top of page

POLICY STATEMENT

 

Dealer Aftercare Solutions abides by the Privacy Act 1998 (the “Act”), the Privacy Reform Act and the Australian Privacy Principals. As such, Dealer Aftercare Solutions must comply with certain requirements when it collects uses and discloses the personal information of individuals that are existing and potential clients or, are associated with existing and potential clients

 

PURPOSE

 

Dealer Aftercare Solutions is committed to protecting all personal information it holds about its clients and other stakeholders. This policy outlines Dealer Aftercare Solutions’ approach to compliance with privacy legislation and guidelines

 

DEFINITIONS

 

Certain key terms that are central to understanding this policy, such as “Personal Information” and “Sensitive Information”, are set out in Appendix one.

​

AUSTRALIAN PRIVACY PRINCIPAL (APPs)

 

The Australian Privacy Principals (APPs) set out the principles around matters such the collection, use and storage of personal information.   The National Privacy Principals (NPPs) were replaced on 12 March 2014 with 13 APPs. There are five stages of the life cycle of personal information. These reflect the cycle that occurs as we collect, hold, use and disclose personal information. Each stage is made up of one or more APP. Dealer Aftercare Solutions must ensure that it incorporates the APP’s into its systems and practices.  A summary of the APP’s as applicable to Dealer Aftercare Solutions is set out in Appendix two.

 

PRIVACY OFFICER

 

Dealer Aftercare Solutions has nominated a Privacy Officer to assist staff and representatives with the correct treatment of personal information.  In any instance where a staff member or representative is unclear on the correct treatment of personal information, they should speak directly to their manager.  If the manager is unclear, then they should speak directly to the Privacy Officer.

 

Dealer Aftercare Solutions’ Privacy Officer is the General Manager, who may be assisted on matters by the Compliance Manager.

 

PRIVACY STATEMENT

 

A privacy statement must be made available to anyone who asks for it and be displayed in a prominent manner.  Refer to appendix 3 for an example of the wording.

​

POLICY DETAILS

 

What information do we collect?

 

Dealer Aftercare Solutions only collects personal information to carry out its business functions and activities. All information collected is detailed on the preliminary assessment form such as, but not limited to:

 

  • Name

  • Private residential address

  • Age

  • Gender

  • Financial information such assets and liability (when linked with their name)

  • Financial needs and objectives

  • Current financial circumstances

  • Personal circumstances

  • Employment details and history

  • Investments

  • Entitlements to Social Security benefits

 

 

How is the information collected?

 

Dealer Aftercare Solutions has restricted the type of personal information its staff and representatives can collect from clients through the use of standard forms. No additional personal information may be collected from clients unless expressly authorised to do so by the Privacy Officer. All forms are reviewed at least annually to ensure that the information collected remains necessary and related to the primary purpose of collection.

 

Security

​

Dealer Aftercare Solutions has adopted the following measures to protect the personal information it holds from misuse and loss, and from unauthorised access, modification or disclosure:

 

Physical security

​

  • All premises, offices and filing cabinets containing paper-based personal information are locked overnight;

  • Paper-based documents containing personal information that is no longer needed by Dealer Aftercare Solutions are archived for seven years before being securely destroyed by an outsourced service provider;

  • Document destruction bins, as well as the archive room, are locked overnight;

  • A “clean desk policy’ is encouraged throughout the organisation.

 

Computer and network security

​

Information stored on Dealer Aftercare Solutions’ computer systems can only be accessed by those entrusted with authority and computer network password. The information is regularly backed up.

 

What is the purpose for which it is collected?

 

The primary purpose of collection of personal information is:

 

  • To enable the delivery of services and entitlements to clients;

  • Internal accounting and account administration;

  • To protect clients, suppliers and Dealer Aftercare Solutions from fraud;

  • To help Dealer Aftercare Solutions identify any products or services that might be beneficial to clients.

 

 

In order to provide clients with credit assistance we must disclose information about them to credit providers.

 

We do not use personal information for direct marketing purposes unless consent has been obtained from the client.

 

We strive to maintain the reliability, accuracy, completeness and currency of the personal information that we hold and to protect its privacy and security. We keep personal information only for as long as is reasonably necessary for the purpose it was collected or to comply with any applicable legal reporting or document retention requirements.

