Privacy & Security Policy

1. Purpose

This Privacy & Security Policy establishes the framework and controls required to protect the confidentiality, integrity, and availability of all data managed by Sky High Trip. It applies to all employees, contractors, agents, and third-party service providers with access to our systems or sensitive data. Third-party systems are governed by their own policies and are not the responsibility of Sky High Trip.

2. Policy Statement

Sky High Trip is committed to maintaining robust security and privacy measures in alignment with legal obligations and industry standards. We secure all personal, operational, and financial data while ensuring that every stakeholder upholds their responsibilities.

3. Roles & Responsibilities

• Senior Management: Oversees policy enforcement, funding, and updates.
• IT & Security Teams: Implements firewalls, encryption, access controls, and conducts risk assessments.
• All Employees: Must follow security protocols, report incidents, and practice good password hygiene.
• Third-Party Vendors: Must meet our security standards and undergo regular assessments.

4. Cyber Security Measures

• Data Encryption: All sensitive data is encrypted in transit and at rest using industry-standard protocols.
• Access Controls: Role-based access, MFA for administrative access, and least privilege principles are enforced.
• Network Security: Firewalls, IDS, and anti-malware tools are actively maintained.
• Payment Processing: PCI-DSS compliant payment gateways protect all transactions.
• Third-Party Integrations: Security evaluations are mandatory before any external system connection.

5. Physical Security

• Access Control: Server and data center access is controlled via keycards and CCTV monitoring.
• Asset Protection: Devices must be locked when not in use and securely stored when unattended.

6. Security Awareness & Training

All employees undergo cybersecurity training, including phishing prevention and secure data handling. Refresher training is conducted annually. Security bulletins are issued regularly to share updates and new threats.

7. Incident Response & Breach Notification

An internal response team handles detection, containment, recovery, and analysis of security incidents. In case of a breach, affected individuals and regulatory bodies will be notified per Australian law. Every incident is reviewed to strengthen future responses.

8. Data Retention & Disposal

• Retention: Data is retained only as long as required by law or business needs.
• Disposal: Secure methods such as shredding, cryptographic erasure, or physical destruction are used.

9. Business Continuity & Disaster Recovery

• Continuity Planning: Core operations are supported through a robust continuity plan.
• Backups: Regular backups are stored in secure, geographically diverse locations and recovery processes are tested periodically.

10. Legal Compliance

Sky High Trip complies with the Australian Privacy Act 1988 and Australian Privacy Principles (APPs). Regular audits and third-party reviews help ensure ongoing compliance and risk mitigation.

11. Policy Review

This policy is reviewed annually or when major legal, technical, or business changes occur. Updates are communicated organization-wide and published to ensure transparency.

12. Contact for Security Matters

If you have questions or wish to report a security concern, please contact our IT Security Team:

Email: travel@skyhightrip.com

Phone: +61 (0) 489-240-002

Hours: 7 AM – 9 PM AEST or AEDT

13. Enforcement

Violations of this policy may lead to disciplinary actions, including access revocation, contract termination, or legal action. By adhering to this policy, we commit to securing our systems, customers, and operational integrity.