Our commitment to you
This Policy is designed to give you greater understanding of how we collect, use, disclose and otherwise handle personal and sensitive information.
What is personal information?
Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable. Examples include your name, address, date of birth and email address.
What is sensitive information?
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection, such as health information. We only collect sensitive information where it is reasonably necessary for our activities and either you have consented or we are required or authorised by or under law to do so.
We commit to abide by the Australian Privacy Principles (APPs), the Privacy Act 1988 (Cth), the Credit Reporting Code and any other relevant law. The APPs regulate the way in which we collect, use, keep secure and disclose personal information.
The kinds of personal information we collect and hold
We may collect and hold the following kinds of personal information about you including:
- date of birth
- contact information
- employment history
- identification documents such as driver’s licence
- purchase history
- IP address
- documents to support a finance application
- tax file numbers for employees to comply with our PAYG obligations
- any other information you choose to provide us or may be relevant or necessary to enable us to provide you with our services, and/or to support your purchase of any of our products or services.
What kinds of sensitive information we may collect and hold
We may collect and hold the following kind of sensitive information about you including:
- details of current or previous insurance (for motor insurance)
- driver’s licences
- salary and personal finances (for loan applications)
You can choose not to provide us with personal information, however, we may not be able to provide you with the products and services you require, or the level of service which we aim to offer
How we collect personal information
Unless it is unreasonable or impracticable to do so, we generally collect your personal information directly from you during the course of our business relationship, including:
- if you visit one of our dealerships or collision repair facilities in person
- if you contact us by phone or email
- through our Facebook pages or other social media accounts
- if you complete a form on, or interact with, one of our websites (for example when you submit a request to receive our offers, to receive our brochures and/or other materials, or to book a test drive)
- if you purchase a vehicle or other product or service from us
- if you are an employee or supplier
- if you enter competitions or promotions that we run when you complete surveys or provide online feedback or product reviews through written correspondence (such as sms, letters, faxes and emails)
- any materials about our vehicles, parts, accessories or services (for example, competition entry forms and surveys) through surveillance cameras
We may collect personal information about you from third parties, for example:
- a credit reporting body to conduct a car history check over your vehicle
- if you complete a form on, or interact with, a third party website such as Carsales.com.au, a car manufacturer website or Google
- from your employer or referees to confirm details of your employment for finance applications or employment with us
- manufacturers, distributors and authorised dealer network and service providers
- marketing organisations including through the use of purchased lists industry databases
- publicly available sources such as the internet and telephone directories
How we hold your personal information
Autosports Group holds your personal information in a number of ways including:
- electronic files using third party software programs stored on a server, hard drive or in the cloud
- hard copy files stored securely at one of our sites or at a third party document archiving facility
The purposes for which we collect, hold, use and disclose your personal information
We collect, hold, use and disclose your personal information for the following primary reasons:
- to provide our products and services to you
- to conduct our business of automotive retailing, supplying parts, servicing vehicles and collision repair
- to comply with our obligations to our vehicle manufacturers
- to action your requests, enquiries, complaints, consumer guarantee or warranty claims
- to provide customer care
- to contact you for any of these purposes including product recall
- to contact you in relation to service, end-of-warranty and other reminders
- to conduct direct marketing activities and advertising events and competitions
- to comply with our legal obligations
- for general management (such as to invoice you)
- for research, statistical analysis, including but not limited to for market research, customer satisfaction and service improvement purposes
- protecting the security of our offices, staff, customer and the property held on our premises
- to assess your job application
- to assess your finance and insurance applications
- to search public records or registers
- answering queries and resolving complaints
- training our respective employees, agents and representatives
- for any purpose you have consented to
- to allow our third party service providers to perform the services they are contracted toperform
- handling complaints and disputes
- detect, investigate and prevent fraud
- to assess and investigate matters disclosed to us in accordance with our Whistleblower Policy
- if we are obliged to so by law (e.g. in relation to vehicle safety recalls)
We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection, to which you have consented, or which are required, or authorised by or under law.
