NextFleet Australia Pty Ltd (ABN 56 624 075 047) is a fleet management and mobility solutions company wholly owned by Mitsubishi Corporation and based in Australia (referred to in this Policy as ‘NextFleet’).
NextFleet (we, our, us) recognises the importance of protecting the privacy in the collection of Personal Information. We comply with the requirements of the Privacy Act 1988 (Cth) (the Act); the Australian Privacy Principles (APPs); and our obligations under the Privacy Amendment (Notifiable Data Breaches) Act 2017 to notify customers or other third parties of any serious breach of Personal Information.
2 What is personal information
‘Personal Information’ under the Privacy Act, is information that can be used to specifically identify or ‘reasonably’ identify a person given the contents of the information. While some individual information looked at in isolation may not be identifiable, when considered in combination with other available information it may become identifiable and therefore personal.
3 What kinds of personal information do we collect and hold
The types of Personal Information we collect will depend on the circumstances of both the person in which we collect the information and the reason for the collection. We will only collect the personal information that is reasonably necessary for the specific purpose, function or activity for which we are collecting the information.
Types of Personal Information we may collect include, however, is not limited to:
- name, gender, date of birth, martial status, next of kin, contact details (such as email address and telephone numbers)
- profession, occupation or job title
- business address, mailing or street addresses
- government related identifiers in order to verify your identity (e.g. driver licence/ birth certificate);
- vehicle information where a Telematics unit has been fitted (e.g., driving speeds, driving patterns and locations, fuel fills and purpose of travel);
- information about your financial affairs and your transactions with us or third parties;
- information you provide through our website, social media or any other IT platform in which we operate our business from (see section 5). This also includes cookies that collect users’ internet activity (refer to section 5); and,
- information that is collected through our third parties, such as customer surveys
- other personal information you voluntarily provide to us during the course of transacting with us, when making inquiries about our products or services, or when providing details about a complaint.
4 Type of information we do not collect
We do not collect personal information or request the following:
- Where there is no requirement to use it (e.g., for future purposes that may arise);
- Sensitive information (such as information relating to health, genetic or biometric, criminal records, race, political or trade union memberships, sexual orientation or religious and/or political beliefs. Except with your expressed consent and only where it is necessary to undertake our services or required by law.
5 How we collect your personal information
Where personal information is collected by NextFleet, we will take all reasonable and practical steps to ensure the information we collect about you is obtained directly from you. You may provide this information to us verbally (in person/over the phone), in writing (e.g., email/written communication) or through our various IT platforms, such as our client portal (myDrive), company website (e.g., through customer enquiries or feedback), smartInspect™ or any other digital platform which we operate our business from, such as Catch-e.
The most common circumstances in which we collect information include:
- Within the context of employment or seeking employment (please refer to note below *)
- Uploading client’s specified personal information of users int
- our client portal
- Driving a vehicle fitted with a telematics unit
- Visiting or accessing our online services
- Attending a NextFleet event or an event where we are represented at a trade show;
- Requesting a brochure, joining a mailing list or requesting t
- be contacted for further information
- Through third parties, such as
- credit reporting agencies
- law enforcement agencies and other government entities
- marketing research organisation
- labour hire agencies
- other related entities
* If you have applied to us for employment, we may retain your information/application/resume for a period of 6 months. In the unlikely event we are going to use your personal information for any other purpose other than recruitment, we will contact you first to obtain your permission. We may access your public available information as part of our recruitment processes (e.g. LinkedIn).
Where NextFleet collects your Personal Information, whether directly or indirectly, we will ensure information is legally acquired and is compliant with the Australian Privacy Principles.
6 Why we collect your information
We collect, use, hold and disclose your personal information for the following purposes:
- to provide our products and services to you, including information and all services relating to our products and services
- to provide to government agencies and law enforcement authorities
- to provide to the operators of toll facilities
- to provide our customers/ managers with NextFleet, vehicle performance data (via telematics) that can be used to help monitor and improve the performance and fuel economy of a lease/company vehicle
- to record information regarding products purchased from us and to provide further services to you, such as product warranties and guarantees, and repair or replacement of products
- to assist in providing better products and services to you by tailoring them to meet your needs
- to provide you with access to protected areas of our website
- to assess the performance of our website and to improve the operation of our website
- to keep our websites and other online presence relevant and of interest to you, for direct marketing including promotions, newsletters and competitions, to show you advertising and information that is most relevant to you and your interests, and to carry out analysis of market activity, market research and surveys
- for verification of your identity for use of our website, to conduct address verification or credit checks for invoicing and billing purposes
- to provide you with further information about us or other websites or goods or services offered by us or our related companies or which we consider may be of interest to you
- to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties
- for contracting with you
- if you are applying for employment with us, to consider your application for a particular role, and for a limited period to determine whether you have previously applied to use and to assess your suitability for other employment opportunities.
- to update our records and keep your contact details up to date
- to process and respond to any complaint made by you
- fraud prevention or debt recovery
- to provide to (or collect from) insurers and their associated entities such investigators and loss adjusters
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country; and
- any other purpose which is stated to you at the time of collection or that you otherwise authorise.
We may be required or authorised by Australian laws to collect, use and disclose your person information. Depending on the circumstances, we may be required to collect your name, address, date of birth and other verification information under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) in order to verify your identity, and authorised to collect personal information under the Personal Property Securities Act 2009 (Cth) in order to search for security interests and to register them.
