Picnic Island

Privacy Policy


Last Updated: 23 April 2026

Picnic Island (TAS) Pty Ltd (ABN: 19 683 817 290) trading as Picnic Island ("we", "us", "our", or "Picnic Island") is committed to protecting your privacy. This policy explains how we collect, hold, use, and disclose your personal information when you interact with our website (https://picnicisland.com.au).

We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you are visiting from the European Economic Area, please note that this policy is designed to be consistent with the General Data Protection Regulation (GDPR) to the extent reasonably practicable, although we do not use a separate cookie consent banner.

1. What Personal Information We Collect

We collect information from you in three ways: (1) information you provide directly; (2) information we collect automatically through tracking technologies; and (3) information we receive from third-party service providers.

1.1 Information You Provide Directly

Contact Form: When you use our contact form, we may collect your name, email address, phone number, and any other details you choose to include in your message. This information is stored securely and is used solely to respond to your enquiry. We do not share this information with any third parties for marketing purposes.

Booking Information (Little Hotelier): When you make a reservation through our booking system, your information (including name, email address, phone number, billing address, payment details, and any special requests) is collected directly by Little Hotelier, a product of SiteMinder Limited. This data is necessary to complete your booking and process your payment. You can view their most up-to-date privacy policy at https://www.littlehotelier.com/privacy-policy/. Their data security policies are available at https://www.littlehotelier.com/data-security/.

1.2 Information We Collect Automatically

Device & Usage Data (Google Analytics & Meta Pixel): When you browse our website, Google Analytics and the Meta (Facebook) Pixel may automatically collect your IP address (in anonymised form), browser type and version, time zone setting, operating system, device identifiers, pages visited, time spent on pages, clicks, scrolling behaviour, and the website that referred you to us. We have reduced the precision of this tracking and use the data only for internal purposes, such as improving our website and measuring the effectiveness of our advertising.

Accessibility Preferences (Ally Accessibility): Our Ally Accessibility plugin may store your accessibility preferences (e.g., font size, colour contrast settings) locally in your browser. This information is not shared with us or any third party; it remains on your device to remember your settings for future visits.

Booking Cookies (Little Hotelier): The Little Hotelier booking engine places essential cookies on your device to facilitate the booking process and manage your session. These are strictly necessary for the functionality of the booking form. You can disable these cookies in your browser settings, but doing so will prevent you from making online bookings.

1.3 Information We Do Not Collect

  • Sensitive Information: We do not intentionally collect sensitive information such as health data, political opinions, or biometric information. Please do not submit such information via our contact form.

2. How We Use Your Information

We collect and use your personal information for the following purposes:

  • To respond to your enquiries: Information submitted via our contact form is used to answer your questions and provide customer support.

  • To process your accommodation booking: Your booking data is used by Little Hotelier to confirm your reservation, process payment, and communicate with you about your stay. This is necessary for the performance of our contract with you.

  • To analyse website traffic and improve our site: Google Analytics helps us understand how visitors interact with our website, which pages are most popular, and how we can enhance the user experience.

  • To measure advertising effectiveness: The Meta Pixel helps us track the performance of our advertising campaigns on Facebook and Instagram, including conversion tracking and remarketing.

  • To store your accessibility preferences: The Ally Accessibility plugin remembers your chosen settings to provide an inclusive user experience across visits.

  • To comply with legal obligations: We may process your information to comply with applicable laws, regulations, or legal requests.

We do not sell, trade, or otherwise transfer your personal information to outside parties for their own marketing purposes.

3. Third-Party Service Providers

We use the following third-party services to operate our website and provide our services:

Website Analytics – Google Analytics (Google LLC): Collects anonymised data about website usage and traffic sources. Google Analytics used on our website does not pass any information onto third parties unless required to do so by law. For more information, please see the Google Privacy Policy.

Advertising & Conversion Tracking – Meta Platforms, Inc. (Facebook Pixel): Tracks conversions and measures the effectiveness of our advertising campaigns. For more information, please see the Facebook Privacy Policy.

Online Booking & Payment Processing – SiteMinder Limited (Little Hotelier): Processes reservations, stores guest profiles, and handles payment information. Little Hotelier holds PCI DSS Level 1 Service Provider Certification, the highest possible level of payment security. For more information, please see the Little Hotelier Privacy Policy.

Contact Form Storage – Secure Server (Hosting Provider): Stores form submissions on our secure server. We retain this data for one (1) year from the date of submission, after which it is automatically deleted. You may request earlier deletion by contacting us.

Accessibility Plugin – Ally: Stores user accessibility preferences locally on the user's device. No personal data is transmitted to our server or any third party.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. For the purposes of the Australian Privacy Act 1988 (Cth), we are the data controller, and you have the right to access and correct your personal information held by us.

4. Data Storage, Security & Retention

4.1 Where Your Data Is Stored

  • Contact Form Data: Stored on our secure servers, which are located in Australia. Our hosting provider maintains industry-standard security measures.