When we disclose your personal information
We may disclose your personal information to:
- our related bodies corporate within Autosports Group
- other organisations that provide products or services to us, for example:
- dealer management system providers
- third party software providers
- our vehicle manufacturers and their related bodies corporate
- marketing agencies
- insurance and finance brokers
- debt recovery agencies
- legal and financial advisors
- shareholder registry
- Government bodies
Some of these organisations may be located outside of Australia.
Other than for these purposes, generally we will only use or disclose your personal information if we have your consent, or if it is required or authorised by law.
Transfer of information overseas
Due to the number and complexity of the IT systems we use to operate our business and because majority of the brands we sell are based in Europe, your personal information may be disclosed to overseas service providers and suppliers. The countries to which information may be sent include:
- United States of America
- United Kingdom
We may disclose personal information to the following third parties located overseas:
• Vehicle manufacturers
• External advisers; and
• Service providers
We may also store your information in cloud or other types of networked or electronic storage. You should note that, as electronic or networked storage can be accessed from various countries via an internet connection, it is not always practicable to know in which country your information may be held.
You should note that while the overseas recipients will often be subject to confidentiality or privacy obligations, they may not always follow the particular requirements of Australian privacy laws. In the event that a disclosure is made in an overseas country, the information may not be protected to the same extent as the APPs. In any event, by providing your details, you consent to your information being disclosed in this manner.
We may use your personal information to promote our products and services to you.
We may conduct direct marketing activities by:
- third party channels such as social networking sites.
If the direct marketing is by email or SMS, you may also use the unsubscribe function. If you wish to unsubscribe from any other types of direct marketing, please contact your Dealership. Your request to unsubscribe will be actioned within a reasonable period of time.
We may use or disclose your personal information (other than sensitive information) for direct marketing under circumstances where you would reasonably expect us to use or disclose your personal information for direct marketing.
We sometimes use third party marketing service providers to facilitate our direct marketing activities.
We do not disclose your personal information to any third party for the purpose of allowing them to market their products or services to you.
Where you have consented to receiving marketing communications from us, your consent will remain current until you advise us otherwise. However, you can opt out at any time, by:
- contacting us
- advising us if you receive a marketing call, that you no longer wish to receive these calls
- using the unsubscribe facility that we include in our electronic messages (such as email, SMS and MMS)
IP address, cookies and web beacons
- provide you with a better website experience
- to better understand your behaviours and habits
- display relevant advertisements or content on our network and third party networks and websites
We may use remarketing tools such as Google AdWords to personalise your marketing and content experience.
The use of a web beacon allows the website to record the simple actions of the user (such as opening the page that contains the beacon) through a tracking pixel. We may use web beacons (and cookies) to analyse site usage, to report and audit advertising and personalise your content. We may share any data collected from web beacons (and cookies) with third parties to provide you with relevant advertising when browsing third party websites.
Advertising and tracking
When you access our website after viewing one of our advertisements on a third party website, the advertising company may collect information on how you utilise our website (for example, which pages you viewed) and whether you commenced or completed any online forms.
We take all reasonable precautions to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date. However, the accuracy of that information depends to a large extent on the information you or others provide to us.
Update and access of personal information
If you wish to make any changes to the personal information, we hold about you, please contact your Autosports GroupDealership. We may require you to verify your identity before processing any access or correction requests, to ensure that the personal information we hold is properly protected.
If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information, we hold is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
You may request access to the personal information we hold about you by contacting us. We will respond to your request within a reasonable period. We will give access in the manner you have requested if it is reasonable to do so.
We may deny you access to your personal information in certain circumstances, for example, if required or authorised by or under an Australian law or a court/tribunal order, or it would be likely to prejudice enforcement related activities by an enforcement body. In relation to credit eligibility information, the exceptions may differ.
If we decide not to give you access, we will provide reasons for the refusal and information on how you can complain about the refusal.