7 If you do not provide your personal information when requested
If you do not provide personal information that we request in connection with our business functions and activities, we may not be able to provide some or all of our products or services to you or be able to respond and assist in the manner required. We also may not be able to provide you with information about products and services that you may want.
If you are applying for employment with us, we may be unable to fully consider your application.
8 How we hold your information
NextFleet takes all reasonable safeguards to protect the personal information we hold from misuse, theft, loss and unauthorised access, modification, or disclosure.
All personal information you provide to us is stored on secure servers. We use a variety of technical and organisational security techniques, including encryption and authentication, to help with the protection and maintain the availability, security and integrity of your personal information.
We are committed to protecting your information through the following measures:
- restricting access to your personal information to only those who need to use it for the relevant purpose;
- transferring your personal information only in encrypted form;
- preventing unauthorised access to IT systems by using firewalls; and
- permanent monitoring of IT systems to detect and stop misuse of personal information.
All documents and records are classified and stored as per the NextFleet Documents and Records Management plan.
9.1 We may disclose personal information to the following parties for the purposes stated above:
- our related companies
- third party contractors and providers of goods and services, such as courier and delivery companies, marketing and promotion companies, training and training certification agencies, web analytics services, business support services, and information technology service providers
- financiers and rating agencies for the purpose of the funding, refinancing, sale or securitization associated due diligence and review of the products and related services provided to you
- market research companies who undertake customer surveys for us
- professional service firms providing services to us, such as legal or accountancy services
- law enforcement agencies or regulatory agencies where required or authorised by or under a law or a court or tribunal or as necessary to manage any claim or issue
- any entity where required or authorised by or under a law or a court or tribunal; and
- any other recipient which is notified to you at the time of collection or that you otherwise authorise.
9.2 Disclosing your Personal Information overseas:
We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
We are a related company of Mitsubishi Corporation in Japan. We may disclose your personal information to Mitsubishi Corporation and to some of its related companies in Japan and Thailand for some of the purposes listed above.
These arrangements may change from time to time, including as a result of changes in our data protection practices. Since NextFleet utilises various portals and cloud services, due to the nature of SaaS providers, it is not always practical to know in which country data may be held.
10 Cookies and other web tracking systems
If you want, you can disable your web browser from accepting cookies. If you do so, you can still access our website, but not all services may be available.
We may automatically collect general statistical information on our website about visitors to our website, such as IP addresses, browsers used, dates visited, pages visited and number of visitors. However, such information does not refer to you by name or your contact details. We use this data in aggregate to improve our website. We may provide such aggregated data to third parties, but in so doing, we do not provide personal information without your consent.
11 Direct marketing
We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). You consent to us sending you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.
We do not provide your personal information to other organisations for the purposes of them sending direct marketing to you about their own products and services.
12 Access, correction, deletion of your personal information
You have the right to access your personal information which we hold about you, subject to some exceptions.
If you wish to obtain access to your personal information, please contact our Privacy Officer (details in section 15). Before we provide you with access to your personal information, you will need to be able to verify your identity. We will not charge you for simply making a request.
Under APP 12, we may refuse if the information you have requested. Reasons may include, however not limited to, not providing verification of your identification, we do not hold the information, access cannot be given in the manner it has been requested or where access is prohibited or restricted by law or a court order.
If this is the case, we will write to you within a reasonable period and provide reasons for the refusal (except where it be unreasonable to do so), the mechanism to raise a complaint and any other regulations as required under the Privacy Act.
You also have the right to request that we correct any inaccurate personal information we hold about you, subject to some exceptions. If you wish to correct the personal information we hold about you, please contact us using the contact details provided below.
If we do not agree to amend your personal information, we will inform you of our decision within a reasonable period. If you wish to complain about this outcome or to attach a statement to your record that you believe the personal information, we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please see our complaints procedure below.
NextFleet will destroy or de-identify personal information where it is no longer necessary under a lawful reason under the Privacy Act.
13 Data breach
A data breach occurs when personal information that an entity holds is subject to unauthorised access or disclosure, or is lost.
Some examples of data breaches include, lost of paper records with identifiable information on them, theft of devices, such as laptops and storage devices, personal information being emailed to the wrong person, personal information disclosed as a result of inadequate verification process, scammers or security incident.
In the event this occurs, we will notify relevant parties under the Act, conduct a thorough investigation process and take all necessary steps to avoid future breaches.
You may request further information about the way we manage your personal information or lodge a complaint if you believe that we have breached your privacy, by contacting our Privacy Officer using the contact details below.
We will deal with any complaint by investigating it, and providing a response to you within a reasonable time, provided that we have all necessary information and have completed any investigation required. In some cases, we may need to ask you to put your complaint in writing so that we are sure that we understand it and may also need to ask you for further information or to verify your identity. We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will treat your complaint confidentially and respond to you within a reasonable time, usually in writing.
If you are dissatisfied with the outcome, please contact us. Alternatively, you may take your complaint to the Privacy Commissioner at the Office of the Australian Information Commissioner (OAIC). The contact details for the OAIC are available from the OAIC’s website at www.oaic.gov.au.
NextFleet Australia Pty Ltd
Level 3, Building 2
747 Lytton Road,
Murarrie QLD 4172
PO Box 63 Cannon Hill 4170