In this policy the “Lexus Group” (or “we” or “us”) is:
"Lexus Australia” a division of Toyota Motor Corporation Australia ABN 64 009 686 097; and
"Lexus Financial Services” a division of Toyota Finance Australia Limited ABN 48 002 435 181.
The Lexus Group is part of the broader OneLexus Network of Lexus organisations in Australia. See section 2 for more information about the OneLexus Network.
We understand that your personal information and credit information (“information”) is important to you and we value your trust. This policy sets out how the Lexus Group handles your information. It also includes how we handle information collected from third parties, such as your credit report through the credit reporting system if you obtain finance with us.
We are bound by the Privacy Act 1988 (Cth) (“Privacy Act”) and its Australian Privacy Principles (“APPs”). Lexus Financial Services is a participant in the credit reporting system and is bound by the credit reporting rules in the Privacy Act. For more information about Lexus Financial Services’ credit reporting practices, see section 9 on “Credit reporting (applies only if you seek finance from Lexus Financial Services)”.
2. OneLexus Network
The Lexus Group (Lexus Australia and Lexus Financial Services) is part of the OneLexus Network, which includes:
Lexus Financial Services;
authorised Lexus dealers in Australia; and
Aioi Nissay Dowa Insurance Company Australia Pty Ltd trading as “Lexus Insurance”.
The Lexus Group collects and shares with other members of the OneLexus Network your personal information, including data collected from Connected Services, so that the OneLexus Network can provide you with an integrated OneLexus customer experience, including allowing you to be known across the Network regardless of which OneLexus entity you choose to deal with and to provide you with products, services, information and assistance, respond to your enquiries and help keep your information up to date. Your information may be disclosed to OneLexus Network service providers in Australia and overseas for these purposes.
3. What information do we collect and hold?
The kinds of information that we collect and hold about you will depend on the nature of your dealings with us.
Information we collect about you
We may collect and hold information about you including:
contact and identification information, such as your name, date of birth, contact number(s), email address(es), residential and/or business address(es), demographic information (such as postcode, age, gender) and driver’s licence details;
payment details (such as account or credit card details) and payment-related information in connection with your purchase of our products and/or services;
vehicle and servicing details, including vehicle registration, vehicle purchase details, name of your selling or servicing Lexus dealer, service appointment bookings, vehicle service and repair history (including in relation to Lexus Service Advantage, warranty, repairs and recalls, if applicable);
data collected as a result of connected services functionality, such as vehicle location. For details on the extent of information collected as a result of the connected services functionality, please see section 4;
finance details such as financial, insurance or credit information, marital status, employment details and history; and
information collected from marketing campaigns, product research, customer surveys, your interactions with us including via social media, via Lexus community platforms such as Lexus Community, or publicly available information that you post or publish or broadcast.
If you do not wish to provide particular information, we may not be able to respond to your query, provide you with our products and services or assess your application for a product or service.
Sensitive information: We will only collect sensitive information about you with your consent (unless we are otherwise allowed or required by law to collect that information). Sensitive information includes information about your health, race, ethnic origin and religious beliefs.
Providing someone else’s personal information: If you provide us with personal information about another person (such as a joint vehicle owner or authorised driver or contact person, or as part of a social media post or in relation to a trade promotion, competition, survey or other interaction with us), you need to tell the other person about this Policy so they are aware that you have provided their information to us and that they can read this Policy to understand how their information will be handled. You must obtain all necessary consent from the other person before supplying their personal information to us (including a parent or legal guardian’s permission for minors).
Information we collect automatically
Whenever you visit or interact with a Lexus Group website or other online platform of ours (“Platforms”), we, as well as any third-party service provider and/or advertiser, may use a variety of technologies that automatically or passively record information about how the Platform is accessed and used (“Usage Information”). Usage Information may include
your IP address or other unique identifier for the device used to access a Platform ("Device Identifier"),
email address, username, or other unique user identifier (“User Identifier”),
aggregated multi-platform information about Google users who have enabled personalised advertising on their Google accounts (Google Signals Data),
"Device” type (computer, mobile phone, tablet or other device),
operation system and/or application version,
date and time of visit, pages viewed, preceding page views and your use of features or applications on the Platform such as interactions with connections or groups.
