1. Protecting your privacy
In this policy:
APPs means the Australian Privacy Principles under the Privacy Act.
Credit Information means Personal Information that we obtain from a Credit Reporting Body (including any information derived from such information) or any information we provide to a Credit Reporting Body.
Credit Report means a report from a Credit Reporting Body the primary purpose of which is to assist with the assessment of the creditworthiness of an individual.
Personal Information has the meaning given under the Privacy Act.
Privacy Act means the Privacy Act 1988 (Cth), as amended from time to time.
Privacy Officer means Europcar's first point of contact for privacy related matters (the Privacy Officer can be contacted using the details in section 19 below).
Related Entities has the same meaning as under the Corporations Act 2001 (Cth).
Sensitive Information has the same meaning as under the Privacy Act.
Services means the offers and services provided by us, including vehicle hire services and the Europcar privilege loyalty programs.
Website means www.europcar.com.au and other websites and forms of social media where you post comments or we interact with you.
The meaning of any general language is not restricted by any accompanying example and the words 'includes', 'including', 'such as', 'for example' or similar words are not words of limitation.
3. What is Personal Information?
Personal Information is defined in the Privacy Act as information or opinion about an identified individual (or an individual who is reasonably identifiable) whether the information or opinion is true or not and whether the information or opinion is recorded in material form or not.
Sensitive Information is a subset of Personal Information that is afforded higher levels of protection under the Privacy Act. It includes information or opinion about an individual's racial or ethnic origin, political opinion, religious beliefs, sexual orientation, criminal record or health information.
4. What Personal Information do we collect and why do we need it?
4.1 Personal Information we collect
To provide you with our Services, we need to collect your Personal Information. If we do not collect the Personal Information or if any of the Personal Information you provide is incomplete or inaccurate, we may not be able to provide the Services or those Services may be compromised.
Depending on the nature of the Services we provide to you, the personal information we collect may include:
4.2 Vehicle tracking and locating
Europcar uses GPS tracking or other electronic tools (GPS device) to enable the geographical locations of its vehicles to be tracked or located for safety and security purposes.
Information from the GPS device may be used:
For the purposes of vehicle tracking and locating, Europcar will comply with the relevant surveillance devices legislation operating in the states and territories in Australia.
5. How do we collect the Personal Information?
We aim to collect Personal Information directly from you. We may also collect Personal Information:
If at any time you supply Personal Information to us about any other person (e.g. another member of your household or you post a photo on our Facebook page), you are responsible for ensuring you are authorised to do so and that the relevant person has consented to the disclosure to us.
6. Our partners and links to other websites
We have partnered with reputable third parties to offer you a variety of travel services. All travel services throughout our Website that are provided by a third-party partner are described as such. Although we only work with reputable third parties, our business partners may have different privacy policies and practices than Europcar.
There are also several places throughout our Website that may link you to other websites that do not operate under Europcar information privacy practices. When you click through to these websites, Europcar websites information privacy practices no longer apply. We recommend that you examine the privacy statements for all third party websites to understand their procedures for collecting, using, and disclosing your information.
Here are some of our partners:
FLYBUYS NEW ZEALAND
MILES & MORE
SINGAPORE AIRLINES KRISFLYER PROGRAM
VELOCITY FREQUENT FLYER
7. CCTV and other imaging
We may film vehicles as they exit and re-enter a rental station for security purposes and to confirm the condition of the vehicle and to identify any damage which may have occurred during the rental period. Any film taken of the vehicle may be high resolution and may include images of the occupants of the vehicle from which it may be possible to identify the occupants of the vehicle. Any filming of the occupants is purely incidental. The film will be used for the purpose of identifying damage, recovering payment for any damage and any other purpose authorised under the Privacy Act.
For security purposes we have CCTV cameras in some of our locations and your image may be recorded.
8. How do we use your Personal Information?
We use the Personal Information we collect for operational purposes and to:
9. Credit Information
This section applies if you apply for credit from us or you are a guarantor or officer of a company to whom we provide credit.
