Privacy Policy

This policy explains how Sunshine Coast Airport handles your personal information. We collect details like your name, contact information and security data to run the airport safely. We share that information with companies that help us operate, and with government agencies when required by law.

Contents

1          About Us

2          What Information Do We Collect?

3          How Do We Collect It?

4          How Do We Use It?

5          Who Do We Share It With?

6          Overseas Disclosures

7          How Do We Keep It Safe?

8          How Long Do We Keep It?

9          Accessing and Correcting Your Information

10       Making a Complaint

11        Contact Us

12       Changes to this Policy

13       Glossary

1. About Us

Sunshine Coast Airport Pty Ltd as trustee for Sunshine Coast Airport Trust (ABN 80 884 271 876) (we, us, our) operates Sunshine Coast Airport. When we handle your personal information, we follow the Privacy Act 1988 (Cth), and the Australian Privacy Principles, which are the rules that govern how organisations like ours handle personal information in Australia.

This policy explains what information we collect about you, why we collect it, how we use and share it, and how you can access or correct it.

More detail at the time we collect

Where it makes sense, we will give you more specific information about how we handle your data at the time we collect it, for example when you fill in a form or accept terms and conditions.

Can you remain anonymous?

In some cases, we need to know who you are. Security laws require us to verify your identity for things like accessing secure areas or applying for security identification cards. Where it is possible to remain anonymous, such as when browsing our website, we will give you that option.

2. What Information Do We Collect?

We only collect information that is reasonably necessary to operate the airport and provide our services.

Customers, visitors, tenants and service providers

We may collect:

• • Where reasonably required, your name, address, postcode, phone number, email address, date of birth and image
• • Identity documents such as your driver’s licence number, passport number, where required to verify your identity under applicable laws
• • Feedback, complaints, survey responses, marketing preferences and your history of contact with us
• • Payment details such as your credit card number and purchase history
• • Travel details such as your flight information, nationality and visa status
• • Your vehicle licence plate number
• • Footage and recordings from our Closed-Circuit Television (CCTV) cameras, passenger processing systems and access control systems, including your image and location

People requiring security access credentials

If you need access to restricted or secured areas of the airport, we collect additional information as part of the credentialling process. This may include:

• • Your name, photo, date of birth and contact details
•  • Details of any aviation or airport security identification held by you, such as an Aviation Security Identification Card (ASIC) number
• • Your employer or organisation, your role and your reason for requiring access
• • Identity documents used to verify who you are
• • The access zones or areas you are permitted to enter and the conditions of that access
• • Licence, qualification or induction records where these are required before access can be granted
• • Details of any sponsor or escort responsible for you while on site
• • The date and expiry of your Visitor Identity Card (VIC), contractor access credential, or security door card

We also collect electronic access control logs showing which secured areas you accessed or attempted to access, and when. These are database records linked to your credential, not images.

This information is collected because we are required to control and account for access to restricted areas under aviation security legislation and our own operational security obligations. Where specific collection is required by law, we will tell you this at the time.

Website and Wi-Fi users

We may collect:

• • Technical information when you visit our website, such as your IP address, device type, browser and how you use the site
• • When you register for our free Wi-Fi: your name, email address, country, postcode, phone number, device details, location, session length and data usage

Job applicants or volunteers

We may collect:

• • Your resume, qualifications, employment history and skills
• • Interview notes, your right to work in Australia and responses to selection criteria
• • References and background check results

Sensitive Information

• Sometimes we need to collect more sensitive information about you, such as health information if there is a safety incident, or if it is relevant to a job you are applying for. We only do this if you agree, or if the law requires us to.

Automated decision-making

From 10 December 2026, the Privacy and Other Legislation Amendment Act 2024 (Cth) will require us to tell you if we use automated decision-making processes that use your personal information and that could significantly affect your rights or interests. As at the date of this policy, we do not currently use any such automated decision-making processes.

Information we did not ask for

If we receive, or become aware that we have received, information about you that we did not ask for, we will check whether we would have been allowed to collect it under our privacy obligations. If not, and if the law requires, we will securely delete or de-identify it as soon as we can.

