One Car Group Pty Limited (ACN 626 483 163) and its wholly owned subsidiaries (we, our, us, one car group) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document is our combined Privacy and Credit Reporting Policy (Policy) and describes how we will comply with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) in relation to the handling of your personal information, including in accordance with the Australian Privacy Principles (APPs), as well as how we comply with the credit reporting obligations contained in the Privacy Act and the Credit Reporting Code as registered under section 26S(1) of the Privacy Act.
2. What types of information are covered by this policy?
This Policy sets out how we manage your “personal information”. Certain parts of this Policy also apply specifically to “credit-related information”. Section 7 of this Policy sets out these credit-specific obligations in more detail.
When used in this Policy, the term “personal information” has the meaning given to it in the Privacy Act. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
In this Policy, the term “credit-related information” means credit information, credit eligibility information and credit reporting body (CRB) derived information as those terms are defined in the Privacy Act. Generally speaking, credit-related information will include your name and address, your contact details, your date of birth and gender, details of your credit history (including any repayments missed or late repayments that you have made), information about any credit provided to you by credit providers (such as financial institutions, utilities or telecommunications providers), any credit rating or credit assessment score that we have derived or that is provided to us by a credit reporting body and details of any credit-related court proceedings or insolvency applications that relate to you.
3. What kinds of personal information do we collect and hold?
3.1 The kinds of personal information
We typically collect the following types of personal information about you:
name; mailing or street address; email address; telephone number; facsimile number; age or birth date; Medicare number, drivers’ licence number, tax file number and passport number (which may also include the other details which appear on your Medicare card, driver licence and passport if supplied pursuant to our identity verification systems and processes); profession, occupation or job title, together with other relevant employment details (such as your salary); information about your source(s) of income and your expenditure details; information about your assets and liabilities; details of the products and services you have acquired from us or which you have enquired about, together with any additional information necessary to deliver those services and to respond to your enquiries;
any additional information relating to you that you provide to us through our website, applications or other online means (including personal information which may be collected via cookies and other online technologies and methods use as discussed in section 9 of this Policy such as information about the devices on which you visit us or other entities in our group, and your activities on those devices or sites); third party account details (for example where you sign in through a social network); your public social profile information (e.g. name, profile picture) together with the email address you use to log into your social media account; any other information that you provide to us in person, including at our offices or during visits by our representatives; personal information you may provide to us if you are applying for employment with us that is relevant to such employment (such as your qualifications and work history); and personal information you may provide to us if you participate in any surveys we, or a third party service provider acting on our behalf, may conduct from time to time including personal information relating to your survey responses.
3.2 Sensitive Information
Some of the personal information we collect or hold about you as described in section 3.1 of this Policy, such as health records which appear on your driver’s licence, your tax file number or your passport number, may be classified as ‘sensitive information’ under the Privacy Act. We only collect or hold such sensitive information to the extent it is reasonably necessary for one or more of our functions or activities. You expressly provide your consent to providing us with this sensitive information so that we may carry out one or more of our functions or activities related to that collection.
Sometimes you may provide sensitive information to us if you are applying to work with us (for example you may disclose your voluntary work for a charity). We will only collect, use and disclose sensitive information about you in the course of considering an application for employment subject to obtaining your prior specific consent at the relevant time.
3.3 Personal information you provide about someone else
We might also ask you to provide us with personal information about another person , for example:
personal and financial information about a joint applicant for any finance you are seeking; the name and contact details of your accountant, lawyer or professional advisor; and where we ask you for a personal or trade reference, the name and contact details of your referee and their relationship to you.
If you provide us with personal information about another person, you should tell that person about this policy and let them know that their information has been provided to us.
3.4 Information which is not personal information
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website. This Policy does not apply to such information.
4. How do we collect and hold your personal information?
4.1 Collecting personal information directly from you
Generally we collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect it in ways including:
through your access and use of our website and online applications; via e-mail and via documentation provided to us electronically, in person, by mail or by facsimile; over the telephone or during conversations between you and our staff; or when you complete a finance application, whether on our website or via telephone.