Usage Information helps us keep our Platforms relevant to users and allows us to tailor content to a user’s interests. Usage Information is generally non-identifying, but if we associate it with you as a specific and identifiable person, we will treat it as personal information.
We may use Device Identifiers and User Identifiers to help us administer Platforms, diagnose problems with our servers, analyse trends, observe Platform usage and activity over time, help identify you and your shopping cart, provide you with access to a personalised view of our Platforms, and gather broad demographic information for aggregate use.
Cookies (data files placed on a Device when it is used to visit a Platform) may be used to associate you with media platforms like Facebook, Google Marketing Platform (GMP), Salesforce and other media, and, if you so choose, enable interaction between your activities on our Platforms and those social media platforms. We or our vendors may place cookies on your Device for security purposes, to facilitate site navigation and personalise your experience while visiting our Platforms (such as allowing us to select which ads or offers are most likely to appeal to you, based on your interests, preferences, location or demographic information).
To learn how you may manage cookies, or delete cookies that have already been installed, please refer to your browser’s help menu or instructions. If you disable or opt out of receiving cookies, some features and functions on our Platforms may not work properly or fully because we may not be able to recognise and associate you with your Lexus account(s). In addition, the offers we provide may not be as relevant to you or tailored to your interests.
4. Connected Vehicle Services
Information we collect about you for Connected Services
If your vehicle is fitted with Connected Services functionality and an owner of the vehicle has not previously opted out of Connected Services, your vehicle will collect and transmit vehicle data for Connected Services via an over the air transmission or by direct connection to your vehicle’s computers.
Connected Services operate by using data collected from you and your vehicle, including your personal information, vehicle information and vehicle location. To confirm if your vehicle is fitted with Connected Services functionality, please refer to your Owners’ Manual or Lexus.com.au/connectivity.
To understand more about Connected Services and how Lexus handles connected vehicle data, please see Lexus.com.au/connectivity.
Connected Services that use personal information
The Connected Services which are currently available, and the ways those Connected Vehicles use your personal information and the vehicle data collected and transmitted by your vehicle, are listed below.
Safety & Security Your connected vehicle’s Safety & Security feature provides emergency assistance (SOS), Automatic Collision Notification (ACN) and stolen vehicle tracking (SVT). Safety & Security services use vehicle location data (your vehicle’s latitude and longitude) to determine where your vehicle needs assistance, your personal information (such as, your name, address, phone number, email address, etc.) to verify your account, and your voice recordings (when you call our Connected Services Response Centre) to provide assistance to you. Unless required or authorised by or under law, or an order of a court or tribunal, personal information collected for the purposes of ACN and SOS and SVT services will not be used for any other purpose than for providing the ACN and SOS / Safety and Security Connected Services.
Lexus Connected App You can choose to subscribe to additional Connected Services by downloading the Lexus Connected application onto your device and registering your vehicle. The Connected Services available via the Lexus Connected application operate by collecting and processing data obtained from you and your vehicle and displaying that data in the Lexus Connected application. The types of data collected via the Lexus Connected application includes your personal information (such as name, email address, phone number) vehicle information (such as VIN, fuel levels and oedometer reading), vehicle location and driving data. To find out more about the Connected Services available via the Lexus Connected application please visit Lexus.com.au/connectivity.
Managing your Connected Services
If you do not opt-out of Connected Services, your personal information and vehicle data will be collected, held, used and disclosed for Connected Services, to provide an integrated OneLexus customer experience and for research, product development and data analysis purposes.
To opt-out of, or opt-back in to, Connected Services (except for Safety & Security Connected Services) please go to the manage my subscription section of the Lexus Connected application.
To opt out of ACN and SOS, contact your local Lexus dealer for further assistance or the Lexus Connected Account Enquiries on 1300 064 789.
To opt out of SVT, please call Lexus Connected Account Enquiries on 1300 064 789.
If these Safety and Security Services have been opted out of and you would like to opt back in, then please contact a Lexus dealer for further assistance or the Lexus Connected Account Enquiries on 1300 064 789.
If you contact the Connected Services Response Centre via the SOS function in your vehicle or Lexus Connected Account Enquiries on 1300 064 789 for the purposes of Safety and Security services or any other reason, your conversation will be recorded to deliver Connected Services to you and for quality assurance and training purposes.
