Full Privacy Statement
Full Privacy Statement
Full Privacy Statement
Full Privacy Statement
SCOPE OF THIS POLICY
Mercedes-Benz Financial Services Australia Pty Ltd (ABN 73 074 134 517) (“we”, “us” or “our”) takes the use, collection and protection of your personal information seriously. We respect your personal information and privacy and are committed to keeping your personal information safe.
This Privacy Statement outlines the following:
1. The kinds of information we collect and hold about you
(including sensitive information);
2. How we collect your information;
3. The purpose for which we collect, use and disclose your personal information (including overseas disclosure and direct marketing);
4. How to access, update or correct your personal information;
5. How we secure your personal information; and
6. How you can make a privacy complaint.
Where we deal with your personal information, we are governed by and comply with the following:
- The Privacy Act 1988 (Cth) (“the Privacy Act”), including the Australian Privacy Principles (“APPs”) located in Schedule 1 of the Privacy Act; and
- The Privacy (Credit Reporting) Code 2014 as set out in Part IIIA of the Privacy Act.
1. THE KINDS OF INFORMATION WE COLLECT AND HOLD
1.1 Personal information
Personal information is defined in the Privacy Act as information or an opinion about an identified individual, regardless of whether that information or opinion is true or not or whether the information or opinion is recorded in a material form or not. We collect personal information that is reasonably necessary for or directly related to one or more of our functions and activities. The types of personal information we collect include, but are not limited to, your:
- Age and birth date;
- Occupation and employment details (including information about companies and/or businesses you are associated with);
- Contact details;
- Residential and/or business address;
- Vehicle, registration and drivers licence details;
- Vehicle’s location (if a right for us to repossess your vehicle arises under your finance contract or a finance contract of a company of which you are a director);
- Credit card and bank account details;
- Other financial information (including credit information
and information about your financial position);
- Insurance history;
- Current and past vehicle information and details;
- Cookies and website tracking;
- Voice (when we record inbound and outbound calls for
quality, training and record keeping purposes);
- Image (by video and/or photograph at events, during
market research or through security cameras on our premises);
- Educational qualifications, resume and reference checks; and
- Personal interests.
1.2 Credit information
When you apply for credit with us, receive credit from us or guarantee the obligations of another under their credit arrangements with us, we may also collect, hold, use and disclose credit information about you. Credit information is ‘personal information’, however it is also regulated by the Privacy (Credit Reporting) Code 2014 and Part IIIA of the Privacy Act. Credit information includes, but is not limited to:
- Information about your credit worthiness;
- Default information;
- Repayment history information;
- Payment information;
- Credit reports;
- Personal insolvency information; and
- Credit liability information.
1.3 Sensitive information
Sensitive information is personal information that, due to its nature, is given a higher degree of protection under the Privacy Act. It generally refers to information or an opinion regarding your:
- Racial or ethnic origin;
- Political opinions;
- Membership of a political association;
- Religious beliefs or affiliations;
- Philosophical beliefs;
- Membership of a professional or trade association;
- Sexual preference or practices;
- Criminal record; or
- Health information.
We generally do not collect sensitive information unless it is reasonably necessary for a specific purpose, such as assessing a hardship application. We will only collect this information if we have your express consent or if its collection is required by law.
Where appropriate, we provide you with the option of remaining anonymous when dealing with us, unless such anonymity would be considered unlawful or impracticable. If you elect not to provide us with your personal information, the services or opportunities we can offer you may be limited.
2. HOW WE COLLECT AND HOLD YOUR INFORMATION
2.1 Collection of personal information
We take steps to ensure that whenever we collect your personal information, we do so by lawful and fair means. Depending on the circumstances, we may obtain your personal information in a variety of ways, including but not limited to:
- When you contact or correspond with us;
- When you phone our customer support and assistance centres or require support;
- When you attend our premises;
- When you visit an authorised retailer;
- If you order a product or service from us;
- If you, or a company or business you are associated with, applies to us for credit;
- When you complete a survey;
- Via social media;
- From publicly available sources such as data aggregators and public databases;
- From third party service providers;
- When you apply for work with us and during reference checks;
- From other related entities or Daimler Group companies;
- From government bodies, enforcement and regulatory authorities.
When you provide personal information about other individuals to us (for example, joint owners, business or commercial partners and/or associates, family members or referees), we rely on you to inform those individuals that you are providing their personal information to us and tell them about this Privacy Statement.
2.2 Collection of credit information
If you, or a business or company you are associated with applies to us for credit, we will collect credit information about you from Credit Reporting Bodies (“CRB”) in the form of a credit report. The CRBs that we currently use are:
i. Equifax Pty Ltd
ii. Illion Australia Pty Ltd (formerly Dun & Bradstreet Pty Ltd)
iii. Experian Australia Credit Services Pty Ltd
The privacy policies for the above CRBs can be found on their websites.
You can request that a CRB not use or disclose credit information it holds about you for a period of 21 days (“ban period”) without your consent if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.
When you, or a business or company you are associated with applies to us for credit, you agree to us accessing your personal information (including credit information) held with a CRB, even if there is a ban period in place, for the purpose of assessing an application for in credit or in order to collect overdue payments.
In some cases, we may also obtain credit information about you from other lenders who appear in credit reports about you provided by CRBs.
3. PURPOSE OF COLLECTION, USE AND DISCLOSURE OF YOUR INFORMATION
3.1 How we may use your personal information
We primarily collect your personal information so that we can provide you with the best possible finance and insurance products and services that we and our authorised retailer network have to offer, to create a more personalised experience for you and to comply with our legal, regulatory, industry or workplace requirements. More specific purposes include but are not limited to:
- Any purpose which we inform you about when we collect your personal information or to which you have provided your consent;
- Any related purpose which would be reasonably necessary or directly related to one or more of our functions or activities;
- Responding to enquiries in relation to products we sell and services we offer;
- Providing support to our customers and authorised dealer network;
- Providing customer assistance and care;
- Fulfilling and processing orders, requests, applications and administering accounts;
- Carrying out marketing, event and promotional activities;
- Informing you of special events or offers;
- Performing market research, customer surveys, customer analysis and product development;
- For accounting, billing or other internal administrative purpose;
- Recruitment purposes;
- To protect our interests by registering a security interest on the Personal Property Securities Register;
- Checking against sanctions lists;
- To comply with industry, legal and regulatory requirements; and/or
- Where permitted or required by law, a court or tribunal.
3.2 How we may use your credit information
We primarily use your credit information for the following purposes:
- Assessing you as a borrower or guarantor and/or to assess a credit application by a company of which you are a director;
- Managing a finance contract;
- Complying with our legislative and regulatory obligations, including but not limited to those arising under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (see 3.3.1 below) and the National Consumer Credit Protection Act 2009 (Cth);
- Assist you in managing your debts or to assist us to collect overdue payments on credit contracts.
3.3 Disclosure of information
During the course of our day to day business, we may disclose your personal information to third parties outside our organisation, including but not limited to:
- Those that you have consented we disclose your personal information to, either impliedly by your conduct, verbally or in writing;
- Our authorised retailer network;
- Insurers for the purposes of arranging or managing an insurance policy;
- Contracted service providers including but not limited to advertising and marketing agencies, financiers, insurers, mailing houses, printers, organisations that assist us to conduct promotions or market research, payroll service providers, recruitment agencies, debt collectors, data analysts, IT service providers, roadside assistance providers, database storage and service providers, cloud service providers and professional advisors;
- To other members that are part of, related to or associated with the Daimler Group (some of which are based overseas see 3.4 below);
- To related companies for example, Mercedes-Benz Australia Pacific Pty Ltd that we share corporate services with;
- Necessary third parties for the purposes of facilitating or implementing a sale or transfer of all or part of our assets or business; and/or
- As required by an enforcement authority, regulator, law, court or tribunal
3.4 Anti-Money Laundering and Counter Terrorism Financing Act
We may be required by the AML/CTF Act to verify your identity before providing credit to you. In order to do this, if you provide your consent we may provide your name, residential address and/or date of birth to a CRB and ask the CRB to provide an assessment of whether this personal information matches the information held by the CRB and other bodies.
