In handling your personal information, Eclipx Group will comply with the Australian Privacy Act 1988, including the 13 Australian Privacy Principles), and/or the New Zealand Privacy Act 1993 (as applicable), and all other relevant laws, regulations and codes relating to privacy and personal information (‘Privacy Law’).
What kind of personal information do we collect?
Personal information is information or an opinion about an identified, or reasonably identifiable, individual.
The kinds of personal information Eclipx Group collects and holds varies according to the specific product or service being provided and may include, but is not limited to, your:
In some circumstances, Eclipx Group may collect sensitive information about you, for example in relation to insurance claims. Sensitive information is a type of personal information and includes health information and information about racial or ethnic origin, political opinions, membership of a trade union or political association, religious beliefs or affiliations, philosophical beliefs, sexual preferences and criminal record. We will only collect sensitive information about you where we are permitted to do so by law.
How do we collect your personal information?
Where practicable we aim to collect your personal information directly from you. The circumstances in which we may do so will vary depending on the context in which we are dealing with you (for example, if you are a customer, according to the specific product or service we are providing) but can include, for example, when you are:
Generally, Eclipx Group will only collect your personal information from sources other than you if:
How we use your personal information
We collect, hold, use and disclose your personal information where it is reasonably necessary for the purposes of providing our products and services, for our other business purposes and for any necessary related purposes. These purposes include, but are not limited to:
Where personal information is used and disclosed, we take steps reasonable in the circumstances to ensure the personal information is relevant to the purposes for which it is to be used and disclosed. You are under no obligation to provide your personal information to us. However, without certain information from you, we may not be able to provide our services to you or any other relevant customer.
Disclosures of your personal information
We may disclose your personal information for purposes such as those listed above and we will always do so consistently with our privacy obligations.
Third parties to whom we may disclose your personal information include:
When you apply for, or we provide, vehicle leasing arrangements, we may access credit-related personal information about you through the credit reporting system.
We comply with all Privacy Law that applies to the collection, use and disclosure of credit information, including the Australian Credit Reporting Privacy Code and the New Zealand Credit Reporting Privacy Code 2004 (as applicable) in our handling of your credit-related personal information.
Credit-related personal information is a type of personal information which includes information:
Credit-related personal information that we may collect and hold includes:
We collect your credit-related personal information through your dealings with us or from those acting on your behalf. We may also obtain credit-related personal information from CRBs, who may include this information in reports provided to credit providers to assist them to assess your credit worthiness.
We collect, hold, use and disclose your credit-related personal information as reasonably necessary for our business purposes and as permitted by law, including:
We may disclose your credit-related personal information to:
We may disclose to Equifax, Dun & Bradstreet, or any other CRB, any failure by you to meet your payment obligations in relation to consumer credit and the fact that you have committed fraud or other serious credit infringement. Equifax and Dun & Bradstreet may include information which we provide in reports to other credit providers to assist them to assess your creditworthiness. These CRBs’ policies about the management of credit-related personal information may be obtained by contacting them on the below details:
Dun & Bradstreet
PO Box 964
PO Box 7405, St Kilda Road
13 23 33
Private Bag 92156
0800 692 733
PO Box 9589
0800 362 222
In Australia, you can ask a CRB not to use or disclose your credit-related personal information for a period of 21 days without your consent if you believe on reasonable grounds that you are, or are likely to be, a victim of fraud, including identity fraud.
In New Zealand, you can ask a CRB not to use or disclose your credit-related personal information for a period of 10 working days without your consent if you believe on reasonable grounds that you are, or are likely to be, a victim of fraud, including identity fraud.
CRBs may use credit-related personal information they hold to respond to requests from us or other credit providers to “pre-screen” you for direct marketing. You can ask a CRB not to do this.
We may disclose your personal information (including, where relevant, your credit-related personal information) to overseas recipients in order to provide our services and products and for administrative, data storage or other business management purposes. It is not practicable to list all of the countries to which your information may be transmitted from time to time, but we transfer information between Australia and New Zealand, and it is likely that other such countries will include the United States of America, the United Kingdom, the Philippines, Japan, Singapore and Hong Kong.
Before disclosing any personal information to an overseas recipient, we take steps reasonable in the circumstances to ensure the overseas recipient complies with relevant Privacy Laws or is bound by a substantially similar privacy scheme to that which is in place in New Zealand and Australia, unless you specifically consent to the overseas disclosure taking place without such steps being taken, or the disclosure is otherwise required or permitted by law.
We may use and disclose your personal information (including by sharing it between members of Eclipx Group) in order to inform you of products and services that may be of interest to you.
In the event that you do not wish to receive such communications, you can opt out by following the instructions for doing so in the communications we send to you.
Security of your personal information
We may hold your personal information (including your credit-related personal information) in physical form or in electronic form on our systems or the systems of our service providers.
We take steps reasonable in the circumstances to ensure that the personal information we hold is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. We hold personal information in both hard copy and electronic forms in secure databases on secure premises, accessible only by authorised staff, and follow procedural safeguards that meet or exceed relevant Privacy Law.
We require third parties handling personal information on our behalf to follow equally compliant standards of security and confidentiality.
We will destroy or de-identify personal information in circumstances where it is no longer required, unless we are otherwise required or authorised by law to retain the information.
Access and correction to the personal information that we hold about you
We take steps reasonable in the circumstances to ensure that personal information we hold is accurate, up-to-date, complete, relevant and not misleading.
You have a right to access and seek correction of your personal information (including your credit-related personal information) that is collected and held by us. This is subject to some exceptions specified in the Privacy Act 1988 (Cth) (Australia), and the Privacy Act 1993 (New Zealand).
If at any time you would like to access or amend the personal information we hold about you, or you would like more information on our approach to privacy, please contact our Privacy Officer in accordance with the contact details set out below.
We will grant access to personal information to the extent required by applicable Privacy Law and will take reasonable steps to amend personal information where necessary and appropriate.
To obtain access to your personal information:
If we refuse your request to access or correct your personal information, we will provide you with written reasons for the refusal and details of the ways in which you can make a complaint. We will also take steps reasonable in the circumstances to provide you with access to your personal information in a manner that meets yours and our needs.
If you are dissatisfied with a refusal of a request to access or correct your credit information, you may make a complaint to the Australian Information Commissioner / New Zealand Privacy Commissioner or to an applicable external dispute resolution scheme if the Eclipx Group entity you are dealing with is a member (we will provide details of any such scheme in our response to such a request for access or correction).
In the event that we correct your personal information previously disclosed to another entity and you request that other entity to be notified of the correction, we will take reasonable steps in the circumstances to do so unless impracticable or unlawful.
Complaints and Disputes
If you wish to complain about the way in which we collect or handle your personal information, including your credit-related personal information, or if you believe we have breached any Privacy Law, you can contact our Privacy Officer using the details below.
Following a complaint, our Privacy Officer will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. At all times, privacy complaints:
In the event you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Australian Information Commissioner / New Zealand Privacy Commissioner or an applicable external dispute resolution scheme if relevant to the complaint and the Eclipx Group entity you are dealing with is a member (we will provide details of any such scheme in our response to such a request for access or correction).
How to contact us
Please direct all privacy queries and complaints to our Privacy Officer at:
Mail: Privacy Officer
1 O’Connell Street
Sydney NSW 2000
Updated: 31st Oct 2017