Privacy Policy

Last Updated on 22 December, 2021

Indented List

CAA PRIVACY POLICY

1. Introduction


1.1 This Privacy Policy is issued by Cox Automotive Australia ABN 97 090 535 505 and its related bodies corporate (“CAA”, “we”, “our” and “us”). CAA is committed to responsible privacy practices and to complying with the Privacy Principles contained in the Australian Privacy Act 1988 (Cth) (“Australian Privacy Act”) and the Privacy Act 2020 (“New Zealand Privacy Act”).

In this Privacy Policy:

  • References to “Privacy Act” are references to the New Zealand Privacy Act and/or the Australian Privacy Act (as the context requires).
  • References to “Privacy Principles” are references to the Australian Privacy Principles contained in the Australian Privacy Act and/or the Information Privacy Principles contained in the New Zealand Privacy Act (as the context requires).

1.2 Where applicable, CAA will handle personal information relying on the related bodies corporate exemption and the employee records exemption in the Australian Privacy Act and any other applicable exemptions in the Australian Privacy Act or other legislation. Where State or Territory health privacy legislation applies, we are required to protect the privacy of employee health information. This Privacy Policy will apply in those circumstances. This clause 1.2 does not apply to the collection, use, and disclosure of personal information from individuals located in New Zealand.

1.3 This Privacy Policy sets out our policies on the management of personal information including how we collect personal information, the purposes for which we use this information, to whom this information is disclosed and the steps we take to safeguard the information to protect your privacy.

1.4 Car dealerships working with CAA products or services (“Dealers”) and other commercial entities supporting CAA products or services are independent entities and not related to CAA and may have privacy policies which differ from ours. These parties are responsible for their own privacy policies and privacy practices.

1.5 We may change our Privacy Policy from time to time at our discretion. At any time, the latest version of our Privacy Policy is available from our website or you can request a copy by contacting our Privacy Officer (see section 16 of this Privacy Policy).

2. What is personal information?

2.1 In this Privacy Policy, “personal information” has the meaning set out in the Privacy Act.
Essentially, under the Australian Privacy Act, personal information is information or an opinion, whether true or not and whether recorded in material form or not, about an individual who is reasonably identifiable. Under the New Zealand Privacy Act, personal information is information about an identifiable individual.

3. What types of personal information does CAA collect?

3.1 The types of personal information CAA collects from you depends on the type of dealings you have with us.

3.2 CAA may collect contact details including your name, address, email address, and phone and fax numbers.

3.3 Where relevant, CAA may also collect your photo ID (driver’s licence, Government issued photo identification, passport and birth certificate), bank account details for any payment or reimbursement to you, credit card and log in details for online products and services, registration details, date of birth or age group, occupation, gender, business details including but not limited to the ABN/ACN (or New Zealand company number/NZBN) or a Dealer’s licence number, information about a vehicle or any other item you purchase or wish to sell (including without limitation its make, model, number plate and vehicle identification number and details of any finance arrangements, registration records and service records), answers you provide to questions we ask, details of any enquiry you make with us or feedback you give us, your role and responsibilities if you represent a corporate client and other information in relation to your dealings with CAA.

3.4 If you are applying for a position at CAA, we will collect information you include in your
application, including your cover letter, resume, contact details and referee reports. If you are an individual contractor to, or employee of, CAA, in addition to the information referred to in section 3.3 we may collect information relevant to your engagement with CAA including qualifications, length of engagement, resume, pay rate and salary, bank details, feedback from supervisors, training records and logs of your usage of CAA equipment (e.g. phones, computers and vehicles).

3.5 When using a CAA website, we or our third-party service providers may collect website usage information such as the IP address you are using, the name of your Internet service provider, your browser version, the web site that referred you to us and the next website you go to, the pages you request, the date and time of those requests and the country you are in. Except where you provide it to us via a website, we do not collect personal information such as your name, mailing address, email address or phone number when you are browsing our websites. This information is used and disclosed by CAA in anonymous, aggregated form only, for purposes including statistical analysis and to assist or disclose this information to try to locate an individual where we reasonably believe that the individual may have engaged in any unlawful or inappropriate activity in connection with our website(s), or where we are otherwise required or authorised to do so.