4.2 Collecting personal information directly from third parties and group companies
We may also collect personal information about you from third parties including:
entities which provide services to us (such as providers of identity verification services); any third party who refers you to us; your accountant, any referees you provide or we request and any joint applicants for finance; your nominated referees and former employer if you are applying for a role with us; or from third party companies such as credit reporting bodies, providers of title search services, law enforcement agencies and other government entities.
4.3 How we hold your personal information
We hold information in paper-based files or other electronic record keeping methods in secure physical and online databases (including trusted third party storage and service providers based in Australia and the United States (as further detailed in section 11).
We take reasonable steps to ensure that the personal information and credit-related information that we collect, use and disclose about you is accurate, complete and up-to-date and, in relation to the purpose of our use or disclosure, relevant. Personal information and credit-related information is destroyed or de-identified when no longer needed or where we are no longer required by law to retain it (whichever is the later).
We have implemented controls around technology and our organisational processes to assist us in protecting your information from misuse, interference and loss and from unauthorised access, modification or disclosure. This includes having in place confidentiality requirements for employees and contractors, as well as implementing document storage security policies, document retention policies and systems and site access restrictions.
5. Dealing with us anonymously and what happens if we can’t collect your personal information?
5.1 Can you deal with us anonymously?
We will provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry over the telephone to us).
However, generally it is not practicable for us to deal with individuals anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to use our services or products (as further detailed in 5.2 below).
5.2 What happens if we can’t collect your personal information?
If you do not provide us with the personal information described above, some or all of the following may happen:
we may not be able to provide any products or services to you, either to the same standard or at all; we may not be able to provide you with information about products or services that you may want, including information about special promotions; or we may be unable to tailor the content of our website to your preferences and your experience of our website may not be as enjoyable or useful.
6. For what purposes do we collect, hold, use and disclose your personal information?
We collect personal information about you so that we can perform our business activities and functions and to provide the best possible quality of customer service to you.
We generally collect, hold, use and disclose personal information for the purpose for which you provided it, the purposes disclosed in this Policy and/or in any specific collection statement, any related secondary purposes which you would reasonably expect and for any other purpose you have consented to.
Typically, we collect, hold, use and disclose your personal information for the following purposes:
to send communications to you, including when apply for and updates in relation to the status of your application for finance or insurance as well as provide you access to our website and secure web services to enable these communications; to prepare quotes or estimates for you in relation to any finance or insurance or other products that we provide or which we can arrange; to assess which financier that we act for is best suited to meet your financial objectives and requirements and subsequently prepare,submit and advise on the outcomes of applications for finance or insurance on your behalf to the financiers and insurers that we deal with or who we act on behalf of;
if your application is successful or you accept a quote that we provide, to manage the provision of finance, insurance and other products for you over the life of your contract as well as updating our records and keep your contact details up to date from time to time; to answer enquiries and provide information or general advice about existing and new products and services; to conduct business processing functions including providing existing or updated personal information to our related bodies corporate, contractors, service providers or other third parties; to process and respond to any complaint made by you; and to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority.
7. Credit Reporting Policy
This section 7 is our credit reporting policy. We may provide consumer credit and/or commercial credit to individuals (including as agent for our financiers), and this policy will apply in such circumstances. We may conduct (or our financiers may conduct) a credit check on you and any joint account holders (or for corporate customers, any directors, partners or other authorised representatives) before credit is provided to you.
The Privacy Act and this policy do not apply to commercial credit provided to companies or other entities. However, this policy will apply where an individual applies for commercial credit or we or our financiers request that a director or other authorised individual guarantees the commercial credit to be provided by us to a company or other entity. This policy will only apply in respect of any uses of individuals’ credit-related information as part of any assessment of the creditworthiness of that individual that we or our financiers undertake and any consideration that we or our financiers undertake in relation to an individual’s suitability as a guarantor.
