Grays.com Pty Ltd Privacy Policy

Who we are

This Privacy Policy sets out how Grays Group (we, us, our), which includes the following entities:

·        Grays.com Pty Ltd ACN 634 636 310;

·        Grays Co 2 Pty Ltd ACN 634 636 490;

·        Grays Co 3 Pty Ltd ACN 634 638 421;

·        Grays Co 4 Pty Ltd ACN 634 640 225;

·        Car Buyers Australia Pty Limited ACN 159 545 758 (trading as Are You Selling (AUS), Are You Selling.com.au, Club C.H.A. and Car House Australia);

·        Grays e-Commerce Group Limited ACN 125 736 914;

·        GEG No. 1 Pty Ltd ACN 113 930 608;

·        GEG Capital Pty Limited ACN 169 008 191;

·        GEG International Pty Ltd ACN 096 509 134;

·        Grays (Aust) Holdings Pty Limited ACN 114 615 780;

·        Grays (NSW) Pty Limited ACN 003 688 284;

·        GraysOnline S.A. Pty Limited ACN 119 696 070;

·        GraysFinance Pty Ltd ACN 622 573 737;

·        Grays (VIC) Pty Limited ACN 085 287 289;

·        GLC Fine Wines & Liquor Pty Limited ACN 082 470 782;

·        Gray Eisdell Timms (WA) Pty Ltd ACN 056 957 852;

·        Gray Eisdell Timms (QLD) Pty Ltd ACN 060 942 323;

·        C M Pty Ltd ACN 060 526 516 trading as GEM Trust;

·        Grays Real Estate Australia Pty Ltd ACN 643 206 268 (trading as Grays Real-Estate Australia);

·        Austwide Mortgagee Services Pty Ltd ACN 143 790 630 in its own capacity and as trustee for The Austwide Mortgagee Unit Trust ABN 74 178 122 694 (trading as Tagma Property Consultants) (“TAGMA”); and

·        Grays Auctions Limited (New Zealand Company Number 1215446),

is committed to protecting your personal information managed by us, in the way we collect, hold, use and disclose your personal information.

We will comply with the Privacy Act 1988 (Cth) (Australia) (Privacy Act), including the 13 Australian Privacy Principles (APPs) contained in Schedule 1 of the Privacy Act, the Privacy Act 1993 (New Zealand) (as applicable), and all other relevant laws, regulations and codes relating to privacy and personal information (Privacy Law).

This Privacy Policy will be updated from time to time. You should review it every now and again so that you are aware of any changes.

 

What is "personal information" and what happens if we don't collect your personal information?

Where practicable we aim to collect your personal information directly from you. The circumstances in which we may do so will vary depending on the context in which we are dealing with you (for example, if you are a customer, according to the specific product or service we are providing) but can include, for example, when you are:

"Personal information" is any information or an opinion about an identified, or reasonably identifiable, person.

You can choose not to provide your personal information to us, or deal with us anonymously or by using a pseudonym. However, if you do so:

·        we may be unable to provide you with the products or services you have applied for; or

·        we may be limited in our ability to respond to or deal with any enquiries you make.

What kinds of personal information do we collect and hold?

The kinds of personal information we collect and hold about you will depend on the products or services we provide you with or if the law requires us to collect it. This includes your:

·        Identification information - such as your name, address, email address, telephone number, gender and date of birth.

·        Financial and transaction information - including information about your assets, occupation and income, account balances, account activities, payment history and transactions with us or third parties.

·        Government identifiers - such as your driver’s licence, passport and visa particulars to verify your identity.

·        Other personal information - such as details of your interactions with us (including when you use our website and other online resources, such as social media platforms), billing information including your credit card details, your purchasing preferences and history, any information contained in correspondence between us and you or any other information lawfully obtainable under relevant Privacy Law.

Sometimes we may collect "sensitive information" about you, for example in relation to insurance claims. "Sensitive information" includes health information and information about racial or ethnic origin, political opinions, membership of a trade union or political association, religious beliefs or affiliations, philosophical beliefs, sexual preferences and criminal record.

We will only collect sensitive information about you with your consent or if the law allows us to.

How do we collect your personal information?

We will try to collect your personal information directly from you wherever possible. How we collect your personal information depends on the type of interaction we have with you.

If you contact us, apply for or use our products and services, engage in business activities with us, visit our website, interact with our social media platforms or contact us in relation to a promotion, we will collect your personal information.

