This policy provides information on how we manage the personal information that we hold.
There are some matters to which this policy does not apply. These are referred to in section 12 below.
1. What kinds of personal information do we collect and hold?
The personal information we collect and hold is dependent on your relationship with us and reflects what is reasonably necessary for our business functions and activities. The following are some examples of the types of personal information that we may collect from you directly or indirectly:
-
Name, addresses, email addresses, telephone numbers, age and gender;
-
Car registration details;
-
Financial details including banking information of our suppliers, commercial partners or customers (all debit and credit card information is encrypted and managed in accordance with PCI/DSS standards);
-
Whether you have a connection with others whose personal information we may collect or hold (for example, family members who may be linked to your loyalty program membership);
-
Your purchase history including what, how, where and when you buy from us or have expressed an interest in buying from us; Your stated or likely preferences, for example whether you may be interested in particular products or promotions;
-
Your interactions with our customer service representatives (for example, with prior notice to you, monitoring or recording your conversations with our customer call centre for coaching, training, record keeping and dispute resolution purposes);
-
Images, including, your activity at our sites as recorded by 24-hour CCTV video surveillance;
Information collected from competitions and contests (for example, with prior notice, the contestant’s name and address); and
In the context of employment, your name, addresses, telephone numbers, email addresses, qualifications, employment history including records associated with performance and conduct issues, identification documents, referees, emergency contacts, TFN, banking and superannuation details. We may also collect details regarding professional registrations, sanctions with professional bodies, financial and criminal checks, pre-employment medical records (if applicable, with your consent), medical certificates or medical reports supplied to us, potential psychological and drug testing and other publicly accessible data on the Internet. We may also collect photos and video images for compliance purposes
We may also collect health information from you for the purpose of determining any insurance claims or public liability issues involving you or in the context of your employment (including, prospective employment). This information is only used to provide you with those services or to manage such issues. You generally have the option of not identifying yourself or of using a pseudonym when dealing with us, but not where this is impractical (for example, where your images are captured by CCTV) or where the law or a court order provides otherwise. Maintaining anonymity may also limit our ability to assist you or provide you with a product or service, including processing a claim.
2. How do we collect and hold personal information?
We do this when:
-
You visit an EG Group website;
-
You register with us, for example to create an account, to become a member of one of our clubs or loyalty programs or to send you information;
-
You interact with us on social media, online, in-store or over the phone;
-
You take part in our promotions, competitions, testimonials, surveys and focus groups;
-
You communicate with us online or with our customer service representatives through our call centre;
-
You deal with us in other ways involving a need for personal information to be provided such as if claim against us; or
-
You apply for or commence employment with us or supply information in the course of your employment.
Most of the personal information we collect and hold about you is from your direct dealings with us. We may sometimes collect your personal information other than from you directly. For example, from other suppliers who, in common with us, have a relationship with you.
3. How do we hold personal information?
Personal information we hold is generally stored in computer systems. These may be operated by us or by our service providers. In all cases, we have rigorous information security requirements aimed at eliminating risks of unauthorised access to, and loss, misuse or wrongful alteration of, personal information. In particular, we use encryption for some of our services, maintain access control for authorised users and have a specialised IT support team to manage security risks. Our security procedures are reviewed from time to time and updated when relevant.
Personal information in our possession may be retained in archival storage. Generally, we will destroy personal information after a period of seven (7) years following its collection unless it is required, or may be required, to be kept for a longer period.
4. Why do we collect, hold, use and disclose personal information?
We collect, hold, use and disclose personal information in ways people would reasonably expect and where it is reasonably necessary for our business, for example:
-
To monitor use of our websites and online services, and improve and protect our products, content, services and websites, both online and offline;
-
To learn of your likely preferences so that we may promote goods and services to you in a way which may be of most interest to you. This includes the products and services of our suppliers and other trusted partners who offer products and services that may be of interest to you;
-
To assist in investigating your complaints and enquiries;
-
For account management and verification;
-
For our internal business and management processes;
-
For use in connection with legal claims, litigation, compliance, regulatory and investigative purposes as necessary;
-
For any other purposes that would be reasonably expected by you and to allow us to comply with our obligations under the law or where permitted by law; and
-
In the context of employment, to assess an applicants suitability to work with us or supporting an application for leave or assessing your fitness to work or assist with return to work after illness or injury, or as part of assessing liability for and managing any workers compensation claim.
We also disclose personal information we collect for purposes which are incidental to the sale and promotion of our goods and services to you. For example, we may disclose your personal information within our group, to service providers who assist us in our day-to-day business operations and as part of buying or selling businesses.
