PRIVACY POLICY
1. Privacy Policy
1.1 This Privacy Policy is governed by the Australian Privacy Principles under the Privacy Act 1988 (Cth), the Information Privacy Principles under the New Zealand Privacy Act 1993 and where we obtain Personal Information from a data subject located in a member state of the European Union, the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (the EU GDPR).
2. Collection of Personal Information
2.1 We collect Personal Information when you:
(a) interact with us through our website
(b) interact with us through the phone, in person or via email and you provide us your details;
(c) participate in a survey
(d) subscribe to our mailing list; or
(e) enter our competitions or promotions.
2.2 We collect Personal Information to:
(a) improve our website and services;
(b) provide our website and/or service to you;
(c) communicate with you;
(d) keep you informed on motoring and related transport issues.
(e) keep our customer database;
(f) investigate any complaints that you make;
(g) investigate whether you are in breach of our terms and conditions;
(h) verify your identity;
(i) comply with the law or to use your information as permitted under the law;
(j) use your information for purposes that are related to the above; and
(k) stratify data as part of ongoing research, related to the project. Research results will always be de-identified.
2.3 We collect and hold following types of Personal Information:
(a) your contact details that may include but are not limited to your name, email address, and phone number;
(b) optional Personal Information that you consent to provide, including your interests in a particular area, gender, age and general questions relating to the automotive industry, road safety and your driving habits, among other related things;
(c) optional questions and surveys that provide Personal Information including whether you like our Business or Website, what you like or do not like, and your opinion on various automotive industry and road safety issues.
2.4 We will only collect your Personal Information using fair and lawful means.
2.5 We do not store credit card details. If we offered the ability to purchase from our Website, we will always use payment gateways and/or third party processor.
2.6 If we receive unsolicited Personal Information, we may destroy it or ensure that it is de-identified if it is lawful and reasonable to do so.
2.7 In the event of you filling out a form and/or taking a survey on our Website and you do not complete the form/survey to the completion/submission point, you acknowledge that Personal Information or related information is still captured by the Website.
3. Consent
3.1 You understand and acknowledge that the consent you are to provide when submitting Personal Information to us is required in order for us to provide you with our goods and/or services. Failing to provide consent may result in failure to issue you with the good and/or service.
3.2 Consent may be withdrawn by contacting us in accordance with clause 12 of this policy.
3.3 After having received, reviewed and actioned your request, subject to clause 11, your withdrawal of consent will be noted on our system.
3.4 We will use our best commercial endeavours to action your request as soon as possible. However, we note that during the time between receiving your request to processing the withdrawal your Personal Information, you will not hold use liable for the use of your Personal Data during this processing time.
3.5 Personal Information will be marked as ‘restricted’ between the time of processing your request to withdraw until the actual time of the withdrawal being actioned.
4. Customer Right to be Forgotten
4.1 In addition to the withdrawal of your consent, you may also contact us to erase your Personal Information.
4.2 You may contact us in accordance with Clause 12, to have your Personal Information erased and we will use our reasonable discretion to erase same if:
(a) the Personal Information provided is no longer necessary in relation to the purpose of collection;
(b) you have withdrawn your consent for us to hold your Personal Information;
(c) the legal retention period for holding your Personal Information has expired;
(d) you object to the use of your Personal Information; or
(e) the processing of your Personal Information was not in accordance with the EU GDPR.
5. Cookies
5.1 We may, from time to time, use ‘cookies’ which are small data file placed on your machine or device to store information.
5.2 We use cookies in many ways including:
(a) session cookies that allow us to keep track of your activities until the browser shuts down;
(b) persistent cookies that help us monitor your session to keep track of your activity on our website over a seven day period and they do not expire upon browser shut down.
5.3 We use cookies for many reasons including but not limited to:
(a) improve the performance by reporting any errors that occur;
(b) provide statistics about how the Website is used;
(c) remember activities you completed on our Website;
(d) link to social networks like Facebook and Twitter; and
(e) provide ads that are tailored to you.