7.2 Collection of credit-related information
In addition to collecting personal information about you, we may collect the following particular types of credit-related information about you:
your name and address (including previous addresses); your contact details (including telephone and email addresses); your date of birth and gender; your credit history, credit rating or credit assessment score provided by a credit reporting body(including account conduct both positive and negative such as any repayments missed or late repayments that you have made) details of any credit provided to you by other credit providers (such as other financial institutions, utilities or telecommunications providers); details of any credit-related court proceedings or insolvency applications that relate to you; and any other personal information or credit related information reasonably required for the purpose of determining whether we or our financiers will provide any credit to you (or to your related company or other entity).
We may obtain this information from you or from third parties, including from credit reporting bodies and other credit providers, in order to assist us in determining whether we or our financiers will provide any credit to you (or to your related company or other entity).
7.3 Our use and disclosure of your credit-related information
We may use the credit-related information that is collected and held by us to help us and our financiers decide whether or not to provide credit to you (or to your related company or other entity).
The credit-related information that we hold about you may be used by us in accordance with Part IIIA of the Privacy Act and the Credit Reporting Code. The purposes for which we use your credit-related information may include:
using your credit-related information to assess any application that you make to us or our financiers for credit (or which is made by your related company or other entity); using your credit-related information to collect payments that are owed to us or our financiers in respect of any credit that we or our financiers have previously provided to you (or to your related company or other entity); disclosing your credit-related information to any of our related companies, that are also considering whether to provide credit to you (or to your related company or other entity);
where you have offered to guarantee credit that we or our financiers have offered to provide to your related company or entity, to assess your suitability as a guarantor of that credit; disclosing your credit-related information to a third party that you or we ask to act as a guarantor of any credit provided to you; disclosing your credit-related information to the credit reporting bodies that we deal with, including but not limited to Equifax Pty Ltd. Credit reporting bodies collect different types of credit-related information about individuals and use that information to provide a credit-related service to their customers (including to us); disclosing your credit-related information to our financiers in connection with any credit that you seek; disclosing your credit-related information to other third parties that provide services to us (or to you on our behalf). These might include debt collectors, credit management agencies and other third parties that process applications for credit made to us or which provide identify verification services to us; disclosing your credit-related information to other credit providers which provide, or are considering providing, credit to you (or to your related company or other entity); using and disclosing credit-related information that we hold about you to assess and respond to any access or correction requests that you make to us; where we are consulted by a credit reporting body or another credit provider about an access or correction request that you have made to those entities, to respond to that consultation request; where you complain to the Office of the Australian Information Commissioner or any provider of a recognised external dispute resolution scheme about our treatment of your credit-related information, to respond to that complaint and to seek legal or other professional advice in relation to your complaint; using and disclosing credit-related information that we hold about you as required by law or the order of a court or tribunal; and where you otherwise expressly consent to the use or disclosure.
7.4 Other matters relating to your credit-related information
Where required by law, we will make a written note (which may be kept in electronic form) of any use or disclosure that we make relating to your credit-related information.
If: you (or your related company or other entity) make an application for credit to us; or you offer to guarantee credit that we propose to provide to your related company or other entity, and we subsequently refuse your application or offer based on information provided to us by a credit reporting body about you, we will inform you of this and provide you with the name and contact details of that body and any other information required by law to be provided to you.
7.5 Access and correction
You have a right to request access to, or the correction of, any credit-related information that we hold about you. You may request access to any credit-related information that we hold about you in accordance with section 12 of this policy.
8. Direct marketing
8.1 What is the purpose of our direct marketing?
We may use or disclose your personal information for the purpose of direct marketing including:
to share your information within One Car Group (including with our related body corporates) and other select companies, so that our other divisions and businesses may also contact you or offer you complementary or other products and services including in the manner described in section 9 of this Policy including more relevant advertising content; for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of us and our related bodies corporate, contractors or service providers; to assist the performance of, and to improve, any marketing and advertising campaigns that we conduct (including on behalf of our financiers or other business partners) as well as assessing the performance of our website; We undertake this direct marketing in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth), and APP 7 which relates to direct marketing.
Typically we may send you direct marketing communications and information about our products and services (or those of our financiers) that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email or in the form of targeted content and offerings as described in section 9.