3.6 Under the Australian Privacy Act, and for the purposes of this Privacy Policy, “sensitive information” is a subset of personal information that is generally afforded a higher level of privacy protection (e.g. details of race, religious beliefs, sexual orientation, health information etc.). CAA does not generally require customers to disclose any sensitive information to us. CAA only collects sensitive information where it is reasonably necessary for our functions or activities and either the individual has consented, or we are required or authorised by or under law to do so. In limited circumstances, we may require prospective employees and individual contractors to provide us with certain health information.

3.7 If you do provide sensitive information to us for any reason (for example, if you provide us with information about a disability you have or your vaccination status), you consent to us collecting that information and to us using and disclosing that information for the purpose for which you disclosed it to us and as permitted by the Australian Privacy Act and other relevant laws.

3.8 In addition to the types of personal information identified above, CAA may collect personal information as otherwise permitted or required by law.

4. How do we collect your personal information?

4.1 CAA collects personal information in a number of ways. The most common ways we collect your personal information are:

  • in person (for example, when you attend an auction at our premises and register as a buyer);
  • in person, when you purchase or test drive a vehicle from our motor dealer retail outlet and complete the relevant contract;
  • directly from you when you provide it to us or our agents or contractors in person, by telephone or in writing;
  • via Dealers where your consent has been provided;
  • via our websites or when you deal with us online (including through social media);
  • via our market research agencies;
  • when you enter a competition or promotion;
  • if you are an individual contractor to or employee of CAA, from your employer or recruitment agency;
  • if you are employed by or contracted to a Dealer, from that Dealer;
  • from publicly available sources;
  • through surveillance cameras;
  • from our related companies; and
  • from third parties, for example:
    • from referees if you apply for a position as an employee or contractor with us.
    • we may use various database providers for purposes such as, address validation software for personal information we maintain which will verify your personal information against such sources as Australia Post however this software provider will not access your data; or
    • we may use other database providers for customer assistance such as a system that enables us to link you to the nearest CAA site.

5. For what purposes do we collect, use and disclose your personal information?

5.1 The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it. We describe the purposes for which we collect, hold, use, and disclose your personal information in this Privacy Policy. In addition, we endeavour to inform you why we are collecting your personal information, how we intend to use that information and to whom we intend to disclose it at the time we collect your personal information.

5.2 We may use or disclose your personal information:

  • for the purposes for which we collected it (and related purposes which would be reasonably expected by you);
  • for other purposes to which you have consented; and
  • as otherwise authorised or required by law.

5.3 In general we collect, use and disclose your personal information so that we can do business together and for purposes connected with our business operations.

5.4 Some of the specific purposes for which we collect, use and disclose personal information are as follows:

  • to provide goods or services to you or to receive goods or services from you;
  • to identify who is selling and buying items at auction, sale, by tender or otherwise;
  • to confirm whether any security interests are recorded in relation to an item for auction;
  • to receive payment from you or remit funds to you and (where applicable) financiers;
  • to record and maintain the details of your purchase of a CAA product for warranty purposes or your purchase of a CAA product or service for administration purposes;
  • to provide (or arrange third parties to provide) additional products and services in respect of goods and or services purchased from us;
  • to inform you in the event of an action that must be taken, for example a recall, affecting a vehicle bought from us;
  • to improve our products and services;
  • to contact you (directly or through our service providers and marketing research agencies) to obtain your feedback and to find out your level of satisfaction with our products and services through surveys;
  • to protect the security of our offices, staff, customers and the property held on our premises;
  • to verify your identity;
  • to promote our products and services, including through direct marketing, events, competitions or promotions;
  • to collect goods from sellers and deliver them to buyers or other parties;
  • to co-ordinate third party carriers to transport goods between parties;
  • to consider you for a job at CAA (whether as an employee or contractor) or other relationships with us;
  • to address any issues or complaints that we or you have regarding our relationship;
  • for general account management, planning and administration; and
  • to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner.
  • required or authorised by or under law (including, without limitation, privacy legislation); and
  • for which you have provided consent.

