A copy of this document can be downloaded as a PDF here.
Document date: FEBRUARY 2023
OVERVIEW
1. At Townsville Auto Group Pty Ltd ACN 609 317 955 (Company, we, us and our), we recognise the importance of your privacy and understand your concerns about the security of your personal information provided to us.
2. Consequently, we comply with the Australian Privacy Principles (APPs) as contained in the
Privacy Act 1988 (Cth). We take pride in our adherence to these Principles.
3. This Privacy Policy (Policy) details how the Company collects, manages and processes Personal Information about you. By using our Website, or by submitting your Personal Information to us, you acknowledge that you have read and understood, and agree to the use of your Personal Information in accordance with this Policy.
4. We reserve the right to revise this Policy or any part of it from time to time. Please review this Policy periodically for changes.
PRIMARY DEFINITIONS
Australian Privacy Principles (APP)
5. Reference to APP in this policy means the Australian Privacy Principles contained in Schedule 1 of the Privacy Act. The APPs detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them.
Credit Reporting Body
6. A Credit Reporting Body means an organisation whose business involves handling personal information in order to provide another entity with information about the credit worthiness of an individual.
Financial Services
7. Financial Services refers to our brokerage of financial and insurance products between you and Financial Service Suppliers.
Financial Service Suppliers
8. Financial Service Suppliers means those third parties with which we have a brokerage arrangement and which supply financial and/or insurance products.
Personal Information
9. Personal Information is information or an opinion about an identified individual, or about an individual who is reasonably identifiable from such information.
Privacy Act
10. The Privacy Act means the Privacy Act 1988 (Cth).
Sensitive Information
11. Sensitive Information, a sub-set of Personal Information, is information or an opinion about an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.
Website
12. Means our website located at the domain www.townsvilleautogroup.com.au/ which is operated by us.
WHAT PERSONAL INFORMATION WE COLLECT AND HOLD
General
13. In the course of doing business, we endeavour to collect business information only. However, the collection of Personal Information in some instances is necessary or unavoidable. We collect the Personal Information we need to provide our products and services to and for our customers, and for our business operations.
14. The kinds of Personal Information we collect from you or about you depend on the transaction you have entered into with us, the products and services you or your organisation have contracted us to provide, and the products and services you or your organisation are interested in.
The Common Forms of Personal Information Collected by Us
15. The kinds of Personal Information that we commonly collect and hold from you or about you include:
(a) Identity information:
(i) such as your name, address, phone number, email address, gender, date of birth, marital status, dependants and employment details;
(b) Information which is relevant to or necessary for the provision of our products/services to you and/or required by law:
(i) such as your drivers licence, passport and other identification documents; and,
(ii) details required by our Financial Service Suppliers.
(c) Vehicle specific information:
(i) such as the details of your current vehicle and/or the vehicle being purchased;
(d) Details of assets and liabilities that you own solely or jointly or through a controlled entity;
(e) Commercial and/or consumer credit information:
(i) Such as that obtained from a credit reporting agency and a credit report containing personal credit information;
(f) Details of how you paid for our products and/or services (including Financial Services):
(i) Such as bank account and credit card details.
Collection of Sensitive Information
16. We will only collect Sensitive Information about you with your specific consent, unless otherwise allowed or obliged by law to collect such information.
17. In circumstances where we are permitted by law to collect your Sensitive Information, we will nevertheless endeavour to first obtain your consent to do so.
Information Collected Automatically
18. In visiting and/or interacting with our Website, our server’s will automatically log the following information provided by your browser:
(a) the type of browser and operating system you are using;
(b) the previous site that you visited;
(c) your server's IP address (a number which is unique to the device through which you are connected to the Internet: usually one of your service provider's machines);
(d) the date on which you visited the Website;
(e) the time which at which you visited the Website;
(f) the pages you visited on the Website; and,
(g) any documentation you downloaded from the Website.