Storage and security of personal information
We have a range of technical, administrative, and other security safeguards to protect your personal information from interference, misuse, loss, unauthorised access, modification, or disclosure. This includes control of access to our buildings and our electronic databases are password access only with virus protection software installed.
The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems (such as login and password protection), controlled access to our corporate premises, policies on document storage and security, personnel security (including restricting access to personal information on our systems to staff who need that access to carry out their duties, staff training and workplace policies.
Online credit card payment security
We may from time to time process payments using EFTPOS and online technologies. All transactions processed by us meet industry security standards to ensure payment details are protected.
While we endeavour to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact us.
Third party websites
Use a web browser’s privacy features
Different web browsers have different settings and features that you can use to help control your personal information online. Common options include deciding whether to accept cookies and how long to allow them to stay on your device. Many browsers allow you to view in private mode, which usually means your browsing history will not be saved to your device, but it doesn’t mean the browser will automatically block all tracking of your activities online.
Opting out of targeted advertising
Some organisations that deliver targeted advertising give users the options of viewing their profile, editing it or opting out of receiving targeted ads. Choosing to opt out will not remove advertising from the pages you visit — it means the ads you see will not be matched to your interests.
You can opt out of Facebook, Google, Twitter, or Instagram by looking under its account settings.
Business without identifying you
In most circumstances, it will be necessary for us to identify you in order to successfully do business with you. However, where it is lawful and practicable to do so, we will provide you with the option to remain anonymous or to use a pseudonym, for example, when you make general inquiries about our business or current promotional offers.
Unless permitted by the Privacy Act (for example, use of an identifier to verify an individual’s identity or use or disclosure required or authorised by or under an Australia Law), we do not adopt or use a government related identifier of an individual (such as your tax file number, Medicare number or your driver’s licence number) as a means of identifying you. We do not use or disclose such a government related identifier.
We will handle data breaches in accordance with our Data Breach Response Plan.
Complaints and further information
Please also contact us if you believe that our privacy standards do not meet the level set by the APPs or have a complaint about our handling of your personal information.
If you are dissatisfied with our response, you may make a complaint to the OAIC which can be contacted by email at email@example.com or by phone on 1300 363 992.
Credit information is a sub-set of personal information, and it is information that is used to assess your eligibility to be provided with finance. It may include any finance that you have outstanding, your repayment history in respect of those, and any defaults. Usually, credit information is exchanged between credit and finance providers and credit reporting bodies (CRBs). Credit providers (such as lenders and utility) provide information about individuals’ activities in relation to consumer credit to central databases managed by CRBs. CRBs are then able to include that information on the individual’s credit report. A credit provider can obtain a copy of an individual’s credit report from a CRB to assist them in deciding whether to provide an individual with consumer credit, or to manage credit that has been provided to an individual.
About credit information and ‘notifiable matters’
We may exchange your credit information with CRBs. We may use the credit information that we exchange with the CRBs to assess your creditworthiness, assess your application for finance and manage your finance. If you fail to meet your payment obligations in relation to any finance that we have provided or arranged, or you have committed a serious credit infringement, we may disclose this information to a CRB.
You have the right to request access to the credit information that we hold about you and make a request for us to correct that credit information if needed. We explain how you can do this below.
Sometimes, your credit information will be used by CRBs for ‘pre-screening’ credit offers on the request of other credit providers. You can contact the CRB at any time to request that your credit information is not used in this way.
You may contact the CRB to advise them that you believe that you may have been a victim of fraud. For 21 days after the CRB receives your notification, the CRB must not use or disclose that credit information. You can contact any of the following CRBs for more information: Dun & Bradstreet (Australia) Pty Ltd (www.dnb.com.au); Experian (www.experian.com.au); and Equifax (www.equifax.com.au).
Amendment approved by the Board
15 May 2019
Amended approved by the Board
19 June 2020
Amendments approved by the Board
14 May 2021