Grays.com Pty Ltd Privacy Policy
Who we are
This Privacy Policy
sets out how Grays Group (we, us, our), which includes the following entities:
·
Grays.com Pty Ltd ACN 634 636 310;
·
Grays Co 2 Pty Ltd ACN 634 636 490;
·
Grays Co 3 Pty Ltd ACN 634 638 421;
·
Grays Co 4 Pty Ltd ACN 634 640 225;
·
Car Buyers Australia Pty Limited ACN 159 545 758 (trading as Are You
Selling (AUS), Are You Selling.com.au, Club C.H.A. and Car House Australia);
·
Grays e-Commerce Group Limited ACN 125 736 914;
·
GEG No. 1 Pty Ltd ACN 113 930 608;
·
GEG Capital Pty Limited ACN 169 008 191;
·
GEG International Pty Ltd ACN 096 509 134;
·
Grays (Aust) Holdings Pty Limited ACN 114 615 780;
·
Grays (NSW) Pty Limited ACN 003 688 284;
·
GraysOnline S.A. Pty Limited ACN 119 696 070;
·
GraysFinance Pty Ltd ACN 622 573 737;
·
Grays (VIC) Pty Limited ACN 085 287 289;
·
GLC Fine Wines & Liquor Pty Limited ACN 082 470 782;
·
Gray Eisdell Timms (WA) Pty Ltd ACN 056 957 852;
·
Gray Eisdell Timms (QLD) Pty Ltd ACN 060 942 323;
·
C M Pty Ltd ACN 060 526 516 trading as GEM Trust;
·
Grays Real Estate Australia Pty Ltd ACN 643 206 268 (trading as Grays
Real-Estate Australia); and
·
Grays Auctions Limited (New Zealand Company Number 1215446),
is committed to
protecting your personal information managed by us, in the way we collect,
hold, use and disclose your personal information.
We will comply with
the Privacy Act 1988 (Cth)
(Australia) (Privacy Act), including the 13 Australian Privacy
Principles (APPs) contained in Schedule 1 of the Privacy Act, the Privacy Act 1993 (New Zealand) (as
applicable), and all other relevant laws, regulations and codes relating to
privacy and personal information (Privacy Law).
This Privacy Policy
will be updated from time to time. You should review it every now and again so
that you are aware of any changes.
What is
"personal information" and what happens if we don't collect your
personal information?
Where practicable we
aim to collect your personal information directly from you. The circumstances
in which we may do so will vary depending on the context in which we are
dealing with you (for example, if you are a customer, according to the specific
product or service we are providing) but can include, for example, when you
are:
"Personal
information" is any information or an opinion about an identified, or
reasonably identifiable, person.
You can choose not to
provide your personal information to us, or deal with us anonymously or by
using a pseudonym. However, if you do so:
·
we may be unable to provide you with the products or services you have
applied for; or
·
we may be limited in our ability to respond to or deal with any
enquiries you make.
What kinds of
personal information do we collect and hold?
The kinds of personal
information we collect and hold about you will depend on the products or
services we provide you with or if the law requires us to collect it. This
includes your:
·
Identification information - such as your
name, address, email address, telephone number, gender and date of birth.
·
Financial and transaction information - including
information about your assets, occupation and income, account balances, account
activities, payment history and transactions with us or third parties.
·
Government identifiers - such as your
driver’s licence, passport and visa particulars to verify your identity.
·
Other personal information - such as
details of your interactions with us (including when you use our website and
other online resources, such as social media platforms), billing information
including your credit card details, your purchasing preferences and history,
any information contained in correspondence between us and you or any other
information lawfully obtainable under relevant Privacy Law.
Sometimes we may
collect "sensitive information" about you, for example in relation to
insurance claims. "Sensitive information" includes health information
and information about racial or ethnic origin, political opinions, membership
of a trade union or political association, religious beliefs or affiliations,
philosophical beliefs, sexual preferences and criminal record.
We will only collect
sensitive information about you with your consent or if the law allows us to.
How do we collect your personal information?
We will try to
collect your personal information directly from you wherever possible. How we
collect your personal information depends on the type of interaction we have
with you.
If you contact us,
apply for or use our products and services, visit our website, interact with
our social media platforms or contact us in relation to a promotion, we will
collect your personal information.