 

Access and Correction

 

A client may seek details of personal information held about them. Any requests should be referred to the Privacy Officer. 

 

Before disclosing any personal information to a client, the identity of the client is confirmed to ensure that the person requesting the information is who they claim to be. This is done through industry-standard identification procedures, confirming basic personal details (e.g. full name, date of birth, address, phone number).

 

Providing access

​

The information may be provided by the most appropriate, cost-effective method, including:

  • Letting the person inspect the information held and take notes of its contents;

  • Letting the person view the information and provide an explanation of its contents;

  • Providing a photocopy, fax or email of the information;

  • Providing a printout of information held in electronic form; and/or

  • Providing a summary of the information.

 

Particular care must be taken to ensure that personal information belonging to someone else is not inadvertently disclosed.

 

Timeframe

Requests for access will be acknowledged as soon as possible and, in any case, within 5 business days. Straightforward requests for access will be granted within 14 days and complex requests, within 30 days.

 

Charges

​

We do not charge for receiving a request for access to personal information or for complying with a correction request and we will not charge you for providing the access.

 

Refusing access

​

Requests for access may be refused in the following circumstances:

  • The request is frivolous, vexatious, i.e. trivial, made to pursue an unrelated grievance against Dealer Aftercare Solutions or is a repeated request for the same information;

  • Provision would unreasonably impact on the privacy of others;

  • The information relates to existing or anticipated legal proceedings against Dealer Aftercare Solutions by the person and the information would not be discoverable in those proceedings;

  • Provision would reveal Dealer Aftercare Solutions’ intentions in negotiations with the person in such a way as to prejudice the negotiations; or

  • It is unlawful to provide access; the law permits or requires access to be denied or it would prejudice the activities of enforcement bodies.

 

Correcting personal information

​

If it is found that the information held in Dealer Aftercare Solutions’ records is inaccurate, incomplete or out of date, then it will be corrected. However, if the records are inaccessible and/or no longer required, it will be destroyed or de-identified. In the unlikely event that Dealer Aftercare Solutions does not agree that the information is inaccurate, incomplete or out of date, it will attach to it a statement to the effect that the person to whom the information relates claims that it is inaccurate, incomplete or out of date.

 

Give reasons

​

Reasons for denial of access or refusal to correct information should be given to the person, under the supervision of the Privacy Officer. However, this would not be required where such a disclosure would prejudice an investigation against fraud or other unlawful activity.

​

Complaints Handling and Incident Reporting

 

Should a client raise a complaint or issue that relates to the privacy of their personal information, the Privacy Officer will directly deal with the matter and seek to resolve it in accordance with the Complaints Handling Procedure.  Should the matter be unable to be resolved, it may be referred to the Privacy Commissioner.

 

Incidents or breaches that relate to privacy must be referred to the Privacy Officer who will handle the matter in accordance with the Guide to handling personal information security breaches, published by Privacy Commissioner, which provide general guidance on the key steps and factors for organisations to consider when responding to a personal information security breach.

 

Clients have the right to complain to the Office of the Australian Information Commissioner either in the first instance or if they feel Dealer Aftercare Solutions has not handled their complaint adequately.  They can contact them by ringing the Information Commissioner's enquiries line on 1300 363 992.  Information about the complaints process can also be obtained from the Information Commissioner’s website at www.oaic.gov.au.

 

Cross Border Data Flows

 

Dealer Aftercare Solutions will not transfer personal information it holds outside Australia, unless requested to do so by law.

ROLES AND RESPONSIBILITIES

 
General Application

 

It is the responsibility of all staff, representatives and management to ensure that Dealer Aftercare Solutions satisfies its privacy obligations, this should not be seen to be the sole responsibility of management or the Privacy Officer. 

 

Dealer Aftercare Solutions must at all levels be proactive in ensuring the adoption of appropriate practices in relation to the collection, use and disclosure of personal information.  It must foster a culture of privacy compliance.

 

Privacy Officer

 

The Privacy Officer in addition to his/her duties is responsible for:

 

  • A primary reference point for staff and representatives with queries about application of the Act and the APPs;

  • Managing complaints received in relation to privacy; and

  • Being the primary contact point for the Privacy Commissioner.