This assessment is not a credit check and we will not use the assessment for any purpose other than to verify your identity as required by the AML/CTF Act.
If you do not want us to provide a CRB with your personal information for the purposes of verifying your identity, you may request that we verify your identity by using independent and reliable documents such as a drivers licence or passport. In this case, MBFSAu or an authorised dealer will need to sight your original identification document(s) or an original certified copy/ies of same.
3.5 Cross border disclosure
In the ordinary course of our day to day business activities, your personal information may be transferred, accessed, processed and/or stored in various countries within Asia, Africa, Europe and North America and other parts of Australasia. Though for the most part, this will mean Germany, Singapore, the United Kingdom, India, Japan, New Zealand, China and the Philippines.
Where we arrange for work or services to be undertaken on our behalf, that work is undertaken under conditions of confidentiality and may result in your personal information being transferred, accessed, processed and/or stored (for example, on clouds or servers) in various countries for the purpose of service delivery to us or you.
Unless an exception applies in the Privacy Act, prior to disclosing personal information to overseas recipients we will take reasonable steps in the circumstances to ensure that the overseas recipient adheres to the Privacy Act or equivalent standards.
3.6 Direct marketing
Direct marketing involves us communicating directly with you to promote the sale of our goods and services. This can be done by a variety of methods including for example, by mail, telephone, e-mail or SMS/IM/MMS and potentially by third parties on our behalf. We will obtain your consent prior to using or disclosing your personal information for direct marketing purposes.
We do not actively market to children or knowingly collect personal information about children without parental consent. Whilst we do take steps to ensure that children’s privacy and rights are not compromised, it is ultimately the responsibility of parents to monitor their children’s internet usage.
3.6.1 Electronic communications
Where we electronically communicate with you (e.g. by instant messaging, SMS/IM/MMS, and other mobile phone messaging (excluding voice to voice communications)) for the purpose(s) mentioned above, we comply with the Spam Act 2003 (Cth) as amended from time to time. We take steps to ensure that our electronic communications meet the following conditions:
a. They will only be sent with your consent, which you either provide expressly, or in very limited circumstances, that consent is inferred by your conduct or an existing ongoing business relationship;
b. They contain accurate information about us and how to contact us; and
c. They contain a functional unsubscribe facility to allow you to opt out of receiving electronic messages from us in the future.
3.6.2 Do Not Call Register Act 2006 (Cth)
The Do Not Call Register Act 2006 (Cth) allows telephone numbers to be registered if they are used primarily for domestic or private purposes in order to allow you to opt out of receiving most telemarketing calls or marketing faxes. If you have registered your private or domestic number on the register, then we will not contact you for telemarketing purposes for example, offering to sell you goods or services except if you have expressly opted in to receive direct marketing phone calls from us which you can opt out at any time.
However, we may still contact you for purposes that are not telemarketing purposes, including but not limited to the following:
- Product issues and fault rectification calls;
- Calls relating to payments;
- Calls relating to a contact or the subject matter of a contract we have with you; and
- Solicited calls.
3.6.3 Opting out
If you do not wish to receive direct marketing, electronic communications or telephone calls from us for direct marketing purposes, you can opt out at any time. Please let us know by contacting us on 1300 730 200 or at email@example.com. When you opt out, we will stop sending the material until such time as you change your preferences.
If you elect not to receive any direct marketing material from us, you are likely to miss out on special product and service promotions, invitations to public events, publications and other items that fall into this category.