5. How do we collect your information?
We may collect information in a variety of ways, including directly from you, for example:
when you complete a form to order a vehicle, parts or accessories, book your vehicle for servicing, apply for credit or make a general enquiry about our products and services;
when you contact or interact with us whether in person, by email, phone, SMS or other forms of communication, or via our website or social media;
when you use data-collecting devices, products or systems, including Connected Services; or
when you participate in our surveys, competitions, promotions, events, sponsorships or other activities.
We may collect information from organisations within the OneLexus Network, such as:
our authorised Lexus dealers, if you interact with or purchase products or services from that dealer; and
Lexus Insurance, if you make enquiries, purchase and/or renew your insurance with Lexus Insurance.
Sometimes, we may collect your information from third parties such as:
providers of data-collecting devices, products or systems that you use;
your accountant for the purposes of assessing a credit application;
where an individual is an officer of a company that has applied for credit, we may collect information about the officer from public records or from other officers of the company who arranged that company's credit application;
when named as a personal referee by you, we collect that personal referee's personal information from the written credit application form;
another credit provider where you have or had a credit account;
the Credit Reporting Body (“CRB”) where we obtain your credit report;
your insurer or broker;
contractors performing a service or function on our behalf;
marketing agencies and similar lists which are legally acquired by us;
your employer, contractor or another person who makes a vehicle available to you; and
any other parties you refer us to or who refer us to you.
6. What are the purposes for which we collect, hold, use and disclose your information?
The Lexus Group collects, holds, uses and discloses your information, including data collected from Connected Services, for a variety of purposes including:
to provide you with an integrated OneLexus guest experience;
any purpose which we notify you about when we collect your information or to which you have provided your consent;
considering and assessing your application (including eligibility) for a product or service;
determining your eligibility to purchase a vehicle, including whether you are purchasing the vehicle for commercial re-sale
providing a Lexus product or service to you (including via our authorised Lexus dealers, agents and/or contractors where applicable);
providing Connected Services to you if you use a vehicle fitted with enabled Connected Services functionality (refer to your Owners’ Manual or Lexus.com.au/connectivity to confirm if your vehicle is fitted with Connected Services functionality);
providing customer assistance and support such as vehicle service reminders, recalls and assisting with warranty claims;
responding to your enquiries, concerns or complaints;
administering and managing our relationship with you, including by verifying your identity in order to provide a requested service;
informing you about products, services, special offers and/or events from the OneLexus Network. For more on Direct Marketing, see section 7 below;
improving your customer experience and our marketing, including through data analytics, product planning, product development and research;
protecting our interests, including by registering a security interest on the Personal Property Securities Register or checking against sanctions or other reference lists;
complying with our legal obligations, assisting government and enforcement bodies or regulators, or where otherwise required or authorised by or under law, or an order of a court or tribunal;
assessing and considering your application (if applicable) as a prospective job applicant, dealer/franchisee or contractor;
using data in aggregated form to analyse vehicle and/or road safety, environmental and energy issues, advanced technologies and usage; or
where your employer is paying for some or all of the cost for you to use a vehicle, your information is used to provide reporting to your employer regarding your usage of our vehicles, including location, time, dates and any notices or information received in relation to the booking.
We may publish (including by posting on social media) customer testimonials/video testimonials which may contain personally identifiable information. We will obtain the customer’s consent prior to publishing the testimonial along with their name.
7. Direct marketing
The OneLexus Network (or any of the entities which make up the OneLexus Network including their agents and contractors if any acting on their behalf) may send you direct marketing to inform you about products or services, special offers, promotions and events that may be of interest to you. These marketing communications may include joint promotions with Lexus dealers or other promotion partners, and may be sent to you using any contact details provided by you, such as post, phone, email or SMS.
Please note that the organisations comprising the OneLexus Network are separate organisations. If you do not wish to receive marketing communications and surveys from a member of the Network, you can let that organisation know at any time using the contact details in their respective privacy policies or utilising the “unsubscribe” or other opt-out function offered by the organisation in each marketing communication.