9.1 Credit Reporting Bodies
To assist us in assessing your credit worthiness, we may provide information about you to a Credit Reporting Body (CRB) in order to obtain a Credit Report from the CRB. The information provided to the CRB includes Personal Information required to enable the CRB to provide us with the Credit Report. If we decide to provide credit to you, we may also provide information to the CRB about the credit that we provided to you. The information that we may provide to a CRB may include:
A Credit Report may include information about previous applications for credit and credit that has been provided. It may include payment and default information, including information about court judgments or insolvency.
You may request the CRB not to use or disclose your Credit Information in some circumstances, e.g. if you believe you are or have been a victim of fraud.
The CRBs that we disclose personal information to, and obtain Credit Reports from, include:
illion Australia Pty Ltd
Telephone: 13 23 33 or +61 3 9828 3200
9.2 Use or disclosure of Credit Information
We may use or disclose Credit Information for the following purposes:
10. Direct Marketing
We may use and disclose your Personal Information to provide you with information on offers, products and services offered by Europcar, its Related Entities, franchisees and licensees, its partners or affiliates. We will do this where we have collected your Personal Information directly from you and it would be reasonably expected that your Personal Information would be used for direct marketing purposes.
We do not use Sensitive Information for marketing purposes.
If at any time you no longer wish to receive any marketing material from us that is sent to you in electronic form, you can unsubscribe from receiving such marketing material by clicking on the unsubscribe link and following the prompts. You can also request that we do not use or disclose your Personal Information for marketing purposes at any time by contacting our Privacy Officer.
11. Disclosure of personal information
We may be required to disclose your Personal Information by law, by court order or to investigate suspected fraud or other unlawful activity.
We may also disclose your Personal Information to third parties in certain circumstances including:
We do not disclose Sensitive Information about you unless you expressly agree or the disclosure is directly related to the primary purpose of collection of the information.
12. Disclosure of personal information off-shore
Before we disclose your Personal Information offshore, we take all reasonable steps to ensure that the overseas recipient of the Personal Information does not breach the APPs under the Privacy Act.
These requirements do not apply if one of the exceptions below applies:
Under the Privacy Act, the transfer of personal information to a cloud service provider located overseas for the limited purpose of performing the services of storing and ensuring we may access the Personal Information will not constitute an overseas disclosure.
We may disclose Personal Information to our parent company Europcar International, based in France. Customer telephone calls may be handled by a call centre based in the Philippines. Also if you use our service to rent a car in a country other than Australia, it will be necessary for us to transfer your Personal Information to the relevant overseas partner in that Country. The Personal Information that we will transfer to the relevant overseas partner will be information that is necessary for the service to be provided to you. This will include your name and contact details.
All these overseas disclosures will be made in compliance with the offshore disclosure requirements of the Privacy Act.
Depending on which country you are renting the car in, the overseas partner may not be subject to any privacy obligations or to any principles similar to the APPs. The overseas recipient may also be subject to a foreign law which could compel disclosure of personal information to a third party, for example, an overseas authority.
We ensure, through standard data protection clauses in our contractual agreements with our overseas partners, that all our overseas partners will handle and protect your Personal Information to a similar standard as required under the Privacy Act.
13. General Data Protection Regulation
We welcome the General Data Protection Regulation (GDPR) as an important step forward in encouraging high standards of personal data security.
Under the GDPR, we may have some additional obligations with respect to the processing of "personal data" collected from residents of the European Union (EU). The meaning of personal data is similar to Personal Information; however, it is broader as it includes any information relating to an identified or identifiable natural personal.
We will take appropriate steps to ensure that the personal data of EU Residents is:
EU residents have the right to access personal data we hold about them and to request that personal data be corrected, updated, deleted or transferred to another organisation. EU Residents are also able to request that the processing of their personal data be restricted or objected to their personal data being processed. To make any of these requests, please contact our Privacy Officer.
