Privacy Policy

1. Introduction

1.1 About this policy

This Privacy Policy (“this policy”) is the official privacy policy of AUTOREFER PTY LTD ABN 19 658 063 702 and any of its wholly owned subsidiaries (hereafter collectively referred to as “Autorefer” or “we”, “us”, or “our”) and it applies to all personal information about individuals collected by Autorefer.

1.2 Relationship with Privacy Act

(a)  This policy is intended to comply with the Privacy Act 1988 (Cth) (the “Act”) to ensure Autorefer’ compliance with its obligations under the Act, including the Australian Privacy Principles (the “APPs”), if applicable to Autorefer.  This policy is not otherwise an ‘opt-in’ under section 6EA of the Act.

(b)  For the purpose of interpretation of this policy any terms in this policy defined in the Act have the same meaning as defined in the Act.

(c) To the extent that Autorefer may from time to time be the subject of privacy laws of nations other than Australia, this policy extends to information collected by Autorefer from overseas entities but does not limit Autorefer’ obligations under any other laws.

1.3 What this policy provides

(a) In this policy we explain how and why we collect personal information about individuals, how we use such information within Autorefer, and what controls individuals have over our collection and use of information about them.

(b) This policy is relevant to individuals who are current and former customers, as well as other individuals that Autorefer deals with in connection with the goods and services we provide or information we collect from customers and other persons.

(c) This policy includes information collected via the Autorefer online platform service available at [URL] (the “Autorefer Service”).

1.4 Our commitment

Autorefer is committed to complying with laws that deal with how businesses may collect, hold and use personal information about individuals and to protecting and safeguarding the privacy of individuals when they deal with us, including the Act and the APPs if applicable.

2. Collection Of Information

2.1 Type of information collected

(a)  Some information provided to us by clients, customers and other parties might be considered private or personal. However, without such information we would not be able to carry on our business activities and provide our services. We will only collect such personal information if it is necessary for one of our functions or activities. 

(b)  The kinds of personal information that Autorefer may collect and hold in respect of individuals may include:

  • (i)  names;
  • (ii)  contact details and identification information;
  • (iii) financial information, including information about transactions and trading history with Autorefer; and
  • (iv) information about credit history.

2.2 Situations where information is collected

Personal information may be collected in the following situations by Autorefer:

(a) if an individual contacts Autorefer, we may keep a record of that communication or correspondence;
(b) if an individual submits an application or curriculum vitae or another form required to be completed by an individual to enable and/or facilitate services and or/employment to be provided by Autorefer;
(c) when applying for and/or establishing and/or accessing an account with us or ordering products or services from us, including in the use of our Autorefer Service;
(d) when conducting certain types of transactions such as cheque or credit card purchases or refunds;
(e) when an individual submits their contact details to be included on our mailing lists;
(f) when an order is placed with us to purchase goods we may require individuals to provide us with contact information including name, address, telephone number or email address and financial information (such as credit card details) for the purposes of processing and fulfilling such an order; and
(g) when CCTV footage is recorded at any of our premises.

2.3 Manner of collection

(a) At or before the time the personal information about an individual is collected by us, we will take reasonable steps to ensure that the individual is made aware of who we are, the fact that the individual is able to gain access to the information held about the individual, the purpose of the collection, the type(s) of organisations to which we may usually disclose the information collected about the individual, any laws requiring the collection of the information and the main consequences if all or part of the information is not collected.
(b) We usually collect personal information about individuals directly from the individual. However, sometimes we may need to collect personal information about individuals from third parties for the purposes described below in this policy. The circumstances in which we may need to do this include, for example, where we need information from a third party to assist us to process an application or an order (such as to verify information an individual has provided or to assess the individual’s circumstances) or to assist us to locate or communicate with the individual.

2.4 How information may be held

(a) Autorefer may hold personal information about an individual in physical form or in electronic form on our systems or the systems of Autorefer’IT service providers.
(b) The personal information that Autorefer holds about individuals is protected by physical, electronic, and procedural safeguards and Autorefer also requires its service providers that hold and process such information on Autorefer’ behalf to follow appropriate standards of security and confidentiality. Any personalinformation we collect from an individual or about an individual is kept securely and held on secure servers in controlled facilities.
(c) Autorefer trains its staff and others who work for it on how to handle personal information appropriately and Autorefer restricts access to what is necessary for specific job functions.

2.5 Period of retention of information

(a) Autorefer may retain personal information collected or provided to us including:

  • (i) telephone recordings of calls to our hotlines and contact numbers;
  • (ii) CCTV security footage from our business premises; and
  • (iii) client files including individuals’ personal information, contact information, and financial and transactional information whether stored in our Autorefer Service or collected separately by us;
    to enable us to verify transactions and customer details and to retain adequate records for legal and accounting purposes.