​

Compliance Manager

 

The Compliance Manager in addition to his/her duties is responsible for:

 

  • Monitoring the Act as it applies to Dealer Aftercare Solutions and suggesting changes to business practices and policies to comply with the obligations;

  • Monitoring compliance with the obligations and providing training;

  • Managing Dealer Aftercare Solutions’ procedures for allowing clients to access or correct their personal information.

REVIEW

 

The Compliance Manager will review this policy annually, or as required by legislative changes.

 

Appendix One – Key Terms

 

“Personal Information”

The Act defines personal information as:

 

“…Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.”

 

In relation to the activities of Dealer Aftercare Solutions, this would amount to the collection of information about an individual such as, but not limited to:

 

  • Name

  • Private residential address

  • Age

  • Gender

  • Financial information such assets and liability (when linked with their name)

 

“Sensitive Information”

​

Sensitive information is not defined in the Act, but relates to information or an opinion about an individual’s;

 

  • Racial or ethnic origin

  • Membership of a trade union

  • Political opinions

  • Sexual preferences or practices

  • Membership of a political association

  • Criminal record

  • Religious beliefs

  • Health information

  • Membership of a professional or trade association

 

An organisation must not collect sensitive information unless

  • The individual has given their consent;

  • The collection is required by law; or

  • In other special circumstances (e.g. relating to individual or public health or safety).

 

There should generally be no need for Dealer Aftercare Solutions to collect sensitive information from individuals.

 

Dealer Aftercare Solutions’ staff and representatives must consult with the Privacy Officer prior to any collection of sensitive information.

 

Where sensitive information is to be collected, staff and representatives must retain clear evidence, in writing if possible, that an individual has given consent to the collection, use or disclosure of sensitive information (and not just personal information). 

 

Privacy Statement

A Privacy Statement is a short and clearly expressed document about how an organisation manages and handles personal information.  This statement must be made available to anyone who asks for it and be displayed in a prominent manner.  The Privacy Commissioner has recommended that placing the privacy statement on an organisation’s website meets the fundamental requirements in this case.

 

Collection Statement

A collection statement provides the individual with an explanation of why the information is being collected and how it will be used by the organisation (see below Primary Purpose).  This allows the individual to make an informed decision on whether or not to provide the information to the organisation at the point of collection.

 

Primary Purpose

This is the dominant or fundamental reason for the personal information being collected in a particular transaction.  There can only be one primary purpose of collection for a particular transaction.

 

Secondary Purpose

Secondary purposes are purposes other than the primary purpose that an organisation has in mind for the information it collects.  Organisations must not use or disclose personal information for a secondary purpose without the consent of the individual.  However, in certain instances it is acceptable to use or disclose the personal information where it is reasonable for the member to expect that the secondary purpose will be related or associated with the primary purpose.

 

It is not expected that Dealer Aftercare Solutions would use personal information for a secondary purpose.  If there is any proposed use of personal information for a secondary purpose, then the matter must be referred to the Privacy Officer before any such use.

 

 

 

Appendix 2 – Summary of Australian Privacy Principals (APPs)

​

 

STAGE 1 – Privacy by design, including transparency

 

APP1 – open and transparent management of personal information

 

Dealer Aftercare Solutions must take reasonable steps to implement practices, procedures and systems that will ensure that it complies with the APPs and any applicable registered code. 

 

APP2 – Anonymity and pseudonymity

 

Individuals and clients must have the option of not identifying themselves or of using a pseudonym, when dealing with Dealer Aftercare Solutions in relation to a particular matter. Exceptions include when required or authorised by law or if impracticable.

 

STAGE 2 – Collection of personal information

 

APP3 – Collection of solicited personal information

 

The general rule is that Dealer Aftercare Solutions must only collect personal information if the information is reasonably necessary for one or more of the functions or activities provided. For sensitive information, there is an additional requirement that the individual or client has consented to the collection.  Dealer Aftercare Solutions must collect information by lawful and fair means. The information collected must be from the individuals themselves unless it is unreasonable or impracticable to do so.

 

APP 4- Dealing with unsolicited personal information

 

If Dealer Aftercare Solutions receives unsolicited information, it must assess whether it could have lawfully collected the information if they had solicited it. If not, it must be destroyed or de-identified.

