BUNDABERG MOTORS GROUP
A copy of this document can be downloaded as a PDF here.
Document date: FEBRUARY 2023
1. At Bundaberg Motors Pty Ltd ACN 098 931 849 (Company, we, us and our), we recognise the importance of your privacy and understand your concerns about the security of your personal information provided to us.
2. Consequently, we comply with the Australian Privacy Principles (APPs) as contained in the Privacy Act 1988 (Cth). We take pride in our adherence to these Principles.
4. We reserve the right to revise this Policy or any part of it from time to time. Please review this Policy periodically for changes.
Australian Privacy Principles (APP)
5. Reference to APP in this policy means the Australian Privacy Principles contained in Schedule 1 of the Privacy Act. The APPs detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them.
Credit Reporting Body
6. A Credit Reporting Body means an organisation whose business involves handling personal information in order to provide another entity with information about the credit worthiness of an individual.
7. Financial Services refers to our brokerage of financial and insurance products between you and Financial Service Suppliers.
Financial Service Suppliers
8. Financial Service Suppliers means those third parties with which we have a brokerage arrangement and which supply financial and/or insurance products.
9. Personal Information is information or an opinion about an identified individual, or about an individual who is reasonably identifiable from such information.
10. The Privacy Act means the Privacy Act 1988 (Cth).
11. Sensitive Information, a sub-set of Personal Information, is information or an opinion about an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.
12. Means our website located at the domain www.bundabergmotorgroup.com.au/ which is operated by us.
WHAT PERSONAL INFORMATION WE COLLECT AND HOLD
13. In the course of doing business, we endeavour to collect business information only. However, the collection of Personal Information in some instances is necessary or unavoidable. We collect the Personal Information we need to provide our products and services to and for our customers, and for our business operations.
14. The kinds of Personal Information we collect from you or about you depend on the transaction you have entered into with us, the products and services you or your organisation have contracted us to provide, and the products and services you or your organisation are interested in.
The Common Forms of Personal Information Collected by Us
15. The kinds of Personal Information that we commonly collect and hold from you or about you include:
(a) Identity information:
(i) such as your name, address, phone number, email address, gender, date of birth, marital status, dependants and employment details;
(b) Information which is relevant to or necessary for the provision of our products/services to you and/or required by law:
(i) such as your drivers licence, passport and other identification documents; and,
(ii) details required by our Financial Service Suppliers.
(c) Vehicle specific information:
(i) such as the details of your current vehicle and/or the vehicle being purchased;
(d) Details of assets and liabilities that you own solely or jointly or through a controlled entity;
(e) Commercial and/or consumer credit information:
(i) Such as that obtained from a credit reporting agency and a credit report containing personal credit information;
(f) Details of how you paid for our products and/or services (including Financial Services):
(i) Such as bank account and credit card details.
Collection of Sensitive Information
16. We will only collect Sensitive Information about you with your specific consent, unless otherwise allowed or obliged by law to collect such information.
17. In circumstances where we are permitted by law to collect your Sensitive Information, we will nevertheless endeavour to first obtain your consent to do so.
Information Collected Automatically
18. In visiting and/or interacting with our Website, our server’s will automatically log the following information provided by your browser:
(a) the type of browser and operating system you are using;
(b) the previous site that you visited;
(c) your server's IP address (a number which is unique to the device through which you are connected to the Internet: usually one of your service provider's machines);
(d) the date on which you visited the Website;
(e) the time which at which you visited the Website;
(f) the pages you visited on the Website; and,
(g) any documentation you downloaded from the Website.
19. The Website Information is used solely to generate statistics and analyse activity on the Website.
21. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyse our Service. For more information on cookies, you may visit the third-party site located at the domain: https://allaboutcookies.org/.
22. We may use your Personal Information to customise and improve your user experience on our Website and other social media platforms. By using our Website, you agree that we can record this information from your device and access them when you visit the Website in the future.
23. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. We confirm that you do not need to have configured your browser to enable the accepting or sending of Cookies in order to use the Website.
24. Examples of cookies we may use include:
(a) Session Cookies: used to operate and improve your experience on the Website.
(b) Preference Cookies: used to remember your preferences and various settings on the Website.
(c) Security Cookies: used for security purposes.
25. If you want to delete any cookies that are already on your computer, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies.
