How we collect, hold and use personal information
Information We Collect
We will collect your personal information directly from you unless it is unreasonable or impracticable to do so, and will limit the personal information we collect to that which is reasonably necessary for our functions or activities.
So that we can provide you with our Website, social media platforms, products and services (collectively, Services) we collect a range of personal information about customers and other individuals who deal with us, including the information set out below:
- Information you provide to us when accessing or using our Services. We collect information you provide to us, including, but not limited to:
- (Registration information) You authorise us to collect any information that you make available to us, for example when accessing or using our Services, participating in promotions or competitions or when applying for employment with us. Such information will typically include your name, email address, telephone number, occupation, registration and driver's licence details, financial information, and current and past vehicle information;
- (Order information) If you purchase products or services from us, our payment gateway provider may also require your credit card details and billing information to process your transaction. These credit card details are not stored in any form by us or on any internal or external databases that are accessible to us; and
- (Communications with us) When you communicate with us in any way (e.g., telephone, email, SMS, etc.), we will collect your contact information and any other information you may choose to provide to us.
- Information about your use of our Website. We also collect information about you passively when you use or access our Website. We will combine this information with information you give to us and information we collect from you. For example, we collect information which may include, but is not limited to:
- (Mobile data) If you access or use our Website via a mobile device or application, we may collect information about you and your device, such as your IP address, location or device information, and any other information provided by your mobile device. If you do not want us to collect your location information you can disable the GPS or location-tracking function of your device.
- (Third-party plugin) In some cases, we may have integrated a third-party plugin into our Website and the use of such third-party plugins results in data collection by both us and the relevant third party. Please refer to the third party’s privacy Statement to understand their data handling practices as we do not control the information you may share with them.
- (Cookies and similar tracking technologies) We use both first-party and third-party cookies, and similar tracking technologies on our Website. A cookie is a small data file that is stored on your device and collects information, such as your IP address or information about your use of or your activities on our Website. Further information about this is detailed below in Section 6.
- (Log data) We collect log data about your use of our Website, which may include your IP address, data, and time of your access or use of our Website, page views, the referring URLs, and any other information about your activities on our Website.
- (Accessing and using our Services in any other way) When you use or access our Website, we may collect information such as search terms, interactions with other users, and any other activities on our Website.
We do not generally collect (or, if it is provided by you to us, retain) any sensitive information about you as that term is defined in the Privacy Act.
If you fail to provide personal information requested by us, there may be a range of consequences, for example we may not be able to respond to your enquiry or otherwise provide you with our Services.
We may, in some circumstances, collect personal information about you from third parties, in which case we will take reasonable steps to notify you of that information and the circumstances of its collection. Some specific circumstances in which we collect personal information from third parties include obtaining information from other members of LSH Auto's corporate group, from the Austroads Ltd’s National Exchange of Vehicle and Driver Information System if we are conducting a recall, and/or from government bodies including but not limited to enforcement or regulatory authorities.
Use of Information
We collect your personal information and other information about you so that we can carry out our business activities in a professional and efficient manner, and improve our Services. We also collect your personal information for the purposes stated below:
- set-up and configure customer accounts, and identify our customers, potential customers and people acting on their behalf;
- record and maintain user details and profile information;
- provide the products and services requested, respond to your enquiries, send you information that you request, or otherwise achieve the purpose for which the information was submitted to us;
- facilitate the sale of our products or services, or the products and services of third parties;
- contact you to invite you to events (such as a new program we are launching) or inform you about new services we provide;
- deliver marketing materials to you regarding new services and offers we believe may be of interest to you, and conduct market research, marketing or promotional activities;
- improve our service offerings, for example conducting customer satisfaction surveys following the purchase of a vehicle from us or following vehicle servicing;
- provide customer support including responding to your concerns and resolving disputes;
- help us plan for the future by using some information for administrative purposes such as statistical information with such statistical information being de-identified;
- compare information provided by you for accuracy and verify it with third parties;
- engage in other activities where required or permitted by law, and any secondary purposes related to the above.
Where we propose to use your personal information for another purpose other than as outlined above, we will seek your permission (unless we are required or permitted by law to do so without seeking consent).
Storage and Security
We will take reasonable steps to keep the information we hold about you secure and protect your personal information from misuse, interference and loss as well as unauthorised access, modification or disclosure.
Information stored by us is protected by our security access policies and procedures. For example, personal information we collect and store on our computer network is stored on secure servers and is only accessible by those persons who need access to the information to carry out their business functions. We also maintain physical security measures to protect the use and storage of physical records containing personal information
We undertake regular monitoring of our practices, procedures and systems to ensure the effectiveness our security policies and identify and implement improvements where appropriate. You acknowledge however that no method of transmission or electronic storage is completely secure, and we cannot control the security of data collected, stored, and disclosed on third party platforms. You transfer your information to us at your own risk.
If your information is disclosed to third party service providers, we will enter into arrangements which require them to maintain the security of your information.
