Privacy Policy

1. Purpose

The purpose of this policy is to support our commitment to the protection of the privacy of individuals’ personal information, by stating the ways in which we may collect, store, use, manage and protect personal information in accordance with the Australian Privacy Principles (APPs) as set out in the Privacy Act 1988 (Cth).

2. Scope

This policy is relevant to any individual who discloses personal information to us. If you do not agree with any part of this policy, we recommend that you do not provide your personal information to us. However, our ability to provide services to you may be affected if you do not provide us with your personal information, or if you withdraw any consent, we are legally required to have in order to process the personal information you have given us.

3. How to access this policy

We aim to make this policy available at the point we collect your personal information. You can access the current version:

  • on request at reception or from any staff member;
  • on our intranet (for staff) and any other location we notify to you from time to time.

Definitions

Term Definition
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not, or as otherwise defined by applicable data protection laws.
Sensitive information any personal information that is about a person’s:
  1. health, health treatment, or other medical needs
  2. race, ethnicity, or religion
  3. professional or political affiliations and memberships
  4. criminal record
  5. sexuality
  6. disability status
  7. religious or philosophical beliefs
  8. trade union membership, or
  9. genetic or biometric data.
We (us, our, ours) Maughan Thiem Auto Sales Pty Ltd
You (your, yours) Any individual who discloses personal information to us.

4. Privacy Framework

The Privacy Framework is the mechanism by which we implement our commitments to the privacy of individuals’ personal information.

It includes the following elements:

  • this Privacy Policy;
  • internal business process documents setting out the process for investigating and responding to unauthorised use or disclosure of personal information; and
  • the Australian Privacy Principles (APPs) as set out in the Privacy Act 1988 (Cth).

5. Kinds of personal information we collect

We might collect and hold different personal information depending upon how an individual interacts with us.

For example:

  • If you access our website, we may collect information about how you have used our website, or
  • If you contact us for any reason, we may collect your name, address, email address, phone number or contact details.

We may also collect information about:

  • your demographic
  • your preferences or opinions
  • your transactions with us
  • your bank account details and financial records with us
  • your photograph or video recording
  • your vehicle registration and contact details
  • the frequency of your enquiries
  • your location and your access to, and use of, our services
  • the technology you use to access our services, and
  • how and when you use our services.

In addition, depending on how you deal with us (for example, buying or selling a vehicle, arranging a test drive, booking a service or applying for finance), we may collect:

  • driver’s licence details and other identity verification information (including images) for test drives and security purposes;
  • vehicle and licence plate details, trade-in information and valuation details;
  • finance and insurance application information (which may include employment and income details), where you ask us to assist or refer you; and
  • information about your service and repair history, warranty claims, and any recall or safety notice interactions.

We do not collect or retain sensitive information, unless it is supplied by you, you consent to its collection and the information is reasonably necessary for our business or activities. By supplying us with sensitive information, you consent to our use of that information in any of the ways and for any of the purposes described in this policy.

6. Collecting personal information

We may collect personal information in a number of ways, including:

  • directly from you, in person, over the phone, by email, through forms (including test drive forms) and via our website;
  • from third parties you have authorised (for example, finance brokers, insurers, repairers or manufacturers);
  • from publicly available sources (for example, public registers or online sources);
  • from our routine monitoring of IT and telephone networks (for security and quality purposes);
  • from audio and video recordings in public locations at our premises where we display signage; and
  • where generated by us in the course of our business activities.

Test drives and in-person identity verification

When you request a test drive or when we need to verify your identity in person, we may collect and handle your personal information in the ways set out below.

What we collect

  • Your driver’s licence details (and in some cases an image or scan of your licence);
  • Your contact details and the vehicle you wish to test drive; and
  • Any information needed to confirm you are eligible to drive and to manage risk (for example, age eligibility, and any restrictions you tell us about).

Why we collect it

  • to verify your identity and that you are licensed to drive;
  • to manage the safety and security of our staff, customers and vehicles;
  • to arrange and administer a test drive, including confirming bookings and contacting you if needed;
  • to meet our insurance and risk management requirements; and
  • to respond to incidents, claims, or law enforcement requests (for example, if a vehicle is damaged, not returned or involved in an incident).

How we use and disclose it

We may use and disclose test drive and identity verification information to:

  • our staff involved in administering test drives;
  • our insurers and insurance brokers (for claims and risk management);
  • our IT and software providers that support test drive, valuation and customer management processes; and
  • government agencies or law enforcement, where required or authorised by law.

If you do not provide the information we reasonably require for a test drive, we may not be able to offer a test drive.

