Skip to main content
Interislander - Cook Strait Ferries

Privacy

Protecting your personal information is something we take very seriously.

Kiwirail Privacy Statement

This Privacy Statement sets out how KiwiRail Holdings Limited, including its wholly owned subsidiary, KiwiRail Limited, and including its businesses known as Great Journeys New Zealand and Interislander (together referred to as KiwiRail), will use and protect your personal information.

At KiwiRail we understand that you own your personal information and have entrusted it to us so that we can provide services to you. We value your trust and are committed to protecting the privacy and security of your information.

In this statement you will find key details about how we use your information and how we keep it safe. If you have questions about how we protect your privacy, you can contact us.

  • KiwiRail is responsible for the information that we collect, this makes us what is known as a ‘Data Controller’.
  • In some instances, we use third parties to process your personal information on our behalf. Some of these parties are based outside of New Zealand.
  • We sometimes use your information to provide a more personalised and relevant experience. This involves refining our advertising and marketing strategies across our various channels to better align with your interests.
  • We send direct marketing to you but only when we have your permission. If you want us to stop, or want to manage your preferences, you can do so.
  • KiwiRail has an obligation to keep your personal information secure and we comply with the New Zealand Privacy Act 2020. You also have several rights over your personal information, including rights of access, correction, and deletion. You can exercise these rights.
  • Our websites are not intended for children, and we do not knowingly collect information directly from children.

The types of information we may hold about you will depend on how we have interacted with you and what services or products you have requested from us over time. Information we hold about you could include:

  • Information that you, or someone acting on your behalf, provide to us when you engage with us, including when you apply for a job with us. This can include your full name, address, date of birth, phone number, email address, payment card details and any preferences you choose to share with us (including requests for special assistance). Your account login details for our websites, including your username and login history, are securely stored. While we maintain your chosen password, it is encrypted, ensuring we cannot view it.
  • Information collected about you by a travel agent. We collect information from them about you, to help us to manage your travel with us.
  • Information about you related to the business, corporate or government travel programmes which you belong to. For example, this could include your business contact details, job title, cost centre details and transaction information.
  • Your account login details for our websites, including your username, chosen password and your login history.
  • Information about whether you want to receive marketing or service communications from us or our partners.
  • We may collect CCTV footage of you for safety and security reasons, when you are on or near KiwiRail premises or travelling with us, and when on or near our managed rail crossings, tunnels, bridges, tracks, yards, stations, terminals, trains or ships.
  • What you have said or shared with us by email, phone, on social media, in online direct message or in person (e.g., compliments, complaints, concerns or incidents you have shared with our employees). If you contact us by phone, this could also include recordings of your calls with us, as we record calls made to our contact centre.
  • Information that you share with us when you participate in market research, surveys, or competitions.
  • Information about the products you have purchased and the services that we have provided to you (e.g., if you travel with us, this could include information about your trip including when and where, what you paid, how you paid, the way you used our products and services including lounges).
  • Details of the emails and other electronic communications you receive from us, and how you interact with them. For example, whether the communication has been opened, if you have clicked on any links within that communication and the device you used.
  • Information from other sources such as specialist companies that provide customer intelligence information. For example, fraud prevention agencies, marketing and research companies, social media providers, as well as information that is publicly available.

You do not have to give us personal information but if you do not, we may not be able to provide you with the goods and services you are requesting.

Our legal basis for processing your personal information

When we process your information, we must have a "legal basis" for what we do. The different legal bases we rely on are:

Consent - You have told us you are happy for us to process your personal information for a specific purpose(s).

Performance of a contract - We must process your personal information to provide you with the products or services you have requested.

Legal obligation - We collect and process your personal information where required to by law.

Legitimate interests - We may process your information as is necessary for us to conduct our business, but only where our interests are not overridden by your interests or rights.

Vital interests - In limited cases it may be necessary for us to use your personal information to protect the health and safety of you or others.

We use your information:

To provide our products and services - we need to use your personal information to make our products and services available to you.

To contact you - we use your personal information to contact you. This could be by email, phone,  text message or by direct message on social media channels. This may be in relation to a service update or to respond to an issue you have asked for help with.

To maintain safety and security - we use your personal information to help provide safe and secure environments for our customers and our employees both online and when you travel or otherwise engage with us, including the prevention and detection of fraud, cybersecurity threats or any other misuse of our networks, websites and systems.

To provide relevant marketing and advertising - we use your personal information to provide relevant marketing communications relating to our products and services. As part of this, tailored online advertising may be displayed on our websites, on other organisations' websites and on online media channels like Facebook or Instagram. We may also use information about how you engage with us to measure the effectiveness of these campaigns.