(b) Autorefer will retain personal information collected for such minimum or maximum periods as it is required by law depending on the type of information collected. But for any minimum or maximum periods of retention required by law, we will safely destroy personal information once it is no longer required.

3. Use and Disclosure of Personal Information

3.1 Purposes of collection

(a) Autorefer may, as permitted by law, use or disclose personal information held about an individual as permitted by law and for the business purposes for which it is collected (e.g. provision of our services, including administration of our services, notifications about changes to our services, record-keeping following termination of our services and technical maintenance), that is, to carry on our business activities and provide services to our customers.
(b) We may also use such information about individuals for a purpose related to the primary purpose of collection and where the individual would reasonably expect that we would use the information in such a way. This information is only disclosed to persons outside our business in the circumstances set out in this policy or as otherwise notified at the time of collection of the information.
(c) Autorefer’ business purposes for which personal information is collected, used and disclosed may include:

  • (i) processing an application or product order or service request including any transactions occurring on our Autorefer Service and including verifying a person’s identity for these purposes;
  • (ii) managing our products and services or other relationships and arrangements, including processing receipts, payments and invoices;
  • (iii) assessing and monitoring credit worthiness;
  • (iv) detecting and preventing fraud and other risks to us and our customers;
  • (v) responding to inquiries about applications, accounts or other products, services or arrangements;
  • (vi) understanding our customers’ needs and developing and offering products and services to meet those needs;
  • (vii) researching and developing our products and services and maintaining and developing our systems and infrastructure (including undertaking testing);
  • (viii) ensuring workplace health and safety and productivity of employees at Autorefer’ workplace premises;
  • (ix) dealing with complaints;
  • (x) meeting legal and regulatory requirements, for example various Australian laws may expressly require us to collect/and or disclose personal information about individuals, or we may need to do so in order to be able to comply with other obligations under those laws; and
  • (xi) enforcing our rights, including undertaking debt collection activities and legal proceedings.

3.2 Additional disclosure situations

In addition to the above, we are permitted to use or disclose personal information held about individuals:

  • (a) Where the individual has consented to the use or disclosure;
  • (b) Where we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious, immediate threat to someone’s health or safety or the public’s health or safety;
  • (c) Where we reasonably suspect that unlawful activity has been, is being or may be engaged in and the use or disclosure is a necessary part of our investigation or in reporting the matter to the relevant authorities;
  • (d) Where such use or disclosure is required under or authorised by law (for example, to comply with a subpoena, a warrant or other order of a court or legal process);
  • (e) Where we reasonably believe that the use or disclosure is necessary for prevention, investigation, prosecution and punishment of crimes or wrongdoings or the preparation for and conduct of proceedings before any court or tribunal or the implementation of the orders of a court or tribunal by or on behalf of an enforcement body; and
  • (f) Where a customer (being the individual or related to the individual) has requested a service to be provided by us and we are required to disclose the information to a third party in order to facilitate the provision of the service. In most, if not all cases, any such disclosure will be with the consent of the individual.

3.3 Third parties to whom information may be disclosed

Third parties to whom we may disclose personal information about individuals in accordance with Autorefer’ business purposes set out above may include:

(a) Autorefer’ legal advisors;
(b) Autorefer’ IT service providers;
(c) regulatory bodies in Australia;
(d) Autorefer’ financial advisors;
(e) participants in financial and payment systems, such as banks, credit providers, and credit card associations;
(f) guarantors and security providers associated with individuals;
(g) debt collectors;
(h) cloud information storage providers; and
(i) other trade suppliers;

3.4 Autorefer service transfer of information

Our Autorefer Service permits the transfer of information between transacting parties on the Autorefer Service platform.  Information will necessarily be exchanged as part of the Autorefer Service referral process and other functions of the platform.  Such information exchanges include customer data belonging to broker parties being shared with participating asset dealers to whom a referral is made by the subject broker. 

3.5 Use of personal information by third parties

Autorefer, subject to having complied with its obligations under this Policy, makes no warranty in relation to and will not be liable for any misuse or loss of personal information by third parties to whom Autorefer is authorised to provide personal information under this Policy including any transacting parties that acquire personal information through the use of the Autorefer Service.

4. Direct Marketing

4.1 We may carry out direct marketing

As part of Autorefer’ functions and business activities and to promote the services we can provide to our customers, Autorefer may be permitted to use personal information about individuals that individuals have provided to Autorefer for the purposes of direct marketing.  Direct marketing includes, but is not limited to, sending information to and/or contacting individuals in relation to promotions relating to Autorefer.