7. Holding and securing personal information

We store personal information in both hard copy and electronic form. We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include (as appropriate):

  • physical security measures (for example, secured premises and locked storage);
  • role-based access controls so staff can only access information needed for their role;
  • password protection, multi-factor authentication and secure remote access where available;
  • logging and monitoring of system access; and
  • contractual and due diligence requirements for service providers.

No method of transmission or storage is completely secure, but we continually review and improve our safeguards.

We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law. If we no longer need to hold your personal information for any reason, we will take reasonable steps to de-identify or destroy that information.

To help you understand our practices, the following are examples of steps we may take to destroy or otherwise de-identify personal information (which may vary depending on circumstances such as legal obligations, disputes, investigations or insurance requirements):

If you would like more detail about retention for a particular type of information, contact us using the details below.

Notifiable data breaches

If we experience a data breach that is likely to result in serious harm, we will take steps to contain and investigate it and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

8. Reasons for collecting, holding, using and disclosing personal information

We may collect, hold, use and disclose personal information for purposes including:

  • providing and administering goods and services;
  • providing you with information about our goods or services;
  • assessing and processing finance, insurance or warranty requests;
  • providing you with marketing material and communicating with you generally;
  • tailoring our marketing, services, promotions, philanthropic activities, and other operations for you;
  • direct marketing and customer research;
  • managing our relationship with you;
  • developing or refining our services;
  • internal business and administrative purposes;
  • reporting to Government agencies as required by law or Government policy;
  • corporate governance, auditing, record keeping and business improvement;
  • direct marketing and customer research; and/or
  • any other reason disclosed to you at the time of collection.

If we collect personal information from you, we may:

  • use and disclose that information, including to a third party, for any of the purposes outlined in this policy;
  • store that information in accordance with this policy;
  • pass that information amongst entities we work with;
  • disclose that information to third parties who provide products or services to us;
  • provide that information to third parties as required by law and to law enforcement agencies upon receipt of an official request;
  • publish photographs of you that have been taken for informational, marketing and promotional purposes; or
  • ask you from time to time to confirm that the information is accurate, up-to-date, complete and relevant.

Our use of personal information may extend beyond these uses, but will be restricted to purposes that we consider to be related to our functions and activities and/or required by law to provide.

Systems and service providers we use

We use a range of systems and service providers to operate our business. Depending on your interaction with us, your personal information may be stored or processed in systems such as:

  • test drive and licence capture systems (including TDL);
  • vehicle valuation tools (including iAppraise);
  • dealer management systems and customer relationship management (CRM) systems;
  • email, document and secure storage systems; and
  • website hosting and analytics tools.

We only use reputable providers and take reasonable steps to ensure service providers handle personal information securely and only for authorised purposes.

Overseas disclosures

Some of our service providers may store or process personal information outside Australia. Depending on the provider, this may include locations such as the United States, New Zealand, Singapore and the United Kingdom/European Economic Area. These locations may change from time to time.

Automated decision-making

We may use software tools that apply automated processing to help us run our business. We do not generally make decisions that have a legal or similarly significant effect on you solely by automated means.

Online services, cookies and tracking technologies

When you visit our website or interact with online advertisements, we may collect information through cookies and similar technologies to operate the website, improve services, measure advertising effectiveness, and help detect and prevent fraud.

9. Direct Marketing

We may use your personal information to identify a product or service that you may be interested in or to contact you about an event or important initiative.

You can opt out of receiving direct marketing communications from us at any time by unsubscribing from the mailing list, by contacting us at the details at the end of this policy, or by using the opt out mechanism in our direct marketing communications.

10. Accessing or correcting personal information

You may request access to, or correction of, personal information we hold about you. You are encouraged to contact us to access, correct, or update your personal information. To do so, please contact us using the details below.

We will respond within 30 days (or sooner where possible).

A reasonable administrative fee may be charged to cover our costs in providing you with access to your personal information. This fee will be explained to you before it is incurred.

If we deny your access or correction request, we will provide you with reasons. If we refuse to correct your personal information, you can ask us to attach a statement to it stating that you believe the information is incorrect and why.

11. Questions or Complaints

If you have a question or complaint about how we have handled your personal information, you can raise it with us at any time by:

Email: privacy@maughanthiem.com.au
Phone: 08 8300 1200
Post: 1013 Port Road, CHELTENHAM SA 5015

We take all questions and complaints seriously and will acknowledge receipt of your question or complaint, in writing, within 5 working days and will investigate and respond to you within 30 days.

12. Review and changes to this policy

This policy is current as at the review date shown above. It may be amended in light of new laws and technology, changes to our operations and practices, and changes in the business environment. The most up to date version of this policy is always posted on our intranet.

This policy shall be reviewed every three (3) years, or earlier in the event of legislative changes.