8.2 How do I opt out of direct marketing communications?
If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. If we do commence sending any direct marketing to you, you may amend or opt-out of receiving marketing communications from us by:
- Using the unsubscribe process available within email communications or emailing support[at]onecargroup.com.au
- Changing your communication preferences within the preference center accessible via email communications
- Calling our customer service number 1300 616 993
9. Our website and online applications
9.1 Application of this policy to our website and online applications
This policy also applies to any websites that we operate from time to time, including our website and onecargroup.com.au (and any sub-domains of those websites). This policy will cover any personal and credit-related information you provide to us using any of our websites.
9.2 How do One Car Group and linked sites record my activity and use it?
When you visit one of our websites or use one of our applications, or in response to a survey, promotion or competition, One Car Group and other entities in the group typically record anonymous information such as IP address, time, date, referring url, and other referral information, device information and location, carrier, site interactions such as your access to website features, pages accessed, content, searching activities, lead submission, and files accessed and downloaded, type of browser and operating system, and other clickstream information.
Such information collected by us may be linked to other information we hold and other entities in the group hold about a user, compiling a complete profile about the users’ browsing, purchasing and other activities. This data may be used by us and shared with other entities in the group to categories a user and provide personalised offers, marketing and advertising. Activity data may be shared with advertisers for these purposes where the user is already a customer of the advertiser.
One Car Group may use third party advertising companies to collect data and/or serve ads when you visit one of our websites or applications. These companies may use information (not including your name, address, email address or telephone number) about your visits to websites and other media in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, visit http://networkadvertising.org/.
9.3 Cookies and other online behavioural technologies and methods
We use “cookies” and other online behavioural technologies and methods to collect and store the information set out above. A cookie is a small file that stays on your computer until, depending on whether it is a sessional or persistent cookie, you turn your computer off or it expires (this may be as little as 30 days or up 2 years or longer in some cases).
Cookies may be used by us or by service providers engaged by us to provide you with the full range of services it offers, remember your preferences, remember the sites you visit and for security. As this information does not constitute personal information, the Privacy Act is not applicable and we may use this information for any lawful purpose. We use both session ID cookies and persistent cookies, first party cookies (such as Analytics Services described below) and third-party cookies. Persistent cookies may be used to identify the sites you visit to personalise the advertising that you see when you make future visits to those sites or other sites or platforms. Cookie data and other data may be sold, licensed or otherwise provided to third parties via advertising exchanges or other data sharing platforms for this purpose.
One of the sites that let you control what information is collected about you is Your Online Choices (www.youronlinechoices.com.au).
As our websites and applications are linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. Where appropriate, we use Secure Socket Layer (SSL) technology to encrypt the transmission of information to us. However, we cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
10. Who do we disclose your information to?
We may disclose your personal information and credit-related information to:
our financiers, including any financiers that we act as agent for; where your relationship with us involves the sale or purchase of a vehicle, to any insurers, vehicle dealerships and the private sellers of vehicles in connection with that business (including in connection with the issuing of any invoices); our employees, related bodies corporate, contractors or service providers for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide services to you including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, identity verification service providers and professional advisors such as accountants, solicitors, business advisors and consultants; and other third party providers set out in section 9:
- may offer you a more personalised experience when you visit one of our websites or applications, including to offer you more relevant advertising content; and
in order to better personalise the products and services offered to you by us or any group companies.
- suppliers and other third parties with whom we have commercial relationships, for business, process outsourcing, marketing, and related purposes; and
any organisation for any authorised purpose with your express consent.
11. Do we disclose your information to anyone outside Australia?
We may from time-to-time disclose your personal information to an entity located in another country where we are permitted to do so under the Privacy Act.
For example, we may disclose personal information and credit-related information to our financiers, our related bodies corporate and our third party suppliers and service providers to entities located outside of Australia:
including to our data hosting providers and to other IT service providers, some of whom are located in the United States of America; and to other IT service providers, some of whom are located in the United States of America and Singapore.
Unless we reasonably believe the overseas recipient is subject to a law or binding scheme substantially similar to the APPs, we will take reasonable steps where practicable in the circumstances to ensure that the overseas recipient does not breach the relevant APPs in relation to your personal information.
