GC LEASING MELBOURNE PTY LTD ACN 615 220 196
AND GC LEASING SYDNEY PTY LTD ACN 615 226 045
1. YOUR RIGHTS IN RELATION TO PRIVACY
GC Leasing Melbourne Pty Ltd ACN 615 220 196 and GC Leasing Sydney Pty Ltd ACN 615 226 045 (each severally referred to as GRENKE) understand the importance of protecting the privacy of an individual’s personal information. This policy sets out how GRENKE aims to protect the privacy of your personal information, your rights in relation to your personal information managed by GRENKE and the way GRENKE collects, holds, uses and discloses your personal information.
In handling your personal information, GRENKE will comply with the Privacy Act 1988 (Cth) (Privacy Act) and with the 13 Australian Privacy Principles in the Privacy Act. To the extent GRENKE handles your credit information, GRENKE will also comply with the Credit Reporting Code. This policy may be updated from time to time.
2. WHAT KINDS OF PERSONAL INFORMATION DOES GRENKE COLLECT?
Personal information is information or an opinion about an identified, or reasonably identifiable, individual. During the provision of its products and services, GRENKE may collect your personal information.
Generally, the kinds of personal information GRENKE collects are (noting that the following personal information may be collected about you in your capacity as an employee, director or other representative of a corporate customer of GRENKE, as applicable):
consumer credit liability information which includes information about your credit providers and credit accounts, including the dates on which the accounts are opened and closed, their limits, and their terms and conditions (or any changes to their terms and conditions);
In some circumstances GRENKE may also hold other personal information provided by you.
Are you obligated to provide personal information?
As part of your business relationship with GRENKE, you must provide the personal information required in order to enter into a business relationship and perform its associated contractual obligations, or the personal information that GRENKE is required to collect by law. Without this information, GRENKE will generally not be able to enter into or perform the contract with you.
In particular, according to the money laundering legislation, GRENKE is obligated to identify you prior to entering into a business relationship with you. To verify your identity we use the credit reporting bodies listed in section 6 below by lodging a verification request which includes your personal information such as your name, date of birth, and address. In order for us to be able to fulfil this legal obligation, you must provide us with the necessary information and documents in accordance with the Anti-Money Laundering and Counter-Terrorism Act 2006 (Cth) and immediately notify us of any changes during the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue your desired business relationship.
3. HOW DOES GRENKE COLLECT PERSONAL INFORMATION?
Generally, GRENKE collects your personal information directly from you, through the completion of a manual or online form, your access to the myGRENKE portal (see paragraph 4), an interaction or exchange in person or by way of telephone, facsimile, email, post, through the use of the GRENKE website or through a third party. There may be occasions when GRENKE collects your personal information from other sources such as from:
Generally, GRENKE will only collect your personal information from sources other than you if it is unreasonable or impracticable to collect your personal information from you.
4. The myGRENKE portal
You may access myGRENKE via the URL https://my.grenke.com or by clicking the hyperlink. You or any user designated by you (hereinafter collectively referred to as the “user”) may access information and several services on myGRENKE. If you wish to use myGRENKE, you need to register first and enter personal information. An overview of the type, scope, purposes of, and, if applicable, legal bases for processing of personal information in connection with the registration and use of myGRENKE is provided below.
In order to access your user account on myGRENKE you need to enter the following information:
You cannot register and use the myGRENKE portal without providing this compulsory information. We process the compulsory information provided by you to create your user profile and to identify you during each login, and to match and link your personal information with the information we have in our IT systems. Depending on the service that you use on the myGRENKE portal, additional personal information may be collected and subsequently linked to your existing information.
Following the successful registration, you may retrieve information and use the services below:
Information collected: The “Invoice Delivery” service will let you view and download the invoices available for your contract. In particular, contract data (contract master data and contract invoicing information) such as customer number, contract number, invoice number, invoice amount and date, and due date will be processed. This data is linked exclusively to your business, but in part may be linked to you personally, e.g., if you are our customer as a sole trader, if we process information on contact persons of a company, or if you provide us with information on individual employees of your business.
Purpose of collection: We process the collected data and personal information to display this on your contract. Personal information and data provided while using the service will be processed by us for the implementation of the service and the fulfillment of a contract with you.
Storage period: As a rule, we store data and personal information for term of the contract. Invoices will be available in myGRENKE for a period of three (3) years after the invoice was issued. Your personal information may be processed and stored for longer periods in accordance with mandatory retention periods under Australian law.
Information collected: By opening the “Offer Generation” service, the user can view the contract master data and contract terms. Next you may request a non-binding new offer under your framework contract by entering the necessary information, such as property to be leased, contract term, etc.