To understand your needs through analytics and profiling - we use your personal information for statistical analysis and to help us understand more about our customers. That includes understanding things like how often you travel with us and what products and services you use. We use this information to create profiles about you and about our customers more generally. This helps us to serve you better and to find ways to improve our services, loyalty programme, and websites. These profiles also help us to send you offers that are more relevant to you.

To conduct surveys and market research - we love feedback and use surveys and other market research techniques to understand our customers more fully. We use this information to help us deliver on the expectations of our customers and to find ways to improve our services.  We may use testimonials from this research in our marketing.

To manage competitions - we use your information to run competitions and get prizes to the winners. If we use your information for any other purpose, we will let you know when you enter that specific competition.

We share your information with trusted third parties to help us run our business and provide the products and services you request from us. Sometimes these relationships mean that we need to transfer your information outside of New Zealand. When we do this, we take steps to ensure that your information and rights are protected.

By booking a ticket, applying for a job or otherwise engaging with us, you agree that we may disclose your personal information for any of the purposes listed in the above section, but only to the extent necessary to achieve those purposes, to:

Authorised individuals – we may share your personal information with another individual if they are acting on your behalf, or if you have provided your consent. For example:

  • if a family member, friend, or work colleague books travel on your behalf, that person will be asked to provide us with the same personal information that we would normally collect directly from you. We consider that person to have your permission to provide us with your personal information; or
  • if you have previously provided us with a written authorisation allowing another person (like your partner or personal assistant) to discuss your account with us.

We will only release your information to authorised individuals after following an appropriate security process. If you do not want an individual to be able to obtain information about you or be able to make changes to your booking, please do not share your account or booking reference information with them.

Vendors and service providers – we may provide your information to our trusted vendors and service providers who support us in doing business. For example, this can include:

  • companies that help deliver, analyse, monitor, protect, control or support our digital services, systems, information, networks and infrastructure;
  • payment service providers that enable us to take payments and give refunds;
  • insights and analytics service providers;
  • advertising and market research partners;
  • companies that support our contact centre;
  • logistics providers who enable us to deliver baggage, cargo, and goods that you have ordered;
  • security and fraud prevention companies to ensure the safety and security of our customers, employees, business, networks, websites, and systems; or
  • our professional advisors, such as lawyers and consultants.

Law enforcement and regulators – information may be shared with government agencies and authorities, law enforcement officials, or law courts on request or otherwise if we believe disclosure is required by applicable law, regulation, or legal process or in the interest of public health and safety and the maintenance of the law.

You consent to the disclosure of your personal information in accordance with this Privacy Statement to the parties listed above.

Marketing and Advertising

We like to get in touch with our customers but only do this where we have your consent, or if we have legitimate business reason to do so. Most of the time we will get in touch by email.

You can control the marketing communications you receive through the following options:

Clicking 'unsubscribe' - If you want to withdraw your consent to receiving our newsletter, you can do this by using the unsubscribe link in the footer of our newsletter email. 

We also use online advertising. This means you may see ads from us when you are on other websites, apps, and social media. We manage this through our digital marketing networks, ad exchanges and a range of advertising technologies. Sometimes we personalise these ads and our websites to make them more relevant to you based on information we hold about you (for example, your previous bookings).

As trusted guardians of your personal information, we respect your rights to manage the personal information about you that we hold. You have the right to:

  • request and receive a copy of personal information we hold about you, including, where available, in a digital format;
  • correct any inaccurate personal information we hold about you;
  • restrict our use of your personal information;
  • request that we stop business processing it or stop collecting it (in some circumstances);
  • withdraw consent for any consent-based business processing; and
  • complain to your data protection regulator. As a New Zealand based company, our primary regulator is the New Zealand Office of the Privacy Commissioner.

To get in touch about your personal information, please email the KiwiRail Privacy Officer at privacy@kiwirail.co.nz or write to Private Bag 92138, Victoria Street West, Auckland 1142. 

KiwiRail will not discriminate against you for exercising any of your privacy rights.  Please note that if you choose to not provide requested personal information, limit how we use your information or withdraw your consent for us to process your information, we may not be able to offer all our services to you.

We only keep your information for as long as we believe is reasonably necessary as required under the New Zealand Privacy Act 2020. We review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained.

We have dedicated privacy and cyber security teams to keep your personal information safe while we are holding it. We have implemented security and privacy measures and processes to minimise the risk of unauthorised use or disclosure of information, such as encryption, firewalls and intrusion detection systems.

We may change this Privacy Statement from time to time and we will tell you about a change in the Privacy Statement.  Any changes to our Privacy Statement will take effect upon being placed on our website.

Cookie Policy

By using any KiwiRail website or mobile website ("our websites") you confirm that you agree to the use of cookies and similar technologies in accordance with this cookie policy.

Last updated on 24 January 2025

This cookie policy provides information about the cookies and similar technologies used on our websites. This cookie policy should be read in conjunction with the KiwiRail privacy statement.

