Updated on 5th of December 2017
This policy covers Biddly Enterprises Pty Ltd and its related bodies corporate (“Biddly”, “we” or “us” or “The Data Controller”).
We understand how important it is to protect your personal information. This policy is our commitment in respect of personal information we hold about you and what we do with that information. Our commitment is to abide by the Australian Privacy Principles for the protection of personal information, as set out in the Privacy Act 1988 (Cth).
- Collection of personal information
Types of Data collected
Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Cookies, Usage Data, phone number, first name, last name, gender, email address and Postal code.
The Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.
All Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without any consequences on the availability or the functioning of the service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Users are responsible for any third party Personal Data obtained, published or shared through this Application and confirm that they have the third party’s consent to provide the Data to the Owner.
- Use of personal information
The Data concerning the User is collected to allow the Owner to provide its services, as well as for the following purposes: Access to third party accounts, Analytics, Interaction with external social networks and platforms, Advertising, Contacting the User, Handling payments, Managing landing and invitation pages, Remarketing and behavioral targeting and SPAM protection.
The Personal Data used for each purpose is outlined in the specific sections of this document.
Facebook permissions asked by this Application
This Application may ask for some Facebook permissions allowing it to perform actions with the User’s Facebook account and to retrieve information, including Personal Data, from it. This service allows this Application to connect with the User’s account on the Facebook social network, provided by Facebook Inc.
The permissions asked are the following:
Basic information: By default, this includes certain User’s Data such as id, name, picture, gender, and their locale. Certain connections of the User, such as the Friends, are also available. If the User has made more of their Data public, more information will be available.
About Me: Provides access to the ‘About Me’ section of the profile.
Contact email: Access the User’s contact email address.
Email: Provides access to the User’s primary email address.
3. Detailed information on the processing of Personal Data:
Personal Data is collected for the following purposes and using the following services:
a) Access to third party accounts
This type of service allows this Application to access Data from your account on a third party service and perform actions with it.
These services are not activated automatically, but require explicit authorization by the User.
Facebook account access (this Application)
Google Drive account access (Google Inc.)
he services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics (Google Inc.)
Google Analytics with anonymized IP (Google Inc.)
Google Tag Manager (Google Inc.)
Hotjar Form Analysis & Conversion Funnels (Hotjar Ltd.)
c) Remarketing and behavioural targeting
This type of service allows this Application and its partners to inform, optimize and serve advertising based on past use of this Application by the User.
This activity is performed by tracking Usage Data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity.
AdWords Remarketing (Google Inc.)
Facebook Custom Audience (Facebook, Inc.)
Facebook Remarketing (Facebook, Inc.)
Remarketing through Google Analytics for Display Advertising (Google Inc.)
d) Contacting the User:
Phone contact (this Application)
Users that provided their phone number might be contacted for commercial or promotional purposes related to this Application, as well as for fulfilling support requests. Personal Data collected: phone number.
Contact form (this Application)
By filling in the contact form with their Data, the User authorizes this Application to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header. Personal Data collected: email address, first name, gender, phone number and Postal code.
e) Handling payments
Payment processing services enable this Application to process payments by credit card, bank transfer or other means. To ensure greater security, this Application shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction.
Some of these services may also enable the sending of timed messages to the User, such as emails containing invoices or notifications concerning the payment.
Stripe (Stripe Inc) – Stripe is a payment service provided by Stripe Inc.
- Disclosure of personal information
Depending on the product or service or your relationship with us, we may disclose your personal information:
to your employer;
to third party suppliers and vendors to the extent necessary for the establishment, provision, and administration of the applicable products or services (this may include car dealers, intermediaries, financiers, valuers, insurers, credit reporting agencies or lawyers/debt collectors). For example:
if you are an Biddly client, we will disclose your personal information to your chosen car dealership;
if you are applying for a vehicle loan, we will disclose your personal information to the applicable financier;
if you are applying for or have an insurance policy, we will disclose your personal information to the applicable insurer; or
to our personnel, agents, contractors and service providers that are involved in providing, managing or administering the applicable products or services (eg printing and postal services and call centres);
to those companies who provide information and infrastructure systems to us;
to anyone acting on your behalf;
to our professional advisors and consultants, accountants, lawyers and auditors;
to anyone else in relation to whom you have provided us consent;
to any company within Biddly Enterprises;
if you are applying to work for Smartgroup, your referees, the Australian Federal Police (to undertake criminal history checks), educational and professional obligations (to verify academic qualifications, licences and memberships), to organisations that conduct competence and psychometric tests, and the Department of Immigration and Citizenship (to verify your right to work in Australia);
where we are required to do so by law.
Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that:
(a) the person or organisation has a commitment to protecting your personal information at least equal to our commitment, or
(b) if required, that you have consented to us doing so.
One of the ways we store and manage information (including personal information) is by using cloud computing, where servers are based overseas. We take reasonable steps to maintain the security of your information and to ensure your information is treated in accordance with the standards that apply in Australia.
4. Accessing, updating and correcting your personal information
You can request to access your personal information we hold at any time.
An initial response will be provided to you within 7 days from your request, and the outcome of the investigation given in 30 days. There may be situations where we are not required to provide you with access to your personal information, and we will set out the reasons for this. An example of this would be where the information related to existing or anticipated legal proceedings, or if your request was vexatious.
You may also request to correct any of your personal information we hold if it is incorrect, inaccurate or out of date. We will generally rely on you to assist us in informing us if the information we hold about you is inaccurate or incomplete.
Depending on the request we may update your personal information immediately, or we may provide an initial response to you within seven days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal or credit information within 30 days from your initial request.
We may have to consult with external entities as part of your request to access or correct your personal information.
5. Using government related identifiers
If we collect government related identifiers, such as your Drivers Licence Number we do not use or disclose this information other than to the extent required by law. For instance, we will never adopt your Tax File Number as your account number to identify you.
6. Doing business without identifying you
In most circumstances it will be necessary for us to identify you in order to successfully do business with you. However, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without you providing us with personal information.
When we are requested to obtain quotes from dealers & financiers/brokers for you, we do not release any information that would identify you. Once you select a quote from a dealer, we will then provide your contact details to that dealer, lender or finance broker so they may get in touch with you.
7. How safe and secure is your personal information that we hold?
We will take reasonable steps to protect your personal information by storing it in a secure environment, and when the information is no longer needed for any purpose for which the information may be used or disclosed, it will be destroyed or permanently de-identified. We store your personal information in paper and electronic form. We will also take reasonable steps to protect any personal information from misuse, loss and unauthorised access, modification or disclosure. We do this by:
installing security and access requirements for all our IT systems, such as passwords, firewalls and virus scanning software;
having document storage and destruction policies;
only providing you your personal information where we are satisfied as to your identity; and
encrypting data and other personal information during internet transactions (if any).
If you are dissatisfied with how we have dealt with your personal information, or have a complaint about our compliance with the Privacy Act, you may contact us using the details in clause 10.
We will acknowledge your complaint within seven days and provide you with a decision on your complaint within 30 days.
If you feel your complaint is still not resolved adequately after discussion with us, you may then contact the Office of the Australian Information Commissioner on http://www.oaic.gov.au/privacy/privacy-complaints.
9. Further information
If you have any questions about how we handle your personal information, contact our Privacy Officer by phone on 1300 688 988, via email at firstname.lastname@example.org, or at:
Biddly Enterprises Pty Ltd
PO BOX 7093
Warringah Mall NSW 2100