  • Booking Data: Stored on Little Hotelier's servers, which are operated by SiteMinder Limited. SiteMinder is headquartered in Australia (Millers Point, NSW) and holds PCI DSS Level 1 Service Provider Certification.

  • Analytics & Pixel Data: Processed by Google and Meta servers, which may be located outside Australia (including the United States and Ireland).

4.2 Security Measures

We take reasonable steps to protect your information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our website uses SSL/HTTPS encryption throughout, and we maintain a firewall and security plugin on our website installation. We also conduct regular, ongoing reviews of the tracking technologies deployed on our website to ensure their use remains appropriate and complies with privacy obligations.

4.3 Data Retention

  • Contact Form Data: We retain contact form entries for one (1) year from the date of submission. After this period, entries are automatically deleted from our database. You may also request earlier deletion (see Section 6).

  • Booking Data: Retained by Little Hotelier for as long as necessary to fulfil your booking and comply with legal obligations. Little Hotelier creates a guest profile for each customer, which can be deleted upon request to comply with data protection laws.

  • Analytics Data: Google Analytics retains data for 26 months before automatic deletion.

  • Marketing Data: Meta Pixel data is retained in accordance with Meta's data retention policies.

5. Cookies & Tracking Technologies

We use the following cookies and similar technologies on our website. For more information about cookies and how to manage them, please refer to your browser settings.

Google Analytics Cookies (_ga, _gid, _gat)

  • Purpose: To distinguish unique users and throttle request rates. These cookies help us understand how visitors interact with our website.

  • Duration: _ga persists for 2 years; _gid persists for 24 hours.

  • Data collected: Anonymised IP address, page visits, time spent, browser type.

  • Opt-out: You can install the Google Analytics Opt-out Browser Add-on or disable cookies in your browser.

Meta (Facebook) Pixel Cookie (_fbp)

  • Purpose: To deliver, measure, and improve the relevance of our advertising on Facebook and Instagram. The pixel tracks conversions, builds audiences for remarketing, and analyses campaign performance.

  • Duration: 90 days (or until cleared by the user).

  • Data collected: Browser information, page views, conversion events (e.g., completed booking). No personally identifiable information is passed to Meta unless you are already logged into your Facebook account.

Ally Accessibility Cookie

  • Purpose: To store your accessibility preferences (e.g., font size, colour contrast, underline links) locally on your device so that your settings persist across visits.

  • Duration: Persistent (until you clear your browser cache or change your preferences).

  • Data collected: User interface preference settings only. No personal data is transmitted to our server or any third party.

Little Hotelier (Booking Engine) Cookies

  • Purpose: Essential for the operation of the booking form. These cookies manage your session during the booking process, remember your selections, and enable secure payment processing.

  • Duration: Session cookies (deleted when you close your browser) plus persistent cookies for functionality.

  • Data collected: Booking session information, payment tokenisation data. You can disable these cookies in your browser, but you will not then be able to make online bookings.

Managing Your Cookie Preferences

Most web browsers allow you to control cookies through their settings. You can:

  • Block all cookies: Set your browser to refuse all cookies. However, some parts of our website (including the booking form) may not function properly.

  • Delete existing cookies: Use your browser's privacy or history settings to clear cookies.

  • Use private browsing mode: This prevents persistent cookies from being stored after you close your browser.

Because we do not use a cookie consent banner for analytics (as permitted under Australian law for non-essential cookies used for internal purposes with clear disclosure), you must manage your preferences through your browser or the opt-out mechanisms provided above.

6. Your Rights & How to Access or Correct Your Information

Under the Australian Privacy Act 1988, you have the right to:

  • Access the personal information we hold about you.

  • Request correction of inaccurate or incomplete information.

  • Request erasure of your personal information (subject to certain legal limitations, such as record-keeping obligations under tax law).

To exercise these rights, please contact us using the details below. We will respond within a reasonable timeframe (usually 30 days).

If you are in the European Economic Area, you may have additional rights under the GDPR, including the right to data portability and the right to lodge a complaint with your local supervisory authority.

7. Complaints & Contact Us

If you have any questions about this privacy policy, or if you wish to access, correct, or delete your personal information, please contact us at:

Picnic Island (TAS) Pty Ltd
Email: [email protected]
Phone: +61 458 557 812
Post: PO BOX 199 Launceston TAS 7250 Australia
Physical Address: Picnic Island, Coles Bay, Tasmania, 7215

Making a Complaint:
If you believe we have breached the Australian Privacy Principles (APPs) and wish to make a complaint, please contact us in writing. We will investigate your complaint and respond within a reasonable period (usually 30 days). If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

8. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this page periodically. If we make material changes, we will notify you by posting a prominent notice on our website prior to the change becoming effective.

9. Links to Third-Party Websites

Our website may contain links to third-party websites, including Little Hotelier's booking engine, social media platforms, and other external sites. Once you leave our site, we are not responsible for the privacy practices or content of those other websites. We encourage you to read their privacy policies before providing any personal information.

A view down the timber jetty towards the inviting waters of the bay