(Website Information)
19. The Website Information is used solely to generate statistics and analyse activity on the Website.
Cookies
20. We may use cookies and similar tracking technologies to track activity on our Website.
21. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyse our Service. For more information on cookies, you may visit the third-party site located at the domain: https://allaboutcookies.org/.
22. We may use your Personal Information to customise and improve your user experience on our Website and other social media platforms. By using our Website, you agree that we can record this information from your device and access them when you visit the Website in the future.
23. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. We confirm that you do not need to have configured your browser to enable the accepting or sending of Cookies in order to use the Website.
24. Examples of cookies we may use include:
(a) Session Cookies: used to operate and improve your experience on the Website.
(b) Preference Cookies: used to remember your preferences and various settings on the Website.
(c) Security Cookies: used for security purposes.
25. If you want to delete any cookies that are already on your computer, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies.
HOW WE COLLECT AND HOLD PERSONAL INFORMATION
Direct Collection
26. We aim to collect Personal Information only directly from you, unless it is unreasonable, impracticable or necessary for us to do so.
27. For example, we collect Personal Information from you or about you:
(a) from your direct interactions with us when you inquire about and/or obtain one of our products/services;
(b) from your correspondence with us, including emails, letters and telephone calls;
(c) when you participate in our events, conferences, ceremonies, contests, programs or promotions;
(d) from application forms, contracts, surveys and other documents that you submit to us; and
(e) from your activity on our Website.
28. Under the Privacy Act and the APP’s, you have the right to deal with us anonymously or under a pseudonym unless:
(a) the use of your true identity is a legal requirement; or
(b) it is impracticable for us to deal with you on such basis.
29. Owing to the nature of our business and the products and services offered, it is impractical for us to deal with you anonymously or under a pseudonym. Consequently, we are unable
to provide you with the option to deal with us under a pseudonym. You must provide us with your full and correct name for all interactions with us.
Collection from third-parties
30. We may collect or acquire Personal Information from third-parties where it is necessary for us to do so in operating our business (e.g., to provide you with our products or services).
31. For example, we may collect Personal Information about you from:
(a) Credit providers;
(b) Credit Reporting Bodies;
(c) Marketing agencies;
(d) Regulatory authorities
(e) Financial institutions in control of your personal funds; and/or
(f) Your professional advisors (such as your legal representatives or accountants).
Collection of unsolicited Personal Information
32. Any unsolicited personal information we receive from you shall be dealt with in accordance with APP 4.
33. Specifically, we shall first determine if the unsolicited personal information could have reasonably been collected by us in accordance with APP 3. In the event it was not open to us to obtain the information under APP 3, we shall either destroy (provided it is lawful and reasonable to do so) or return the information.
WHY WE COLLECT, HOLD AND USE PERSONAL INFORMATION
34. Under Australian privacy legislation, we may use your Personal Information only:
(a) for the primary purpose for which it was collected;
(b) reasonably expected secondary purposes which are related to the primary purpose;
(c) where we have obtained your consent; or,
(d) where we are otherwise required or authorised by law to do so.
35. We collect, hold and use Personal Information from you or about you where it is reasonably necessary for us to carry out our business functions and activities. For example, we collect, hold, use and disclose your Personal Information as necessary to:
(a) Reply to your inquiries;
(b) Fulfill our ongoing obligations to you (e.g., warranties, manufacture recall’s) as the owner/driver of a vehicle we have sold to or repaired for you;
(c) Adhere to our customer service requirements and standards;
(d) Develop and improve upon our product and service offerings;
(e) Market our products and services;
(f) check, complete and submit to our Financial Service Suppliers all applications and related forms, authorities and disclosures;
(g) process your application to obtain our Financial Services, (including warranties relating to our Financial Services);
(h) assess your credit worthiness;
(i) obtain a credit report from a Credit Reporting Body or agency;
(j) perform a search of the Personal Properties and Securities Register;
(k) assist you in avoiding defaulting on your credit obligations;
(l) assess your financial position to determine if you meet the eligibility requirements of our Financial Service Providers;
(m) refer your application to other Financial Services suppliers if your initial application to purchase a Financial Service is declined;
(n) obtain Information from financial institutions, professional advisers and other third parties who have possession or control of Information about you which is necessary for us to provide you with our Financial Services;
(o) obtain Information from financial institutions, professional advisers and other third parties who have possession or control of Information about you which is necessary for our Financial Service Suppliers to provide you with financial products;
(p) assist in the provision or management of credit to you;
(q) provide you with information about our Financial Services (including where new promotions, products and services are available);
(r) provide you with information on new products (such as where new motor vehicles, parts or accessories are available); and
(s) deal with complaints.
