1. Personal information
AutoReviewa Pty Ltd (ACN 169 963 017) (“AR”, “we”, “us” or “our”) may collect and hold information or opinions which identifies users of AR services (“personal information”) from time to time. We may collect personal information whether or not it is true and whether or not it is recorded in a material form.
The kind of personal information that we collect and hold may differ depending upon which services you use.
1.1. Personal information we collect and hold from information you provide
We will where possible, collect your personal information directly from you, unless it is unreasonable or impracticable for us to do so. If we collect your personal information from another person and it is unclear that you have consented to the disclosure of that information to us or that information is otherwise not permitted to be disclosed to us, we will, whenever reasonably possible, make you aware that we have done this and the reasons for doing so.
If you do not provide some or all of the personal information we request, we may be unable to effectively provide our services to you.
This personal information includes information we collect from you when you use our website, make enquiries, sign up for an account, tell us your experience at our website, or when you otherwise input any personal information when asked to do so by a service offered via our website.
We may from time to time collect and hold personal information about how you use our services, such as the frequency and duration of your activities, so that we can fine tune our services better to meet your apparent needs.
The kinds of personal information that we commonly collect and hold from you or about you include: your name, address, phone number, email address and credit card and banking details (including bank account and BSB numbers), your financial, credit and motor vehicle insurance history, and any other information necessary for financing and insurance applications provided on or through our website. We will also collect details about the product and/or services being purchased by you, as each payment request will include a description of the item and/or service purchased.
1.2. Personal information we collect and hold from information others provide about you
We do not collect and hold personal information about you from third parties unless a third party has provided us with your information on your behalf or under the premise that the third party was you.
1.3. Personal information we collect from devices
We collect information from or about the computers, phones, or other devices on which you install or access our services, depending on the permission settings on those devices.
2. Use, storage and disclosure of your personal information
We will only use or disclose personal information that is also “sensitive information” where you have actually or impliedly given us your consent to do so. For example, if you share with us via our website your credit card details or any other sensitive information in the process of using our services, we will treat that as your consent to use that information to provide or procure an answer to your query.
2.1. How we use your personal information
We use the personal information we hold about you to do the following things:
- administer this website;
- personalise the website for you;
- enable your access to and use of the website services;
- publish information about you on the website;
- send to you products that you purchase;
- supply to you services that you purchase;
- send to you statements and invoices;
- collect payments from you;
- send you marketing communications;
- liaise with motor vehicle dealerships, financiers, insurance providers, aftersales service providers (for example, for annual vehicle servicing), motor vehicle repairers, retailers of motor vehicle accessories, roadside assistance service providers, motor vehicle detailers, and any other third parties associated with motor vehicle sales, ownership or repairs;
- administer contracts into which we may enter with you;
- communicate with you concerning our services;
- respond to feedback from you;
- develop and/or test our systems and services;
- for our own internal administrative purposes.
In addition to the disclosures reasonably necessary for the purposes identified elsewhere above, we may disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend our legal rights.
2.2. Direct marketing
We may use or disclose the personal information we collect from you for direct marketing.
You may request at any time not to receive direct marketing material when you use our services.
Simply contact us via our contact details below and we will make sure you no longer receive direct marketing communications from us.
2.3. Improved services
We may use or disclose the personal information we collect from you to improve your AutoReviewa experience.
This may include use or disclosure of your personal information in order to personalise, develop and improve the services we provide you, verify your identification and improve your account security.
2.4. How we store your personal information
Your personal information is primarily stored by electronic means. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure.
We will store all the personal information you provide on our secure servers.
Information relating to electronic transactions entered into via this website will be protected by encryption technology.
2.5. Pseudonymity or anonymity
You can be anonymous or use a pseudonym when dealing with us, unless:
- the use of your true identity is a legal requirement; or
- it is impracticable for us to deal with you on such basis.
2.6. Cross-border disclosure of personal information
We may disclose your personal information to overseas recipients for any of the reasons outlined above.
All information (aside from credit card numbers as specified above) will be stored by Amazon Web Services (AWS). Please visit the AWS site at https://aws.amazon.com/privacy/ to learn more about how they collect and use this information.
All information relating to our accounts (for example, information about funds transferred to us, including transferor details and payment details), will be stored with Xero. Please visit the Xero site at https://www.xero.com/us/about/privacy/ to learn more about how they collect, store and use this information.
While we cannot guarantee overseas recipients will comply with Australian laws, we will take the necessary steps in the circumstances to ensure that those overseas recipients do not breach the Australian Privacy Principles.
3. Integrity of personal information
3.1. Quality of personal information we collect and hold
We take all reasonable steps to ensure that:
- the personal information we collect is accurate, up to date and complete; and
- the personal information we use or disclose is accurate, up to date, complete and relevant having regard to the purpose of the disclosure.
3.2. Security of personal information
We take all reasonable steps to protect the personal information we collect from:
- misuse, interference and loss; and
- unauthorised access, modification or disclosure.
If we hold personal information which we no longer need for any purpose for which we may disclose your personal information as described in this policy, and:
- the information is not contained in a Commonwealth record; and
- we are not required by or under an Australian law, or a court/tribunal order, to retain the information,
then we will take all such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.
4. Access to and corrections of your personal information
4.1. Access to your personal information
Upon your request, we will provide you with access to your personal information we hold if it is reasonably practicable to do so, within a reasonable period after your request is made.
Notwithstanding, we retain the right to deny access to your personal information to the extent that:
- we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
- giving access would have an unreasonable impact on the privacy of other individuals; or
- the request for access is frivolous or vexatious; or
- the information relates to existing or anticipated legal proceedings between us or our related entities and the individual, and would not be accessible by the process of discovery in those proceedings; or
- giving access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
- giving access would be unlawful; or
- denying access is required or authorised by or under an Australian law or a court/ tribunal order; or
- both of the following apply:
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in;
- giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
4.2. Corrections of your personal information
We will make corrections to personal information we hold about you, if:
- we are satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out of date, incomplete, irrelevant or misleading; or
- you request us to correct the information.
Within a reasonable period following the situations set out in paragraphs 4.2(a) or (b) above, we will take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
4.3. Data Breaches
If we suspect that a data breach has occurred, we will undertake an assessment into the circumstances of the suspected breach within 30 days after the suspected breach has occurred. Where it is ascertained that a breach has actually occurred and where required by law, we will notify the Office of the Australian Information Commissioner and affected customers as soon as practicable after becoming aware that a data breach has occurred.
5. How to contact us
5.1. Complaints, concerns or queries
We will respond to your complaint in accordance with the relevant provisions of the Privacy Act 1988 (Cth) as soon as practicable. We treat complaints relating to privacy very seriously. If you submit a concern or complaint, we will endeavour to deal with it comprehensively and reach an outcome where all parties are satisfied.
If you are not satisfied with our response to your complaint, or if you would like further information about privacy in Australia, then we suggest you contact the Office of the Australian Information Commissioner at www.oaic.gov.au.
5.2. Our contact details
The Privacy Officer
PO Box 1072 Cotton Tree, QLD
1800 976 400
Last Updated 26/7/2019.