This policy covers Smartgroup Corporation Ltd and its related bodies corporate (“Smartgroup”, “we” or “us”), including Smartgroup Benefits Pty Ltd, Smartfleet Management Pty Ltd, Smartsalary Pty Limited (including Smartleasing, which is a registered trade marks of Smartsalary Pty Ltd), Smartequity Pty Ltd, PBI Benefit Solutions Pty Ltd, Smartsalary Software Solutions Pty Ltd, Health-e Workforce Solutions Pty Ltd, Salary Packaging Solutions Pty Ltd, AccessPay Pty Ltd, Smartsalary Payroll Solutions Pty Ltd, Autopia Management Pty Ltd and Selectus Pty Ltd (as updated from time to time).
We understand how important it is to protect your personal information. This policy sets out how Smartgroup collects, uses, discloses and holds personal information.
1. Collection of personal information
When we refer to personal information, we mean information about reasonably identifiable individuals. This may include information or an opinion about individuals, whether true or not.
The kinds of personal information we may collect about you include:
- date of birth and age;
- contact details including telephone number, fax number and email address;
- bank account details;
- occupation, employment history and employment details, including financial information (including your salary, payroll and employer details) and employee number;
- any other information we may need to identify you or to administer our services, including your driver's licence number, car registration or tax file number;
- if you are applying for a position with us, credit history, visa or citizenship status and criminal record (see below in relation to sensitive information); and
- information about how you use and interact with our website.
We may also collect additional information about you depending on the products and services provided:
- if you apply for finance or a lease – age and number of your dependants, how long you have lived at your current address, your employment details, proof of earnings and expenses, details of income, assets, liabilities, expenses, credit history and credit worthiness;
- if you apply for insurance, we may collect some information regarding your health (see below), your driver accident and insurance claim history or your driver motor vehicle licence history (restrictions and cancellations).
We may collect your sensitive information only to the extent it is necessary to administer our products or services to you, to assess your application for employment or for employment purposes, and only with your consent. Sensitive information includes membership of professional or trade associations or unions, membership of a political association, or health information or and, in an employment context, your criminal history, racial or ethnic origin, religious beliefs and sexual orientation.
Where reasonable and practical we will collect your personal information directly from you, such as via application or enquiry forms or other documents that you submit to us; when you contact us via phone, email or our websites or social media accounts; when you attend one of our events; or when you submit a CV or application for employment to us. If you do not provide the information requested by us, we may not be able to provide you with our products or services or respond to your enquiry.
Depending on the product or service provided or your relationship with us, we may also collect your personal information from third parties, for example, from your employer, your employer’s outgoing salary packaging service provider or your financial planner. If you are applying to work for us, we may collect personal information through recruitment companies, websites, other organisations and referees with your consent. We may also collect your personal information from our related bodies corporate, where we are permitted under law to do so or have otherwise obtained your consent.
2. Use of personal information
We use your personal information for the purpose for which it has been provided, reasonably related secondary purposes which are within the contemplation of the parties (and are directly related if the information is sensitive information), any other purpose you have consented to and any other purpose permitted under the Privacy Act 1988 (Cth). This may include using your personal information for the following purposes:
- to verify your identity;
- to enable us to establish and administer our products and services;
- for the purpose of managing our relationship with you, including dealing with your enquiries;
- to deal with any enquiries or communications with you or any agency or representative, including any application for employment;
- to comply with our legal and regulatory obligations including any recommendation, request, rule, order or direction of any regulatory, governmental authority, securities exchange, court or tribunal;
- to conduct marketing activities across the group, for example, on occasion we may offer you other products and services, including from our related bodies corporate;
- to conduct market research and statistical analysis in relation to our business;
- if you are applying to work for Smartgroup, to carry out the recruitment process, or assess your suitability for future roles; and
- where we are required or authorised to do so by law,
and for any other purpose related to or ancillary to any of the above.