4.2 Opting out of direct marketing

(a) All recipients, including individuals, can opt out of receiving direct marketing communications by sending an email to Autorefer’ Privacy Officer, at the email address shown in the ‘Contacting us’ section of this Policy.
(b) In any direct marketing communication we remind recipients of their right to opt out of receiving direct marketing communications.

4.3 Third party marketing

Autorefer does not engage in the practice of selling client information for marketing purposes, but does not warrant that third parties who receive personal information of its clients will not undertake marketing activities with that information. If you experience harassment or spamming from a third party that we have engaged with, please let us know, and we will endeavour to take such action as is reasonably possible for us to take.

5. Anonymity and Pseudonymity

Individuals would generally have the option of dealing with Autorefer anonymously. However, this only applies where it is not impracticable for usto deal with individuals acting anonymously or under a pseudonym. For example, individuals making general enquiries of Autorefer may do so anonymously or under a pseudonym. However, if the dealing with usis for usto supply goods and services and/or to enter into contractual relations (such as a commercial credit account) with a customer that is the individual or is associated with the individual, then it is impractical for such individuals to deal with us on an anonymous basis or under a pseudonym.

6. Website and Links

6.1 Autorefer’ websites

Autorefer advertises and carries on business through a number of websites pertaining to Autorefer, including the website hosting the Autorefer Service.

6.2 Website terms and conditions

(a) Each website of Autorefer collects personal information pursuant to this policy except as otherwise stated on the website.
(b) A website may display additional terms and conditions for access and use of the website which apply in addition to this policy.

6.3 Cookies

(a) Autorefer collects information from its websites using IP files or “cookies”. When a user visits Autorefer’ websites to read, browse or download information, our system will record/log the user’s IP address (the address which identifies the user’s computer on the internet and which is automatically recognised by our web server), date and time of the visit to our website, the pages viewed and any information downloaded.
(b) Cookie information collected will only be used for the purpose of site analysis and to help us offer improved online services. We may automatically collect non-personal information about users such as the type of Internet browsers used or the website from which the user linked to our websites. Individuals cannot be identified from this information and it is only used to assist us in providing an effective service on our websites.
(c) You can stop your browser receiving or accepting cookies at any time, however the use of cookies is necessary for certain functions on our websites to work properly and therefore we cannot assure you that you will be able to access and enjoy all functions of our website.

6.4 Third party links

Our websites may contain links to other websites and those third party websites may collect personal information about individuals. We are not responsible for the privacy practices of other businesses or the content of websites that are linked to our websites. Autorefer encourage users to be aware when they leave our website and to read the privacy statements of each and every website they frequent.

7. Security and Storage of Information

7.1 Our commitment

Autorefer places a great importance on the security of all information associated with our clients and others who deal with us. We have security measures in place to reasonably protect against the loss, misuse, unauthorised access and alteration of personal information and other data under our control.

7.2 Security and storage methods

(a) All personal information and other data held is kept securely and that which is held electronically is held on secure servers in controlled facilities.
(b) Information stored within Autorefer’ computer systems or by our agents who provide electronic storage facilities can only be accessed by those entrusted with authority and computer network password sanctions.
(c) Autorefer consults with IT service providers to implement reasonable levels of firewall, malware detection and data security procedures.

7.3 Electronic transmissions

No data transmission over the internet can be guaranteed to be absolutely secure. As a result, whilst we strive to protect users’ personal information, Autorefer cannot ensure or warrant the security of any information transmitted to it or from its online products or services (including the Autorefer Service) and users do so at their own risk. Once Autorefer receives a transmission, we make every effort to ensure the security of such transmission on our systems.

7.4 Banking information and payment requests

(a) We will never email you or telephone you requesting your credit card or bank account details except in connection with a purchase that you are making by email or telephone.
(b) In all cases, we recommend that if you receive a communication purported to be from us requesting payment or banking information, we recommend that you separately contact us via our publicly available telephone contact details to verify the authenticity of the request.

7.5 Data breach and response

Autorefer is aware of its obligations as to data breach, and complies with the mandatory notification requirements of Part IIIC of the Act.

8. Transfer of Information Overseas

8.1 Use of cloud services

Autorefer may utilise local and overseas cloud services for the purpose of storing information. Your credit information may be disclosed to Autorefer’ cloud service provider for that purpose. While Autorefer’cloud service providers are located in Australia, the country location of our cloud service providers may periodically change.

