1. GENERAL:
This Privacy Policy is a Policy which has reference to the Australian Privacy Principles (‘APPs’) and, on behalf of us and our B2B Partners:
(a) Ensures compliance with those principles;
(b) Implements practices, procedures and systems to ensure compliance with those principles and to enable us to deal with enquiries and complaints about our compliance with those principles.
This Policy is designed to provide you with guidelines about the handling and management of your personal information by us, to ensure the privacy of all information we collect from our digital platforms and mobile applications.
2. OUR PRIVACY COMMITMENT TO YOU:
We take our obligations under the Privacy Laws and the APP’s very seriously. We are committed to maintaining the confidentiality and security of your personal information (including any sensitive information) and managing it in an open and transparent way. To achieve this, we have created this Policy.
3. DEFINITIONS:
Amendment Act means the Privacy Amendment (Enhancing Privacy Protection) Act, 2012.
API means Application Program Interface.
APP Entity means an agency or organisation.
AWS means Amazon Web Services.
CAPS means our Case Management System/Database.
CRM means Client Relationship Management.
OAIC means the Office of the Australian Information Commissioner.
Personal Information means information or an opinion about you, an identified individual or an individual who is reasonably identifiable:
(a) Whether the information or opinion is true or not; and
(b) Whether the information or opinion is recorded in written, electronic or other form or not.
Privacy Laws means the Privacy Act 1988, Privacy Amendments (Enhancing Privacy Protection) Act 2012 and associated regulations.
Sensitive Information means:-
(a) Information or an opinion about an individual’s:
i. Racial or ethnic origin; or
ii. Political opinions; or
iii. Membership of a political association; or
iv. Religious beliefs or affiliations; or
v. Philosophical beliefs; or
vi. Membership of a professional or trade association; or
vii. Membership of a trade union; or
viii. Sexual preferences or practices; or
ix. Criminal record;
that is also personal information; or
(b) Health information about an individual; or
(c) Genetic information about an individual that is not otherwise health information.
We, us or our means 365 Assistance Group Pty Ltd (ACN 608 814 679).
You or your means you, the person who provides us with personal and/or sensitive information or who has access to this document.
4. KINDS OF PERSONAL INFORMATION THAT WE COLLECT AND HOLD:
4.1 We collect and hold electronically the following types of personal information about you:
(a) Your name (subject to anonymity and pseudonymity referred to in Clause 14 below).
(b) Your postal address, your mobile phone number and your email address.
(c) Your vehicle registration and the make and model of your vehicle.
(d) Encrypted passwords in AWS.
(e) Any other information relevant to the Primary Purposes for which the information and data is collected.
4.2 We collect this personal information as it is reasonably necessary for, or directly related to one or more of our functions or activities.
4.3 We do not collect or store information about your credit card.
5. HOW WE COLLECT AND HOLD PERSONAL INFORMATION:
5.1 We only collect your personal information legally and preferably from you directly. We do this by requesting such information through:
(a) Our website;
(b) Our mobile app’s;
(c) Our Declarations Portal;
(d) Our email excel files;
(e) Our excel spreadsheets (from corporate clients); and
(f) API’s from third party partner and supplier applications.
5.2 We will only collect personal information about you from yourself other than in circumstances where we obtain your consent to obtaining the information elsewhere, or we are required by Law or a Court or Tribunal Order to collect that information from a third party, or where it is unreasonable or impracticable to collect the information from you.
6. HOLDING PERSONAL INFORMATION:
6.1 We hold personal information we have obtained from you in the following manner:
(a) Digitally in our CAPS database, which is stored on AWS.
6.2 Our website does not collect permanent cookies. Our website does collect information about you using our website through Internet Protocol (IP) addresses. An IP address is a number that is unique to the computer through which you are connected to the Internet. Our website also uses ‘cookies’ to assign identification to your computer. Our cookies contain no personal information or financial information.
6.3 We collect and hold data from the device and application you use to access our services, including your Geo location.
6.4 We also collect and store information where you use an external source such as your own computer to access our website.