4. ACCESS AND CORRECTION OF INFORMATION
4.1 Access to information we hold about you
At any time you can request access to information we hold about you. We aim to respond to your request within 21 days. We may charge a reasonable fee for information requests.
Whilst we are obliged to provide you with access to your information, there are exceptions and those are outlined in the Privacy Act. If one of the exceptions applies to your access request, we will (if reasonable in the circumstances) work with you and attempt to provide you with access in a way to meet both of our needs. If it is reasonable in the circumstances, we will also notify you in writing if we have determined to refuse access to your personal information due to one of the exceptions listed above and the reasons for that refusal.
4.2 Correction of information we hold about you
We also encourage you to actively engage with us and let us know when your details change or if your personal information needs correction or updating via our contact information provided below. To correct personal information, we need to be satisfied on reasonable grounds that the information we hold about you is inaccurate, out of date, incomplete or misleading.
We will respond to requests to correct your personal information within 21 days. If we correct your personal information, we will notify you and any other person or organisation that the information is relevant to. If we refuse to correct your personal information, we will provide you with written notice setting out:
- The reasons for the refusal;
- Mechanisms available to complain about the refusal; and
- Any other matter required by law.
If we refuse to correct your personal information, you can request that we associate a statement with the information you believe to be inaccurate in a way that makes the statement apparent to other users of the information.
5. SECURITY OF PERSONAL INFORMATION
5.1 Integrity and quality of personal information
We take reasonable care to ensure that personal information we use, store and subsequently destroy/delete (where relevant) meets certain quality requirements, in that the personal information is accurate, up to date and complete.
5.2 Security of personal information
While care is taken to protect your personal information, unfortunately no data transmission over the internet is guaranteed as being 100% secure. Accordingly, we cannot guarantee the security of any information you send to us or receive from us online. That is particularly true for information you send to us via email as we have no way of protecting the information until it reaches us. Once we receive your personal information, we are required to protect it in accordance with the Privacy Act.
We follow the Daimler global policies, guidelines and standards which are designed to secure your information. We continually train and remind our staff of the importance of keeping information safe and secure.
We have adopted active security measures to ensure that your personal information is kept safe from misuse, interference, loss, unauthorised access, disclosure and modification, such as:
a. System security: Our application systems are password protected and can be accessed only by people authorised to do so. Our policies require us to encrypt confidential information, for instance, when you provide information to us by using our website or when you send information from your computer to us. Security is inbuilt into the design and operations of our systems through the use of firewalls, ethical hacking and virus scanning tools.
b. Physical security: Our premises are protected against unauthorised access by way of access card for entry, cameras, alarms and security services.
c. Data retention: If personal information is no longer required for the purpose for which we are permitted to use, disclose or legally retain it, then we will permanently remove from a record any information by which an individual may be identified on order to prevent future re-identification from the data available. We retain information as long as needed to comply with the law or our own corporate policies and procedures.
Whilst we seek to keep your personal information secure, errors may occur from time to time and we will act quickly to investigate them and implement measures to avoid them from happening again (where possible).
We will at no time sell, rent or trade your personal information to or with any other unrelated entity.
If you have any concerns regarding:
- this Privacy Statement;
- the way we have handled your personal information;
- You believe that we have breached the Privacy Act, APPs or the Credit Reporting Code;
please contact us at:
Mercedes-Benz Financial Services Australia Pty Ltd
1/41 Lexia Place
Mulgrave VIC 3170
We will endeavour to respond to all complaints as soon as possible and will notify you of our decision within 21 days. If we are unable to meet this timeframe, we will let you know the reasons for the delay and the expected timeframe for resolving the complaint.
If you are dissatisfied with our response to your complaint, you may contact the Office of the Australian Information Commissioner. Alternatively you may also refer your complaint to the Australian Financial Complaints Authority, our approved External Dispute Resolution scheme. The contact details for both organisations are set out below:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
1300 363 992
Australian Financial Complaints Authority
GPO Box 3
Melbourne VIC 3001
1800 931 678
Last updated: November 2018