5.5 We may also use and disclose your personal information for other purposes explained at the time of collection or which are:

  • required or authorised by or under law (including, without limitation, privacy legislation); and
  • for which you have provided consent.

5.6 Direct marketing involves communicating directly with you for the purpose of promoting goods or services to you and to provide you with special offers from CAA. Where we have your express or implied consent, or where we are otherwise permitted by law, we may:

  • send you information about upcoming products and services, including retail sales, promotions, special offers and events; or
  • disclose your personal information to third party providers of finance, insurance, warranty and other related products and services that we think may be of interest to you (where we have entered into an agreement with the third party allowing them to market to you).

5.7 Direct marketing can be delivered by a range of methods including mail, telephone, email or SMS. You can unsubscribe from our direct marketing, or change your contact preferences, by contacting us (see section 16 of this Privacy Policy) or using the unsubscribe facility that we include in out electronic messages (such as emails and SMS) to opt out of receiving those messages. To opt out of receiving marketing communications from third party providers, please make direct
contact with those providers.

6. What happens if you don’t provide personal information?

6.1 Generally, you have no obligation to provide any personal information requested by us.
However, if you choose to withhold requested personal information, we may not be able to provide you with the products and services that depend on the collection of that information.

6.2 As an example, if we did not collect personal information about your vehicle purchase, we would be unable to notify you directly of a product recall affecting your vehicle.

7. To whom do we disclose personal information?

7.1 We may disclose your personal information to third parties in connection with the purposes
described in section 5 of this Privacy Policy.

7.2 This may include disclosing your personal information to the following types of third parties:

  • our related companies;
  • our contractors (including mailing houses, marketing agencies, insurance providers, website and data hosting providers and other IT suppliers);
  • if you sell an item through us, we may disclose your personal information to the buyer;
  • if you buy an item through us, we may disclose your personal information to the seller;
  • if you buy a vehicle through us, we may provide your information to a Dealer if required for warranty purposes;
  • buyer and seller information may be disclosed to third parties for purposes associated with the completion of the transaction (such as financial institutions for payment processing, a credit reporting body or the Australian or New Zealand Personal Properties Securities Registers);
  • other persons who perform services for, or in connection with, us (including to facilitate the delivery of purchases, for repairs, for Plant & Equipment Safety Reports, for electronic direct mailing, for credit card payment authorisation, for data storage, for trend analysis, for function and events, for market research, for marketing and promotions and for the provision of statistical sales information);
  • state and federal government authorities (for example, for vehicle registration and compulsory third-party insurance purposes, the Office of State Revenue (in Australia) and Inland Revenue (in New Zealand) for unclaimed money, ASIC and/or the New Zealand Companies Office for checking company details);
  • companies who may use your personal information in order to tailor electronic advertising to you (e.g. on a webpage) in relation to our products and services;
  • our accountants, lawyers, auditors and other professional advisers;
  • if you are an individual contractor to CAA, to your employer or agency in relation to the performance of your work with CAA;
  • if you are an individual contractor to CAA or a prospective employee, to our medical service providers for any medical assessments or in relation to any health or safety incidents and to HR related service providers (e.g. for background checks, screening or aptitude testing);
  • any third parties to whom you have directed or permitted us to disclose your personal information (e.g. financiers, insurers, referees);
  • in the unlikely event that we or our assets may be acquired or considered for acquisition by a third party, that third party and its advisors;
  • third parties that require the information for law enforcement or to prevent a serious threat to public safety; and
  • otherwise as permitted or required by law.