6.5 We secure your personal information in secured electronic files in our CAPS database on AWS.
7. THE PURPOSE FOR WHICH WE COLLECT, HOLD, USE AND DISCLOSE YOUR PERSONAL INFORMATION:
7.1 We will only handle your personal information for the particular purpose for which we collect it (‘the Primary Purpose’). The Primary Purposes for which we collect information are set out in Schedule 1 which is attached.
7.2 We will not disclose, use or otherwise deal with your personal information (not being sensitive information) for any other purpose (the secondary purpose) unless:
(a) We first obtain your consent; or
(b) You would reasonably expect us to use or disclose the information for those secondary purposes related to the primary purpose; or
(c) If the information is sensitive, the use is directly related to the primary purpose; or
(d) Where we are required to disclose by Law; or
(e) Unless a permitted general situation exists as defined by section 16(a)(i) of the Amendment Act; or
(f) If required because a permitted health situation exists as defined by, and in circumstances set out in, Section 16(b) of the Amendment Act.
7.3 We may disclose your personal information to third parties, aggregate anonymous statistics regarding our customers, sales, traffic analyses and other information regarding or collected through our websites and printed forms. Other than in this anonymous form, we will not disclose your personal information without first obtaining your permission except as follows:
(a) We may disclose personal information if required by law or legal process.
(b) We may disclose your personal information to third parties providing, or
assisting us in providing, services requested by you, and for billing purposes.
(c) We may disclose your personal information to the third party that sold you your membership so that the third party may notify you when your membership is due for renewal.
(d) We may disclose your personal information to our contractors or partners, who perform a function on our behalf.
7.4 We are not responsible for the Privacy Policies of any third parties.
8. HOLDING PERIOD AND DESTRUCTION OF PERSONAL INFORMATION:
8.1 All personal information that we hold, keep and secure is held in our CAPS system.
8.2 We are a paperless company that takes all reasonable steps to reduce our carbon footprint and environmental burden. If any personal information is held in paper form, it is transferred to our CAPS system and the paper form de-identified and destroyed.
8.2 The CAPS system has administration levels defined by authority limits provided to staff and our approved officers by our designation Head of Security.
8.3 We comply with best practices aligned to data and privacy protection measures in relation to management of data, within our CRM.
8.4 Our payment services within CAPS, comply with the Payment Card Industry Data Security Standard (PCI DSS).
8.5 We uses multifactor authentication for security of data.
We destroy and/or de-identify personal information about individuals that we have collected, a reasonable time after the information is deemed to be no longer needed for our Primary Purpose. Such personal information is moved into a different source that is separate to active memberships and is de-identified so that your identity is not readily accessible or from triangulating your de-identified information with other sources of information.
9. COLLECTION, MANAGEMENT AND DISCLOSURE OF SENSITIVE INFORMATION:
We do not collect sensitive information about you unless:
(a) You consent and the information is reasonably necessary for one of our functions or activities; or
(b) Any of the following is relevant:
i. The collection is required or authorised by Law, Court Order or a Tribunal; or
ii. A permitted general situation exits as defined by the Privacy Laws; or
iii. A permitted health situation exists as defined by the Privacy Laws.
10. GENERAL ACCESS TO YOUR PERSONAL INFORMATION:
10.1 You may request access to the personal information we hold about you. We prefer you to put the request in writing.
10.2 We will allow you access to the personal information unless any of the following is relevant:
(a) If we are required or authorised by Law to refuse giving you access to the personal information; or
(b) If any of the following circumstances are relevant;
i. We reasonably believe that giving you access would pose a serious threat to the life, health and safety of any individual or to public health or public safety; or
ii. Any access would have an unreasonable impact on the privacy of any other individual; or
iii. Your request is frivolous or vexatious; or
iv. The information relates to existing or anticipated legal proceedings between you and us, and our legal advice is that it would not be accessible by the process of discovery in such proceedings; or
v. Giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice such negotiations; or
vi. Giving access would be unlawful; or
vii Denying access is required or authorised under Australian Law or a Court Order; or
viii. We have reason to suspect that unlawful activity or misconduct of a serious nature relating to our functions or activities have been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to that matter; or
ix. Giving access would be likely to prejudice one or more enforcement related activities conducted by an enforcement body; or
x. Giving access would reveal evaluative information from within our entity in connection with a commercially sensitive decision-making process.
