Last updated: 8 December 2020
Bapcor Ltd (ACN 153 199 912), and its related companies in Australia and New Zealand, including HCB Technologies Limited (9429031659246), trading as HCB ("Bapcor", "we", "us", "our") is committed to complying with applicable privacy laws in relation to the personal information that we collect in the course of running its business. Where applicable privacy laws provide for exceptions or exemptions, we may rely on those exceptions or exemptions in our information handling practices.
In this document, "personal information" has the meaning given by applicable privacy laws, and (in summary) means information or an opinion about an identified individual or an individual who is reasonably identifiable.
Some of our stores are run by franchisees that are independent of Bapcor and may have privacy policies which differ from ours ("Franchisees"). Franchisees are responsible for their own privacy policies and privacy practices. If you have a query regarding the privacy practices of a Franchisee, please contact the Franchisee directly for further information.
Bapcor will collect personal information by lawful and fair means and only when it is necessary for one or more of our business functions or activities or otherwise permitted by applicable privacy laws. If required by applicable privacy laws, whenever we collect your personal information we will advise you as soon as practicable of:
the reason for the collection
to whom we may disclose the information
the main consequences of not disclosing the personal information
such other matters required by applicable laws
We will generally collect information for the purposes of keeping you informed about our businesses, contacting you about our products and services, and those of the Bapcor group. We may collect personal information directly from you through some of the following means:
when you purchase goods or services or conduct business with us;
when you contact us by email, telephone, in person or other means;
via one of our websites or when you deal with us online (including through social media);
via CCTV cameras located at our stores and premises that you attend;
when you enter one of our competitions or promotions; and
when you apply for a job or other position with us.
Where it is reasonably practical to do so, we will collect your personal information directly from you. However, in certain cases we may collect personal information about you from third parties, including:
publicly available sources;
our Franchisees that you deal with;
our suppliers, contractors and business partners;
referees, if you apply for a position as an employee or contractor with us;
if you were a customer of or had dealings with a business we purchase, from the seller of that business; and
market research agencies, for example where you participate in a survey.
2. Types of personal information we typically collect
The types of personal information we collect from you will depend on the circumstances for which the information is collected and may include your identity, name, address and other contact details (such as email and phone numbers), billing information your history of purchases and use of our products and services and details of enquiries you make with us.
We will also collect personal information you provide to us, including when you use our websites, in application forms, in orders, through our social media and in any other way.
If you are an individual contractor, we may collect information relevant to your engagement with us including qualifications, length of engagement, résumé, current and former employment details, pay rate and salary, bank details, feedback from supervisors, training records and logs of your usage of our equipment (eg phones, computers and vehicles).
We only collect sensitive information (such as health information, and information about a person's racial or ethnic origin, sexual orientation, religious beliefs or affiliations and criminal record) about you with your consent, or otherwise where permitted or required by applicable privacy laws.
If you deal with us online, we may:
record details of the device and operating system you use to access the applications;
collect information about your geographical location, depending on the permissions granted on your device;
collect history and/or usage information.
3. Purposes for which we handle your personal information
As a general rule, we only process personal information for purposes that would be considered relevant and reasonable in the circumstances. The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it.
We will only use and disclose personal information:
for the purpose which we had advised we were collecting it;
for a purpose which is necessary for the reason the information was given to us;
where you have otherwise consented to that use; or
where required or permitted by applicable laws.
In general we collect, use and disclose your personal information so that we can do business together and for purposes connected with our business operations. For example, we may we collect, hold, use and disclose your personal information:
to confirm your identity;
to offer and provide you with our goods and services, receive goods or services from you and manage our relationship with you;
manage, administer, and improve those goods and services;
to protect the security and integrity of our IT systems, services and premises;
to assess your suitability for employment or other relationship with us;
to obtain your feedback on our goods and services;
to respond to your queries or address any issues or complaints that we or you have regarding our relationship;
to comply with our legal and regulatory obligations; and
to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner
If you do not provide us with your personal information we may not be able to provide you with our goods or services, communicate with you or respond to your enquiries.
4. Who we disclose your personal information to?
The types of persons and entities we typically disclose personal information to include (but are not limited to):
our Franchisees, for example, to facilitate the fulfillment of any orders you make for goods and services;
our suppliers, contractors and other organisations that provide us with technical and support services;
our accountants, insurers, lawyers, auditors and other professional advisers;
any third parties to whom you have directed or permitted us to disclose your personal information (e.g. referees);
within the Bapcor group for purposes connected with our business and relationship with you, and where otherwise permitted by applicable laws; and
in the event that we or our assets may be acquired or considered for acquisition by a third party, that third party and its advisors.
We may also disclose your personal information in accordance with any consent you give or where disclosure is authorised, compelled or permitted by law.
If we disclose information to a third party, we generally require that the third party protect your information to the same extent that we do.
5. Protection of personal information
We will hold personal information as either secure physical records, electronically on our IT systems and in third party cloud services which may be located overseas.
Bapcor will take all reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete and up to date.
We use a range of security measures to protect the personal information we hold, including by implementing IT security tools to protect our IT systems and ensuring that employees and third parties with access to records containing personal information are subject to appropriate information security obligations.
Bapcor will take all reasonable steps to:
protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure; and
destroy personal information once it is no longer needed,
to the extent required by applicable privacy laws.
6. Overseas transfers of personal information
We may disclose your personal information to other members of the Bapcor group, our related entities, service providers and agents located overseas, including in Australia (where Bapcor is headquartered) and New Zealand.
From time to time we may also engage an overseas recipient to provide services to us, such as cloud services. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider.
7. Direct marketing
Like most businesses, marketing is important to our continued success. We therefore like to stay in touch with customers and let them know about new offers and opportunities. We may provide you with information about products, services and promotions either from us, or from third parties which may be of interest to you where you have consented to us doing so, or where we are otherwise permitted to do so by law.
You may opt out at any time if you no longer wish to receive direct marketing messages from us. You can make this request by contacting our Privacy Officer.
8. Access and correction
You may contact our Privacy Officer (see section 10) to request access to the personal information that we hold about you and/or to make corrections to that information, at any time. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you reasonable costs incurred for providing you with access to any of the personal information about you held by us.
We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.
We will respond to all requests for access to or correction of personal information within a reasonable time.
We take all complaints seriously, and will respond to your complaint within a reasonable period. We request that you cooperate with us during this process and provide us with any relevant information that we may need.
If you are dissatisfied with the handling of your complaint, you may contact:
Office of the Australian Information Commissioner
GPO Box 5218, