1. Protecting your privacy
In this policy:
APPs means the Australian Privacy Principles under the Privacy Act.
Credit Information means Personal Information that we obtain from a Credit Reporting Body (including any information derived from such information) or any information we provide to a Credit Reporting Body.
Credit Report means a report from a Credit Reporting Body the primary purpose of which is to assist with the assessment of the creditworthiness of an individual.
EV means an electric vehicle and includes battery electric vehicles, hybrid electric vehicles, plug-in electric vehicles and fuel cell electric vehicles.
Personal Information has the meaning given under the Privacy Act.
Privacy Act means the Privacy Act 1988 (Cth), as amended from time to time.
Privacy Officer means Europcar's first point of contact for privacy related matters (the Privacy Officer can be contacted using the details in section 19 below).
Related Entities has the same meaning as under the Corporations Act 2001 (Cth).
Sanction List means the consolidated list of designated individuals and organisations who are subject to targeted financial sanctions under Australian sanctions law, as issued and amended from time to time by the Department of Foreign Affairs and Trade.
Sensitive Information has the same meaning as under the Privacy Act.
Services means the offers and services provided by us, including vehicle hire services and the Europcar privilege loyalty programs.
Website means www.europcar.com.au and other websites and forms of social media where you post comments or we interact with you.
The meaning of any general language is not restricted by any accompanying example and the words 'includes', 'including', 'such as', 'for example' or similar words are not words of limitation.
3. What is Personal Information?
Personal Information is defined in the Privacy Act as information or opinion about an identified individual (or an individual who is reasonably identifiable) whether the information or opinion is true or not and whether the information or opinion is recorded in material form or not.
Sensitive Information is a subset of Personal Information that is afforded higher levels of protection under the Privacy Act. It includes information or opinion about an individual's racial or ethnic origin, political opinion, religious beliefs, sexual orientation, criminal record or health information.
4. What Personal Information do we collect and why do we need it?
4.1 Personal Information we collect
To provide you with our Services, we need to collect your Personal Information. If we do not collect the Personal Information or if any of the Personal Information you provide is incomplete or inaccurate, we may not be able to provide the Services or those Services may be compromised.
Depending on the nature of the Services we provide to you, the personal information we collect may include:
- your name, email address, telephone numbers and address;
- account identifier;
- if applicable, the identification data of additional driver(s): name, email address, telephone numbers and address;
- date of birth;
- Sensitive Information, for example, if you advise us of any disability;
- banking information including account details, credit card details and expiry dates;
- financial data (including order forms, customer invoices, etc.);
- your driver's licence number (including taking a photocopy of your licence) and state of origin, and that of any additional driver(s);
- if applicable, data relating to traffic violations;
- a copy of identity verification documentation (e.g. copy of passport, utility bill or Medicare card);
- frequent traveller program number;
- information on a professional group to which you belong (e.g. you may disclose that to obtain a discount available to members of that group);
- vehicle preference;
- company name and employee number;
- contact details of individuals who can provide professional references and other information required;
- credit information Credit Report from a credit reporting body (as further detailed in section 9);
- reservations and rental details including dates, times and places of vehicle hire;
- flight details if your pickup location is an airport;
- information about your navigation on our website and/or our mobile applications;
- information obtained from surveys you complete or from your interactions on our dedicated social media pages;
- voice, audio-visual and electronic data: recordings of your communications by email, chat or telephone with our customer service department;
- information relevant to vehicle damage which may include filming the vehicle at the time it is collected and returned (which may include incidental filming of the occupants of the vehicle); and
- any other Personal Information relevant to the Services we provide to you or any decision we make whether to provide a Service to you.
4.2 Vehicle tracking and locating
Europcar uses GPS tracking or other electronic tools (GPS device) to enable the geographical locations of its vehicles to be tracked or located for safety and security purposes.
Information from the GPS device may be used:
- to provide information to the police or other authorities in the event that the vehicle is stolen or is not returned at the end of the hire period;
- in the event of an accident or incident relating to the vehicle during the hire period, e.g. to verify the location of the vehicle at the time of the alleged accident or incident;
- to identify the exact location of the vehicle in the event of a reported breakdown and to provide that location to breakdown responders (e.g. the local Automobile Association);
- to identify whether the vehicle is being used in an area prohibited under the terms and conditions of rental;
- to locate the vehicle in the event of an emergency; or
- for any other purpose permitted under the Privacy Act or any other law.
