2. Collection of Personal Information
2.1 We collect Personal Information when you:
(a) register for membership;
(b) interact with us through the phone, in person or via email and you provide us your details;
(c) purchase or subscribe to our products or services;
(d) subscribe to our mailing list;
(e) enter our competitions or promotions; or
(f) apply for positions with Us or you are our contractor.
2.2 We collect Personal Information to:
(a) improve our products and services;
(b) provide our product and/or service to you;
(c) communicate with you;
(d) offer you promotional product or market our product that you are interested in;
(e) keep a record of your order for refund or exchange;
(f) keep our customer database;
(g) to investigate any complaints that you make;
(h) to investigate whether you are in breach of our terms and conditions;
(i) verify your identity;
(j) to notify you of vacant positions if you applied for jobs with Us;
(k) comply with the law or to use your information as permitted under the law; and
(l) use your information for purposes that are related to the above.
2.3 We collect and hold following types of Personal Information:
(a) your contact details that may include but are not limited to your name, business name, postal address, email address, and phone number;
(b) optional Personal Information that you consent to provide, including your interests in a particular area, gender, age, transport types you use and general questions relating to the automotive industry we may ask from time to time; and
(c) optional surveys that provide Personal Information including whether you like our Business or Website and what you like or do not like, and your opinion on various transport issues for instance, cost and safety.
2.4 We will only collect your Personal Information using fair and lawful means.
2.5 We do not store credit card details as we use payment gateways and/or third party processor.
2.6 If we receive unsolicited Personal Information, we may destroy it or ensure that it is de-identified if it is lawful and reasonable to do so.
3.1 You understand and acknowledge that the consent you are to provide when submitting Personal Information to us is required in order for us to provide you with our goods and/or services. Failing to provide consent may result in failure to issue you with the good and/or service.
Withdrawal of Consent
3.2 Consent may be withdrawn by contacting us in accordance with clause 12 of this policy.
3.3 After having received, reviewed and actioned your request, subject to clause 11, your withdrawal of consent will be noted on our system.
3.4 We will use our best commercial endeavours to action your request as soon as possible. However, we note that during the time between receiving your request to processing the withdrawal your Personal Information, you will not hold use liable for the use of your Personal Data during this processing time.
3.5 Personal Information will be marked as ‘restricted’ between the time of processing your request to withdraw until the actual time of the withdrawal being actioned.
4. Customer Right to be Forgotten
4.1 In addition to the withdrawal of your consent, you may also contact us to erase your Personal Information.
4.2 You may contact us in accordance with Clause 12, to have your Personal Data erased and we will use our reasonable discretion to erase same if:
(a) the Personal Information provided is no longer necessary in relation to the purpose of collection;
(b) you have withdrawn your consent for us to hold your Personal Information;
(c) the legal retention period for holding your Personal Information has expired;
(d) you object to the use of your Personal Information; or
(e) the processing of your Personal Information was not in accordance with the EU GDPR.
5.1 We may, from time to time, use ‘cookies’ which are small data file placed on your machine or device to store information.
(a) authentication cookies that monitor whether you are logged in or not;
(b) session cookies that allow you to remain logged in and keep track of your activities until the browser shuts down;
(c) persistent cookies that help us monitor our services by recording your browser activities and they do not expire upon browser shut down; and
(d) flash cookies to personalise your experience.
(a) improve the performance by reporting any errors that occur;
(b) provide statistics about how the Website is used;
(c) remember settings that you used on our Website;
(d) identify that you are logged into the Website;
(e) link to social networks like Facebook and Twitter; and
(f) provide ads that are tailored to you.
5.4 Please note that although cookies do not generally store Personal Information, they may contain your IP address. However you are effectively anonymous to us because the data are collected in aggregate.
5.5 When providing us with Personal Information and in the event of known tracking cookies being used, we aim to use all reasonable commercial endeavours to notify you and obtain your consent to its use in that situation.
6.1 All credit card transactions are implemented under industry standard Secure Sockets Layer (SSL) protocol with 128-bit encryption.
6.2 For credit card transactions we use a third party processor (e.g. PayPal) and/or payment gateway (e.g. eWay, FatZebra) that we may change from time to time so that:
(a) payments are processed in real time; and
(b) we do not have access to your credit card numbers.
6.3 We use database management system to store most of the Personal Information and it contains security features, such as encryption, firewall and anti-virus, to ensure the protection and integrity of our data.
7. Anonymity and Pseudonymity
7.1 You may interact anonymously or by using a pseudonym, for example when you:
(a) call us;
(b) use our online forums that does not require membership; or
(c) email us,
and you may refuse to give your details.
7.2 You must provide your Personal Information when you:
(a) purchase goods that require delivery;
(b) register for membership;
(c) sign up for mailing list;
(d) lodge a complaint; and
(e) are required to provide Personal Information under the law.