If you would like to limit or control the type of cookies that are set on your computer or device, please refer to the section below titled How to control cookie settings on your computer.

A 'cookie' is a small text file that is placed on your computer when browsing a website. Two kinds of cookies are used on our websites: session cookies and persistent cookies.

Session cookies are used to remember selections made in the booking process, giving you a more seamless booking experience on our websites. Session cookies are deleted automatically when you leave a website or close your browser.

Persistent cookies are used to help us identify customers when they return to our websites and help us remember certain information about customer preferences on our websites and customer online activity. These cookies also help us understand browsing behaviour within our websites, which can assist us in customising content that we believe will be most relevant to your interests. Persistent cookies are stored on the user's computer and are not deleted when the browser is closed - these cookies must be 'manually' deleted if you want to remove them.

First and third-party cookies 

KiwiRail Limited sets cookies (first party cookies) on web pages, however, where we require additional information and services we also allow other companies to host cookies on our web pages (third party cookies). These partner companies have been carefully selected by KiwiRail and are monitored by us. Third party cookies that our partners set on our websites will support the customisation of advertisements viewed elsewhere on the internet.

KiwiRail uses cookies and similar technologies for the following key purposes:

  • To operate our websites efficiently with a high level of functionality
  • To measure the effectiveness of our marketing initiatives
  • To learn about customer preferences so that we can present customers with web content and advertising that is relevant to them
  • To measure the number of advertising referrals we have received to our websites from other websites
  • To produce data for reporting on completed and abandoned bookings on our website
  • To produce data on web traffic and customer web activity through our website

The cookies used by KiwiRail are categorised into four groups:

Strictly Necessary cookies - these cookies are used for technical reasons and are necessary to enable our websites to operate efficiently so that visitors can navigate around our websites with ease and use specific features. These include, for example, cookies that enable you to log into secure areas of our websites, make a purchase or use e-billing services. If these cookies are blocked or disabled, some of the website's functions will not be available to you and you may not be able to use our online services. These cookies do not gather information about you that could be used for marketing.

Performance cookies - these cookies are used to obtain statistics about the number of visitors to our websites and how our visitors use our websites, for example which pages are most popular. This information is aggregated and is not used to identify individuals. Such information allows us to continuously improve our websites to provide our customers with a better online experience (such as enabling users to find what they are looking for more easily). These cookies do not gather information about you that could be used for marketing.

Functionality cookies - these cookies are used to improve the functionality of our websites and make them easier for visitors to use. They help us to identify you as a repeat visitor to our websites and help us remember your preferences. These cookies help us remember your language preferences; whether you are logging in as a registered user of our websites or as Nautical Miles Member; your recent sailing searches on our websites including the city of your selected departure, and departure date; and the previous information you have entered onto our websites. The information collected by these cookies helps save you time and makes searching for the same sailings easier and quicker. We use the information about the previous sailings and products you selected to present you with relevant offers next time you visit our websites.

Advertising/targeting cookies - these cookies are used to recognise you online and to gather information about your online activity and browsing habits (including the pages you have visited and the links you have followed, including from a KiwiRail electronic direct marketing message). We may combine such information with other personal information that we have collected about you (for example through our websites) in order to create a user profile for you. These cookies, in combination with any user profile that we may create for you, assist us to make our websites and the advertising more relevant to you (i.e. by helping us tailor our content, marketing communications, offers and advertisements to your interests). For example, we may use information about the previous sailings and products you selected to present you with relevant offers the next time you visit our websites. These cookies may be placed on our websites by us or by carefully selected third parties on our behalf (with our permission), in order to help us (with the assistance of carefully selected third parties where appropriate) to (i) track the effectiveness of advertising and online marketing campaigns, (ii) measure referrals from third party sites to our website, (iii) collect data about completed and abandoned bookings on our website and (iv) conduct market research. KiwiRail may share the information we learn through advertising/targeting cookies with carefully selected third parties for these purposes, unless you disable or block cookies.

For more information about advertising/targeting cookies and to understand your options, please visit www.aboutads.info.

 

Analytic Cookies:

The main ones we use and what they do:

Issuer Cookie Purpose
Crazy Egg Inc.

_ceg.s

_ceg.u

_ceir

 These cookies are used by heat mapping software provided by Crazy Egg. This helps us to understand how visitors are interacting with pages on our site._ceg.s and _ceg.u track visitor sessions and actions on our site. The _ceir will let us know whether this is a new or returning visitor.
Google Analytics

_ga

_gat

_gid
collect

Google Analytics uses a set of cookies that collect information and report on website usage without personally identifying individuals. It helps us understand how people are finding and navigating through our site. Google has an extensive privacy policy which outlines their responsibilies for keeping your privacy and data secure.