For the purposes of vehicle tracking and locating, Europcar will comply with the relevant surveillance devices legislation operating in the states and territories in Australia.
5. How do we collect the Personal Information?
We aim to collect Personal Information directly from you. We may also collect Personal Information:
- when you complete a form, make inquiries or apply to rent a vehicle from or through us;
- from other members of the Europcar Group;
- from your company or organisation when you use our services under a corporate account or other arrangement;
- from our program partners if you are a member of a frequent traveller or other program and rent or make inquiries of renting a vehicle through them;
- from our contracted service providers;
- from Credit Report bodies;
- from debt collection agencies if you (or an entity you are guaranteeing) default in a payment to us;
- through our website, electronic systems such as applications and by other electronic communication channels (e.g. when you send us an email or post an entry on our Facebook page or other social media sites);
- from third parties, including competent authorities in charge of managing fines for traffic violations;
- from publicly available sources of information;
- when we are required to do so by law;
- when you log onto or connect to our Website and our server automatically records information your browser sends (e.g. your IP address, how and when you travel through our Website, the pages and documents accessed information about your usage (e.g. by way of cookies) and other information provided by downloading information from our website). However, unless your name is part of your email address or you specifically provide it, our server does not automatically collect this information;
- when you enter a competition or promotion with us, participate in a survey or register to receive information from us or register to receive information on any of our Services; and
- from other organisations where you have entered into an arrangement in which you have agreed with that organisation to be provided with a vehicle supplied by Europcar.
6. If at any time you supply Personal Information to us about any other person (e.g. another member of your household or you post a photo on our Facebook page), you are responsible for ensuring you are authorised to do so and that the relevant person has consented to the disclosure to us.Our partners and links to other websites
We have partnered with reputable third parties to offer you a variety of travel services. All travel services throughout our Website that are provided by a third-party partner are described as such. Although we only work with reputable third parties, our business partners may have different privacy policies and practices than Europcar.
There are also several places throughout our Website that may link you to other websites that do not operate under Europcar information privacy practices. When you click through to these websites, Europcar websites information privacy practices no longer apply. We recommend that you examine the privacy statements for all third party websites to understand their procedures for collecting, using, and disclosing your information.
Here are some of our partners:
MILES & MORE
NATIONAL BASKETBALL LEAGUE
SINGAPORE AIRLINES KRISFLYER PROGRAM
VELOCITY FREQUENT FLYER
7. CCTV and other imaging
We may film vehicles as they exit and re-enter a rental station for security purposes and to confirm the condition of the vehicle and to identify any damage which may have occurred during the rental period. Any film taken of the vehicle may be high resolution and may include images of the occupants of the vehicle from which it may be possible to identify the occupants of the vehicle. Any filming of the occupants is purely incidental. The film will be used for the purpose of identifying damage, recovering payment for any damage and any other purpose authorised under the Privacy Act.
For security purposes we have CCTV cameras in some of our locations and your image may be recorded.
8. How do we use your Personal Information?
We use the Personal Information we collect for operational purposes and for other related purposes, including to:
- create and manage your customer account;
- provide our Services or decide whether to provide a Service;
- manage your reservation and rental contract, in particular for confirming, modifying or cancelling your reservation, communicating with you regarding your reservation and rental, managing your payment, invoices and the collection of any amounts due, managing claims, and purchasing insurance for the vehicle;
- verify the accuracy of the information (including Personal Information) you provide to us when renting a vehicle, for example validation of your driver's licence;
- fight against credit card fraud;
- comply with our contractual and other legal obligations;
- respond to medical emergencies;
- process your inquiries and improve our Services;
- advise you of additional services or information which may be of interest to you;
- develop our products and services;
- manage commercial documentation such as customer invoices, purchase orders and electronic contracts;
- verify that you are not recorded on any Sanction List so that we are able to comply with any applicable Australian sanctions laws;
- enforce the terms and conditions contained in agreements you have with us;
- manage fines for traffic offences and any unpaid shopping centre and private car parking fees, including transferring relevant data to third party administrative bodies, shopping centre management bodies and/or private car park operators upon request;
- manage and maintain a list of clients with certain contractual risks, with regard to payment incidents resulting in legal proceedings and/or debt collection inquiries, traffic incidents, repeated damage, incivilities towards our employees, and the use of our vehicles in violation of the general rental conditions;
- improve the quality of your visit to our Website;
- analyse navigation data on our website and mobile applications;
- conduct business development and marketing activities, such as satisfaction surveys to improve the customer experience;
- send you our newsletters or email alerts unless you have opted out of receiving such communications;
- manage your participation to a competition or a prize draw;
- contact you in the context of the services that you have requested through the website; and/or
- provide you with our Services where you have entered into an arrangement in which you have agreed with an organisation to be provided with a vehicle supplied by Europcar.
9. Credit Information
This section applies if you apply for credit from us or you are a guarantor or officer of a company to whom we provide credit.
9.1 Credit Reporting Bodies
- personal particulars (e.g. your name, sex, address, previous addresses, date of birth, name of employer and your driver's licence number);
- details concerning your application for credit or commercial credit and the amount requested;
- advice that we are a current credit provider to you;
- advice of any overdue accounts, loan repayments and / or any outstanding monies are no longer overdue in respect of any default that has been listed;
- that your overdue accounts loan repayments or any outstanding monies are no longer overdue in respect of any default that has been listed;
- information that, in our opinion you have committed serious credit infringement (that is fraud or you have shown an intention not to comply with your credit obligations);
- advice that cheques drawn by you or payments made by you for one hundred and fifty dollars ($150.00) or more, have been dishonoured more than once; or
- that credit provided to you by us has been paid or otherwise discharged;
The CRBs that we disclose personal information to, and obtain Credit Reports from, include:
illion Australia Pty Ltd
Telephone: 13 23 33 or +61 3 9828 3200
9.2 Use or disclosure of Credit Information
We may use or disclose Credit Information for the following purposes:
- to assess an application for credit or for any other consumer credit related purpose;
- we believe on reasonable grounds that a serious credit infringement has been committed and the information is used in connection with that infringement; or
- the use is required or permitted by law.
- the payment has been overdue for at least 60 days;
- the overdue payment is equal to or more than $150;
- a notice has been sent to your last known address to let you know about the overdue payment and requesting payment and a second notice was sent at least 30
days later to let you know that if you don’t make payment, we intend to disclose the information to a CRB; and
- at least 14 days have passed after the issue of the second notice.
10. Direct Marketing
We may use and disclose your Personal Information to provide you with information on offers, products and services offered by Europcar, its Related Entities, franchisees and licensees, its partners or affiliates. We will do this where we have collected your Personal Information directly from you and it would be reasonably expected that your Personal Information would be used for direct marketing purposes.
We do not use Sensitive Information for marketing purposes.
If at any time you no longer wish to receive any marketing material from us that is sent to you in electronic form, you can unsubscribe from receiving such marketing material by clicking on the unsubscribe link and following the prompts. You can also request that we do not use or disclose your Personal Information for marketing purposes at any time by contacting our Privacy Officer.
11. Disclosure of personal information
We may be required to disclose your Personal Information by law, by court order or to investigate suspected fraud or other unlawful activity.
We may also disclose your Personal Information to third parties in certain circumstances including:
- if you agree to the disclosure;
- when we use it for the primary purpose for which it was collected, e.g. to provide you with Services;
- if you would reasonably expect us to disclose the information for a secondary purpose related to the primary purpose;
- where disclosure is required or permitted by law;
- to our Related Entities, in accordance with the Privacy Act;
- if disclosure will prevent or lessen a serious or imminent threat to someone's life or health; or
- where it is reasonably necessary for an enforcement related activity.
We do not disclose Sensitive Information about you unless you expressly agree or the disclosure is directly related to the primary purpose of collection of the information.
For example, Personal Information may be disclosed to:
- our employees, authorised representatives, other companies of the Europcar Group and franchise network, agents and intermediaries mandated to provide you with our products and services;
- our subcontractors, in particular our IT service providers for hosting, maintenance or development purposes, who assist us in providing you with our products and services or collection agencies which help us recover unpaid orders;
- insurance services companies to purchase and manage insurance for your vehicle;
- advertising agencies, marketing agencies, social networking and digital agencies to help us carry out advertising, marketing and sales campaigns and to analyse the effectiveness of these campaigns;
- certain agencies and/or organisations where necessary for the processing of fines;
- debt collection organisations, fuel companies, toll companies and other third parties (including, for example, in situations where you incur unpaid fuel and/or toll debts);
- our partners or those of the Europcar Group, in particular to enable you to collect loyalty points when you are a member of their program; and
- other organisations, in particular where you have entered into an arrangement with an organisation in which you have agreed to be provided with a vehicle supplied by Europcar.
12. Disclosure of personal information off-shore
Before we disclose your Personal Information offshore, we take all reasonable steps to ensure that the overseas recipient of the Personal Information does not breach the APPs under the Privacy Act.
These requirements do not apply if one of the exceptions below applies:
- you consent to the disclosure, after being informed by us that the receiving entity will not be accountable for breaches, and you will not be able to seek redress under the Privacy Act;
- we reasonably believe that the entity is subject to privacy laws or a binding scheme substantially similar to the Privacy Act, and that you are able to access the mechanisms that enforce the protection of the law or binding scheme; or
- disclosure is required or authorised by or under an Australian law or a court/tribunal order.
Under the Privacy Act, the transfer of personal information to a cloud service provider located overseas for the limited purpose of performing the services of storing and ensuring we may access the Personal Information will not constitute an overseas disclosure.
We may disclose Personal Information to our parent company Europcar International, based in France. Customer telephone calls may be handled by a call centre based in the Philippines. Also if you use our service to rent a car in a country other than Australia, it will be necessary for us to transfer your Personal Information to the relevant overseas partner in that Country. The Personal Information that we will transfer to the relevant overseas partner will be information that is necessary for the service to be provided to you. This will include your name and contact details.
All these overseas disclosures will be made in compliance with the offshore disclosure requirements of the Privacy Act.
Depending on which country you are renting the car in, the overseas partner may not be subject to any privacy obligations or to any principles similar to the APPs. The overseas recipient may also be subject to a foreign law which could compel disclosure of personal information to a third party, for example, an overseas authority.
We ensure, through standard data protection clauses in our contractual agreements with our overseas partners, that all our overseas partners will handle and protect your Personal Information to a similar standard as required under the Privacy Act.
13. Electric vehicles
Europcar is committed to increasing its green network fleet of EVs and reducing its overall carbon emissions and those of its customer.
The technology associated with EVs often means that data is generated and used in ways that are different to vehicles that are not equipped with this technology. For example, many EVs collect data regarding usage of the vehicle. This data can involve charging information, location data, diagnostic data, app data (if applicable), autopilot data (if applicable) and other general analytic data.
Data that is collected by the manufacturer of the EV may be used to improve development of products and services and for safety-related purposes. However, this data is usually de-identified, meaning that it does not fall under the definition of "Personal Information".
Sometimes, data generated in connection with the use of an EV may be shared by the EV manufacturer with Europcar.
By using an EV provided by Europcar, you consent to the collection of vehicle data as set out above. You may refuse to consent to EV data collection and sharing at any time, but please note that in doing so, this may prevent us from providing you with an EV.
14. General Data Protection Regulation
We welcome the General Data Protection Regulation (GDPR) as an important step forward in encouraging high standards of personal data security.
Under the GDPR, we may have some additional obligations with respect to the processing of "personal data" collected from residents of the European Union (EU). The meaning of personal data is similar to Personal Information; however, it is broader as it includes any information relating to an identified or identifiable natural personal.
We will take appropriate steps to ensure that the personal data of EU Residents is:
- processed lawfully, fairly and in a transparent manner;
- collected for legitimate purposes;
- accurate and up to date;
- kept for no longer than is necessary for the purposes for which it was collected; and
- secure and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
EU residents have the right to access personal data we hold about them and to request that personal data be corrected, updated, deleted or transferred to another organisation. EU Residents are also able to request that the processing of their personal data be restricted or objected to their personal data being processed. To make any of these requests, please contact our Privacy Officer.
15. Considerations when you send information to us
While we do all we reasonably can to protect your Personal Information from misuse, loss, unauthorised access, modification or disclosure, including investing in security software, no data transfer over the Internet is 100% secure.
If you access a partner or service website (e.g. hotel, airline or overseas partner's website) from our website, you do so and provide personal information in accordance with the terms and conditions under which the provider of that website operates (if any). We do not have any control over, and do not accept any responsibility for, such third party websites or the handling of any personal information that is obtained through such websites. If you would like information on how these third parties process your Personal Information, we invite you to consult their specific privacy policies or get in touch with them directly.
The open nature of the Internet is such that information exchanged via the Internet may be accessed and used by people other than those for whom the data is intended. If you send us any information, including (without limitation) Personal Information, it is sent at your own risk.