HOW WE COLLECT AND HOLD PERSONAL INFORMATION
26. We aim to collect Personal Information only directly from you, unless it is unreasonable, impracticable or necessary for us to do so.
27. For example, we collect Personal Information from you or about you:
(a) from your direct interactions with us when you inquire about and/or obtain one of our products/services;
(b) from your correspondence with us, including emails, letters and telephone calls;
(c) when you participate in our events, conferences, ceremonies, contests, programs or promotions;
(d) from application forms, contracts, surveys and other documents that you submit to us; and
(e) from your activity on our Website.
28. Under the Privacy Act and the APP’s, you have the right to deal with us anonymously or under a pseudonym unless:
(a) the use of your true identity is a legal requirement; or
(b) it is impracticable for us to deal with you on such basis.
29. Owing to the nature of our business and the products and services offered, it is impractical for us to deal with you anonymously or under a pseudonym. Consequently, we are unable to provide you with the option to deal with us under a pseudonym. You must provide us with your full and correct name for all interactions with us.
Collection from third-parties
30. We may collect or acquire Personal Information from third-parties where it is necessary for us to do so in operating our business (e.g., to provide you with our products or services).
31. For example, we may collect Personal Information about you from:
(a) Credit providers;
(b) Credit Reporting Bodies;
(c) Marketing agencies;
(d) Regulatory authorities
(e) Financial institutions in control of your personal funds; and/or
(f) Your professional advisors (such as your legal representatives or accountants).
Collection of unsolicited Personal Information
32. Any unsolicited personal information we receive from you shall be dealt with in accordance with APP 4.
33. Specifically, we shall first determine if the unsolicited personal information could have reasonably been collected by us in accordance with APP 3. In the event it was not open to us to obtain the information under APP 3, we shall either destroy (provided it is lawful and reasonable to do so) or return the information.
WHY WE COLLECT, HOLD AND USE PERSONAL INFORMATION
34. Under Australian privacy legislation, we may use your Personal Information only:
(a) for the primary purpose for which it was collected;
(b) reasonably expected secondary purposes which are related to the primary purpose;
(c) where we have obtained your consent; or,
(d) where we are otherwise required or authorised by law to do so.
35. We collect, hold and use Personal Information from you or about you where it is reasonably necessary for us to carry out our business functions and activities. For example, we collect, hold, use and disclose your Personal Information as necessary to:
(a) Reply to your inquiries;
(b) Fulfill our ongoing obligations to you (e.g., warranties, manufacture recall’s) as the owner/driver of a vehicle we have sold to or repaired for you;
(c) Adhere to our customer service requirements and standards;
(d) Develop and improve upon our product and service offerings;
(e) Market our products and services;
(f) check, complete and submit to our Financial Service Suppliers all applications and related forms, authorities and disclosures;
(g) process your application to obtain our Financial Services, (including warranties relating to our Financial Services);
(h) assess your credit worthiness;
(i) obtain a credit report from a Credit Reporting Body or agency;
(j) perform a search of the Personal Properties and Securities Register;
(k) assist you in avoiding defaulting on your credit obligations;
(l) assess your financial position to determine if you meet the eligibility requirements of our Financial Service Providers;
(m) refer your application to other Financial Services suppliers if your initial application to purchase a Financial Service is declined;
(n) obtain Information from financial institutions, professional advisers and other third parties who have possession or control of Information about you which is necessary for us to provide you with our Financial Services;
(o) obtain Information from financial institutions, professional advisers and other third parties who have possession or control of Information about you which is necessary for our Financial Service Suppliers to provide you with financial products;
(p) assist in the provision or management of credit to you;
(q) provide you with information about our Financial Services (including where new promotions, products and services are available);
(r) provide you with information on new products (such as where new motor vehicles, parts or accessories are available); and
(s) deal with complaints.
36. Where we use your Personal Information for marketing and promotional communications, please be aware that you can opt-out at any time by:
(a) notifying us via the contact information contained within paragraph 63 of this Policy;
(b) following the ‘opt-out’ procedures which are included in all of our marketing communications.
37. We also collect, hold, use and disclose your Personal Information for purposes related to the operation of our business that you would reasonably expect, including:
(a) our administrative and accounting functions;
(b) conducting fraud checks;
(c) conducting market research; and,
(d) using the Website Information to generate interaction statistics and conduct traffic analysis;
38. We may also collect your Personal Information which is necessary to enable your lender or insurer to protect their interests. This may include the collection of information which enables your lender or insurer to register a security interest over your property on the Personal Property Securities Register (PPSR) or to check against sanctions or other reference lists.
39. Finally, we may also collect and use your Personal Information to:
(a) comply with our legal obligations;
(b) assist Government and enforcement bodies or regulators; or
(c) where we are otherwise required or authorised by or under law to do so.
40. If we do not collect, hold, use or disclose your Personal Information, or if you choose not to provide certain Personal Information to us or do not consent to our collection, holding, use or disclosure of your Personal Information, we may not be able to provide you with the products or services that you or your organisation have requested us to provide.
DISCLOSURE OF YOUR PERSONAL INFORMATION - AUSTRALIA
Disclosure of Personal Information Generally
41. Under Australian privacy legislation, we may disclose your Personal Information only:
(a) for the primary purpose for which it was collected;
(b) reasonably expected secondary purposes which are related to the primary purpose;
(c) where we have obtained your consent; or,
(d) where we are otherwise required or authorised by law to do so.
42. To this end, we do not use or disclose your Personal Information to any third parties except where we engage such parties to perform services for us, which may involve that party handling your Personal Information. In this situation, the relevant third party is prohibited from using your Personal Information for purposes other than the specific purpose for which such information was provided.
43. Depending on your engagement with us, we may disclose your Personal Information to:
(a) Motor vehicle manufacturers (and their authorised representatives);
(b) Motor vehicle parts manufacturers (and their authorised representatives);
(c) Credit Reporting Bodies;
(d) Financial Service Suppliers;
(e) Prospective or existing guarantors of your financial obligations with us or our Financial Service Suppliers.
44. If our business operations are ever restructured, sold or merged with another organisation, your Personal Information may be disclosed and transferred as part of that restructure.
Disclosure of credit information
45. Where necessary, we may disclose your credit information to:
(a) a related body corporate;
(b) a person processing your application for credit;
(c) a person who manages credit;
(d) a Financial Services Supplier;
(e) a credit provider (if we believe you have committed a serious credit infringement or you have consented to the disclosure);
(f) a person considering whether to act as a guarantor or provide security and you have expressly consented to that disclosure;
(g) a debt collector;
(h) a mortgage insurer;
(i) a Credit Reporting Body; and/or
(j) anyone other party whom you authorise us to disclose it to.
46. By submitting your Personal Information to us, you agree that we may give a Credit Reporting Body Personal Information about you in order to obtain credit reporting information.
47. We may also disclose your Personal Information to third parties (including government departments, industry lobbying and advocacy groups and enforcement bodies) where required or permitted by law.
48. Where we wish to use or disclose your Personal Information (including credit information) for all other purposes, we will first obtain your consent.
DISCLOSURE OF YOUR PERSONAL INFORMATION - OVERSEAS
49. We generally do not disclose Personal Information to persons or entities located overseas.
50. However, in circumstances where it is necessary to disclose your Personal Information to recipients outside of Australia, we will not disclose such information unless:
(a) we have taken reasonable steps to ensure that the recipient does not breach the Privacy Act or the APPs;
(b) the recipient is subject to an information privacy scheme similar to that provided under Privacy Act; or
(c) you have consented to the disclosure.
HOW WE HOLD AND STORE PERSONAL INFORMATION
51. Your Personal Information is held and stored on paper, by electronic means or both. We have physical, electronic and procedural safeguards in place for Personal Information and take reasonable steps to ensure that your Personal Information is protected from misuse, interference, loss and unauthorized access, modification and disclosure. The measures we take include:
(a) storing Personal Information held on paper in locked offices in secure premises;
(b) secure archiving of documentation;
(c) protecting Personal Information held electronically with firewalls and password access;
(d) online data storage encryption, including 128 Encryption Security used for all credit card information;
(e) where we disclose Personal Information to third parties, our contractual arrangements with those third parties contain specific privacy requirements; and
(f) Our staff receive regular training on privacy procedures.
Destruction and De-identification
52. We will retain your Personal Information whilst it is required for any of our business functions and activities, or for any other lawful purpose.
53. We will take reasonable steps and we will use secure methods to destroy or to permanently de-identify your Personal Information when it is no longer required for any purpose for which the Personal Information may be used under this Policy and otherwise in accordance with the Privacy Act.
(a) Paper records being placed in security bins and shredded and/or sent for secure destruction; or
(b) Electronic records being:
(i) Deleted from all locations; or
(ii) Encrypted and/or placed beyond use.
LINKS TO THIRD-PARTY WEBSITES
55. Our Website may contain links to other websites of interest. However, once you have used these links to leave our Website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any Personal Information which you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy statement applicable to the website in question.
REQUESTS FOR ACCESS AND CORRECTION
56. We have procedures in place for dealing with and responding to requests for access to, and correction of, the Personal Information held about you.
57. Generally, you are able to access and request the correction of Information we hold about you by contacting us in one of the manners in the “Contact Us” section of our Website. In the alternative, you may submit requests using the contact information listed in paragraph 63 of this policy
58. In most cases, we expect that we will be able to comply with your request. However, if we do not agree to provide you access or to correct the information as requested, we will give you written reasons why. For further information, please contact us.
59. To assist us to keep our records up-to-date, please notify us of any changes to your personal information.
60. If we suspect that a data breach has occurred, we will undertake an assessment into the circumstances of the suspected breach within 30 days after the suspected breach has occurred. Where it is ascertained the breach has actually occurred and where required by law, we will notify the Privacy Commissioner and affected individuals as soon as practicable after becoming aware that a data breach has occurred.
COMPLAINTS AND CONCERNS
61. We have procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act and the APPs.
63. If you have any questions about this document, the data we hold, or you would like to exercise one of your rights regarding the data, please contact us using the information listed below:
Bundaberg Motors Pty Ltd
ACN 098 931 849
(07) 4726 5555
783-797 Flinders St Townsville QLD 4810
END OF DOCUMENT
Macpherson Kelley Lawyers
© BUNDABERG MOTORS PTY LTD 2023
DATA BREACH RESPONSE PLAN
Bundaberg Motors Pty Ltd ACN 098 931 849
1. APP – means the Australian Privacy Principles as set out under the Privacy Act.
2. Eligible Data Breach – An Eligible Data Breach will have occurred where:
(a) There is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by Pickerings; and
(b) The access, disclosure or loss is likely to result in Serious Harm to any of the individuals to whom the information relates.
3. My Health Records Act – means the My Health Records Act 2012 (Cth).
4. Personal Information – means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) Whether the information or opinion is true or not; and,
(b) Whether the information or opinion is recorded in a material form or not.
5. Pickerings – means Bundaberg Motors Pty Ltd ACN 098 931 849
6. Privacy Act – means the Privacy Act 1988 (Cth).
7. Privacy Officer – means the person specified in Schedule 1 of this Response Plan, being the person acting as Picking’s first point of contact for advice and action on privacy matters and who is responsible for carrying out functions to assist Pickerings in complying with Australian privacy legislation.
8. Response Plan – means this document and all information and procedures contained herein.
9. Serious Harm – In determining what constitutes “Serious Harm”, regard should be given to:
(a) The kind or kinds of information being dealt with (for example, Pickerings could potentially take action to remediate the risk to an individual arising from a data breach involving information that can be re-issued, such as a compromised password, but cannot change permanent information such as the individual’s date of birth or medical history);
(b) The sensitivity of the information (for example, the unauthorised access of a person’s medical records may place an individual at a high risk of serious harm);
(c) Whether the information is protected by one or more security measures (for example, if Pickerings’ detection and prevention systems detect an attack on its IT networks, Pickerings should consider whether the network security mechanisms would have been likely to have prevented the attacker from accessing the relevant personal information);
(d) If the information is protected by one or more security measures – the likelihood that any of those security measures could be overcome;
(e) The persons, or kinds of persons, who have obtained, or who could obtain, the information (for example, access by, or disclosure to, a known and trusted party is less likely to cause serious harm than access by, or disclosure to, an unknown party);
(f) If a security technology or methodology:
(i) was used in relation to the information; and
(ii) was designed to make the information unintelligible or meaningless (for example, through encryption) to persons who are not authorised to obtain the information;
(g) The likelihood that the persons, or the kinds of persons, who:
(i) have obtained, the information; and
(ii) have, or are likely to have, the intention of causing harm to any of the individuals to whom the information relates;
have obtained, or could obtain, information or knowledge required to circumvent the security technology or methodology referred to in paragraph (f) above;
(h) The nature of the harm; and
(i) Any other relevant matters-
(i) Please note that not all of the matters listed above will necessarily be relevant in all circumstances. Whilst in some circumstances one of the above matters may be determinative in reasonably identifying whether serious harm is likely to be caused to any individuals, in other cases, it may be reasonable to reach a conclusion considering a number of the relevant matters as a whole.
(ii) Additionally, the above list of matters is not exhaustive, and any other matters that may be relevant to the particular circumstances should be considered when reaching a reasonable conclusion of whether any individuals may be at risk of incurring serious harm as result of any unauthorised access, unauthorised disclosure or loss of personal information.
On 22 February 2018, a mandatory data breach notification regime (Regime) came into force under the Privacy Act. The Regime will apply to Pickerings as it is an APP entity subject to the APPs, including the security obligations set out in APP 11.1. The Regime requires Pickerings to take certain steps in response to Eligible Data Breaches of the Personal Information it holds.
To comply with the Privacy Act and Regime, Pickerings has adopted the following plan to be followed in the event that it suspects that there has been an Eligible Data Breach.
Data Breach Response Procedure
1. If any staff member of Pickerings suspects that an Eligible Data Breach may have occurred, that staff member must immediately notify the Privacy Officer of the suspected breach.
2. The Privacy Officer will, as soon as possible (but no later than 30 days after becoming aware of the suspected Eligible Data Breach), assess whether there are reasonable grounds to believe that an Eligible Data Breach has (or may have) occurred (Assessment). In completing the Assessment, the Privacy Officer should complete an entry in the Data Breach Register contained in Appendix A of this Response Plan.
3. When conducting the Assessment, the Privacy Officer will consider what personal information the breach involves, what the cause of the breach was, the extent of the breach, what harm could be caused by the breach and whether/how the breach may be contained.
4. If, after completing the Assessment, the Privacy Officer considers that there are reasonable grounds to believe that an Eligible Data Breach has taken place, the Privacy Officer will (and may consult any relevant personnel in doing so) consider and advise the management of Pickerings (Management) of whether:
(j) Any serious harm has been, or is likely to be, caused to any individuals as a result of the Eligible Data Breach; and
(k) If it is likely that no serious harm has yet been caused to any individuals, whether any action can be taken to reduce the likelihood of, or eliminate the possibility of, any harm being caused to any individuals.
5. The Privacy Officer will inform Management of, and will be responsible for implementing, any action that may be taken to reduce the likelihood of, or eliminate the possibility of, serious harm being caused to the relevant individuals.
6. If the Privacy Officer deems that no action can be taken to remedy the Eligible Data Breach, please proceed to paragraph 8.
7. If, as a result of the action referred to in paragraph 5 above, the Privacy Officer and Management are satisfied that a reasonable person would conclude that:
(a) There has been no unauthorised access to, unauthorised disclosure of, or loss of, the personal information; or
(b) The unauthorised access to, unauthorised disclosure of, or loss of, the personal information, would not be likely to result in any serious harm to any relevant individuals,
Pickerings will not need to take any further steps.
8. If, following the Privacy Officer’s Assessment, it is concluded that an Eligible Data Breach has occurred and no remedial action can reasonably prevent the risk of serious harm being caused to any individuals (or if directed to do so by the Privacy Commissioner), then the following steps will be taken.
9. The Privacy Officer will prepare a statement (Statement) setting out:
(a) Pickerings’ name and contact details;
(b) A description of the Eligible Data Breach;
(c) The kind or kinds of information disclosed, lost and/or to which unauthorised access was obtained;
(d) Recommendations about the steps that individuals should take in response to the Eligible Data Breach; and
(e) If there are reasonable grounds to believe that one or more other entities have committed an Eligible Data Breach in relation to the information, then the identity and contact details of those entities may be included.
A template version of the Statement is attached in Appendix B of this Response Plan.
10. The Privacy Officer will, as soon as practicable after preparing the Statement:
(a) Provide a copy of the Statement to the Privacy Commissioner;
(b) If practicable to notify the contents of the Statement to the individuals about whom the information relates and/or any individuals who are at risk from the Eligible Data Breach, take reasonable steps to notify the contents of the Statement to these individuals (a template Statement notification to be provided to affected individuals is attached in Appendix C of this Response Plan); and
(c) If it is not practicable to notify the individuals under 10 (b) above, then the Privacy Officer will:
(i) Arrange for a copy of the Statement to be published on Pickerings’ website (if applicable); and
(ii) Take reasonable steps to publicise the contents of the Statement.
Exceptions to requirement to notify
1. Eligible data breaches of other entitles
(a) If Pickerings takes the steps above (meaning the preparation of the Statement and the notification of its contents to the relevant individuals) and the access, disclosure or loss constituting the Eligible Data Breach is an Eligible Data Breach of one or more other entities, then the other entities will not be required to take these steps. Similarly, if another entity takes the steps above and the entity’s Eligible Data Breach is also a breach of Pickerings, then Pickerings will not be required to take these steps.
(b) This exception is intended to apply in circumstances where, for example, Pickerings and another entity jointly and simultaneously hold the same particular record of information (e.g. due to an outsourcing arrangement), and it seeks to avoid the doubling-up of the notification obligations.
2. Data breaches concerning health records
(a) If an unauthorised access to, disclosure of, or loss of personal information has been, or is required to be, notified under section 75 of the My Health Records Act, then the mandatory data notification regime will not apply in relation to such access, disclosure, or loss of information.
(b) The purpose of this exception is to avoid imposing a double notification requirement if any unauthorised access, unauthorised disclosure, or loss of personal information has been, or is required to be, notified under the My Health Records Act.
3. Enforcement related activities
(a) The Regime provides an exception to the requirement to take the steps above in relation to enforcement related activities. However, this exception will not apply to the conduct of Pickerings, as it is not an enforcement body within the meaning of the Privacy Act.
4. Inconsistency with secrecy provisions
(a) For the purposes of the Regime, “secrecy provision” means a provision of a law of the Commonwealth that prohibits or regulates the use or disclosure of information.
(b) If compliance by Pickerings with the requirement to provide the Privacy Commissioner with the Statement or to notify the affected individuals of the contents of the Statement would be inconsistent with any secrecy provision (other than any secrecy provisions prescribed by the Privacy Regulation 2013 (Cth), Pickerings will not be required to take those steps.
(c) This exception is likely only to apply in very limited circumstances.
5. Declaration by Privacy Commissioner
(a) If the Privacy Commissioner becomes aware that there are reasonable grounds to believe that there has been an Eligible Data Breach by Pickerings, or if Pickerings informs the Privacy Commissioner of such grounds, the Privacy Commissioner may declare that:
(i) Pickerings is not required to prepare a Statement (and is therefore not required to provide one to the Commissioner or to notify any individuals); or
(ii) Pickerings and any other entities that have been involved in the eligible data breach, must notify any affected individuals within a specified period of time.
(b) The Privacy Commissioner is only permitted to make either of the declarations above if they are satisfied that it is reasonably practicable to do so, having regard to the public interest, any relevant advice provided by an enforcement body or the Australian Signals Directorate of the Defence Department, and any other relevant matters.
(c) The Privacy Commissioner may make either declaration on its own initiative or upon the application of Pickerings. If Pickerings applies for a declaration, the Privacy Commissioner will not be required to make the declaration and must provide written notice to Pickerings if they refuse the application.
(d) If Pickerings makes an application to the Privacy Commissioner for a declaration in accordance with the paragraphs above, then Pickerings will not be required to prepare a Statement or to notify any individuals of the contents of the Statement until the Privacy Commissioner has responded to the application.
Contracting with third parties
1. Ideally, Pickerings should ensure that its privacy obligations are included in any and all contracts or agreements with third party service providers, contractors, marketing agencies etc. (including those located overseas, if any) (together, Third Party Providers).
2. The sample contract clause provided in Appendix D of this Response Plan should be inserted by Pickerings in all future contracts with Third Party Providers.
3. In the event third party contracts are already on foot, or if existing contracts prove difficult to amend, it is recommended that Pickerings request Third Party Providers sign the Privacy Acknowledgement and Undertaking provided in Appendix E of this Response Plan.
A copy of the appendices can be downloaded as a PDF here.
WEBSITE TERMS AND CONDITIONS OF USE
A copy of this document can be downloaded as a PDF here.
Document date: 21 MARCH 2023
- Welcome! This Website is owned by Bundaberg Motors Pty Ltd ACN 098 931 849 (Pickerings, we, us and our). Thank you for visiting.
- Pickerings provides this Website for You to view our product and service offerings.
- Please be aware that we also separately maintain our:
- Parts Sale Agreement Terms and Conditions (detailing our sale and provision of motor vehicle parts), accessible at https://admin.i-motor.com.au/ssl/CMS/files_cms/85961_terms_and_conditions_of_parts_sales_agreement.pdf
1. means the Australian Consumer Law as contained in the Competition and Consumer Act 2010 (Cth).
2. means any one or more of the following:
a. Indirect loss;
b. Loss of revenue;
c. Consequential loss;
d. Loss in connection with third party claims;
e. Loss of reputation;
f. Loss of profits;
g. Loss of bargain;
h. Loss of actual or anticipated savings;
i. Lost opportunities, including opportunities to entire into arrangements with third parties; and
j. Loss or corruption of data.
3. Includes all:
a. inventions, discoveries, innovations, novel or technical information and data, prototypes, processes, improvements, and patents, including all patents and patented applications, processes and products within the meaning of the Patents Act 1990 (Cth);
b. circuitry and circuit layouts, computer programs, software, code, drawings, plans, and specifications;
c. domain names, business names, trade marks, including any trade name, brand name, common law trade mark, or trade mark within the meaning of the Trade Marks Act 1995 (Cth);
d. designs, including all designs within the meaning of the Designs Act 2003 (Cth);
e. copyright material within the meaning of the Copyright Act 1968 (Cth);
f. trade secrets and know-how; and
g. works, and all other works resulting from intellectual activity in the industrial, scientific, education, literary, or artistic fields.
5. means any State, Federal and/or international law/s applying to or otherwise governing You and/or Your conduct.
6. Means our website as located at the domain www.bundabergmotorgroup.com.au/ and all content contained or otherwise displayed therein,
You / Your
7. are references to you (whether an individual, business, corporation or other entity) as a user of our Website.
8. The following rules apply unless the context requires otherwise:
a. headings are for ease of reference only and do not affect interpretation;
b. the singular includes the plural and vice versa, and a gender includes other genders;
c. if a word or phrase is defined, its other grammatical forms have a corresponding meaning;
d. a reference to a person, corporation, trust, partnership, unincorporated body or other entity includes any of them;
e. a reference to a clause is a reference to a clause of this document;
f. a reference to an agreement or document is to the agreement or document (or schedule) as amended, varied, supplemented, novated or replaced, from time to time;
g. a reference to a party to an agreement or document includes that party’s successors, permitted substitutes and permitted assigns (and, where applicable, that party’s legal personal representatives);
h. a reference to conduct includes, without limitation, an omission, statement or undertaking, whether or not in writing;
i. a reference to dates and times are to those dates and times in Queensland;
j. a reference to “dollars”, “$” or an amount of money is to Australian currency;
k. the meaning of general words is not limited by specific examples introduced by “including”, “for example” or similar expressions; and
l. a rule of construction does not apply to the disadvantage of a party because the party was responsible for the preparation of this document or any part of it.
9. By and during Your access to and use of the Website, You agree that:
g. You will not use the Website for any activities that breach any Relevant Laws, infringe the rights of third parties, or are contrary to relevant standards or codes.
h. You will not use the Website to harm or harass others.
i. You will not make fraudulent, speculative, or spam enquires, purchases, or requests through the Website.
j. You will not interfere with or damage or attempt to override any software or data associated with the Website.
k. You will not use any robot, spider or other device or process to mine, retrieve or in any way reproduce, modify, or obtain data or code from the Website.
l. You will not, except to the extent permitted by law, modify, adapt, sublicense, sell, reverse engineer, decipher, decompile, or otherwise disassemble any portion of the Website, or cause any other person to do so.
m. You will not reformat or reframe any portion of the Website or cause any other person to do so.
n. You will not take any action that would be reasonably likely to result in the infrastructure of our Website being overloaded or otherwise rendered non-functional.
Disclaimer and indemnities
11. You acknowledge and agree that the information contained on the Website:
a. is general in nature only and is not purported to be comprehensive;
b. is current only at the time it is placed on the Website and we are under no obligation to update the information or correct any inaccuracy which may become apparent at a later time; and
c. is not intended to provide or make any recommendation or binding offer on which You may rely on for any purpose whatsoever.
12. All vehicles listed on the Website are subject to prior sale. Please check with us for the current status of all listed vehicles.
13. To the extent permitted by law, Pickerings and each of its related bodies corporate exclude all liability to You or anyone else for loss or damage of any kind (however caused or arising) relating in any way to the Website including, but not limited to, loss or damage You might suffer as a result of:
a. errors, mistakes, or inaccuracies in the content of the Website;
b. You acting, or failing to act, on any information contained on or referred to on the Website and/or any linked website;
c. personal injury or property damage of any kind resulting from Your access to or use of the Website;
d. any unauthorised access to or use of the Website’s secure servers;
e. any interruption or cessation of transmission to or from the Website;
f. any bugs, viruses, trojan horses or other harmful code or communications which may be transmitted to or through the Website by any third party; and/or
g. the quality or fitness for any purpose of any linked websites.
14. You acknowledge and agree that Pickerings takes no responsibility for any direct, indirect, special, incidental or Consequential Loss, or any damage, however caused, suffered by You in connection with:
a. Your use of the Website; or
b. Your use of or reliance on any information displayed, contained, or otherwise appearing on the Website.
Access to the Website
17. We may, in our complete and sole discretion, and without prior notice to You, cease making the Website available. In these circumstances, any existing orders (whether for goods or services) You have made and/or approvals You have obtained will not be affected unless the goods, services or approvals ordered are unavailable and/or we are, for any reason, unable to provide them to You.
18. You warrant that:
a. All information and data provided by You to Pickerings via the Website or otherwise is true, accurate, complete, and up to date.
b. You have and will continue to comply with all Relevant Laws relating to Your use of the Website and your interactions and/or dealings with us.
20. You acknowledge and agree that all content, coding, graphics, images, animations, and Information available on the Website is protected by copyright, and other intellectual property rights and laws.
22. You expressly acknowledge that using the Website does not give You any right, title or interest to the content set out in the Website, or any other aspect of the Website.
23. Your use of the Website, and the content set out therein, for commercial purposes is expressly prohibited, without our prior written consent, which may be withheld in our sole discretion.
24. We and/or our subsidiaries or affiliates have proprietary rights in (or are otherwise legally permitted to use) all trade marks and trade names which appear on the Website. Using a trade mark without the registered owner’s consent infringes the owner’s intellectual property rights.
25. By using the Website, You agree not to challenge Pickerings’ and/or our subsidiaries, affiliates and/or business partners rights or ownership in respect of:
a. The domain name(s) for accessing the Website;
b. Any trade marks appearing on, or in connection with, the Website; or
c. Any material in which copyright subsists that is used in connection with the Website.
Links to other sites
26. You may from time to time be able, through hypertext or other computer links appearing within the Website, gain access to other websites operated either by Pickerings and/or our subsidiaries or affiliates (Linked Sites) or other third parties (Third Party Linked Sites).
29. We are not responsible for the content of any Third Party Linked Sites, or any changes or updates to them. We provide these links for your convenience only. You follow a link to any such Third Party Linked Sites at your own risk.
30. Unless expressly stated in writing, Pickerings and/or our subsidiaries or affiliates are not a party to any transaction between you and a Third Party Linked Site.
31. Unless specified, Pickerings and/or our subsidiaries or affiliates do not sponsor, endorse, adopt, confirm, guarantee, or approve of any material or representations made in those Third Party Linked Sites.
Liability – FAULTY PRODUCTS AND SERVICES
33. In accordance the ACL, our goods and services may come with guarantees that are unable to be excluded.
34. Any guarantees pertaining to our provision of goods or services to You will be set out within the agreement/contract attaching to the provision of the relevant good or service.
Transfer and Assignment
41. If Pickerings sells or otherwise changes control of its business or this Website to a third-party, Pickerings reserves the right, without giving notice or seeking consent, to transfer or assign the personal information, content and rights that Pickerings has collected from You and any agreements it has made with You.
43. If You access the Website in or from a jurisdiction other than Australia, you are responsible for compliance with the laws of that jurisdiction, to the extent that they apply. Pickerings makes no representations that the content of the Website complies with the laws of any country outside Australia.
a. By email to:
i. Address: email@example.com
b. By mail to:
i. Address: GPO Box 5299, Brisbane QLD 4001
END OF AGREEMENT
© Bundaberg Motors Group Pty Ltd 2023