Additionally, when you visit our websites and applications, we use “cookies” to provide you with better and more customised service and with a more effective website or application. For more information about how we do this, visit the Terms of Use link at the bottom of the page.

Sometimes we may collect your personal information from other sources. These other sources include:

·        public or commercial information services providers (such as providers of government or business information);

·        third party service providers or agents assisting us to process your application or other transaction;

·        brokers, insurers and manufacturer’s warranty providers;

·        employers;

·        vehicle dealers and lead generation providers;

·        other businesses involved in our dealings, including our business partners and third parties that refer or introduce you to us; and

·        with respect to TAGMA, from a borrower, beneficiaries or contractors involved in the particular transaction.

How we use your personal information

We collect, hold, use and disclose your personal information where it is reasonably necessary for the purposes of providing our products and services, for our other business purposes and for any necessary related purposes. These purposes include, but are not limited to:

·        confirm your identity;

·        registering you to use our online resources, including for an account on our website, and to administer our business activities and your access to our services;

·        process an application for a product or service, or a purchase request (including to execute your instructions and process your online bids and purchases);

·        provide you with services during the usual course of our business activities;

·        manage and improve our products and services or other relationships and arrangements with you and investigate any complaints;

·        process receipts, invoices and payments and servicing customer accounts, including determining liability for payment and undertaking accounting, billing and other administrative tasks;

·        respond to your enquiries about your applications, accounts, products or services;

·        understand your needs and offer products and services to meet those needs, including marketing and promoting products or services that may be of interest to you;

·        assess or process insurance risks or claims;

·        tell you about changes to our products and services;

·        contact you about, any application you make for a job with us, if applicable;

·        meet our obligations, including contractual and those arising under relevant laws:

• in Australia, this includes our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the Personal Property Securities Act 2009 (Cth), the Financial Sector (Collection of Data) Act 2001 (Cth), the Corporations Act 2001 (Cth), the Taxation Administration Act 1953 (Cth), the Income Tax Assessment Act 1997 (Cth) and complying with information requests issued by the Commissioner of Taxation); and
• in New Zealand, this includes our obligations under the Anti-Money Laundering and Countering Financing of Terrorism Act 2013, the Tax Administration Act 1993 and the Credit Contracts and Consumer Finance Act 2003;

·        enforce our rights, including undertaking debt collection activities and legal proceedings;

·        undertake business funding and development activities, and corporate restructures and amalgamations;

·        referring or introducing you to an organisation, entity or credit provider (including, among others, CarLoans.com.au Pty Ltd ABN 88 161 036 228 (CarLoans.com.au), A.C.N. 633 925 050 Pty Ltd (ACN 633 925 050) trading as Auto Approve (Auto Approve) and Lend Capital Pty Ltd ABN 12 612 877 442 (Lend)) where we act as an authorised representative, introducer or referrer; and

·        (unless you tell us not to) to contact you to discuss other products or services that may be of interest to you.

Who we disclose your personal information to

We may disclose your personal information to third parties to facilitate the purposes listed above.

Third parties who we may disclose your personal information to, include:

·        our employees and related entities in Australia, New Zealand and overseas;

·        our warehouse, supply partners, other service providers (including delivery service providers such as couriers and administrative services providers, such as mailing houses, printers and call centre operators) and subcontractors;

·        legal, settlement, valuation and recruitment service providers;

·        data processing and market research service providers;

·        marketing and advertising agencies (including, but not limited to Publift);

·        fraud protection service providers (note that: we are using the services of our trusted service provider, Forter Ltd, in order to help us prevent online frauds. Our service provider may use and process your personal information in accordance with applicable privacy and data protection laws. You can read about the ways by which our service provider may use and process your personal information by clicking Forter;

·        our security service providers (who provide services including retail security, loss prevention and mobile patrols);

·        regulatory bodies, law enforcement authorities and toll operators in New Zealand, Australia and overseas;

·        any person who is considering whether to acquire or who has acquired any part of our business, or the rights or obligations under our contract with you;

·        financial, legal and other advisors;

·        any person we consider necessary to execute your instructions, including other participants in financial and payment systems, such as banks, credit providers, clearing entities, payment platforms (including but not limited to, PayPal and Braintree) and credit card associations;

·        account information aggregation service providers (including Yodlee), to assist in the transfer of your account data to us;

·        insurers, reinsurers, loss adjusters, assessors, underwriters and manufacturer’s warranty providers;

·        brokers and other distributors;

·        your guarantors and security providers;

·        debt collectors and investigators;

·        credit providers, finance brokers and referrers (including, among others, CarLoans.com.au, Auto Approve and Lend); and

·        other businesses involved in our dealings, including our business partners and joint venturers and third parties that refer you to us.