If you do not wish to receive any marketing communications from Lexus Australia or Lexus Financial Services, you can let the relevant organisation know using the contact details provided in section 16 “Contacting us” below, or by utilising the “unsubscribe” function in electronic communications from the organisation. In some circumstances we may need to contact you to obtain additional information, verify your identity or to clarify your request, in order to action it.
Your consent to receive direct marketing communications from the OneLexus Network in the above ways will be deemed if you do not opt out when you are offered the opportunity to do so, and will remain current on an ongoing basis unless and until you advise otherwise.
If the law requires us to provide you with information about our products or services (for example, product recalls), we will provide that information even if you have elected not to receive information about our products and services generally.
8. Who do we disclose your information to?
We may share your information, including data from Connected Services, (except SOS and ACN Connected Services) within the OneLexus Network in order to provide an integrated OneLexus guest experience across our Network.
Your vehicle logbook data, and service and repair history (including in relation to warranty and recalls, if applicable) may be made available to subsequent owners (if any) of your vehicle.
We do not disclose any personally identifying information about you to subsequent owners of your vehicle.
the Lexus Group’s related bodies corporate (including our parent company Toyota Motor Corporation in Japan);
Lexus entities overseas such as Toyota Connected Europe and Lexus Motors North America who support the provision of Connected Services in Australia;
suppliers of third party services where you have consented to us sharing your information with them (such as compatible app providers);
other credit providers to assess your application with Lexus Financial Services or manage your credit
a guarantor, if a finance arrangement is guaranteed;
Emergency Service Providers (such as ambulance, police, fire brigade etc) to provide you with emergency assistance as part of the Safety & Security feature of Connected Services (applicable vehicles only);
government and law enforcement agencies, bodies and regulators, or a dispute resolution body of which we are a member (for example, the Financial Ombudsman Service), if we are required to disclose your information to such authorities; or
your employer or former employer, or their representative (for example, to conduct a reference check for potential employment or finance applications).
a person that subsidises or makes a vehicle available to you (for example, your employer, your former employer or principal) including to conduct a reference check for finance applications, or for marketing purposes;
our third party agents or contractors which perform a particular function or service on our behalf;
Examples of our third party agents or contractors include:
finance and insurance product suppliers;
organisations that assist us to conduct promotions or market research;
customer support providers;
information technology service providers;
debt collection agencies; and
accountants, lawyers and other professional advisors.
If you consent, we may also disclose your information to selected third parties to help you obtain discounts or services from those third parties. We will not disclose your information for this purpose without your consent, and you can opt out at any time.
We may also disclose your information to third parties where required or authorised by or under law.
We do not share your personal information with data resellers, social networks, advertising networks, insurance providers unless we have your consent or as otherwise required or authorised by or under law.
9. Credit reporting (applies only if you seek finance from Lexus Financial Services)
In this section, references to “we”, “us” or “our” refer to Lexus Financial Services only, not Lexus Australia. Lexus Financial Services participates in the credit reporting system to make better and more informed decisions about providing credit to our customers. When you apply for credit with Lexus Financial Services, or propose to be a guarantor, we may request a credit report about you from a Credit Reporting Body (CRB). Credit reports contain information about your credit history that will help us assess your credit worthiness and your ability to repay credit.
What credit information and credit eligibility information do we collect and hold?
The credit information we collect and hold includes your identification details, the type of credit you hold, the amount of credit borrowed, the terms and conditions of your credit, when your credit was opened or closed, whether or not you have met your repayment obligations under your loan contract and loan contracts with other credit providers, and information about your credit worthiness. The credit eligibility information we collect and hold includes credit reports obtained from a CRB and our own rating or score which help us to assess your creditworthiness.
What do we do with credit information and credit eligibility information?
We collect, hold, use and disclose credit information and credit eligibility information about you for purposes which include:
confirming your identity;
assessing your consumer or commercial credit or guarantor application;
managing your account and collecting any overdue payments;
helping you avoid defaulting on your loan;
complying with any relevant laws and regulations.
We will use the information obtained from a CRB, and combine it with information we already hold about you, to calculate our own rating or score to help us assess your creditworthiness.
We may also disclose to the CRB if you have not met the payment obligations under your loan contract or if you have committed a serious credit infringement (for example fraud). Some of the information we disclose to a CRB may be included in your credit report and provided to other credit providers to help them assess your creditworthiness.
