
How we collect, use and protect your personal information.
Last updated: pending legal review
DRAFT — review with a lawyer before launch. This is draft copy, provided so the site is complete and the URL resolves; the wording below has not been reviewed or approved by a lawyer and must be checked before launch.
This Privacy Policy describes how Archery Attack Pty Ltd ("Archery Attack", "we", "us" or "our") handles personal information when you visit our website, contact us, or book and take part in an Arrow Tag session. We aim to comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth). By using our website or services, you consent to the practices set out below. This is a plain-English summary, not legal advice.
Information we collect
Details you provide when you enquire or book: your name, email address, phone number, the size and make-up of your group, your chosen date and package, and any notes or special requests you send us.
Waiver and participant information needed to let people play safely. Where a participant is under 18, this includes information a parent or guardian provides and the guardian's consent on the minor's behalf.
Payment details when you pay online. Card payments are processed by our payment provider, Stripe; we receive a confirmation and limited transaction data (such as the amount and a reference) but we do not collect or store your full card number on our systems.
Information collected automatically as you browse — for example your IP address, device and browser type, and the pages you view — using cookies and similar technologies (see "Cookies and analytics" below).
How we use your information
To create and manage your booking, take payment, and send you booking confirmations, pre-session reminders (by email and, where you have given a mobile number, SMS), abandoned-booking reminders and post-visit review requests.
To run your session safely, including managing waivers, safety briefings, staffing and any access or group requirements you tell us about.
To respond to your enquiries and provide customer support, to keep records we are required to keep, and to protect against fraud or misuse of our site.
To send you occasional news, offers or updates about Archery Attack where the law allows — you can opt out at any time using the unsubscribe link or by contacting us.
How payments are handled (Stripe)
Online card payments are processed securely by Stripe. When you pay, your card details are collected and handled by Stripe under its own terms and privacy policy, not by us. We recommend reviewing Stripe's privacy policy to understand how it processes your information.
Sharing your information
We share personal information only with service providers who help us operate — for example our payment provider (Stripe), our email and SMS delivery providers, and our hosting and analytics providers — and only so they can perform those services for us.
We may also disclose information where we are required or permitted to by law, or to protect our rights, safety or property and that of others. We do not sell your personal information.
Cookies and analytics
We use cookies and similar technologies to keep the site working (for example to remember your booking session), to understand how the site is used, and to improve it. You can control or block cookies through your browser settings, but some features may not work properly if you do.
Data security and retention
We take reasonable technical and organisational steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure. No system is completely secure, so we cannot guarantee absolute security.
We keep personal information only for as long as we need it for the purposes described above, or for as long as the law requires (for example, for tax and financial records), after which we take reasonable steps to delete or de-identify it.
Children's privacy
Bookings and waivers are made by adults. Where a session involves participants under 18, a parent or guardian provides their information and consent. We do not knowingly collect personal information directly from children without that guardian involvement.
Your rights and how to contact us
You may ask us for access to the personal information we hold about you, ask us to correct it if it is inaccurate, and ask questions about how we handle it. You may also make a privacy complaint, which we will respond to within a reasonable time.
To make a request or raise a concern, contact us using the details on our contact page. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).
Changes to this policy
We may update this Privacy Policy from time to time. The version published on this page is the current one, and significant changes will be reflected by an updated effective date.