5. Direct Marketing.
We may anonymise and aggregate your personal information to determine preferences and shopping patterns. We share this anonymised data with our trusted partners to assist them in marketing products and services to you that are likely to be relevant to your interests and preferences.
If you have consented to receive direct marketing material, you may receive offers that are tailored towards your preferences based on the information provided to us by you, your use of our websites and applications, your membership with our loyalty programs and other digital channels. You have the right to opt-out of direct marketing at any time. You can do this by following the instructions on our direct marketing material
6. Website and app tracking.
We may also indirectly collect personal information about you by accessing data from other sources and then analysing that data together with the information we already hold about you in order to learn more about your likely preferences and interests. When you visit our websites, social media pages or mobile applications or click on our advertisements on the online media of other companies, we may collect information about you using technology which is not apparent to you, for example cookies. This may include your purchase history, electronic device information, IP addresses, log information, browser type and preferences, location information, online identifiers to enable cookies and other similar technologies. You can control and set your cookies preferences by changing your browser settings.
7. How can you enquire about, access and correct your personal information?
Access to personal information: We will provide you with access to any of your personal information we hold (except in limited circumstances recognised by law). If you wish to access your personal information or have an enquiry about privacy, , please contact our Privacy Officer at privacyofficer@eg-australia.com or by calling us on 1300 655 055
Alternatively, you can write to us at:
Privacy Officer
Euro Garages Australia
Level 39, Northpoint 100 Miller Street, North Sydney, NSW 2060
Before we provide you with access to your personal information we may require some proof of identity. We may charge a reasonable fee for giving access to your personal information if your request requires substantial effort on our part.
Correction of personal information: We take reasonable steps to ensure that the personal information we collect and store, use or disclose is accurate, up-to-date and complete. However, we rely on you to advise us of any changes to your information to help us do so. If you believe your personal information requires correction, please contact our Privacy Officer at one of the above contact points.
8. How can you complain about our management of personal information?
If you wish to complain about a breach of the privacy rules that bind us, you may contact our Privacy Officer at one of the above contact points. We may ask you to put your complaint in writing and to provide details about it. We may discuss your complaint with our personnel and our service providers and others as appropriate.
Our Privacy Officer will investigate the matter and attempt to resolve it in a timely way. Our Privacy Officer will inform you in writing about the outcome of the investigation. If our Privacy Officer does not resolve your complaint to your satisfaction and no other complaint resolution procedures are agreed or required by law, our Privacy Officer will inform you that your complaint may be referred to the Privacy Commissioner for further investigation and will provide you with the Commissioner’s contact details.
9. Sharing your personal information overseas.
Data is shared internally, across EG Australia and its affiliates, with our international colleagues for the purposes of tracking the usage and functionality of our websites. It is our policy to require all of our overseas sharing of personal information to be done in a way which requires observance of strict privacy and security standards, both during transit and at the overseas destination. We may allow your personal information to be shared with those who are in countries other than your own location. We do this:
-
Where we have made a business decision to store our data with a trusted service provider who is in the business of providing technical/network support, data storage, analysis and processing services. Examples are those who store and process our email and mobile application data. These services commonly involve diverse geographic locations which change from time to time for reasons which include data protection and processing efficiency. These countries may include the UK, the US, India and countries within the European Union;
-
For disclosures between our group companies. Our main business locations are in Australia but our ultimate holding company is based in the United Kingdom and it has subsidiaries based in other countries, including the US and within the European Union; and
-
Where you are involved with public liability issues concerning a product, we may disclose your personal information to any overseas supplier of such a product in the course of managing those issues.
-
If you would like more information about the safeguards we employ when transferring your data oversees, or details about the data accessed by overseas recipients, please contact our Privacy Officer at one of the above contact points.
10. Changes to our Privacy Policy.
This Privacy Policy is current at the date below and is available on our website at www.eg-australia.com.
We may amend our Privacy Policy from time to time to take into account new laws and technology, changes to our operations and practices, and the changing business environment. By continuing to use our website or applications, and continuing to provide us with your information, you confirm your acceptance of these changes.
11. Other privacy terms and limits of this policy.
This is a policy. There may be additional privacy notices and terms relevant to you depending on the nature of your dealings with us and on our particular businesses.
EG Group and our associated entities website may also provide links to other sites for you to access. You should be aware that these other sites are not subject to this Privacy Policy or our privacy standards and procedures. You will need to contact them directly to ascertain their privacy standards.
12. More information.
More information about privacy law and privacy principles is available from the Privacy Commissioner. The Privacy Commissioner may be contacted at www.oaic.gov.au (email- enquiries@oaic.gov.au ) (Australia).