We may disclose your information to any of the following CRBs:
If you would like to know how these organisations manage your information, you can view their privacy policies on their websites or contact them directly by calling the numbers above.
What are your rights?
You have the right to ask a CRB not to use your information for the purpose of pre-screening or direct marketing by a credit provider. You can ask them not to use or disclose this information for a period of time if you reasonably believe that you have been, or are likely to be, a victim of fraud.
10. Holding and protecting your information
We may hold information about you in digital and paper forms. We take reasonable steps to protect your information from misuse, loss, interference, and from unauthorised access, modification or disclosure. Some of the ways we protect your information include:
external and internal premises security;
utilising secure servers;
restricting access to your information only to personnel who need it to perform their functions;
utilising and maintaining information security applications to prevent unauthorised access or damage to electronically stored information, such as requiring identifiers and passwords, firewalls, encryption and anti-virus software as appropriate;
limiting the functionality of Connected Services to only respond to commands from you, us or any authorised users and only for those features you have not opted out from receiving; and
maintaining physical security over paper records.
11. Data Retention
Unless we are required to retain your information for a longer period as required or authorised by or under law, your information will be retained by us for as long as reasonably necessary to provide and support the products the services you have obtained from Lexus.
12. Disclosing your information overseas
We may disclose your information to organisations located overseas. These include:
our related companies in Japan and elsewhere in the world such as the UK, and USA; or
our service providers that are located or hold data overseas including in the USA, Singapore, India, the UK, Ireland, and Sweden.
In addition to the above, if your vehicle collects and transmits vehicle data for Connected Services, your vehicle data will be disclosed to:
Toyota and Lexus entities and service providers located overseas which support the provision of Connected Services in Australia. These include organisations located in Japan, the UK, Singapore, and USA including Toyota Connected Europe in the UK and Toyota Motors North America in the USA.
Toyota entities located overseas including Toyota Motor Corporation in Japan for research and development purposes, including improving vehicle quality, and conducting vehicle diagnostics.
13. Accessing and correcting your information
You can generally access and request the correction of information we hold about you by contacting us in any of the ways set out at the bottom of this policy. Please note that the organisations comprising the OneLexus Network (that is, each of Lexus Australia, Lexus Financial Services, each Lexus dealer and Lexus Insurance) are separate organisations, and each organisation may hold different information about you (if any).
We may charge an access fee to recover the reasonable costs incurred. This charge is only designed to help us reasonably recover the costs associated with providing you with access and does not apply to the making of the request. Before we act on a request, we will provide an estimate of the access fee and ask you to agree to it.
Access to your information may be refused in a number of circumstances, such as where the information relates to anticipated legal proceedings or if the request for access is frivolous or vexatious. If we deny or restrict your access, we will write to you to let you know why, unless, having regard to the grounds for the refusal, it would be unreasonable for us to do so. You may make a complaint about a refusal to the Office of the Australian Information Commissioner.
We rely on the information that we hold about you to provide our products and services to you, and to perform our business functions. Therefore, it is very important that the information we hold is accurate, complete, up to date and relevant. This means that, from time to time, we may ask you if your information is still accurate and up to date. If you find that any information that we hold about you is incorrect, you should contact us immediately and we will take reasonable steps to correct it.
14. Your Responsibilities
To ensure the information we hold is accurate, complete, up to date and relevant, we require that you:
notify us of the sale or transfer of your Lexus vehicle
notify us if you have purchased or acquired your Lexus vehicle outside of the Lexus Dealer network; and
if your vehicle has an enabled Connected Services functionality, inform passengers and drivers of your connected vehicle that vehicle data is collected and used by us for Connected Services.
If you do not notify us of a sale, purchase, acquisition or transfer of a vehicle, we may continue to send communications in relation to that vehicle to the last known registered owner in our records.
15. Resolving concerns
If you believe that your privacy has been compromised, or if you feel that we have breached the privacy laws, you are entitled to make a complaint. Complaints can be made by contacting the person or department you were dealing with, or by contacting us using our contact details set out at the bottom of this policy.
We endeavour to respond to you within 24 hours to acknowledge the complaint and explain how we will investigate it. This may include consulting with the CRB or other credit providers if the complaint relates to your credit information. We will try to resolve your complaint within 20 working days and write to you to explain the reasons for our decision. When this is not possible, we will contact you and let you know how long it will take for us to resolve your complaint.