3. How Do We Collect It?

You give it to us

For example, when you:

• Contact us by phone, email, online or in person

• Buy our products or services, including parking

• Use our social media channels

• Enter a competition or sign up to our newsletter

• Apply for a security pass, Visitor Identity Card (VIC), contractor access credential or security door card

• • Complete an induction or provide licence or qualification details as a condition of site access
• • Apply for a job with us
• • Register for our free Wi-Fi
• • Come to a Sunshine Coast Airport event

If you give us personal information about another person, you must have their permission to do so and let them know they can read this policy on our website.

We collect it automatically

For example:

• • Our CCTV cameras, passenger processing systems and access control systems capture images and movement. We put up signs at the relevant areas
• • Our electronic access control system records access and attempted access events, including the time, location and outcome, linked to the security credential you are using. This applies to all holders of security door cards, VICs and contractor credentials
• • Our Wi-Fi network collects your device location and usage details when you connect
• • Our website collects technical data through cookies. See our Cookie Policy at www.sunshinecoastairport.com.au/cookie-policy for details

We receive it from others

For example, from:

• • Your employer or references
• • Our contractors and service providers
• • People you have authorised to share it, such as a recruiter or people who nominate you as an emergency contact
• • Partner organisations such as airlines, tenants and tourism bodies
• • Marketing agencies that provide contact lists for our promotional activities
• • Government departments, regulators and law enforcement agencies
• • Publicly available sources such as social media and company registers

If you choose not to provide information we ask for, we may not be able to deliver the product, service or access you need.

4. How Do We Use It?

We mainly use your information to run the airport and provide our services. This includes:

• • Communicating with you
• • Keeping the airport safe and secure, and managing incidents
• • Running our car parks and ground transport operations
• • Providing products and services to you
• • Verifying your identity and processing applications, including for security passes and employment
• • Meeting our legal and regulatory obligations and helping government and law enforcement agencies
• • Managing our retail, commercial and property operations
• • Running our website, Wi-Fi and online services
• • Monitoring and improving how the airport operates, including staff training
• • Managing your account with us

Government identity documents such as your passport number, driver’s licence or ASIC number are used only to verify your identity as required by law. We do not use them as your account or customer number.

Improving your experience

We may combine information from different sources, for example linking your Wi-Fi usage with your visit history, to help us improve the airport experience and personalise what you see on our website and in our communications. We only do this where you would reasonably expect it or where you have agreed to it.

Marketing

We may use your personal information to communicate with you about news, offers, events, products and services that we think you might be interested in. Our communications will comply with applicable laws.

If you receive marketing from us and would prefer not to, you can:

• • Select the ‘unsubscribe’ option in any marketing communication we send you; or
• • Contact our Privacy Officer using the details in Section 11.

If you agree to receive marketing from our partners, they will handle your information under their own privacy policies.

5. Who Do We Share It With?

We share your information with companies that help us run the airport and deliver our services. This information is shared for the specific task we have engaged them to undertake, and not for their own purposes. These companies include:

• Security, parking, cleaning and maintenance contractors

• Our partner organisations such as airlines, tenants, tourism bodies and other organisations with which we have a commercial or operational relationship, where sharing is necessary to deliver services to you or to manage our operations

• Banks and payment processors

• Technology and IT providers, including cloud storage services

• Marketing, research and advertising agencies

• Government and law enforcement agencies, including the Department of Home Affairs, AUSTRAC and the Australian Federal Police

• Administrative support providers such as recruiters, debt collectors and document destruction services

• Our professional advisors, including lawyers, accountants, auditors and insurers

• Organisations that help us detect and prevent fraud

We will also share your information with anyone you have authorised to act on your behalf, and where we are required to by law.

6. Overseas Disclosures

We operate in Australia and prefer to keep your information here. However, some of our service providers store or process data overseas, and occasionally we may be required to send information to an overseas authority.

Before we send your information to any company in another country, we will take reasonable steps to satisfy ourselves they will handle it to the same standard we are required to meet in Australia.

