Privacy Policy


Protecting your privacy is paramount to us and the following privacy policy (the policy) will set out in plain language how we will collect, use, disclose and protect your personal data.

Underworld Adventure Ltd (we, us, our) complies with the New Zealand Privacy Act 1993 (the Act) and the interpretation of the policy and its operation is governed solely by New Zealand law. According to this personal data is information about an identifiable individual (a natural person). It includes, without limit, name, address details, and personal preferences.

This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.

Changes to this Policy

This Privacy Policy was last updated on the 1st of September 2018.

We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.

What data do we collect?

Depending on your interaction with us we may collect, use, store and internally transfer different types of personal data about you, which could fall within one of the following groups:

  • Personal Details includes first name, last name, title, date of birth, age, gender
  • Contact Details includes address, telephone numbers and email address.
  • Payment Details includes payment card details.
  • Booking Details includes details of your previous bookings with us, payments to and from you and other details of products and services you have purchased from us.
  • Website Usage Details includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
  • Location Details includes location information obtained from smartphones, tablets or other devices that monitor your current and previous geographic locations.
  • Profile Details includes purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Details includes information about how you use our website, products and services.
  • Marketing and Communications Details includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Medical Details includes information about past and current medical conditions that could be relevant for the trip you are undertaking.

We use parts of the above to collect, create and use statistical or demographic data, which is aggregated. In this aggregated form the information can’t be linked back to you.

In any stage of interacting with us you are not required to provide any of the above personal data. However this may result in us not being able to process your enquiry, perform a contract with you or take you on one of our trips.

How do we collect your personal data?

We collect personal information about you from:

  • Direct interaction with you, when you provide that personal information to us, including via our website and any related service, through any registration or subscription process, through any contact with us (e.g. telephone call or email), through surveys, or when you buy or use our services and products.
  • Third parties (such as a travel agent) where you have authorised this or the information is publicly available.
  • Cookies (an alphanumeric identifier that we may transfer to your computer’s hard drive so that we can recognise your browser), when you use our website.

When possible, we will collect personal information from you directly.

How we use your personal data

We will use your personal data when the law allows us to and for the purposes set out below.

  • to verify your identity
  • to provide services and products to you
  • to market our services and products to you, including contacting you electronically (e.g. by text or email for this purpose)
  • to improve the services and products that we provide to you
  • to bill you and to collect money that you owe us, including authorising and processing credit card transactions
  • to respond to communications from you, including a complaint
  • to conduct research and statistical analysis (on an anonymised basis)
  • to ensure your health and safety on our trips
  • for any other purpose authorised by you or the Act.

How do we use your personal data for marketing?

We internally aggregate part of your personal data to improve our marketing and derive insights from statistical analysis. In this case you won’t receive any communication from us and the insights can’t be linked back to you.

You will only receive marketing communications from us if you have consented us to receiving this information. In this case we will use your personal data to keep you up to date with the latest news, events, special offers and promotions.

You can update your subscription preferences or unsubscribe from marketing communications at any time by following the update preferences or unsubscribe instructions provided in each such communication, or alternatively by contacting us.

We may display photos taken by us of you to see on third party websites, including social media sites. In this case your social media profile won’t be linked with the photo. We may use parts of your personal details, contact details or other information you have shared with us in conjunction with the photo. We will only do this if you have consented us to use your photos and the information in such a way.

Disclosing your Personal Data

We may have to share your personal data with the parties listed below for one of the purposes given above.

  • Any party that is involved in the response to an incident or accident. This includes but is not limited to Police, Land Search and Rescue, Ambulance Service, Medical Institutions (such as Hospitals), WorkSafeNZ and the ACC Authority.
  • any business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website or other services and products
  • a person who can require us to supply your personal information (e.g. a regulatory authority)
  • any other person authorised by the Act or another law (e.g. a law enforcement agency)
  • any other person authorised by you.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Protecting your Personal Data

We will take reasonable steps to keep your personal data safe from loss, unauthorised activity, or other misuse. Only the part of your personal data that is relevant to perform their role and duties will be shared with our employees. Our employees will only process your personal data according to our instructions and under the premise of confidentiality.

We have installed reasonable security measures to prevent that your personal data can be accessed, used, altered or shared in an unauthorised way or from any unauthorised party.

Storage of Personal Data

We will only store your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate storage period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data and the purposes for which we process your personal data.

Accessing, Erasing and Correcting your Personal Data

Subject to certain grounds for refusal set out in the Act, you have the right to access or have erased your readily retrievable personal data that we hold and to request a correction to your personal data.  Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal data relates.

In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal data, we will make the correction.  If we do not make the correction, we will take reasonable steps to note on the personal data that you requested the correction.

If you want to exercise either of the above rights, email us at contact@caverafting.com. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal data, or the correction, that you are requesting).

Usually there is no fee charged for any of the above serviced but we may charge you our reasonable costs of providing to you copies of your personal data or correcting that data.

Internet Use

While we take reasonable steps to maintain secure internet connections, if you provide us with personal data over the internet, the provision of that data is at your own risk.

If you post your personal data on our website, a third party website or any of our social media pages, you acknowledge and agree that the data you post is publicly available.

If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal data. We suggest you review that site’s privacy policy before you provide personal data.

We use cookies (an alphanumeric identifier that we may transfer to your computer’s hard drive so that we can recognise your browser) to monitor your use of the website. You may disable cookies by changing the settings on your browser, although this may mean that you cannot use all of the features of the website.

Contact Details

If you want to contact us about any of the above or exercise your rights, please contact us at:

Underworld Adventures Ltd.

Phone: +64 3 788 8168
New Zealand Freephone: 0800 11 6686
Email: contact@caverafting.com
Postal: Box 7, Charleston 7865, New Zealand

If you are an EU citizen and feel that your personal data has been treated in a way that does not comply with the GDPR, you can lodge a complaint with the relevant supervisory authority in your country. We would appreciate if you would approach us directly before approaching a supervisory authority.


Personal data means any information about an individual that can be used to identify that person directly or indirectly by reference to a range of identifiers. It does not include anonymous data where the identity of the individual has been removed.

Trips mean Glowworm Cave Tour, Underworld Rafting, Venturer Cave Adventure or Adventure Caving.