If your complaint is not satisfactorily resolved, you can contact us to discuss your concerns or lodge a complaint with Office of the Australian Information Commissioner by visiting oaic.gov.au, calling 1300 363 992 or emailing [email protected]. If your complaint relates to your finance with us you may access the Australian Financial Complaints Authority at afca.org.au or by calling 1800 931 678.
16. Contacting us
If your enquiry relates to Lexus Australia (Lexus vehicles, parts, accessories, roadside assistance), you can contact Lexus Australia by:
Post: Lexus Financial Services PO Box 7212 Melbourne VIC 3004
You can contact us without identifying yourself or by using a pseudonym. However, if you do not identify yourself or provide your contact details, we may not be able to respond to your query.
If you contact us on behalf of another person, we will require evidence of your authority to act on behalf of that other person.
Lexus of Brisbane, a division of Sci-Fleet Motors Pty Ltd ACN 057 783 749 (Company, we or us) are aware of the importance of protecting the privacy of individuals who come in contact with us.
We are committed to ensuring the privacy of the personal information we collect in the course of our business. We believe that respect for your privacy forms part of the ongoing trust we wish to develop with you.
We are bound by the 13 Australian Privacy Principles contained in the Privacy Act 1988 (Cth). The Australian Privacy Principles set out the way in which organisations can collect, use, keep secure and disclose personal, including sensitive, information. The Privacy Act also generally gives individuals the right to know what personal information an organisation holds about them and the right to correct that information if it is wrong. Further information on the Australian Privacy law is available from the Office of the Australian Information Commissioner (www.oaic.gov.au).
'Personal information' is information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
What kinds of personal information do we collect and hold?
The personal information we may collect and hold varies and is dependent on the nature of our dealings with you. The kinds of personal information can include but is not limited to:
address (and previous address if relevant)
driver's licence number and expiry date
number of dependants
information about your use of Sci-Fleet's products or services
financial information (including assets, liabilities, income and expenditure)
credit card details
motor vehicle details (including make, model, registration number, VIN, colour, options and accessories provided, trade in details, price paid, odometer readings, vehicle location, vehicle speed, vehicle diagnostic data, finance and insurance details, roadside assistance services and extended warranty details)
motor vehicle service history
photographic or video surveillance footage and biometric information
The above information is collected and recorded about individuals who interact with us such as:
our customers, potential customers and their representatives
our suppliers and their representatives
contractors and their representatives providing goods and services to us
our employees past and present, including applicants, and
any other person who comes into contact with us.
In most cases, if we do not collect the information we require, then we may be unable to undertake certain activities, such as providing you, or the organisation with which you are connected, with the requested information, goods and/or services.
How do we collect personal information?
Generally, when providing goods and services to our customers or obtaining goods and services from our suppliers or contractors, we collect personal information directly from the individuals where reasonable and practical. We may collect personal information directly from you when you:
provide information to us in any way (including by in person, by facsimile, by email, completing a form, disclosing information over the phone (which may be recorded) by providing us a business card or through the forms on our website
visit premises from which we operate
acquire goods from us or use our services
request information about us, our products or our services
take a car for a test drive or use one of our hire or loan cars
enter a competition, or
where we are required or authorised by law to do so.
We may also collect information about you from other sources such as:
nominated representatives (e.g. spouse, accountant, power of attorney, brokers and other professional advisors)
forms you have completed on carsales.com.au or drive.com.au
Toyota Australia and its authorised dealers
valuers of vehicles
vehicle registries and other government authorities (including police, local councils or insurers if, for example, a test drive vehicle is in an accident or receives a fine)
other credit providers
third party suppliers who we have arranged to provide products or services to you
credit reporting bodies
publicly available sources of information
referees whose details you have provided to us
our related companies, and
lawyers, agents, investigators and insurers.
We will only collect your personal information from third parties if it is unreasonable or impractical to collect the necessary information directly from you or if we are otherwise permitted to do so.
If you have purchased a vehicle with Lexus Enform services and chosen to activate it, information such as your compatible smartphone's GPS location at a particular time may be collected. Personal information you provide in connection with Enform will be used for the purposes of supplying you with the Enform Services. Please refer to the Lexus Enform Services Terms and Conditions for further details - www.lexus.com.au/smallprint/Enform
How do we handle sensitive information?