However, this may not always be achievable and thereforeyou expressly consent to the collection, processing, use, disclosure, transfer and storage of your personal information outside of Australia where we are not able to ensure the recipient’s compliance with the APPs when acquiring our products or services or providing us with your personal information,. We are required to inform you in relation to this consent that if an overseas recipient handles your personal information in breach of the APPs, the entity will not be accountable under the Privacy Act and you will not be able to seek redress under the Privacy Act. If you do not wish to provide this consent, please contact our Compliance Officer using the contact details set out in section 14.
12. How can you access and correct your personal information?
You may request access to any personal information or credit-related information we hold about you at any time by contacting us (see the details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a reasonable fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information or credit-related information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that any personal information or credit-related information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.
For any credit-related information that we hold about you, we will:
respond to your request that for the correction of your credit-related information within 30 days (or such longer period as you may agree or we may request). If we cannot respond to your correction request without consulting with other credit providers or credit reporting bodies in relation to your request, we may do so and these bodies are permitted by law to assist us in resolving your correction request; if we agree to your request, promptly correct any credit-related information that we hold about you that we are satisfied is inaccurate, out-of-date, incomplete, irrelevant or misleading. If we do correct your credit-related information at your request, we will inform you and each other credit provider and credit reporting body to which we have previously disclosed that information that we have corrected your information. Where we disclosed your credit-related information after you made a complaint but before it was resolved, we will tell the recipient that you have made such a complaint and we will subsequently inform that entity of the outcome of your correction request; and if we have any other reasons for suspecting that the credit-related information that we hold about you has become inaccurate, out-of-date, incomplete, irrelevant or misleading, independently correct this information without consulting you. If we do this, we will take reasonable steps to notify that correction to you and to any other entities to which we have previously disclosed that credit-related information (unless it is impracticable for us to do so).
13. What is the process for complaining about a breach of privacy?
If you believe that your privacy has been breached, please contact us using the contact information below and provide written details of the incident so that we can investigate it.
If your complaint relates to our failure to provide access to or to correct any credit-related information that we hold about you, you may lodge a complaint directly with the Office of the Australian Information Commissioner (for more information, please see oaic.gov.au).
Otherwise, if you have a complaint in relation to our handling of your credit-related information that is not mentioned above or if you complaint relates to your Personal Information, you must first lodge your complaint with us using the details in section 14 (Contacting us) below and provide us with details of the incident so that we can investigate it.
We have a detailed internal dispute resolution policy (Dispute Policy), which will apply to investigating and dealing with any privacy breaches. Please contact us (using the details below) to obtain a copy of this policy. However, if you make a complaint with us in accordance with this section 13 about privacy, we will acknowledge receipt of your complaint, and try to investigate and respond to you in accordance with our Dispute Policy within 30 days. If the matter is more complex or our investigation under our Dispute Policy may take longer, we will let you know.
We will treat your complaint confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
If you are not satisfied with our handling of your complaint or our proposed resolution, you have a right to lodge a further complaint with the Office of the Australian Information Commissioner (for more information, please see oaic.gov.au). The Office of the Australian Information Commissioner can provide you with further information about the next steps in its complaints process.
Where your complaint relates to the correction of your credit-related information and the resolution of your complaint requires us to correct your information, we will inform each other credit provider and credit reporting body that we have previously disclosed your information to that you have made a correction complaint in relation to that information and that we have corrected your information as a result of the outcome of that complaint. However, if it is impracticable or illegal for us to do so we are not required by law to give this notification.
14. Contacting us
If you have any questions about this policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please use the contact link on our website or contact our Compliance Officer using the details set out below. We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.
Please contact our Compliance Officer at:
One Car Group Pty Limited
PO Box 2065
Peakhurst, NSW, 2210
Telephone: 1300 616 993
15. Changes to our privacy and credit reporting policy
We may change this privacy and credit reporting policy from time to time. Any updated versions of this policy will be posted on our website and will be effective from the date of posting.
This policy was last updated on 7th July 2018