Scope of Policy
- “Personal Information” under the Privacy Act 1988 (Cth) is defined to mean information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Collection of Personal Information
Why do we collect Personal Information?
- We collect and hold Personal Information that is reasonably necessary for the services we provide.
How do we collect Personal Information?
- We will generally collect Personal information from you directly through your use of our App including when you create a Metro Mini Bus Account and make a payment.
- We may also collect Personal Information through applications, email or written communication with you, or through a telephone conversation with you.
What form of Personal Information do we collect?
- We may collect and hold the following types of Personal Information:
- Your name;
- Your date of birth;
- Your gender;
- Your phone number;
- Your nationality;
- Your email address
- Your mailing address and delivery address; and
- Payment details (including, but not limited to credit card details).
- If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received by mail and telephone.
Retaining your Personal Information
- We will retain your personal information for the duration of your use of the App. When you cease use of the App we will retain your Personal Information for no longer than 10 years or for any such period that it is necessary for us to retain your Personal Information (the Retention Period).
- We will make your personal information available to you if requested.
Destruction of your Personal Information
- Once the Retention Period has lapsed, we will ensure the timely secure destruction and/or disposal of your Personal Information, including both physical information and cyber information, in compliance with the law.
- If at any other time, you request we destroy and/or dispose of your Personal Information, we will comply with your request in a timely matter, in so far that it does not interfere with the purposes of conducting our business.
Breach of Personal Information
Security of your Personal Information
- We will endeavour to protect your Personal Information from unauthorised interference (including access or disclosure). Your Personal Information will be encrypted and protected with the aim to prevent unauthorised inference.
Informing you of a Data Breach
- A data breach will occur if there has been unauthorised interference to your Personal Information, and that interference is likely to result in serious harm to yourself (Data Breach).
- If there is a Data Breach, we will determine if the Data Breach is likely to cause serious harm. If we have been unable to prevent serious harm occurring, we will notify the relevant reporting body of the Data Breach.
- In some circumstances, we may contact you directly if we suspect there has been a Data Breach.
How we use your Personal Information
- We collect, use and disclose Personal Information for purposes associated with conducting our business activities, providing the goods and services you requested, marketing and promotional efforts and to improve our content and service offerings, including:
- Facilitating transactions between you and us;
- Facilitating transactions between you and other people, suppliers and organisations who are accessible via our App;
- Processing your payment for goods and services;
- Tracking you orders;
- Monitoring the use of our App;
- Improving the quality of our service;
- Administrative purposes;
- Statistical analysis of the usage of our App; and
- Complying with the law, including privacy legislation.
- Occasionally, we may also use the Personal Information we collect to notify you about important changes to our App, new services, and special offers we think you will find valuable. You may notify us at any time if you do not wish to receive these offers by emailing us at the link provided on notifications or by contacting us at firstname.lastname@example.org.
- If you have given us your express consent to provide you with direct marketing communications we may collect, hold, use and disclose Personal Information in accordance with that consent to enable us (or as the case may be those third party individuals and organisations) to provide you information about, and offer you, goods and services.
- If you give us consent to provide you with direct marketing communications, you can later request not to receive direct marketing communications. You may also request that we do not provide your Personal Information to any of our third party providers in order for them to provide you with direct marketing communications.
- Such information may be shared with others as de-identified data in aggregated form.
- Personally identifiable information or business information will not be shared with third parties except as required by law or where you have given us your express consent to do so.
- We may need to provide your Personal Information to third parties who we engage to assist us to provide goods and services to you, such as:
- Information technology service providers; and
- Payment processors.
- Where your Personal Information is disclosed to these third parties, they will only be authorised to use your Personal Information for the purpose that we supplied it to them. If those third parties are located overseas, then your Personal Information may be transferred overseas.
Cookies and Data Activity
- We may use standard technology called ‘cookies’ and similar technologies on our App. Cookies are small data files that are stored on your computer when you visit a particular app or website, which allow your web browser to remember certain information.
- Sometimes information that you upload is provided with associated metadata. If you do not want us to use the metadata you must remove it before uploading it onto our App and other applications and tools.
Data Security and Storage
- Personal Information collected by us will be stored and processed on servers located within Australia or other regions or zones used by Amazon Web Services. To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
- In other limited circumstances, we may need to send your Personal Information overseas. These circumstances include:
- Where we have a supplier assisting us with the provision of goods and services and our business functions;
- Where our payment processor’s servers are located; and
- Where a third party application is being used in connection with our interactions with you (e.g. for processing of payments or security checks).
Links to other Applications and Websites
- Our App may contain links to other applications, websites and tools that are owned, controlled or operated by us. We are not responsible for the practices employed by applications linked to or from our App or the information or content contained on them.
Legal Disclosure of Personal Information
- We reserve the right to disclose any Personal Information which identifies you as required by law and when we believe that disclosure is necessary to protect our rights, or to comply with a judicial proceeding, court order, or legal process served on our App.
How to Opt-out or Access your Personal Information
- If you:
- Want to find out what Personal Information we hold about you;
- Believe any of your Personal Information held by us is inaccurate, out of date, incomplete or it is not necessary for us to continue to hold it;
- Want to request not to receive direct marketing communications or that we do not provide your Personal Information to any of our third party providers in order for them to provide you with direct marketing communications; or
- Wish to make a complaint about a breach of the Privacy Act, Australian Privacy Principles or a privacy code that applies to us, please contact us by emailing us at email@example.com
- If you are not happy with our response, you may complain directly to the Australian Privacy Commissioner.