3. Disclosure of personal information
We disclose your personal information for the purpose for which it has been provided, reasonably related secondary purposes which are within the contemplation of the parties (and are directly related if the information is sensitive information), any other purpose you have consented to and any other purpose permitted under the Privacy Act. Depending on the product or service we are providing to you, or your relationship with us, we may disclose your personal information:
- to your employer;
- to a bank or financial institution;
- to our third party suppliers and vendors to the extent necessary for the establishment, provision, and administration of the applicable products or services (this may include car dealers, intermediaries, financiers, valuers, insurers, credit reporting agencies or lawyers/debt collectors). For example:
- if you are an Autogenie client, we will disclose your personal information to your chosen car dealership;
- if you are applying for or have a novated lease, we will disclose your personal information to, and otherwise deal with, the applicable financier and car dealership in setting up and administering your lease;
- if you are applying for or have an insurance policy, we will disclose your personal information to the applicable insurer; or
- if you have a salary packaging arrangement with us, we may disclose your personal information to applicable suppliers, for example, mechanics, fuel companies, statutory authorities in relation to vehicle registration/insurance, and superannuation funds for the purpose of processing your superannuation contributions;
- to our personnel, agents, contractors and service providers that are involved in providing, managing or administering the applicable products or services (eg printing and postal services, call centres and mail houses);
- to those companies who provide information and infrastructure systems to us, including cloud storage providers;
- to anyone acting on your behalf;
- to our professional advisors and consultants, accountants, lawyers and auditors;
- to anyone else in relation to whom you have provided us consent;
- to any company within Smartgroup;
- if you are applying to work for Smartgroup, your referees, the Australian Federal Police (to undertake criminal history checks), educational and professional obligations (to verify academic qualifications, licences and memberships), to organisations that conduct competence and psychometric tests, and the Department of Immigration and Citizenship (to verify your right to work in Australia); and
- where we are required to do so by law,
and for any other purpose related to or ancillary to any of the above.
One of the ways we store and manage information (including personal information) is by using cloud computing, where servers are based overseas, including in the USA, Singapore and Ireland. We take reasonable steps to maintain the security of your information and to ensure your information is treated in accordance with the standards that apply in Australia.
4. Direct marketing
We may from time to time use your personal information to provide you with current information about loans, insurance products, special offers you may find of interest, changes to our organisation, or new products or services being offered by us, our related bodies corporate or any other company we are associated with. By providing us with your information, you consent to receiving such information, including by phone, email, SMS and social media, on an ongoing basis until you unsubscribe. We will not use or disclose sensitive information about you for direct marketing purposes unless you have consented to that kind of use or disclosure.
If you do not wish to receive marketing information, you may at any time decline to receive such information by contacting us. Contact details are set out at section 11 of this policy. If the direct marketing is by email you may also use the unsubscribe function and if the direct marketing is by SMS you may reply 'STOP' to opt out. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.
5. Cookies, advertising and tracking
Your IP address is the identifier for your computer when you are using the internet. It may be necessary for us to collect your IP address for your interaction with various parts of our website.
6. Accessing, updating and correcting your personal information
You can request to access your personal information we hold at any time. Depending on the volume or difficulty in obtaining the information, we may charge a fee that covers our costs.
An initial response will be provided to you within 7 days from your request, and the outcome of the investigation given in 30 days. There may be situations where we are not required to provide you with access to your personal information, and we will set out the reasons for this. An example of this would be where the information related to existing or anticipated legal proceedings, or if your request was vexatious.
You may also request to correct any of your personal information we hold if it is incorrect, inaccurate or out of date. We will generally rely on you to assist us in informing us if the information we hold about you is inaccurate or incomplete.
Depending on the request we may update your personal information immediately, or we may provide an initial response to you within 7 days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal information within 30 days from your initial request. We may have to consult with external entities as part of your request to access or correct your personal information.
7. Using government related identifiers
If we collect government related identifiers, such as your drivers licence number or tax file number, we do not use or disclose this information other than to the extent required or authorised by law. For instance, we will never adopt your tax file number as your account number to identify you.
8. Doing business without identifying you
In most circumstances it will be necessary for us to identify you in order to successfully do business with you. However, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without you providing us with personal information, for example where you make general enquiries about our products or services, or any special offers.
9. How safe and secure is your personal information that we hold?
We may store your personal information in paper or electronic form. We take reasonable steps to protect any personal information from misuse, interference, loss and unauthorised access, modification or disclosure. Some of the steps that we take to protect personal information include, but are not limited to, the following:
- installing security and access requirements for all our IT systems, such as passwords, firewalls and virus scanning software;
- having document storage and destruction policies;
- only providing you your personal information where we are satisfied as to your identity; and
- encrypting data and other personal information during internet transactions (if any).
When the information is no longer needed for any purpose for which the information may be used or disclosed, it will be destroyed or permanently de-identified.
If you are dissatisfied with how we have dealt with your personal information, or have a complaint about our compliance with the Privacy Act, you may contact us using the details in clause 11. We will acknowledge your complaint within seven days and provide you with a decision on your complaint within 30 days. If you feel your complaint is still not resolved adequately after discussion with us, you may then contact the Office of the Australian Information Commissioner on http://www.oaic.gov.au/privacy/privacy-complaints.
11. Further information
If you have any questions about how we handle your personal information, contact our Privacy Officer by phone on 1300 476 278, via email at email@example.com, or at:
Smartgroup Corporation Ltd
GPO Box 4244, Sydney NSW 2001
Last updated: 4 June 2019