 

APP 5 – Notification of the collection of personal information

 

When collecting personal information, Dealer Aftercare Solutions must, as reasonable in the circumstances, notify the individual or client of certain matters, or otherwise ensure that the individual or client is aware of those matters. Several matters must be notified, including the identity and contact details of Dealer Aftercare Solutions, the purpose of collection and the types of other entities to which Dealer Aftercare Solutions might disclose the information collected.

​

STAGE 3 – Dealing with personal information

 

APP 6 – Use or disclosure of personal information

 

If Dealer Aftercare Solutions has collected personal information for a particular purpose (primary purpose) it must not use or disclose that information for another purpose (secondary purpose) unless the individual or client has consented, the purpose is related, and the client would expect the use or a prescribed circumstance. Prescribed circumstances include if required or authorised by law, enforcement activities or enforcement bodies and action in response to suspected unlawful activities or serious misconduct.

 

APP 7 – Direct Marketing

 

Clients must always have the right to opt-out of direct marketing and consent must be obtained.

 

APP 8 – Cross-border disclosure of personal information

 

If Dealer Aftercare Solutions is likely to disclose information to overseas recipients, consent from the client must be obtained and the location of the overseas recipients advised.  Dealer Aftercare Solutions must ensure that the overseas recipient does not breach any of the APPs.

 

APP 9 Adoption, use or disclosure of government restricted identifiers

 

Dealer Aftercare Solutions cannot use or collect government related identifiers.

 

STAGE 4 – Integrity of personal information

 

APP 10 – Quality of personal information

 

Dealer Aftercare Solutions must take reasonable steps to ensure that the personal information it collects, uses and discloses is up to date and complete and, in the case of disclosure, that the information is relevant

 

APP 11 – Security of personal information

 

It is necessary for Dealer Aftercare Solutions to take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

 

 

STAGE 5 – Requests for access to, and correction of, personal information

 

App 12 – Access to personal information

 

Dealer Aftercare Solutions must give the client access to personal information held about them if requested by the client, unless an exception applies.

 

App 13 – Correction of personal information

 

If the information about a client, having regard to the purpose for which the information is held, is believed to be inaccurate, out of date, incomplete, irrelevant or misleading, or the client requests that the information be updated, Dealer Aftercare Solutions must take reasonable steps to correct it.

 

Appendix 3 – Privacy Statement

 

At Dealer Aftercare Solutions, we are committed to protecting your privacy in accordance with the Privacy Act 1998 (Cth). This Privacy Statement describes our current policies and practices in relation to the handling and use of personal information.

What information do we collect and how do we use it?

Dealer Aftercare Solutions collects personal information from you for the purpose of providing you with insurance products and services, including processing and assessing your claims. We will not use your personal information for direct marketing purposes unless we obtain your prior consent.

We may also use your information internally to help us improve our services and help resolve any problems.

What if you don’t provide some information to us?

You can choose not to provide information to us; however, we may not be able to process your request.

How do we hold and protect your information?

We strive to maintain the reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal reporting or document retention requirements

Will we disclose the information we collect to anyone?

We do not sell or trade your personal information to others.

Any personal information that is collected will be kept strictly confidential and will only be accessible to those people within Dealer Aftercare Solutions and associated companies where it is necessary to use the information in the normal course of our business operations and in compliance with the Privacy Act.

We may provide your information to others if we are required to do so by law or under some unusual other circumstances which the Privacy Act permits.

 

How can you check, update or change the information we are holding?

Upon receipt of your written request and enough information to allow us to identify the information, we will disclose to you the personal information we hold about you. We will also correct, amend or delete any personal information that we agree is inaccurate.

If you wish to access or correct your personal information please contact our Privacy Officer.

We do not charge for receiving a request for access to personal information or for complying with a correction request and we will not generally charge you for providing the access.

Your consent

By asking us to assist with your finance needs, you consent to the collection and use of the information you have provided to us for the purposes described above.

Tell us what you think

We welcome your questions and comments about privacy. If you have any concerns or complaints, please contact our Privacy Officer.

You have the right to complain to the Office of the Australian Information Commissioner either in the first instance or if you feel Sovereign Australia has not handled your complaint adequately.  You can contact them by ringing the Information Commissioner's enquiries line on 1300 363 992.  You may also obtain information about the complaints process from the Information Commissioner’s website at www.oaic.gov.au.

 

How to contact us

For more information, please contact our Privacy Officer by:

 

Telephone: 0420821213

​

bottom of page