Publication date: 1.1 September 2021
About this policy
We collect, hold, use, and disclose personal information for the purposes of commerce only and in due compliance with the Privacy Act and the Privacy Amendment (Enhancing Privacy Protection) Act 2012
Collection of your personal information
At all times we try to only collect the information we need for the function or activity we are carrying out.
The main way we collect personal information about you is when you give it to us.
- Telephone numbers
- Email address
- Drivers’ Licence
- Any information for the purposes of customer surveys or providing services, including gender, age, or date of birth.
- Any information required by law and by agreement including for the processing of vehicle registration, insurance, or warranties.
- Details relating to the transaction of the purchase of your vehicle
- Details relating to the servicing of your vehicle and servicing history.
Purpose of Information
- For administrative purposes to complete the ordering, supply and delivery for your motor vehicle and other services.
- To complete the registration requirements for your motor vehicle.
- To provide information to manufacturers or distributors for warranty and recall purposes.
- To allow for customers surveys, service reminders, special offers, sales events and information on goods and services.
- To allow associated companies to inform you about new products and services.
Please note that private information may be provided to specialist service providers such as Australia Post, Email service providers, SMS service providers to carry out the activities mentioned above. The minimum amount of information is provided to permit this activity.
Our Privacy Commitment
- SCDRV undertakes to protect the privacy of our customers by adherence to the APPs.
- We only collect private information that is necessary for our functions and activities.
- We will only use this information for the purpose it was intended.
- We will ensure accuracy of the information i.e. it is complete and up to date.
- If requested, we will allow individuals to view their own information and provide an opportunity for correction if necessary.
- Information gained will not be used for the purposes of marketing if the customer indicates their unwillingness for this to occur.
- Information is stored in a manner that protects the privacy of our customers.
- Any queries regarding our compliance with the Privacy Act should be directed to our General Manager by email firstname.lastname@example.org
- You may opt out of receiving marketing material at any time by contacting administration by email: email@example.com
- Please note: Due to the nature of the business we conduct we have no need to collect sensitive information other than for the purposes of suitability for employment. If you are an applicant for a position with SCDRV, we will conduct Police Checks and reference checks. If you are a successful employee, then SCDRV will require personal details including but not limited to Tax File Numbers, bank account details and superannuation provider numbers, next of kin details.
Collecting through our websites
SCDRV’s public website, scdrv.com.au is hosted in Australia. There are several ways in which we collect information though our website.
We use Google Analytics and Podium, to collect data about your interaction with our website. The main purpose of collecting your data in this way is to improve your experience when using our site. We also use this data to understand and report on which content pages and downloads are accessed by visitors.
The types of data we collect with these tools include:
- your device’s IP address (collected and stored in an anonymized format)
- search terms and pages visited on our website
- date and time when pages were accessed
- downloads, time spent on page, and bounce rate
- referring domain and out link if applicable
- device type, operating system, and browser information
- device screen size
- geographic location (city).
If your web browser has Do Not Track enabled, Google Analytics and Podium will not track your visit.
You can access the privacy policies of both Google Analytics and Podium on their respective websites.
Embedded videos on our website
We use Google’s YouTube site to host videos which are embedded on our website. Embedded videos on our website use YouTube’s Privacy Enhanced Mode. When you play an embedded video from our website, the video and associated assets will load from the domain www.youtube-nocookie.com, and other domains associated with Google’s YouTube player.
Email lists and registrations
We will collect information that you provide to us when signing up to mailing lists and registering for our events, or when submitting feedback on your experience with our website.
We use HubSpot to manage our database of customers and their vehicle data. Analytics are performed when you click on links in the email, or when you download the images in the email. They include which emails you open, which links you click, your mail client (e.g., ‘Outlook’ or ‘iPhone’), if your action occurred on ‘mobile’ or ‘desktop’, and the country geolocation of your IP address (the IP address itself is not stored).
Information about how HubSpot manages personal information is available in the privacy and data collection policies on their website hubspot.com
We also use Fishbowl to manage parts inventory related to the purchase of accessories by the customer. The customer information recorded includes contact details, vehicle registration and the details of the accessory fitted for warranty and quality assurance purposes.
Social networking services
We use social networking services such as Twitter, Facebook, and YouTube to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Twitter, Facebook and YouTube (a Google company) on their websites.
Disclosure of sensitive information
We only disclose your sensitive information for the purposes for which you gave it to us or for directly related purposes you would reasonably expect or if you agree, for example, to handle a complaint.
Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries.
When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.
Quality of personal information
To ensure that the personal information we collect is accurate, up-to-date, and complete we:
- record information in a consistent format
- where necessary, confirm the accuracy of information we collect from a third party or a public source
- promptly add updated or new personal information to existing records
- regularly audit our contact lists to check their accuracy.
We also review the quality of personal information before we use or disclose it.
Storage and security of personal information
All personal information collected is held on our cloud storage, on servers located in Australia. We retain effective control over any personal information held on our cloud, and the information is handled in accordance with the APP’s.
We take steps to protect the security of the personal information we hold from both internal and external threats by:
- regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification, or disclosure of that information
- taking measures to address those risks, for example, we keep a record (audit trail) of when someone has added, changed, or deleted personal information held in our electronic databases and regularly check that staff only access those records when they need to
- conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.
For further information on the way we manage security risks in relation to personal information we hold see our supplementary material on information technology security practices, below.
We destroy personal information in a secure manner when we no longer need it. For example, we generally consumer records after seven years.
Accessing and correcting your personal information
Under the Privacy Act (APPs 12 and 13) you have the right to ask for access to personal information that we hold about you and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.
The steps appropriate to verify an individual’s identity will depend on the circumstances. We will seek the minimum amount of personal information needed to establish an individual’s identity. For example, during a telephone contact it may be adequate for us to request information that can be checked against our records.
If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
If we refuse to correct your personal information, you can ask us to associate with it (for example, attach or link) a statement that you believe the information is incorrect and why.
You also have the right under the FOI Act to request access to documents that we hold and ask for information that we hold about you to be changed or annotated if it is incomplete, incorrect, out-of- date or misleading.
How to make a complaint
If you wish to complain to us about how we have handled your personal information you should first complain to us in writing via email to firstname.lastname@example.org .
If we receive a complaint from you about how we have handled your personal information we will determine what (if any) action, we should take to resolve the complaint.
If we decide that a complaint should be investigated further, the complaint will usually be handled by the General Manager.
We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days.
If you are dissatisfied with the outcome of the complaint or the way in which the complaint was handled, then you may contact the Commonwealth Ombudsman [link to https://www.ombudsman.gov.au/] for advice about your complaint.
You can contact us by:
|Post:||40 Kremzow Road, Brendale QLD 4500|