5.4 Please note that although cookies do not generally store Personal Information, they may contain your IP address. However you are effectively anonymous to us because the data are collected in aggregate.
5.5 When providing us with Personal Information and in the event of known tracking cookies being used, we aim to use all reasonable commercial endeavours to notify you and obtain your consent to its use in that situation.
5.6 You may disable and delete cookies in your browser if you do not want us to use cookies but doing so may detract from your enjoyment of our Website.
6. Security
6.1 In the event we opt to have a feature which requires any credit card transactions, all such transactions will be implemented under industry standard Secure Sockets Layer (SSL) protocol with 128-bit encryption.
6.2 In the event we opt to have a feature which requires any credit card transactions, such transactions will take place via a third party processor (e.g. PayPal) and/or payment gateway (e.g. eWay, FatZebra) that we may change from time to time so that:
(a) payments are processed in real time; and
(b) we do not have access to your credit card numbers.
6.3 We use database management system to store most of the Personal Information and it contains security features, such as encryption, firewall and anti-virus, to ensure the protection and integrity of our data.
7. Anonymity and Pseudonymity
7.1 You may interact anonymously or by using a pseudonym, for example when you:
(a) call us;
(b) use our online forums that does not require membership; or
(c) email us, and you may refuse to give your details.
7.2 You must provide your Personal Information when you:
(a) sign up for mailing list;
(b) lodge a complaint; and
(c) are required to provide Personal Information under the law.
8. Disclosure of Personal Information
8.1 We only disclose your Personal Information for purposes that are reasonably related to our Business.
8.2 We will not disclose your Personal Information to third parties for payment, profit or advantage.
8.3 We may disclose your Personal Information to third parties, from time to time, to assist us in conducting our Business, including:
(a) technology service providers including internet service providers or cloud service providers;
(b) data processors that analyse our website traffic or usage for us;
(c) agents that perform functions on our behalf, such as mailouts, debt collection, marketing or advertising;
(d) our related bodies corporate; and
(e) to persons, entities or courts as required under the law.
8.4 We may disclose your Personal Information to third parties:
(a) to provide the service you wish to use;
(b) to improve our Business, services, products and Website;
(c) to customise and promote our services which may be of interest to you;
(d) to comply with or as permitted under the law; or
(e) with your consent.
8.5 We may disclose your Personal Information to entities located overseas and will use reasonable endeavours to ensure they are subject to similar privacy legislation when handling such information.
8.6 We use our every and best endeavours to ensure each third party we directly contract with, in the dealings of Personal Information, are aware of their processor liability provisions under the EU GDPR and also are aware of privacy obligations in the dealings with Personal Information.
9. Retention of Personal Information
9.1 Personal Information held by us is retained until:
(a) such time as we deem this Personal Information to no longer be active, timely or correct (Inactive Personal Information); or
(b) You withdraw your consent to us holding your Personal Information.
9.2 Personal Information held by us may undergo review to ascertain whether Personal Information can be classified as Inactive Personal Information. This type of review will take place from time to time, at the reasonable discretion of the Business.
9.3 Inactive Personal Information is then deleted after it is no longer required/necessary to be held.
9.4 Other types of information (i.e. order number, order date etc) relating to a transaction with us is kept, for the statutory required period of time for record keeping.
10. Direct Marketing to You
10.1 We will not send you unsolicited commercial electronic messages in contravention of the Spam Act 2003 (Cth).
10.2 We may use the non-Sensitive Information you gave us for the purpose of promoting and marketing our Business to you if we:
(a) use the information that you reasonably expected us to use for promoting and marketing our Business to you; and
(b) provide you a simple method to opt-out.
10.3 We will not contact you to promote or market our Business if you requested us not to.
10.4 We may also disclose your Personal Information to our related entities, including our Member Clubs and their related entities and our Affiliated Organisations, so they may give you information and offers about products and services offered by them.
11. Accessing and Correcting Your Personal Information
Accessing Your Personal Information
11.1 You may request access to your Personal Information that we hold and we will:
(a) verify your identity;
(b) charge you to cover the cost of meeting your request, if any, but not for the request itself; and
(c) within a reasonable period of time, comply with your request.
