Privacy Policy

Last updated: 19 June 2026

1. About this policy

This Privacy Policy explains how Winds of Hope Pty Ltd (ABN 17 616 816 052), a registered Australian company and registered Australian charity ("we", "us", "our"), collects, holds, uses, discloses and protects your personal information. We operate the Kilimanjaro climbs and this website (kilimanjaro.org.au).

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy describes how we handle personal information in accordance with those obligations. By using our website or booking a climb with us, you agree to the collection and handling of your personal information as set out in this policy.

2. What is personal and sensitive information

Personal information is information or an opinion about an identified, or reasonably identifiable, individual. Sensitive information is a subset of personal information that includes health and medical information. We will only collect sensitive information where it is reasonably necessary for our activities and, generally, with your consent (which you provide when you give us that information for your climb).

3. The personal information we collect

Depending on how you interact with us, we may collect:

  • Identity and contact details — name, date of birth, nationality, email address, phone number and postal address;
  • Travel and identity documents — passport details and visa information;
  • Emergency and next-of-kin contact details;
  • Health and medical information — your medical questionnaire responses, any medical documents you upload, dietary requirements and other special requirements relevant to your climb (sensitive information);
  • Booking information — the climbs and gear you book, payments and amounts owing;
  • Payment information — payments are processed by our payment provider (Stripe); we do not store your full card number, but we may hold limited transaction details such as the card type, the last digits of the card, a receipt URL and payment status;
  • Account information — your username, a securely hashed password and your activity within your account;
  • Communications — messages you send us (or your tour operator) and our responses; and
  • Technical information — your IP address, device and browser information, and how you use our website (see "Cookies and analytics" below).

4. How we collect personal information

We generally collect personal information directly from you — when you register an account, make a booking, complete forms (including the medical questionnaire), upload documents, make a payment, or contact us. Where someone makes a booking on your behalf (for example a group leader), we may receive your information from them. We may also collect technical information automatically when you visit our website.

5. Why we collect, hold, use and disclose your information

We collect, hold and use personal information to:

  • Provide and manage your climb, bookings, gear hire and account;
  • Arrange your climb with our tour operators, including ensuring your safety, dietary and medical needs are catered for;
  • Process payments and issue receipts;
  • Communicate with you about your booking, send reminders and respond to your enquiries;
  • Operate, secure and improve our website and services;
  • Send you marketing communications where permitted (see below); and
  • Comply with our legal obligations and manage our charitable activities.

If you do not provide the information we request, we may be unable to process your booking or provide our services.

6. Disclosure to third parties

We disclose personal information only where necessary, including to:

  • Tour operators — the local, KINAPA-registered operator running your climb (based in Tanzania) receives the climber information necessary to run the climb safely, including your name, special requirements and medical information, and, closer to departure, your contact and next-of-kin details. Operators do not receive your financial information, and your passport, visa and address details are not disclosed to them through our platform;
  • Service providers — our payment processor (Stripe), email and SMS providers, hosting and cloud-storage providers, and website-analytics providers, who handle information on our behalf;
  • Authorities and partners — relevant authorities, park services and accommodation/flight providers where required to deliver your climb; and
  • Legal and safety — where required or authorised by law, or to protect the safety of you or others.

We do not sell your personal information.

7. Sending information overseas

Some of the recipients above are located outside Australia. In particular:

  • Tanzania — your tour operator and ground crew; and
  • United States — certain technology providers (such as our payment, email and analytics providers) that store or process data on overseas servers.

Where we disclose personal information overseas, we take reasonable steps to ensure it is handled consistently with the Australian Privacy Principles, recognising that overseas recipients may be subject to different privacy laws.

8. Direct marketing

We may send you news and offers about our climbs where you have subscribed or where it is otherwise permitted. Every marketing email contains an unsubscribe link, and you can opt out at any time by contacting us. We will not use your sensitive information for direct marketing.

9. Cookies and website analytics

Our website uses cookies and similar technologies, and analytics tools (such as Google Analytics and Microsoft Clarity), to help us understand how the site is used and to improve it. You can disable cookies in your browser settings, although some features of the site may not work as intended.

10. Security and retention

We take reasonable steps to protect your personal information from misuse, interference, loss and unauthorised access, modification or disclosure — including secured storage, access controls and encrypted connections. Passwords are stored using one-way hashing and are never visible to us.

We keep personal information only for as long as it is needed for the purposes described in this policy or as required by law. In particular, we delete your passport and medical details within 7 days of the conclusion of your climb.

11. Accessing and correcting your information

You may access and update much of your information directly through your account. You can also ask us for access to the personal information we hold about you, or to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading, by contacting our Privacy Officer (below). We will respond within a reasonable period. If we decline a request, we will explain why and how you can complain.

12. Complaints

If you have a concern or complaint about how we have handled your personal information, please contact our Privacy Officer first so we can try to resolve it. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

13. Data breaches

If a data breach occurs that is likely to result in serious harm, we will respond in accordance with the Notifiable Data Breaches scheme under the Privacy Act, including notifying affected individuals and the OAIC where required.

14. Children and minors

You must be 18 or older to make a booking. Where a climb involves a minor, the booking and the provision of the minor's information must be made by a parent or legal guardian. We do not knowingly collect personal information from children directly.

15. Changes to this policy

We may update this Privacy Policy from time to time. The current version will always be available on this page, with the "last updated" date shown above.

16. Contact us

For privacy questions, requests or complaints, please contact our Privacy Officer:

Winds of Hope Pty Ltd (ABN 17 616 816 052)
Privacy Officer
P.O. Box 7319, Melbourne, Victoria 3004, Australia
Email: [email protected]