14. Considerations when you send information to us
While we do all we reasonably can to protect your Personal Information from misuse, loss, unauthorised access, modification or disclosure, including investing in security software, no data transfer over the Internet is 100% secure.
If you access a partner or service website (e.g. hotel, airline or overseas partner's website) from our website, you do so and provide personal information in accordance with the terms and conditions under which the provider of that website operates (if any). We do not have any control over, and do not accept any responsibility for, such third party websites or the handling of any personal information that is obtained through such websites.
The open nature of the Internet is such that information exchanged via the Internet may be accessed and used by people other than those for whom the data is intended. If you send us any information, including (without limitation) Personal Information, it is sent at your own risk.
While we are not in a position to give you advice on Internet security, if you provide Personal Information to us electronically (e.g. by way of our Website or using an electronic system such as an application), there are some things you can do which may help maintain the privacy of your information, including:
You are responsible for all actions taken using your username, email or password. If at any time you believe your username or password has been compromised, you should immediately contact us and also change your password.
You should also contact us immediately if you believe:
15. How your information is stored
We endeavour to keep our information systems and files secured from misuse, interference, loss, unauthorised access, unauthorised modification and unauthorised disclosure. Those who work with us are aware of the importance we place on protecting your privacy and their role in helping us to do so.
Our procedures to securely store Personal Information include electronic and physical security measures, staff training and use of password protection software.
When the Personal Information that we collect is no longer required, we will remove or de-identify the Personal Information as soon as reasonably possible. We may, however, retain Personal Information for as long as is necessary to comply with any applicable law, for the prevention of fraud, for insurance and governance purposes, in our IT back-up, for the collection of any monies owed and to resolve disputes.
16. Access to and correction of your Personal Information
You may request access to your Personal Information or that we correct any inaccurate or out of date information by contacting our Privacy Officer using the details in section 19 below. We will provide reasonable assistance to all persons in making an access or correction request – and deal with all requests in accordance with our internal policies and procedures and the Privacy Act.
We may refuse to comply with your request where we are entitled to do so under law. If we do not agree to your request for access to, or correction of, your Personal Information, we will give you a written notice of refusal setting out the reasons for the refusal (except to the extent it would be unreasonable to do so) and the mechanisms available to you to complain about the refusal.
Where we agree to provide you with access to your Personal Information, we may make this conditional on us recovering our reasonable costs of doing so. For security purposes, before we provide you with access to your Personal Information, we may ask you to provide evidence of your identity.
You may request the source of any of your Personal Information that we have collected from a third party and used for direct marketing. We will provide this at no cost, unless under the Privacy Act or other law there is a reason for this information being withheld, this may include where it is impractical or unreasonable for us to provide this information.
18. Notifiable data breaches
A notifiable data breach scheme is currently in place in Australia. CLA Trading Pty Limited is committed to adhering to this scheme as an important step in preventing and managing serious privacy breaches.
A "data breach" means unauthorised access to, or disclosure, alteration, loss, or destruction of, Personal Information—or, an action that prevents us from accessing Personal Information on either a temporary or permanent basis.
An "eligible data breach" occurs when there is a data breach, that is likely to result in serious harm to any of the individuals to whom the information relates, and we are unable to prevent the likely risk of serious harm with remedial action.
We, including all our people, take breaches of privacy very seriously. If we suspect a privacy breach has occurred, our priority is to contain and assess the suspected breach. In doing so, we will:
If we believe an eligible data breach has occurred, we will, as soon as practicable:
20. Contact details
Attention: The Privacy Officer
Mail: Europcar Australia
189 South Centre Road
PO Box 1139
Tullamarine VIC 3043 AUSTRALIA
Email: firstname.lastname@example.org (Australia) - (mark the email for the attention of the Privacy Officer).
We will aim to respond to your query within 30 days.
More information about your rights and our obligations in respect to privacy and information on making a privacy complaint are available from the Office of the Australian Information Commissioner at:
Post: GPO Box 5218, Sydney NSW 2001