The Privacy Act describes 'sensitive information' as information relating to a person's racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual orientation, criminal record, and health information about an individual.
Occasionally, it may be necessary for us to collect sensitive information about you. If you or third parties provide us with sensitive information, we will as a matter of policy only use and disclose the information for the purpose for which it was provided or another directly related purpose, unless you agree otherwise, or where required by law.
Where practical and reasonable, we will only collect sensitive information with your consent.
Why do we collect personal information?
We are committed to providing quality customer service to our clients and to operate our business within statutory requirements and comply with our legal obligations.
We collect and hold personal information in order to operate our business efficiently as well as to provide and market products and/or services for the benefit of our customers.
We collect, hold and use your personal information:
to identify you, conduct appropriate checks and communicate with you
to enable the Company to understand your requirements and provide requested goods and services (including new and used vehicles, parts, accessories and any applicable warranties)
to consider, process and record the purchase of trade-in vehicles
to assess any request you make for the supply of goods and services by establishing your financial position and credit status (if relevant)
to assist you to apply for credit or insurance and deal with insurance and finance issues
confirm that you are properly licensed for the purposes of taking a test drive or using one of our hire vehicles
process payment for goods and services (including assisting in applications for credit where relevant)
to coordinate delivery of vehicles
to carry out vehicle repairs and servicing, supply parts and accessories, supply products such as lubricants and automotive fluids and maintain any applicable warranties
to arrange for goods and services to be supplied to you by third parties where appropriate (for example, aftermarket parts suppliers, extended warranty and roadside assistance services and financial and insurance products in respect of vehicles purchased from us; or panel beating services or windscreen replacement in respect of cars we are repairing)
to collect debts
to manage, train and develop our employees and representatives
to set up, administer and manage our products and services
to conduct competitions
to administer warranty claims
to maintain records for accounting and administration purposes
to administer safety-related product recalls
to analyse customer needs and develop customer strategies
to help the Company to manage and enhance the goods and services it purchases from its suppliers
to develop and inform you about the goods and services that the Company considers may be of interest, unless you advises us not to do so
to protect you and the Company from fraud
to assess whether to provide commercial credit to you or accept you as a guarantor of commercial credit provided by us • for business support purposes including maintenance, backup and audit
to comply with the Company's statutory and legal obligations, and
to respond to any queries or complaints you may have.
When do we disclose your personal information?
We may disclose your personal information to our related entities, to other parties where it is necessary to enable us to provide a product or service, to other third parties or where otherwise permitted by law. We may disclose your personal information to such entities for the purposes set out above.
We may disclose your personal information to:
other companies related to us
nominated representatives and credit reporting bodies
other credit providers
Toyota Motor Corporation Ltd and its contractors and agents
finance, insurance, extended warranty and roadside assistance providers and aftermarket parts suppliers
other companies or individuals who assist the Company in providing products and services to the Company
professional service providers and advisors who perform functions on the Company's behalf, such as lawyers
Government, regulatory authorities and other organisations as required or authorised by law (such as the Police).
providers of outsourced vehicle repair and maintenance services (such as panel beaters and windscreen repairers)
vehicle and securities registries
government authorities, police, local council authorities or our insurers (for example, if a test drive or hire/loan vehicle is involved in any parking or traffic infringements or is damaged whilst in your possession)
financial institutions for payment processing
referees or guarantors whose details you have provided to us.
To manage and provide cost effective services, we may outsource various tasks to contracted service providers, including:
website designers and information technology service providers
marketing and communications agencies
call centres and call training centres
mailing houses, freight and courier services
printers and distributors of direct marketing material
external business advisors (such as auditors, lawyers and debt collectors)
In the case of contracted service providers, we may disclose personal information to the contracted service provider and the contracted service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
Organisations providing professional services to us are required to keep those dealings and personal information provided by us as confidential unless required to disclose such information by statute or law.
We may disclose your personal information to our third party services providers, including the Toyota Motor Corporation, for them to help us provide services to you. Our third party service providers may store or access your personal information overseas, including in the, USA, United Kingdom, Japan and Sweden.