Sometimes we may
collect your personal information from other sources. These other sources
include:
·
public or commercial information services providers (such as providers
of government or business information);
·
third party service providers or agents assisting us to process your
application or other transaction;
·
brokers, insurers and manufacturer’s warranty providers;
·
employers;
·
vehicle dealers and lead generation providers; and
·
other businesses involved in our dealings, including our business
partners and third parties that refer or introduce you to us.
How we use your
personal information
We collect, hold, use
and disclose your personal information where it is reasonably necessary for the
purposes of providing our products and services, for our other business
purposes and for any necessary related purposes. These purposes include, but
are not limited to:
·
confirm your identity;
·
registering you to use our online resources, including for an account on
our website, and to administer your access to our services;
·
process an application for a product or service, or a purchase request
(including to execute your instructions and process your online bids and
purchases);
·
manage and improve our products and services or other relationships and
arrangements with you;
·
process receipts, invoices and payments and servicing customer accounts,
including determining liability for payment and undertaking accounting, billing
and other administrative tasks;
·
respond to your enquiries about your applications, accounts, products or
services;
·
understand your needs and offer products and services to meet those
needs, including marketing and promoting products or services that may be of
interest to you;
·
assess or process insurance risks or claims;
·
tell you about changes to our products and services;
·
contact you about, any application you make for a job with us, if
applicable;
·
meet our obligations, including contractual and those arising under
relevant laws:
·
enforce our rights, including undertaking debt collection activities and
legal proceedings;
·
undertake business funding and development activities, and corporate
restructures and amalgamations;
·
referring or introducing you to an organisation, entity or credit
provider (including, among others, CarLoans.com.au Pty Ltd ABN 88 161 036 228 (CarLoans.com.au),
A.C.N. 633 925 050 Pty Ltd (ACN 633 925 050) trading as Auto Approve (Auto
Approve) and Lend Capital Pty Ltd ABN 12 612 877 442 (Lend)) where
we act as an authorised representative, introducer or referrer; and
·
(unless you tell us not to) to contact you to discuss other products or
services that may be of interest to you.
Who we disclose your
personal information to
We may disclose your
personal information to third parties to facilitate the purposes listed above.
Third parties who we
may disclose your personal information to, include:
·
our related entities in Australia, New Zealand and overseas;
·
our warehouse, supply partners and other service providers (including
delivery service providers such as couriers and administrative services
providers, such as mailing houses, printers and call centre operators);
·
legal, settlement, valuation and recruitment service providers;
·
data processing and market research service providers;
·
marketing and advertising agencies (including, but not limited to Publift);
·
fraud protection service providers (note that: we are using the services of our trusted service provider, Forter Ltd,
in order to help us prevent online frauds. Our service provider may use and
process your personal information in accordance with applicable privacy and
data protection laws. You can read about the ways by which our service provider
may use and process your personal information by clicking Forter;
·
our security service providers (who provide
services including retail security, loss prevention and mobile patrols);
·
regulatory bodies, law enforcement authorities and toll operators in New
Zealand, Australia and overseas;
·
any person who is considering whether to acquire or who has acquired any
part of our business, or the rights or obligations under our contract with you;
·
financial, legal and other advisors;
·
any person we consider necessary to execute your instructions, including
other participants in financial and payment systems, such as banks, credit
providers, clearing entities, payment platforms (including but not limited to, PayPal and Braintree) and credit card
associations;
·
account information aggregation service providers (including Yodlee), to
assist in the transfer of your account data to us;
·
insurers, reinsurers, loss adjusters, assessors, underwriters and
manufacturer’s warranty providers;
·
brokers and other distributors;
·
your guarantors and security providers;
·
debt collectors and investigators;
·
credit providers, finance brokers and referrers (including, among
others, CarLoans.com.au, Auto Approve and Lend); and
·
other businesses involved in our dealings, including our business
partners and joint venturers and third parties that refer you to us.
Overseas disclosures
We may disclose your
personal information to overseas recipients so we can provide you with our services
and products and for administrative, data storage or other business management
purposes.
We may disclose or
transmit your personal information to recipients in Australia, New Zealand,
United States of America, United Kingdom, Israel, the Philippines, Japan,
Singapore and Hong Kong.