11. HOW YOU MAY ACCESS, REVIEW, CORRECT OR UPDATE YOUR PERSONAL INFORMATION:
11.1 If you wish to access, review, correct or update your personal information you may contact us by any of the means referred to in Section 19 of this Policy, or through our Unify Portal which requires two factor authentication to ensure the security and protection of your information.
11.2 In your request please include your name, address, email address and telephone number and clearly specify the information you would like to access, review, correct or update.
11.3 We may need to share your information with third parties to assist in responding to your request.
11.4 We will respond to your request within a reasonable period of time and will give access to you if it is reasonable and practical to do so.
11.5 If we do not give you access, we will provide you with reasons why such access is denied.
11.6 If we refuse to give you access because of the reasons set out in Clause 10 above (in accordance with 12.2 or 12.3 of the APP’s) or do not give you access in the manner requested by you, we will give you written notice setting out the reasons for the refusal (except where it is unreasonable to do so), and outline the mechanisms available to you to complain about the refusal.
12. WHAT DO WE DO ABOUT UNSOLICITED PERSONAL INFORMATION:
12.1 If we receive personal information and we have not solicited it, we will, within a reasonable period after receiving that information, determine whether or not we could have collected the information if we had solicited it.
12.2 We may use that personal information, but if we determine that we could not have collected it and it is not contained within any Commonwealth record, we will (as soon as practical) but only if it is lawful and reasonable to do so, destroy that information to ensure it is de-identified. Otherwise, we will deal with it in accordance with Clause 7.
13. HOW CAN YOU CORRECT YOUR PERSONAL INFORMATION:
13.1 If you wish to correct your personal information or have any concerns about how we handle such information, you may make a request to us in writing in the manner referred to in Clause 19 below, to correct that information, or through our Unify Portal which requires two factor authentication to ensure the security and protection of your information.
13.2 Upon receipt of the request we will consider your request within a reasonable time and take such steps as are reasonable in the circumstances to correct that information to ensure that it is accurate, up to date, complete, relevant and not misleading.
13.3 If we have provided personal information about you to another APPs entity and you request us to notify that other entity of the correction, we will, within a reasonable time, take such steps as are reasonable to notify that other entity, unless it is impracticable or unlawful to do so.
13.4 Provided however, if we do not correct your personal information we will provide you with a written notice setting out the reasons for the refusal (unless it is unreasonable to do so) and the mechanisms available to you to complain about that refusal. If so, you may make a complaint as outlined in Clause 14 below.
13.5 We have in place procedures and systems whereby we regularly review the way we handle personal information for you. If we are satisfied in our review that the personal information we hold for you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take such steps as are reasonable in the relevant circumstances to correct that information.
13.6 If we refuse to correct your personal information on request by you, and you request us to provide a statement accompanying the personal information, that the information is inaccurate, out of date, incomplete, irrelevant or misleading, we will make your statement apparent to any users of the information.
14. COMPLAINTS:
14.1 We have implemented a Complaints Handling Policy. If you think we have breached the Privacy Laws or this Policy, you may complain to us by following the Complaints Handling Policy in Schedule 2 which is attached. You will need to provide us with your name, address, email address and telephone number with your complaint and clearly describe its nature.
14.2 We may need to share your information with third parties to assist us in responding to the complaint.
15. WHETHER WE ARE LIKELY TO DISCLOSE PERSONAL INFORMATION TO OVERSEAS RECIPIENTS:
15.1 We have service obligations and network provider support arrangements with organisations overseas.
15.2 Only for our primary purpose may disclose information to our contractors and partners who may be overseas.
16. ARE YOU ABLE TO USE A PSEUDONYM OR OPT OUT OF PROVIDING US WITH YOUR IDENTITY?
16.1 Although the APP’s allows you the option of not identifying yourselves or using a pseudonym, we require you to provide us with your actual name as is required to identify you by Law, as it is impracticable for us to deal with you and your membership if you have not identified yourself.