Job applicants and employees
The Privacy Act provides an exemption for employee records. That is information about an individual if that information directly relates to the act or practice of a current or former employment relationship between the employer and the individual. That exemption may apply in relation to the information held by us about our employees.
Any personal information provided to the Company in connection with job applications may be used to consider the applicant for current and future employment and may be disclosed to our third party advisors to assist us in the selection and recruitment process.
How long do we keep personal information?
We will take reasonable steps to destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Privacy Act.
Use of Commonwealth government identifiers
We will not use Commonwealth government identifiers (such as driver's licence numbers) as our own identifier of individuals. We will only use or disclose Identifiers in the circumstances permitted by the Privacy Act.
Marketing and Customer Satisfaction Surveys
From time to time, we may survey our customers on a range of issues, including new vehicle satisfaction and the quality of our service. These surveys help us to improve our products and services and tailor the way that we do business with you.
We may also use your personal information to send you service reminders and information about our products and services, including special offers.
You consent to us using your personal information for contacting you to conduct surveys and sending you information, including promotional material, about us or our products and services, as well as the products and services of our related entities and third parties, now and in the future. You also consent to us sending you such information by means of mail, email, SMS, telephone calls and facsimile. You can contact us using the contact details specified in Enquiries below if you do not want to be contacted for surveys and/or receive marketing information from us. If you opt out you will still receive safety related messages from us.
We will not send you any commercial electronic messages such as SMS or email unless this is permitted by the Spam Act (for example, if we have your express or inferred consent to do so). Any commercial electronic message that we send will identify us as the sender and will include our contact details. If you do not wish to receive commercial electronic messages from us, please let us know (see Enquiries below)).
We will not call you on a number listed on the Do Not Call Register if this is prohibited under the Do Not Call Register Act and related instruments (for example, if we do not have your express or inferred consent to do so). If you do not wish us to call you on a particular number, please let us know (see Enquiries below).
Ensuring personal information is up-to-date
We rely on the personal information we hold in conducting our business. We take reasonable steps to ensure that the personal information we hold is accurate, complete and up-to-date. You can help by letting us know about any changes to your personal information, such as your address and phone number.
How do we manage data security?
We hold personal information in paper form, on computer systems, in audio recordings and on video (e.g. security surveillance).
We take reasonable steps to protect the security of your personal information by ensuring it is protected from misuse, loss, interference and from unauthorised access, modification or disclosure. We maintain strict standards and security procedures to prevent unauthorised access to information about you whether it is in an electronic or paper format, and to ensure the correct use of this information.
Steps taken to protect personal information include:
external and internal premises security
restricted access to staff who need the personal information to perform their day to day functions
conducting training to ensure that staff are aware that they must only access, use and disclose personal information for appropriate purposes
maintaining technology products to prevent unauthorised computer access, including identifiers and passwords, security software, and firewalls.
You can access and seek correction of your personal information
You are generally entitled to access the personal information that we hold about you (in a manner you request, if this is reasonable and practicable). You can contact us using the details below (see Enquiries).
If we cannot provide access to your information, we will generally provide you with the reasons why and the mechanisms available to complain about that refusal. Depending on the nature of the request, we may charge for providing access to this information, however such charge will not be excessive.
If the information we hold about you is inaccurate, incomplete or not up to date you may request that we correct the information by contacting us.
If the personal information we hold about you is not accurate, complete and up to date, we will take reasonable steps to correct the information so that it is accurate, complete and up to date. If we cannot take reasonable steps to correct the information because such correction is not technically possible or would be impracticable for us to perform, we may be unable to continue to provide services to you. In these cases, we will provide reasons for denial of your correction request.
If we refuse to correct your personal information you have the right to associate with the information a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading. We will take such steps that are reasonable in the circumstances to associate that statement with all records containing the relevant information.
It would assist us to ensure we properly understand your request, and allow us to respond more promptly, if requests are made in writing and include as much detail as possible.
How to make a complaint and how do we deal with complaints?
It would assist us to respond to your complaint promptly if it is made in writing. Please include as much information as possible in relation to your complaint and to those parties involved in the alleged breach.
If you feel that we have not satisfactorily addressed your complaint, you may also make a complaint to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au or by writing to GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601.