We only retain personal information for as long as it is needed by us, or otherwise for as long as we are legally required to retain the information (if that is a longer period of time). We will endeavour to destroy or de-identify your personal information as soon as it is no longer required by us (where permitted by law). When we dispose of personal information, we ensure that it is destroyed or de-identified in a secure fashion in accordance with our obligations under the Privacy Act and the Australian Privacy Principles.
Disclosure of Personal Information
We will generally only disclose your personal information in connection with the purpose for which it was collected, and for related purposes we consider would be within your reasonable expectations.
We may disclose your personal information to others in the course of carrying out our business activities, including but not limited to:
- our related entities;
- other members of our authorised dealer network;
- service providers contracted by us, including information technology service providers, printers and distributors of marketing materials, creditors, bankers, financiers, credit providers, insurers and external business advisors (such as auditors and lawyers);
- third parties as required by law, such as to comply with a subpoena or similar legal process, when we believe in good faith that disclosure is necessary to protect our rights, to protect the safety of you, others, or us, to investigate, or to respond to a government or law enforcement request;
- third parties involved in a business transaction with us, such as in the case of a merger, acquisition, or sale of all or a portion of our assets, as permitted by applicable law;
- detect and prevent fraud and protect the rights, property and safety of our business, you and others;
- enforce our policies and agreements.
We may disclose your personal information to overseas recipients if it is required to fulfil the purpose for which we collected it, in which case we take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles. However, we are not generally likely to disclose personal information to overseas recipients.
Access to, and correction of, personal information
You may contact us to request access to or correction of the personal information about you that we hold in which case we will respond to your request within a reasonable period after the request is made. We may refuse your request to allow access or to amend your personal information (or only partially comply with such a request) if we are legally required or entitled to do so. If we do so, we will provide you with written reasons for the refusal (unless it is unreasonable to do that) together with information about the options available to complain about the refusal.
We may require you to pay certain costs in order to access your personal information held by us. We will advise the amount payable (if any) once we have assessed your application for access. We will not however charge a fee for you to lodge a request for access to or correction of your personal information.
If you lodge a request for access to your personal information, we request that you identify, as clearly as possible, the types of information requested. We may fulfil that request in any of a range of ways (for example, by supplying you with a copy of that personal information or providing you with the opportunity to inspect our records). We may require you to comply with certain procedures before we allow access to or amendment of your personal information to ensure the integrity and security of information that we hold. Depending on the nature of your request, this may include verifying your identity to our satisfaction.
We take reasonable steps to ensure that the personal information that we collect, use and/or disclose is accurate, up-to-date and complete and relevant. If we are satisfied that any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will amend our records accordingly.
Please notify us if your personal details change so that we may keep our records current.
Website usage, tracking information and cookies
We collect limited information about people who use our Services so that we can track the use of those resources, maintain and improve our Services, and understand how our users navigate through and use our Services. We do not use these technologies for tracking of any information about your use of other websites or services. Information we collect may include:
- server and/or internet protocol (IP) addresses;
- top level domain names;
- the date, time and duration of your visit;
- pages accessed and documents downloaded;
- referring and exit pages;
- whether you are a returning visitor;
- the type of browser used,
- the hardware type and operating system of the device used,(collectively, “Usage Information”).
Unless you have registered for an account with us, we will not link Usage Information to your personal information such as your user name. If you register for an account with us, Usage Information will be associated with your registration data. If you do not register for an account with us, Usage Information will be aggregated with that of other unregistered users and will not be associated with an identifiable person.
You may decline our cookies if your browser or browser add-on permits, but doing so may interfere with your use of our Websites, products and services. You can refer to the ‘help’ section of your browser or installed applications for instructions on blocking, disabling or deleting cookies. Google provides further information about its own privacy practices and offers a browser add-on to opt out of Google Analytics tracking.
Third party links
Our Services may include links to other websites whose operators’ privacy practices may differ from ours. If you provide your personal information to any of those sites, you acknowledge that your information is governed by those operators’ privacy policies.
Changes and updates
If you believe that a breach of your privacy has occurred, we encourage you to contact us to discuss your concerns. Our contact details can be found in section 10 below. Your complaint will be considered and dealt with by our Customer Relationship Manager. The Customer Relationship Manager may escalate the complaint internally within our organisation if the matter is serious or if necessary to resolve it. We will treat your complaint confidentially and, after investigating your complaint, discuss the ways in which we can remedy the situation.
Please allow us a reasonable time to respond to your compliant. If you are not satisfied with our proposed resolution, you may make a complaint to the Office of the Australian Information Commissioner, whose contact details can be found at: www.oaic.gov.au
You may contact us if you require further information about the ways we manage your personal information.
HEAD OF BRAND AND CORPORATE COMMUNICATIONS
Level 45, Rialto, South Tower
525 Collins Street
Melbourne, Victoria 3000
Tel: (+61) 3 9133 2216