36. Where we use your Personal Information for marketing and promotional communications, please be aware that you can opt-out at any time by:
(a) notifying us via the contact information contained within paragraph 63 of this Policy;
(b) following the ‘opt-out’ procedures which are included in all of our marketing communications.
37. We also collect, hold, use and disclose your Personal Information for purposes related to the operation of our business that you would reasonably expect, including:
(a) our administrative and accounting functions;
(b) conducting fraud checks;
(c) conducting market research; and,
(d) using the Website Information to generate interaction statistics and conduct traffic analysis;
38. We may also collect your Personal Information which is necessary to enable your lender or insurer to protect their interests. This may include the collection of information which enables your lender or insurer to register a security interest over your property on the Personal Property Securities Register (PPSR) or to check against sanctions or other reference lists.
39. Finally, we may also collect and use your Personal Information to:
(a) comply with our legal obligations;
(b) assist Government and enforcement bodies or regulators; or
(c) where we are otherwise required or authorised by or under law to do so.
40. If we do not collect, hold, use or disclose your Personal Information, or if you choose not to provide certain Personal Information to us or do not consent to our collection, holding, use or disclosure of your Personal Information, we may not be able to provide you with the products or services that you or your organisation have requested us to provide.
DISCLOSURE OF YOUR PERSONAL INFORMATION - AUSTRALIA
Disclosure of Personal Information Generally
41. Under Australian privacy legislation, we may disclose your Personal Information only:
(a) for the primary purpose for which it was collected;
(b) reasonably expected secondary purposes which are related to the primary purpose;
(c) where we have obtained your consent; or,
(d) where we are otherwise required or authorised by law to do so.
42. To this end, we do not use or disclose your Personal Information to any third parties except where we engage such parties to perform services for us, which may involve that party handling your Personal Information. In this situation, the relevant third party is prohibited from using your Personal Information for purposes other than the specific purpose for which such information was provided.
43. Depending on your engagement with us, we may disclose your Personal Information to:
(a) Motor vehicle manufacturers (and their authorised representatives);
(b) Motor vehicle parts manufacturers (and their authorised representatives);
(c) Credit Reporting Bodies;
(d) Financial Service Suppliers;
(e) Prospective or existing guarantors of your financial obligations with us or our Financial Service Suppliers.
44. If our business operations are ever restructured, sold or merged with another organisation, your Personal Information may be disclosed and transferred as part of that restructure.
Disclosure of credit information
45. Where necessary, we may disclose your credit information to:
(a) a related body corporate;
(b) a person processing your application for credit;
(c) a person who manages credit;
(d) a Financial Services Supplier;
(e) a credit provider (if we believe you have committed a serious credit infringement or you have consented to the disclosure);
(f) a person considering whether to act as a guarantor or provide security and you have expressly consented to that disclosure;
(g) a debt collector;
(h) a mortgage insurer;
(i) a Credit Reporting Body; and/or
(j) anyone other party whom you authorise us to disclose it to.
46. By submitting your Personal Information to us, you agree that we may give a Credit Reporting Body Personal Information about you in order to obtain credit reporting information.
Other disclosures
47. We may also disclose your Personal Information to third parties (including government departments, industry lobbying and advocacy groups and enforcement bodies) where required or permitted by law.