While we are not in a position to give you advice on Internet security, if you provide Personal Information to us electronically (e.g. by way of our Website or using an electronic system such as an application), there are some things you can do which may help maintain the privacy of your information, including:
- ALWAYS closing your browser when you have finished your session;
- NEVER providing Personal Information when using a public computer; and
- NEVER disclosing your user name and password to another person.
You are responsible for all actions taken using your username, email or password. If at any time you believe your username or password has been compromised, you should immediately contact us and also change your password.
You should also contact us immediately if you believe:
- someone has gained access to your Personal Information;
- we have breached our privacy obligations or your privacy rights in any way; or
16. How your information is stored
We endeavour to keep our information systems and files secured from misuse, interference, loss, unauthorised access, unauthorised modification and unauthorised disclosure. Those who work with us are aware of the importance we place on protecting your privacy and their role in helping us to do so.
Our procedures to securely store Personal Information include electronic and physical security measures, staff training and use of password protection software.
Our systems are configured with data encryption, or scrambling technologies, and industry-standard firewalls. When you send personal information to our websites over the Internet, your data is protected by security technology to ensure safe transmission.
Any credit card transaction you make through our websites is done through our secure server technology. This technology notably:
- assures your browser that your data is being sent to the correct computer server, and that the server is secure;
- encodes the data, so that it cannot be read by anyone other than the secure server; and
- checks the data being transferred to ensure it has not been altered.
When the Personal Information that we collect is no longer required, we will remove or de-identify the Personal Information as soon as reasonably possible. We may, however, retain Personal Information for as long as is necessary to comply with any applicable law, for the prevention of fraud, for insurance and governance purposes, in our IT back-up, for the collection of any monies owed and to resolve disputes.
17. Access to and correction of your Personal Information
You may request access to your Personal Information or that we correct any inaccurate or out of date information by contacting our Privacy Officer using the details in section 19 below. We will provide reasonable assistance to all persons in making an access or correction request – and deal with all requests in accordance with our internal policies and procedures and the Privacy Act.
We may refuse to comply with your request where we are entitled to do so under law. If we do not agree to your request for access to, or correction of, your Personal Information, we will give you a written notice of refusal setting out the reasons for the refusal (except to the extent it would be unreasonable to do so) and the mechanisms available to you to complain about the refusal.
Where we agree to provide you with access to your Personal Information, we may make this conditional on us recovering our reasonable costs of doing so. For security purposes, before we provide you with access to your Personal Information, we may ask you to provide evidence of your identity.
You may request the source of any of your Personal Information that we have collected from a third party and used for direct marketing. We will provide this at no cost, unless under the Privacy Act or other law there is a reason for this information being withheld, this may include where it is impractical or unreasonable for us to provide this information.
18. Notifiable data breaches
A notifiable data breach scheme is currently in place in Australia. CLA Trading Pty Limited is committed to adhering to this scheme as an important step in preventing and managing serious privacy breaches.
A "data breach" means unauthorised access to, or disclosure, alteration, loss, or destruction of, Personal Information—or, an action that prevents us from accessing Personal Information on either a temporary or permanent basis.
An "eligible data breach" occurs when there is a data breach, that is likely to result in serious harm to any of the individuals to whom the information relates, and we are unable to prevent the likely risk of serious harm with remedial action.
We, including all our people, take breaches of privacy very seriously. If we suspect a privacy breach has occurred, our priority is to contain and assess the suspected breach. In doing so, we will:
- take any necessary immediate action to contain the breach and reduce the risk of harm;
- determine the cause and extent of the breach;
- consider the types of information involved, including whether the personal information is sensitive in nature;
- analyse the nature of the harm that may be caused to affected individuals;
- consider the person or body that has obtained or may obtain personal information as a result of the breach (if known); and
- determine whether the Personal Information is protected by a security measure.
If we believe an eligible data breach has occurred, we will, as soon as practicable:
- notify the Commissioner;
- notify all affected individuals; or
- if it is not possible to notify affected individuals, provide public notice of the breach (in a manner that protects the identity of affected individuals).
20. Contact details
Attention: The Privacy Officer
Mail: Europcar Australia
189 South Centre Road
PO Box 1139
Tullamarine VIC 3043 AUSTRALIA
Email: firstname.lastname@example.org (Australia) - (mark the email for the attention of the Privacy Officer).
We will aim to respond to your query within 30 days.
More information about your rights and our obligations in respect to privacy and information on making a privacy complaint are available from the Office of the Australian Information Commissioner at:
Post: GPO Box 5218, Sydney NSW 2001