Overseas disclosures

We may disclose your personal information to overseas recipients so we can provide you with our services and products and for administrative, data storage or other business management purposes.

We may disclose or transmit your personal information to recipients in Australia, New Zealand, United States of America, United Kingdom, Israel, the Philippines, Japan, Singapore and Hong Kong.

We take steps reasonable in the circumstances to ensure that an overseas recipient complies with relevant Privacy Laws or is bound by a substantially similar privacy regime found in New Zealand and Australia (as the case may be).

Direct marketing

We may use and disclose your personal information (including by sharing it between members of the Grays Group) in order to inform you of products, services and promotions that may be of interest to you.

In the event that you do not wish to receive such communications, you can opt out by following the instructions for doing so in the communications we send to you or by contacting us on the details under "How to contact us".

Direct marketing

We may use and disclose your personal information (including by sharing it between members of the Grays Group) in order to inform you of products, services and promotions that may be of interest to you.

In the event that you do not wish to receive such communications, you can opt out by following the instructions for doing so in the communications we send to you or by contacting us on the details under "How to contact us".

How we hold and keep secure your personal information

We hold, and keep secure, your personal information in physical form or in electronic form on our systems or the systems of our service providers.

We take steps to ensure that the personal information we hold is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. Your personal information is held in secure databases on secure premises, accessible by authorised staff who follow procedural safeguards that meet or exceed security requirements under the Privacy Law.

We require third parties handling personal information on our behalf to follow equally compliant standards of security and confidentiality.

We will destroy or de-identify personal information in circumstances where it is no longer required, unless we are otherwise required or authorised by law to retain the information.

How to access and correct information we hold about you

We try to ensure that the personal information we hold is accurate, up-to-date, complete, relevant and not misleading.

You have a right to access and seek correction of your personal information that is collected and held by us. This is subject to some exceptions specified in the Privacy Act 1988 (Cth) (Australia), and the Privacy Act 1993 (New Zealand).

To access or correct any of the personal information we hold about you, or you would like more information on our approach to privacy, please contact our Privacy Officer whose details are found under the heading "How to contact us" below.

We will grant access to personal information to the extent required by applicable Privacy Law and will take reasonable steps to amend personal information where necessary and appropriate. If you would like access to your personal information, you must:

·        provide us with proof of your identity. This is to ensure you’re your personal information is provided only to you; and

·        be reasonably specific about the information you require (ie explain exactly what you're looking for).

We will try to provide you with the information in the manner set out in your request. We may charge you a reasonable administration fee reflecting our costs for servicing your access request (ie photocopying or retrieval fees). We will not charge you for making the request.

If we refuse your request to access or correct your personal information, we will provide you with written reasons for the refusal.

If you are dissatisfied with our reasons for refusing your request to access or correct your personal information, you may make a complaint to the Office of the Australian Information Commissioner / New Zealand Privacy Commissioner (as the case may be) or to an applicable external dispute resolution scheme (provided that the Grays Group entity you are dealing with is a member of that scheme - we will provide details of any such scheme in our response to your request for access or correction).

Where we correct your personal information which we had previously disclosed to another entity and you ask that other entity be notified of that correction, we will take reasonable steps to do so (unless impracticable or unlawful).

Privacy complaints

You can raise a complaint about the way we managed your personal information by contacting our Privacy Officer whose details are found under "How to contact us" below.

After you raise a complaint with us, our Privacy Officer will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. At all times, privacy complaints will:

·        be treated seriously;

·        be dealt with promptly;

·        be dealt with in a confidential manner; and

·        not affect your existing obligations or impact on the commercial arrangements between you and us.

If you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner / New Zealand Privacy Commissioner or an applicable external dispute resolution scheme (provided that the Grays Group entity you are dealing with is a member of that scheme - we will provide details of any such scheme in our response to such a request for access or correction).

How to contact us

Please direct all privacy queries and complaints to our Privacy Officer by:

Mail: Privacy Officer
Grays.com Pty Ltd
Locked Bag 1004
Moorebank 1875

Email: compliance@grays.com.au

Telephone: +61 2 7908 1700