We take steps
reasonable in the circumstances to ensure that an overseas recipient complies
with relevant Privacy Laws or is bound by a substantially similar privacy
regime found in New Zealand and Australia (as the case may be).
Direct marketing
We may use and
disclose your personal information (including by sharing it between members of
the Grays Group) in order to inform you of products, services and promotions
that may be of interest to you.
In the event that you
do not wish to receive such communications, you can opt out by following the
instructions for doing so in the communications we send to you or by contacting
us on the details under "How to contact us".
Direct marketing
We may use and
disclose your personal information (including by sharing it between members of
the Grays Group) in order to inform you of products, services and promotions
that may be of interest to you.
In the event that you
do not wish to receive such communications, you can opt out by following the
instructions for doing so in the communications we send to you or by contacting
us on the details under "How to contact us".
How we hold and keep
secure your personal information
We hold, and keep
secure, your personal information in physical form or in electronic form on our
systems or the systems of our service providers.
We take steps to
ensure that the personal information we hold is protected from misuse,
interference and loss and from unauthorised access, modification or disclosure.
Your personal information is held in secure databases on secure premises,
accessible by authorised staff who follow procedural safeguards that meet or
exceed security requirements under the Privacy Law.
We require third
parties handling personal information on our behalf to follow equally compliant
standards of security and confidentiality.
We will destroy or
de-identify personal information in circumstances where it is no longer
required, unless we are otherwise required or authorised by law to retain the
information.
How to access and
correct information we hold about you
We try to ensure that
the personal information we hold is accurate, up-to-date, complete, relevant
and not misleading.
You have a right to
access and seek correction of your personal information that is collected and
held by us. This is subject to some exceptions specified in the Privacy Act 1988 (Cth) (Australia), and
the Privacy Act 1993 (New Zealand).
To access or correct
any of the personal information we hold about you, or you would like more information
on our approach to privacy, please contact our Privacy Officer whose details
are found under the heading "How to contact us" below.
We will grant access
to personal information to the extent required by applicable Privacy Law and
will take reasonable steps to amend personal information where necessary and
appropriate. If you would like access to your personal information, you must:
·
provide us with proof of your identity. This is to ensure you’re your
personal information is provided only to you; and
·
be reasonably specific about the information you require (ie explain
exactly what you're looking for).
We will try to
provide you with the information in the manner set out in your request. We may
charge you a reasonable administration fee reflecting our costs for servicing
your access request (ie photocopying or retrieval fees). We will not charge you
for making the request.
If we refuse your
request to access or correct your personal information, we will provide you
with written reasons for the refusal.
If you are
dissatisfied with our reasons for refusing your request to access or correct
your personal information, you may make a complaint to the Office of the
Australian Information Commissioner / New Zealand Privacy Commissioner (as the
case may be) or to an applicable external dispute resolution scheme (provided
that the Grays Group entity you are dealing with is a member of that scheme -
we will provide details of any such scheme in our response to your request for
access or correction).
Where we correct your
personal information which we had previously disclosed to another entity and
you ask that other entity be notified of that correction, we will take
reasonable steps to do so (unless impracticable or unlawful).
Privacy complaints
You can raise a
complaint about the way we managed your personal information by contacting our
Privacy Officer whose details are found under "How to contact us"
below.
After you raise a
complaint with us, our Privacy Officer will commence an investigation into your
complaint. You will be informed of the outcome of your complaint following
completion of the investigation. At all times, privacy complaints will:
·
be treated seriously;
·
be dealt with promptly;
·
be dealt with in a confidential manner; and
·
not affect your existing obligations or impact on the commercial
arrangements between you and us.
If you are
dissatisfied with the outcome of your complaint, you may refer the complaint to
the Office of the Australian Information Commissioner / New Zealand Privacy
Commissioner or an applicable external dispute resolution scheme (provided that
the Grays Group entity you are dealing with is a member of that scheme - we
will provide details of any such scheme in our response to such a request for
access or correction).
How to contact us
Please direct all
privacy queries and complaints to our Privacy Officer by:
Mail: Privacy Officer
Grays.com Pty Ltd
Part Level 4, 150 Edward Street
Brisbane QLD 4000
Australia
Email: compliance@grays.com.au
Telephone: 02 9105 8069