7. How Do We Keep It Safe?

We take the security of your information seriously. The Privacy Act requires us to take reasonable steps to protect personal information, including through technical and organisational measures. Our measures include:

• • Privacy compliance obligations for our contractors
• • Up-to-date privacy policies for staff
• • Privacy and cyber-security training for our staff
• • Firewalls, encryption, passwords, access controls, intrusion detection and virus scanning on our systems
• • Physical security at our premises including access controls, alarms, security staff and CCTV

When we use outside companies to store your information, such as cloud providers, we require them to apply the same protections.

Links to other websites

Our website may include links to other sites we do not control. Those sites have their own privacy policies and we are not responsible for how they handle your information. We recommend you check their policies before providing your details.

If something goes wrong

If there is ever a security incident that puts your information at risk of serious harm, we are required by law, under the Notifiable Data Breaches scheme, to tell you about it and report it to the Australian Information Commissioner (OAIC). We will also tell you what steps you can take to protect yourself. We have internal procedures in place to respond to any data security incident.

8. How Long Do We Keep it?

We keep your information only for as long as we need it, as long as the law requires, or as long as it may be needed for a legal or compliance matter. Once none of those apply, we securely delete or de-identify it.

As a guide:

• • CCTV footage is reviewed and overwritten on a rolling cycle, unless kept for a specific investigation or legal matter
• • Security credentialling records, including ASIC records, Visitor Identity Card records, contractor access records and electronic access control logs, are kept for as long as reasonably required under aviation security legislation and our operational obligations, then securely deleted
• • Drug and alcohol testing records are kept in accordance with employment‑related legal obligations
• • Customer, marketing and Wi-Fi records are kept for as long as we have an active relationship with you, then deleted or de-identified
• • Employee and job applicant records are kept for as long as the employment relationship requires, or for a reasonable period after an unsuccessful application
• • Financial records are kept as long as tax and accounting laws require

If you think we are holding information longer than we need to, please contact our Privacy Officer using the details in Section 11.

9. Accessing and Correcting Your Information

You have the right to see the information we hold about you, and to ask us to correct anything that is wrong, out of date or incomplete. To do this, contact our Privacy Officer using the details in Section 11. We will aim to respond within 30 days, but might need more time to respond to complex requests. There is no charge for a standard request.

For complex requests that take significant time to prepare, we may charge a reasonable fee, but we will always tell you the amount first and wait for your agreement before we begin.

If we say no to a request, we will explain why in writing. If we refuse to correct your information and you still believe it is wrong, you can ask us to add a note to your record that says you disagree.

We will always confirm your identity before giving you access to or changing your information.

10. Making a Complaint

If you are not happy with how we have handled your information, please contact our Privacy Officer using the details in Section 11. We will acknowledge your complaint quickly and aim to resolve it within 30 days. If your complaint is complex and we need more time, we will let you know.

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

11. Contact Us

Reach our Privacy Officer through any of the following:

Email	[email protected]
Phone	+61 1300 993 543
Post	Privacy Officer, Sunshine Coast Airport Pty Ltd, 10 Electra Lane, Marcoola QLD 4564

12. Changes to this Policy

This Policy will be reviewed every three (3) years or as required to reflect variations in our practices, technology, or applicable law.

The General Counsel and Company Secretary is responsible for coordinating the review of this Policy.

13. Glossary

Some terms used in this Policy may be unfamiliar. Here is a plain-English explanation of each.

Term	What it means
Australian Privacy Principles	The rules set out in the Privacy Act 1988 (Cth) that govern how organisations handle personal information. There are 13 principles covering collection, use, storage, disclosure and your rights.
De-identify	To remove or change information so it can no longer be used to identify you as an individual.
Notifiable Data Breaches scheme	Laws that require us to notify you and the Australian Information Commissioner (OAIC) if your personal information is involved in a security incident that is likely to cause you serious harm.
Personal information	Any information or opinion about an identified individual or someone who can reasonably be identified, for example your name, email address or photo.
Privacy Act 1988 (Cth)	The main Australian law governing how organisations collect, use, store and disclose personal information, as amended by the Privacy and Other Legislation Amendment Act 2024 (Cth).
Sensitive information	A category of personal information that receives stronger legal protection, including health information, biometric data, criminal records and racial or ethnic origin.

Dated 22 May 2026