8.2 Other disclosures

Except as provided above or in connection with the use of cloud services, Autorefer are unlikely to disclose personal information of an individual to overseas recipients. Personal information will only be disclosed by Autorefer to overseas recipients in accordance with Australian Privacy Principle 8, such as if the disclosure is required by Australian law.

9. Access To And Correction Of Personal Information

9.1 Our commitment

Autorefer is committed to and takes all reasonable steps in respect of maintaining accurate, timely, relevant, complete and appropriate information about our customers, clients and website users.

9.2 Access to information

(a) Any individual may request access to personal information about them held by Autorefer. Such a request for access to personal information is to be made to Autorefer’ Privacy Officer, whose details are set out below.
(b) Autorefer will respond to any requests for access or correction within a reasonable time of receipt of the request, but by no later than 30 days of the request being received.
(c) Please note that Autorefer do requires that, as part of any request by an individual for access to personal information, the individual verify their identity so that Autorefer may be satisfied that the request for access is being made by the individual concerned.
(d) Please note that Autorefer is not required to give an individual access to personal information in circumstances where:

(i) we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
(ii) giving access would have an unreasonable impact on the privacy of other individuals; or
(iii) the request for access is frivolous or vexatious; or
(iv) the information relates to existing or anticipated legal proceedings between Autorefer and the individual, and would not be accessible by the process of discovery in those proceedings; or
(v) giving access would reveal the intentions of Autorefer in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
(vi) giving access would be unlawful; or
(vii) denying access is required or authorised by or under an Australian law or a court/ tribunal order; or
(viii) both of the following apply:
(A) Autorefer has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to Autorefer’ functions or activities has been, is being or may be engaged in;
(B) giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
(ix) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
(x) giving access would reveal evaluative information generated within Autorefer in connection with a commercially sensitive decision-making process.
(e) If we refuse to provide an individual with access to their personal information or to correct the personal information held by us about them, then we will provide reasons for such refusal. Such reasons will set out the grounds for refusal, the mechanisms available to complain about the refusal and any other matters that are required by the Act.

9.3 Correction of Information

(a) Inaccurate information will be corrected upon receiving advice to this effect. To ensure confidentiality, details of an individual’s personal information will only be passed on to the individual if we are satisfied that the information relates to the individual.
(b) From time to time, and having regard to the purpose of the collection and use of personal information about individuals, we may contact individuals to seek confirmation that the personal information provided to us by the individual is accurate, up-to-date and complete.

10. Complaints

10.1 Making a complaint

If an individual has a complaint about this policy or Autorefer’ collection, use or safe disposal or destruction of personal information about the individual, any complaint should be directed in the first instance to Autorefer’ Privacy Officer at the contact details set out in the ‘Contacting us’ section of this policy.

10.2 Investigation and Resolution Procedure

(a) Upon receiving a complaint we will, within 7 days, give the complainant written notice acknowledging receipt of the complaint and setting out the process of how we will deal with it.
(b) Unless a longer time is agreed by the complainant, we will investigate the complaint and make a decision within 30 days of receipt of the complaint and communicate the decision to the complainant.
(c) We aim to resolve all complaints within 30 days of receipt. If we cannot resolve a complaint within 30 days we will notify the complainant of the reasons and specify a date when we expect a decision or resolution will be made and seek the complainant’s agreement to extend the 30 period – if the complainant does not agree then we may not be able to resolve the complaint.
(d) It may be necessary (and it may be required by the Act), in order to deal with a complaint, to consult with a third party. Further, if, while a complaint remains unresolved, we are disclosing information subject to the complaint to a third party, we may be required to advise the third party about the complaint.
(e) If we find a complaint is justified we will resolve it and do what is required to rectify any breach.
(f) If a complainant is not satisfied with the outcome of Autorefer’ internal complaints procedure in respect of Autorefer privacy practices then the complainant may refer their complaint to the Office of the Australian Information Commissioner (“OAIC”). The website for the OAIC is: www.oaic.gov.au.

11. Changes To Policy

If Autorefer decide to or are required to change this policy, we will notify you of such amendments on our websites and post changes on this policy webpage so that users may always be aware of what information is collected by us, how it is used and the way in which information may be disclosed. As a result, please refer back to this policy regularly to review any amendments.

12. Contacting Us

12.1 Contacting Us

For concerns, complaints or further information regarding this policy and our policies and procedures regarding privacy and data security, please contact us at the following address:

The Privacy Officer – Autorefer

Address for postage: 9 Godwin street, Bulimba, QLD, 4171
Telephone: 1300 786 657
Email: info@autorefer.com.au
We will respond to your enquiry as soon as possible.

12.2 Contacting the OAIC

If you are not satisfied with our response to your enquiry and for more information on privacy legislation, please visit the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.