In particular, contract information (contract master data and contract invoicing information) such as customer number, customer name, contract number, order volume, and payment information will be processed. This information is linked exclusively to your business, but in part may be linked to you personally, e.g., if you are our customer as a sole trader, if we process information on contact persons of a business, or if you provide us with information on individual employees of your business.
In addition, you may upload various documents in a number of data formats in order to enable us to prepare a new offer (e.g., pro forma invoice, equipment lists, etc). In this situation you may decide at your own discretion which information you make available to us and whether, for example, personal information can be derived about natural persons (e.g., if documents contain information on individual employees of your business). This is beyond our control. Please note, that you are, therefore, responsible for ensuring that you comply with the Privacy Act requirements regarding the transfer of personal information.
Purpose of collection: We process the collected data and personal information to display information on your contract and to enable you to request offers to enter into individual contracts. Personal information and data provided while using the service will be processed by us for the implementation of the service and the fulfillment of our contract with you.
Storage period: As a rule, we store the collected data and personal information for the term of the contract. We will store data and personal information that we process for the preparation of an offer during the contract initiation phase only as long as necessary for attaining the purposes for which the data and personal information had been collected. We generally erase or delete your data and personal information when contractually agreed supplies and/or services have been fully provided and the statutory warranty periods have expired, unless we are allowed and/or obliged under the Privacy Act to store your personal information beyond this date.
Information collected: There is a contact form in the myGRENKE portal by which you may request updates of your customer master information, such as your banking details. The requested changes will be manually verified by us and updated in our IT system. In this event, you may decide at your own discretion which information you make available to us and whether, for example, personal information can be derived about natural persons (e.g., if you are our customer as a sole trader, if we process information on contact persons of a company, if or you provide us with information on individual employees of your business).
Purpose of collection: When you contact us (e.g. via contact forms), we will store your data and personal information for the purpose of processing your request and in case further correspondence should follow.
Storage period: We delete the data and personal information provided by you as soon as the purpose of its collection entirely ceases to apply and no other legal reason applies (e.g., further processing of the data and personal information is or becomes necessary for the fulfillment of a contract). If and as long as statutory retention periods under the Privacy Act apply, we will not delete your personal information until any such statutory periods have expired.
5. WHY DOES GRENKE NEED YOUR PERSONAL INFORMATION?
GRENKE collects, holds, uses and discloses your personal information where it is reasonably necessary for the purposes of:
GRENKE may also use your personal information for purposes related to the above purposes and for which you would reasonably expect GRENKE to do so in the circumstances,
or where you have consented or the use is otherwise in accordance with law.
Where personal information is used or disclosed, GRENKE takes steps reasonable in the circumstances to ensure it is relevant to the purpose for which it is to be used or disclosed. You are under no obligation to provide your personal information to GRENKE. However, without certain information from you, GRENKE may not be able to provide its products and / or services to you.
6. TO WHOM DOES GRENKE DISCLOSE YOUR PERSONAL INFORMATION?
GRENKE discloses your personal information for the purpose for which GRENKE collects it. That is, generally, GRENKE will only disclose your personal information for a purpose set out at paragraph 5. This may include disclosing your personal information to:
GRENKE may also disclose your personal information, including your credit information, to lenders, other credit providers and credit reporting bodies, Equifax/CreditorWatch (contactable on the details set out below). In particular, GRENKE may disclose to Equifax/CreditorWatch information about you failing to meet your payment obligations or if you commit a serious credit infringement. Equifax/CreditorWatch may include any information provided to it by GRENKE in reports that are then provided to other credit providers for the purpose of such credit providers assessing your credit worthiness.
GRENKE’s disclosures of your personal information to third parties are on a confidential basis, in accordance with relevant non-disclosure agreements, and / or otherwise in accordance with law. GRENKE may also disclose your personal information with your consent or if disclosure is required or authorised by law.
Equifax/CreditorWatch can be contacted:
Equifax’s policy on its management of credit related personal information can be accessed through its website at: http://www.equifax.com.au/privacy.
CreditorWatch's policy can be accessed through its website at: https://creditorwatch.com.au/privacy/.
7. OVERSEAS DISCLOSURE
GRENKE may disclose personal information, including credit related personal information, to overseas recipients in order to provide its products and / or services and for administrative, data storage or other business management purposes. Recipients of such disclosures include its parent company, GRENKE AG and GRENKE Digital GmbH all of which are located in Germany. Additional party is our website provider BloomReach B.V. located in the Netherlands.