8. Disclosure of Personal Information
8.1 We only disclose your Personal Information for purposes that are reasonably related to our Business.
8.2 We will not disclose your Personal Information to third parties for payment, profit or advantage.
8.3 We may disclose your Personal Information to third parties, from time to time, to assist us in conducting our Business, including:
(a) technology service providers including internet service providers or cloud service providers;
(b) couriers such as Australia Post;
(c) data processors that analyse our website traffic or usage for us;
(d) agents that perform functions on our behalf, such as mailouts, debt collection, marketing or advertising;
(e) our related bodies corporate; and
(f) to persons, entities or courts as required under the law.
8.4 We may disclose your Personal Information to third parties:
(a) to provide the service you wish to use;
(b) to improve our Business, services, products and Website;
(c) to customise and promote our services which may be of interest to you;
(d) to comply with or as permitted under the law; or
(e) with your consent.
8.5 We may disclose your Personal Information to entities located overseas and will use reasonable endeavours to ensure they are subject to similar privacy legislation when handling such information.
8.6 We use our every and best endeavours to ensure each third party we directly contract with, in the dealings of Personal Information, are aware of their processor liability provisions under the EU GDPR and also are aware of privacy obligations in the dealings with Personal Information.
9. Retention of Personal Information
9.1 Personal Information held by us is retained until:
(a) such time as we deem this Personal Information to no longer be active, timely or correct (Inactive Personal Information); or
(b) You withdraw your consent to us holding your Personal Information.
9.2 Personal Information held by us may undergo review to ascertain whether Personal Information can be classified as Inactive Personal Information. This type of review will take place from time to time, at the reasonable discretion of the Business.
9.3 Inactive Personal Information is then deleted after it is no longer required/necessary to be held.
9.4 Other types of information (i.e. order number, order date etc) relating to a transaction with us is kept, for the statutory required period of time for record keeping.
10. Direct Marketing to You
10.1 We will not send you unsolicited commercial electronic messages in contravention of the Spam Act 2003 (Cth).
10.2 We may use the non-sensitive information you gave us for the purpose of promoting and marketing our Business to you if we:
(a) use the information that you reasonably expected us to use for promoting and marketing our Business to you; and
(b) provide you a simple method to opt-out.
10.3 We will not contact you to promote or market our Business if you requested us not to.
10.4 We may also disclose your Personal Information to our related entities, including our Member Clubs and their related entities, so they may give you information and offers about products and services offered by them.
11. Accessing and Correcting Your Personal Information
Accessing Your Personal Information
11.1 You may request access to your Personal Information that we hold and we will:
(a) verify your identity;
(b) charge you to cover the cost of meeting your request, if any, but not for the request itself; and
(c) within a reasonable period of time, comply with your request.
11.2 We may refuse to allow you to access your Personal Information if we are not required to do so under the Australian Privacy Principles.
Correcting Your Information
11.3 You may request to correct your Personal Information that we hold and we will update your Personal Information so that it is up-to-date, accurate, complete, relevant and not misleading.
11.4 Members of our Website may change their details online.
How to Contact Us
11.5 If you would like to access or correct your Personal Information, please contact us by:
(a) email: [email protected]
(b) writing to: GPO Box 1555 Canberra 2601ACT; or
(c) phone: +61 2 6247 7311
12.1 If you believe we breached the Australian Privacy Principles under the Privacy Act 1988 (Cth) or a registered Australian Privacy Principles Code, or the EU GDPR you may lodge a complaint as follows:
(a) firstly, contact us in writing to the email or postal address in clause 11.5 and include the following in your complaint:
(i) your contact details;
(ii) section or provision of the Australian Privacy Principles or Code or EU GDPR that you believe we breached; and
(iii) our practice or policy that you believe breaches the relevant Australian Privacy Principle or Code,
(b) and you must allow us a reasonable time, about 30 days, to reply to your complaint; and
(c) secondly, you may complain to the Office of the Australian Information Commissioner if:
(i) you are not satisfied with our response; or
(ii) we do not respond to you within a reasonable time without sufficient explanation.
13. Personal Information Breach
13.1 In the unlikely event of a breach of privacy:
(a) we employ practices to notify the relevant bodies under the Privacy Act 1988 (Cth) and the EU GDPR within the required timeframes.
(b) We will notify you without undue delay, should it be found the breach places your rights and freedoms at a high risk.
14. Definitions and Interpretation
14.1 Unless contrary intention appears:
(a) Australian Privacy Principles means the principles under the Schedule 1 of the Privacy Act 1988 (Cth).
(b) Business means Australian Automobile Association (AAA) and Member Clubs and related automotive services.
(c) Personal Information means personal information as defined under Privacy Act 1988 (Cth).
(d) Member Club(s) are listed in Table 1 at the end of this Agreement.
(e) Sensitive Information means sensitive information as defined under Privacy Act 1988 (Cth).
(f) We (whether in capitals or not) means Australian Automobile Association (AAA) and our Member Club(s) and Ours have corresponding meanings.
(g) Website means any current or future created Business websites, which may be amended from time to time.
(h) You (whether in capitals or not) means the user of our Website and Your and Yours have corresponding meanings.
14.2 The word ‘include’ is used without any limitation.
Table 1 – Member Clubs
|State or Territory||Member Club||Website|
|Australian Capital Territory||NRMA||http://www.mynrma.com.au/|
|New South Wales||NRMA||http://www.mynrma.com.au/|