16.2 In addition, we require you to give your full name and vehicle registration details for the purpose of the Membership Cover in accordance with the terms and conditions of the Membership Cover purchased. We are unable to fulfil any requests for roadside assistance without such information.
16.2 You may deal with us anonymously or using a pseudonym when making general inquiries, however, we may require certain individual contact details when responding to inquiries.
16.3 If we allow submissions or comments from individuals on our website, then for the purpose of publishing your comment, you may use a pseudonym. However, we may require you to provide certain contact details to us confidentially.
16.4 You may contact us anonymously to report suspected fraud or criminal activity. However, if we offer a reward for the provision of such information, you may not receive the reward if you do not provide your personal information.
17. ACTIVITY INFORMATION, COOKIES AND OTHER TECHNOLOGIES:
17.1 When you contact us and access our services electronically or otherwise, we may collect certain information from such access. For example, to permit you to connect to our services, our servers receive and record information about your computer, device, browser (including potentially your IP address, browser type and other software or hardware information).
17.2 If you access our services from a mobile or other such device, we may collect a unique device identifier assigned to that device, geo location, data or other transactional information.
17.3 Cookies and other tracking technologies often include an Identifier or anonymous unique identifier. These technologies also include and collect other information from sites that you have visited. Most browsers initially accept cookies, but you can change your settings to notify yourself when a cookie is being set or updated or to block cookies altogether. However, if you block one or all of the cookies you may not have access to certain features, content or personal information available through our services.
18. CHANGES TO POLICY:
In accordance with the requirement that our Policy be current at all times, we give you notice that this Policy may change from time to time and therefore such changes will be made where required to comply with the Law via our website https://www.365roadsideassistance.com.au/
- HOW YOU CONTACT US:
You may contact us in respect of this Privacy Policy, any complaint arising from privacy issues or
otherwise by any of the following means:
(a) Our Privacy Officer by:
i. Email at support@365assistance.com.au; or
ii. Telephone at 02 8705 5497
SCHEDULE 1
PRIMARY PURPOSES
The primary purpose for which we collect personal information is:
- To verify the member when they call for roadside assistance;
- To renew the member on the expiry of the membership;
- To provide you with, and/or bill you for any memberships;
- To support our partners with B2B services;
- To enable us and our partners to comply with membership obligations;
- To share your information with our partners, for the purpose of your membership including but not limited to:
- OEM’s/ Dealer Groups;
- Insurance and Brokers;
- Finance and Banking;
- Fleets;
- Network Providers;
- To improve our marketing efforts and services, analyse site usage and customise our website and layout;
- To notify you of special offers, service updates and new products related to your membership.
SCHEDULE 2
COMPLAINTS HANDLING POLICY
GENERAL:
If you have a complaint, then we handle it in the following manner:
1.1 You must make the complaint to us in writing by contacting us as outlined in Section 1.3 below.
1.2 We will then review your complaint.
1.3 We will respond to your complaint within a reasonable time, and in any event within seven (7) business days of receiving your complaint. We will do so by providing a response to you in writing within that time frame.
1.4 We will inform you:
(a) Whether we accept your complaint; and
(b) Whether we need further information from you before we can further consider your complaint or reject your complaint.
1.5 If we need further information from you, we will then require you to provide it within a reasonable time, not in excess of five (5) business days.
1.6 We will then further review your complaint and provide you with a response within a reasonable time frame, and in any event within seven (7) business days of receiving the further information.
1.7 If we then accept your complaint, we will take action within a reasonable time to provide you with information as to how we will deal with your complaint, and the next steps designed to resolve it.
1.8 If we reject your complaint and you are not satisfied with our response you may at any time refer your complaint to the Office of the Australian Information Commissioner (‘OAIC’).