By providing your personal information to GRENKE, you consent to GRENKE disclosing your personal information to any such overseas recipients for purposes necessary or useful in the course of operating our business, and agree that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the Australian Privacy Principles, that entity will not be bound by, and you will not be able seek redress under, the Privacy Act. . If you have any queries or objections to such disclosures, please contact GRENKE’s Privacy Compliance Officer on the details set out in paragraph 12.
8. DIRECT MARKETING
GRENKE may use and disclose your personal information in order to inform you of products and services that may be of interest to you. In the event you do not wish to receive such communications, you can opt-out by contacting GRENKE via the contact details set out in paragraph 12 or through any opt-out mechanism contained in a marketing communication to you.
GRENKE will not use or disclose credit-related personal information for direct marketing purposes except to the extent permitted under the Privacy Act, for the purpose of Equifax/CreditorWatch assessing your eligibility to receive direct marketing communications sent on behalf of GRENKE. You may make a request directly to Equifax/CreditorWatch not to use your credit-related personal information for these purposes.
In order to receive the GRENKE newsletter, you must enter your name and e-mail address. You can also enter and submit further optional information. After you have submitted your e-mail address, you will receive an e-mail from us to the e-mail address you have specified, in which you must click a confirmation link to verify the e-mail address you provided.
Your data will be stored by us only for the purposes of sending our newsletter. In addition, we store your IP address and the date of your registration in order to be able to prove the newsletter subscription in case of doubt. In addition, in order to measure the success of our newsletter, we collect data on whether the newsletter is opened, when it is opened and which links are clicked.
You can unsubscribe from the newsletter at any time by clicking the unsubscribe link at the bottom of the newsletter.
10. SECURITY OF YOUR PERSONAL INFORMATION
GRENKE takes steps reasonable in the circumstances to ensure that the personal information it holds is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. GRENKE holds personal information in both hard copy and electronic forms in secure databases on secure premises, accessible only by authorised staff. Credit eligibility information, such as information GRENKE receives from Equifax/Creditor Watch for the purpose of assessing credit worthiness, is stored through equally secure methods.
GRENKE processes and stores other personal information as long as it is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which is designed to last for years. If the personal information is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is necessary for the following purposes:
If you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud, you may request Equifax/CreditorWatch not to use or disclose credit related personal information it holds about you by contacting Equifax/CreditorWatch on the details set out in paragraph 6.
11. CAN YOU ACCESS AND CORRECT THE PERSONAL INFORMATION THAT GRENKE HOLDS ABOUT YOU?
GRENKE takes steps reasonable in the circumstances to ensure personal information it holds is accurate, up-to-date, complete, relevant and not misleading. Under the Privacy Act, you have a right to access and seek correction of your personal information that is collected and held by GRENKE.
If at any time you would like to access or correct the personal information that GRENKE holds about you, or you would like more information on GRENKE's approach to privacy, please contact GRENKE’s Privacy Compliance Officer on the details set out in paragraph 12 below. GRENKE will grant access to the extent required or authorised by the Privacy Act or other law and take steps reasonable in the circumstances to correct personal information where necessary and appropriate.
Where necessary to resolve a request for correction of your credit related personal information, GRENKE may also consult with other relevant entities, including but not limited to Equifax. GRENKE’s use or disclosure of your credit related personal information for correction purposes is permitted by the Privacy Act.
To obtain access to your personal information:
Alternatively, if you would like to access personal information held about you by Equifax/CreditorWatch, please contact Equifax/CreditorWatch on the contact details set out in paragraph 6.
GRENKE will endeavour to respond to your request to access or correct your personal information within 30 days from your request. If GRENKE refuses your request to access or correct your personal information, GRENKE will provide you with written reasons for the refusal and details of complaint mechanisms. GRENKE will also take steps reasonable in the circumstance to provide you with access in a manner that meets your needs and the needs of GRENKE.
If you are dissatisfied with GRENKE’s refusal to grant access to, or correct, your credit related personal information, you may make a complaint to the Office of the Australian Information Commissioner.
12. HOW TO CONTACT US
For further information or enquiries regarding your personal information, or if you would like to opt-out of receiving any promotional or marketing communications, please contact GRENKE 's Privacy Compliance Officer at [email protected].
13. PRIVACY COMPLAINTS
Please direct all privacy complaints to GRENKE’s Privacy Compliance Officer. At all times, privacy complaints:
Specifically, if your complaint relates to credit related personal information and / or GRENKE’s failure to comply with its obligations regarding credit related personal information under the Privacy Act and / or the Credit Reporting Code:
GRENKE’s Privacy Compliance Officer will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. In the event that you are dissatisfied with the outcome of your complaint, or an extension to the time in which GRENKE will resolve it, you may refer the complaint to the Office of the Australian Information Commissioner.