11.2 We may refuse to allow you to access your Personal Information if we are not required to do so under the Australian Privacy Principles.
Correcting Your Information
11.3 You may request to correct your Personal Information that we hold and we will update your Personal Information so that it is up-to-date, accurate, complete, relevant and not misleading.
11.4 Members of our Website may change their details online.
How to Contact Us
11.5 If you would like to access or correct your Personal Information, please contact us by:
(a) email: [email protected]
(b) writing to: GPO Box 1555 Canberra 2601ACT; or
(c) phone: +61 2 6247 7311
12. Complaints
12.1 If you believe we breached the Australian Privacy Principles under the Privacy Act 1988 (Cth), an Information Privacy Principle under the New Zealand Privacy Act 1993, or the EU GDPR you may lodge a complaint as follows:
(a) firstly, contact us in writing to the email or postal address in clause 11.5 and include the following in your complaint:
(i) your contact details;
(ii) section or provision of the Australian Privacy Principles or New Zealand Information Privacy Principle, or EU GDPR that you believe we breached; and
(iii) our practice or policy that you believe breaches the relevant legislation.
(b) and you must allow us a reasonable time, about 30 days, to reply to your complaint; and
(c) secondly, you may complain to the Office of the Australian Information Commissioner or the New Zealand Office of the Privacy Commissioner if:
(i) you are not satisfied with our response; or
(ii) we do not respond to you within a reasonable time without sufficient explanation.
13. Personal Information Breach
13.1 In the unlikely event of a breach of privacy:
(a) we employ practices to notify the relevant bodies under the Privacy Act 1988 (Cth), the Privacy Act 1993 and the EU GDPR within the required timeframes.
(b) We will notify you without undue delay, should it be found the breach places your rights and freedoms at a high risk.
14. Definitions and Interpretation
14.1 Unless contrary intention appears:
(a) Affiliated Organisation(s) are listed at Table 2 at the end of this Agreement, and amended from time to time, without express notice to you.
(b) Business means the business of the Australian Automobile Association (AAA) and Member Clubs and Affiliated Organisations related automotive services.
(c) Personal Information means personal information as defined under Privacy Act 1988 (Cth) and the New Zealand Privacy Act 1993.
(d) Member Club(s) are listed in Table 1 at the end of this Agreement and amended from time to time, without express notice to you.
(e) Sensitive Information means sensitive information as defined under Privacy Act 1988 (Cth).
(f) We (whether in capitals or not) means Australian Automobile Association (AAA) ABN 25 008 526 369 and our Member Club(s) and our Affiliated Organisations and Ours have corresponding meanings.
(g) Website means any current or future created Business websites, which may be amended from time to time.
(h) You (whether in capitals or not) means the user of our Website and Your and Yours have corresponding meanings.
(i) The Project include assets created as part of Drive in the Moment initiative, including but not limited to the websites and class materials.
14.2 The word ‘include’ is used without any limitation
Table 1 – Member Clubs
- National Roads and Motorists’ Association Limited (NRMA) ACN 000 010 506
- Royal Automobile Club of Victoria (RACV) Limited (RACV) ACN 004 060 833
- The Royal Automobile Club of Tasmania Limited (RACT) ACN 009 475 861
- Royal Automobile Association of South Australia Incorporated (RAA) ABN 90 020 001 807
- Royal Automobile Club of WA Inc (RAC) ABN 33 212 133 120
- The Automobile Association of the Northern Territory Incorporated (AANT) ABN 13 431 478 529
- The Royal Automobile Club of Queensland Limited (RACQ) ACN 009 660 575
Table 2 – Affiliated Organisation
- New Zealand Automobile Association Incorporated (NZAA) NZBN 9429040969015
- Students Against Dangerous Driving (SADD) 9429043274550
- Fédération Internationale de l’Automobile and Alliance Internationale de Tourisme 2 Chemin de Blandonnet, 1214 Vernier/Geneva, Switzerland