48. Where we wish to use or disclose your Personal Information (including credit information) for all other purposes, we will first obtain your consent.
DISCLOSURE OF YOUR PERSONAL INFORMATION - OVERSEAS
49. We generally do not disclose Personal Information to persons or entities located overseas.
50. However, in circumstances where it is necessary to disclose your Personal Information to recipients outside of Australia, we will not disclose such information unless:
(a) we have taken reasonable steps to ensure that the recipient does not breach the Privacy Act or the APPs;
(b) the recipient is subject to an information privacy scheme similar to that provided under Privacy Act; or
(c) you have consented to the disclosure.
HOW WE HOLD AND STORE PERSONAL INFORMATION
51. Your Personal Information is held and stored on paper, by electronic means or both. We have physical, electronic and procedural safeguards in place for Personal Information and take reasonable steps to ensure that your Personal Information is protected from misuse, interference, loss and unauthorized access, modification and disclosure. The measures we take include:
(a) storing Personal Information held on paper in locked offices in secure premises;
(b) secure archiving of documentation;
(c) protecting Personal Information held electronically with firewalls and password access;
(d) online data storage encryption, including 128 Encryption Security used for all credit card information;
(e) where we disclose Personal Information to third parties, our contractual arrangements with those third parties contain specific privacy requirements; and
(f) Our staff receive regular training on privacy procedures.
Destruction and De-identification
52. We will retain your Personal Information whilst it is required for any of our business functions and activities, or for any other lawful purpose.
53. We will take reasonable steps and we will use secure methods to destroy or to permanently de-identify your Personal Information when it is no longer required for any purpose for which the Personal Information may be used under this Policy and otherwise in accordance with the Privacy Act.
54. As an example, our destruction and de-identification methods may include:
(a) Paper records being placed in security bins and shredded and/or sent for secure destruction; or
(b) Electronic records being:
(i) Deleted from all locations; or
(ii) Encrypted and/or placed beyond use.
LINKS TO THIRD-PARTY WEBSITES
55. Our Website may contain links to other websites of interest. However, once you have used these links to leave our Website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any Personal Information which you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy statement applicable to the website in question.
REQUESTS FOR ACCESS AND CORRECTION
56. We have procedures in place for dealing with and responding to requests for access to, and correction of, the Personal Information held about you.
57. Generally, you are able to access and request the correction of Information we hold about you by contacting us in one of the manners in the “Contact Us” section of our Website. In the alternative, you may submit requests using the contact information listed in paragraph 63 of this policy
58. In most cases, we expect that we will be able to comply with your request. However, if we do not agree to provide you access or to correct the information as requested, we will give you written reasons why. For further information, please contact us.
59. To assist us to keep our records up-to-date, please notify us of any changes to your personal information.
DATA BREACHES
60. If we suspect that a data breach has occurred, we will undertake an assessment into the circumstances of the suspected breach within 30 days after the suspected breach has occurred. Where it is ascertained that a breach has actually occurred and where required by law, we will notify the Privacy Commissioner and affected individuals as soon as practicable after becoming aware that a data breach has occurred.
COMPLAINTS AND CONCERNS
61. We have procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act and the APPs.
62. If you have any concerns about our privacy policy or wish to make a complaint, please contact our Privacy Officer whose details appear below. We will do our best to formally respond to you within 30 days after the date you raise your concerns. If you are not happy with the response, you may refer the complaint to the Office of the Australia Information Commissioner on 1300 363 992 or enquiries@oaic.gov.au.
CONTACT
63. If you have any questions about this document, the data we hold, or you would like to exercise one of your rights regarding the data, please contact us using the information listed below:
Company
Townsville Auto Group Pty Ltd ACN 609 317 955
Attention
Privacy Officer
Phone
Postage
783-797 Flinders St Townsville QLD 4810
END OF DOCUMENT
This Privacy Policy has been prepared with our legal team at
Macpherson Kelley Lawyers
© TOWNSVILLE AUTO GROUP PTY LTD 2023