Personal information and personal data
Client means the Customer’s individual clients.
Client Data means Personal Information and/or data about Clients that the Customer collects and stores and/or uploads into/within our Services, including the types of Personal Information set out in section 3.
Customer means the entity to whom we provide our Services, including motor vehicle dealerships and OEMs (being a vehicle manufacturer, or licensee of a vehicle manufacturer holding the right to represent a motor vehicle brand and manufacturer).
Customer Data means Personal Information and/or personal data that we collect from the Customer about the Customer’s employees and/or other personnel who are using or engaging with our Services, including the types of Personal Information set out in section 3.
Data Protection Laws means laws that apply to the collection, handling, storage, processing, disclosure, and any other use of Personal Information.
Personal Information and/or Personal Data have the meaning given to them in section 2.
Services means our products and services, including our software platforms and other ancillary or related services.
Third Party Data means Personal Information captured by our Services via third party sites and their operators.
Any information that can lead to someone identifying you or inferring that the information is about you is Personal Information.
Types of Personal Information we collect and hold
- Personal information and/or personal data (the terms commonly used in applicable Data Protection Laws), is information or an opinion about an identified or reasonably identifiable individual, whether or not the information or opinion is true and whether or not the information is recorded in a material form (Personal Information or Personal Data).
- We use the term Personal Information throughout this policy however, you can also read this as a reference to Personal Data.
We collect different types of Personal Information which will depend on your interaction with us, the below sets out the types of information we might collect.
How we collect and hold Personal Information
- We collect, and/or receive, hold, and store Personal Information about individuals for the provision of our Services and purposes connected to our Services, which includes the Client Data and the Customer Data.
- Consistent with the provision of our Services, the types of Personal Information we may collect, receive, store, and hold includes the following.
- Identity and contact details – including individuals’ full name, address, date of birth, telephone number, email address, and other identifying and contact information.
- Location data – some of our Services collect location data while the relevant product is in use to enable certain functionalities, such test driving functionalities and associated driving routes.
- Other information – text of written and oral communications gathered in the course of our interaction with you, including where you comment within our platforms and/or otherwise interact on live-chat, social media and emails, including feedback and online reviews and other information from your interactions with us online, including cookie information, IP address, URLs, search histories and other associated information.
- Relevant to each of the European Union’s General Data Protection Regulation and the United Kingdom’s Data Protection Act 2018 (together, the GDPR), the basis for our processing of your Personal Information under the GDPR is with your consent and to enable us to perform the contract with you related to the services you have asked us to provide. If you don’t provide us with Personal Information, we are unlikely to be able to provide you with our Services.
This section explains how we collect the information from you, which may be directly or via third parties, which we explain in more detail below.
Purposes for which we hold, use and disclose Personal Information
- The ways we may collect your Personal Information are as follows.
- Directly from you. We may collect Personal Information directly from you, including while providing our Services, from our website and other online platforms, including using cookies (data files placed on your device or computer).
- From third parties. In some circumstances, we do not have a direct relationship with the person whose Personal Information we are receiving, handling and storing. We may receive Personal Information about you from third parties who you have a relationship with, including the following.
- The Customer as your employer. Where the Customer is your employer and/or you’re otherwise engaged by the Customer (for example, as a contractor or other representative), the Customer may disclose your Personal Information to us while enabling your use of our Services.
- The Customer as your service provider. Where you are the Customer’s Client and, accordingly, the Customer is your service provider, while providing their services to you that are related to our Services, the Customer may disclose your Personal Information to us.
- Third Party integrators and aggregators. We have relationships with third party integrators and aggregators who integrate with our Services. Where you have given your Personal Information to such third parties, any they integrate with our Services, your Personal Information may be disclosed to us because of such integration.
- Personal Information is held securely, is subject to various security protections and is held only for as long as the information remains relevant to the purpose for which it was collected, and in accordance with our business needs and legal requirements.
We collect, use and disclose your Personal Information for a wide variety of reasons but only to the extent that we need to in order to operate our platforms and provide our Services, or where required or permitted by law.
Some other rights in relation to your privacy
- We will not use or disclose Personal Information for any secondary purpose, unless that secondary purpose is related to the primary purpose for which we have collected that information, and you would reasonably expect the disclosure in the circumstances, or unless you consent to that use or disclosure.
- The purposes for which we collect, hold, use and disclose information may include:
- Conducting our business, which includes providing our Services, or the products and services of a third party, to our Customers, including in accordance with the directions provided by the Customer in respect of Client Data;
- To communicate information about our Services or third party organisation services that may be of interest to you;
- To provide you with information or advertising relating to our Services (including serving and targeting advertisements) or marketing communications we believe may be of interest to you;
- To improve and optimise our Services and platforms;
- For our internal administrative, research, planning, marketing and product development purposes; and
- To comply with legal obligations.
- We may also disclose Personal Information to the following third parties for their use for the same purposes.
- Our parent companies and other affiliates and related bodies corporate.
- Third party service providers, including service providers who assist us so we can make our Services available to our Customers and/or assist with ancillary services made available through Services and technology and marketing service providers and partners, including Amazon Web Services, Facebook marketing services and Google Analytics.
- The Customer as your employer who is our customer using our products and services.
- The Customer as your service provider, who you are the Client of and with whom you also have a relationship with.
- OEMs, being a vehicle manufacturer, or licensee of a vehicle manufacturer holding the right to represent a motor vehicle brand and manufacturer.
You’ve probably heard of the right to be forgotten. In the UK and EU you have certain rights about the deletion of your personal data, and this clause sets out such rights.
- Relevant to the GDPR, some individuals also have a right, in certain circumstances, to have the information held about them erased. You can talk to us further about this by contacting us at the email address set out in section 11 below. Such individuals can also request that we restrict or suspend the processing of your Personal Information. If you do so, note that we will then be most likely unable to provide the services to you.
- The GDPR also provides that in some circumstances, individuals have a right to data portability, to withdraw their consent at any time, to object to data processing and to object to processing of data for marketing purposes.
Sometimes we may disclose your Personal Information outside of the UK, EEA and/or Australia. We’ll make sure that your Personal Information remains protected.
- Relevant to the GDPR, to provide our services to you, we may disclose the information which we process to countries outside the European Economic Area (EEA) and the UK. Regardless of the location of our processing, we will impose adequate data protection safeguards and implement appropriate measures to ensure that your personal data is protected in accordance with applicable data protection laws.
- In relation to our Australian operations, we may, while our providing products and services, disclose Personal Information to overseas entities including by utilising overseas data servers to process information. Those overseas entities may be in the United States of America, Europe or Asia.
Please review the policy to check if we’ve made changes.
Please contact us if you have a privacy complaint. We’ll do our best to resolve your complaint. If we don’t, below are the relevant supervisory authorities who you can contact.
- If you consider a breach of the Privacy Act 1988 (Cth) or GDPR has occurred, you may direct your query to our privacy officer using the details set out in the contacting us section below and we will attempt to resolve your complaint.
- If you do not consider our response satisfactory, you may contact the following privacy regulators.
- Australian individuals may contact the Australian Privacy Commissioner at its website www.oaic.giv.au or by telephone on 1300 363 992.
- EU individuals may contact their relevant local data protection authority, which can be located at via the European Data Protection Supervisor and/or this link.
- UK individuals may contact their local data protection authority, the Information Commissioner’s Office (see here).