The _ga cookie is used to distinguish unique users with a randomly generated number as an identifier so you aren’t personally identified.  It’s used to calculate visitors, sessions and pages visited. It’s set to expire after 2 years.

_gid is similar to _ga and gives us further statistically information on how visitors use our site to help us look to improve the experience. 

_gat is used to limit the collection of data on high traffic sites.  It expires after 10 minutes.
Collect is used to send data to Google Analytics about the device you were using when on our site and how you engaged with our site such as things you searched for, pages you landed on first or left our site from. 


 

Site Functional Cookies:

Issuer Cookie Purpose
CloudFlare _cfduid

This is used to identify whether you’re using a trusted network or if you’re on a share IP address and applies security settings based on this. It doesn’t contain any user identification information.

It is also used to speed up page load times. 
Sandfield

PHPSESSID

ASP.NET_SessionId

 This cookie is so we can retain session information.  For example. if you’re logged in, this keeps you logged in when your browsing through the website. If you’re filling a form, this keeps the form information while you navigate to another page (particularly if you need to come back to the form to correct info). This info is only retained for the session, it removes when you close the session.
  FluentLocale On our website you can change the language you wish to view the site in.  So for example, you can select Chinese.  This cookie remembers the language you selected for 3 months.

 

Targeting or Advertising Cookies

Issuer Cookie Purpose
Google _dc_gtm_UA-#
Test_cookie

We use Google Networks to advertise our products and services.  These cookies help us to monitor how well our advertising is doing, make sure you see more relevant ads and also the frequency.  

_dc_gtm_UA-#  This cookie has a unique identifier which makes it known to Google Tag Manager that the information being captured is for Great Journeys of New Zealand and loads the necessary script to do this.
Test_cookie lets us check if your browser supports cookies.
Google Adwords ads/ga-audiences This cookie lets us know you’ve visited our site through an ad found in Google search.  It gives us the ability to re-engage with you through Google Adwords with further advertisements relevant to you. 
Doubleclick.net (part of Google) IDE This cookie is helping us see what a visitor did on our website after they came through from viewing or clicking one of our advertisements online.  This helps us to measure how effective our advertising is. 
Facebook Fr
Tr		 These are so we can measure the effectiveness of our advertising we do on Facebook. The cookies also signal to Facebook we’re the genuine owner of our website which we have linked to our Facebook page.

 

Some web browsers offer a "Do Not Track" signal that is a HTTP header field indicating your preference regarding tracking or cross-site user tracking.

Please be aware that our websites do not recognise 'Do Not Track' signals. If you would like to block some or all of the cookies on our websites, you can do this by manually adjusting the cookie settings on your internet browser. Please see the section below titled How to control cookie settings on your computer.

We work with third parties that use online tracking technologies on our websites in order to provide tailored advertisements on our behalf and on behalf of other advertisers across the internet. These companies may collect information about your activity on our websites and your interaction with our advertising and other communications and use this information to determine which ads you see on third party websites and applications.

If you would like to block some or all of the cookies on our websites from being downloaded onto your computer or device, you can do this by manually adjusting the cookie settings on your internet browser. To learn how to manage the cookie preferences on your internet browser, click on the 'Help' menu on the internet browser.

If you choose to block some or all of the cookies on our website, parts of our website will not function correctly and may not function at all. This means that we may not be able to offer our web services to you. You may not be able to search for a flight, make a new booking, or change an existing booking on our website. Also, you may not be able to complete other online transactions that would normally be available on our website for your convenience. 

Find out how to adjust or opt out of Google delivered personalised advertising here

Open our website in your browser’s “incognito” or “private” mode (this deletes cookies when your browsing session ends)

Opt out of VMO cookies Use the Digital Advertising Allliances’ Consumer Choice tool to opt out of DAA advertising

Remove cookies from your browser by clearing your cookies

Block cookies by changing your browser settings*) although this may limit the functionality of our website.   

For more information on how to control your cookie settings and browser settings on your computer, and how to delete cookies on your hard drive, please visit www.aboutcookies.org or www.youronlinechoices.eu.

We may make changes to this cookie policy from time to time. When we make changes, we will update the cookie policy on our websites. We will also specify the date of the last update.

Where a translation of this cookie policy is made available in a language other than English, in the event of a conflict between the English version of this cookie policy and any translation, the English version shall prevail.

The online booking systems we use are internationally accepted Secure Sockets Layer (SSL) technology to protect your personal and payment details.

The Interislander website URL address begins with "https" as opposed to "http" which indicates a secure connection between your web browser and our web server throughout your entire browsing experience with us. 

Double-click the padlock symbol to receive authentication from an independent third party that you are communicating directly with Interislander.

Any data passed between your web browser and our server will be encrypted. This includes, of course, your credit card details. Double-click the padlock symbol to verify the level of encryption, and your safety.