7.3 Where we disclose your personal information to third parties we will use reasonable commercial efforts to ensure that such third parties only use your personal information as reasonably required for the purpose we disclosed it to them and in a manner consistent with the Privacy Principles under the Privacy Act, e.g. by (where commercially practical) including suitable privacy and confidentiality clauses in our agreement with a third party service provider to which we disclose your personal information.

7.4 If you post information to certain public parts of our website or to our social media pages, you acknowledge that such information may be available to be viewed by the public. You should use discretion in deciding what information you upload to such sites.

7.5 Your personal information will not be “sold” by CAA to any other organisation for that organisation’s unrelated independent use. If you have opted in to receive marketing materials from CAA, we may share anonymised “hashed” data with social media advertising partners, such as Facebook, so that they can create custom audiences and deliver advertisements on our behalf to their members. Members are identifiable when the social media partner matches our anonymized data to its anonymised data of its users.

8. Does personal information leave Australia?

8.1 Some of the third parties to whom we disclose personal information may be located outside Australia or New Zealand. For example, we may disclose personal information to our related companies overseas and to our overseas service providers.

8.2 The countries in which these third parties are located will depend on the circumstances. In the ordinary course of business we commonly disclose personal information to parties located in the United States, Europe, Canada and New Zealand or Australia (as the case may be). Except where an exception applies under the Privacy Act, we will take reasonable steps to ensure that such overseas recipients do not breach the Privacy Principles in the Privacy Act in relation to such information, or if applicable, the recipient is required to protect your information in a way that provides comparable safeguards to those provided by the New Zealand Privacy Act.

9. How do we protect personal information?

9.1 CAA will take reasonable steps to keep any personal information we hold about you secure. However, except to the extent liability cannot be excluded due to the operation of statute or otherwise at law, we exclude all liability (including in negligence) for the consequences of any unauthorised access to, disclosure of, misuse of or loss or corruption of your personal information. Nothing in this Privacy Policy restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights under any applicable law including the Australian Competition and Consumer Act 2010 (Cth) and/or the New Zealand Consumer Guarantees Act 1993. Please notify us immediately if you become aware of any breach of security. Our contact details are set out in section 16 of this Privacy Policy.

10. What about information you provide in job applications?

10.1 If you submit a job application to CAA, we will use the information provided by you to assess your application. CAA may disclose the information contained in your application to contracted service providers for purposes such as screening, aptitude testing, medical testing and human resources management activities.

11. Is the personal information we hold accurate?

11.1 We endeavour to maintain your personal information as accurately as reasonably possible. We rely on the accuracy of personal information as provided to us both directly (from you) and indirectly.

11.2 We encourage you to contact us if the personal information we hold about you is incorrect or to notify us of a change in your personal information. Our contact details are set out in section 16 of this Privacy Policy.

12. How do you manage your data quality and security?

12.1 CAA maintains physical, electronic and procedural safeguards to protect the information we
hold about you against loss, misuse, damage or modification and unauthorised access or
disclosure. Some of our features of our information security program include:

  • a dedicated information security group within the IT department that designs, implements and provides oversight to our information security program;
  • use of specialised technology such as firewalls;
  • testing of the security and operability of products and services before they are introduced to the internet, as well as ongoing scanning for publicly known vulnerabilities in the technology;
  • internal and external reviews of our internet sites and services;
  • monitoring our systems infrastructure to detect weaknesses and potential intrusions;
  • implementing controls to identify, authenticate and authorise access to various systems or site;
  • protecting information during transmission through various means;
  • specific requirements for database backup and retention; and
  • providing CAA personnel with relevant training and continually updating our security practices in light of new risks and developments in technology.

12.2 CAA holds personal information in a number of ways, including in hard copy documents, electronic databases, email contact lists, and in paper files held in a secure manner. Paper files may also be archived in boxes and stored offsite in secure facilities. We take reasonable steps to:

  • ensure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;
  • protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
  • destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Privacy Principles.

12.3 The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to CAA’s computer systems (such as login and password protection), controlled access to CAA’s corporate premises, policies on document storage and security, personnel security (including restricting access to personal information on CAA’s systems to staff who need that access to carry out their duties, staff training and workplace policies).

12.4 We process credit card and online payments using EFTPOS and online technologies. All transactions processed by CAA meet industry security standards to ensure payment details are protected.

12.5 While we strive to protect the personal information and privacy of users of our websites, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact CAA by telephone or post.

12.6 If you are a registered user of a CAA website, you can also help to protect the privacy of your personal information by maintaining the confidentiality of your username and password and by ensuring that you log out of the website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.

13. Links, cookies and use of the CAA website

13.1 The CAA website contains links to other sites. This Privacy Policy applies to the CAA website and not any linked sites. We encourage you to read the privacy policies of each website that collects your personal information.

13.2 CAA and its third party service providers and / or advertising partners uses web tracking and storage technology tools such as web beacons, “cookies”, “pixel tags” and java code on CAA websites and in emails you have agreed to receive from us to collect or receive information regarding your activities on the site (eg. your IP address, page(s) visited, time of day). The use of such technology is an industry standard, and helps monitor the effectiveness of advertising and how visitors use websites. A “cookie” is a small data element stored by your web browser on your computer system. We do not use cookies to store any personal information that could be read or understood by others. Cookies used by CAA do not identify individual users, although they do identify the user’s internet browser. Only if selected by you, the CAA websites will store your username and password in a “cookie” to enable you to be automatically logged in when you return.

13.3 We, our third party service providers and / or advertising partners use this technology to generate statistics and measure site activity to improve the usefulness of customer visits.

13.4 Each time you access CAA websites, CAA and its third party service providers and / or advertising partners may deliver certain customised information, including advertisements, to you based on the data stored in your cookie. Third party advertising partners may show our ads on sites on the Internet and serve these ads based on information they collected about a user’s prior visits to our website and other Internet activity. CAA may also use analytics data supplied by third party vendors to inform and optimise our ad campaigns. This practice is commonly referred to as “interest-based advertising”.

13.5 Opting out of cookies: Most internet browsers are set up to accept cookies, If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. However, this may mean that you are unable to take full advantage of the website’s featured. For example, you will not be able to purchase vehicles online without logging into every individual page.

14. How you can access and correct personal information we hold about you

14.1 You may seek access to personal information which CAA holds about you by contacting us as outlined in section 16 of this Privacy Policy. We will provide access to that information in accordance with the Privacy Act, subject to certain exemptions which may apply. We may require that the person requesting access provide suitable identification and where permitted by law we may charge an administration fee for granting access to your personal information.

14.2 If you become aware that any personal information we hold about you is incorrect, if you wish to update your information, or if you wish to otherwise request the correction of your personal information which CAA holds about you, please contact CAA (see section 16 of this Privacy Policy).

15. Queries, comments and complaints about our handling of personal information

15.1 If you have any questions, concerns or complaints about our collection, use or disclosure of personal information, or if you believe that we have not complied with this Privacy Policy or the Privacy Act, please contact us (see section 16 of this Privacy Policy).

15.2 When contacting us please provide as much detail as possible in relation to your question, concern or complaint.

15.3 CAA will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need.

15.4 If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner or the Office of the New Zealand Privacy Commissioner (as the case may be).

16. Contact details

16.1 Please address all privacy complaints to:

Attention: Privacy Officer
Cox Automotive Australia Pty Ltd
4 Gordon Luck Avenue
ALTONA VICTORIA 3018

OR caa.Privacy@coxautoinc.com

16.2 If you wish to seek access to or correct or update any personal information we hold about you, or to unsubscribe from or change your contact preferences in relation to our direct marketing, you can also contact us at caa.Privacy@coxautoinc.com.

This Privacy Policy is dated 22 December 2021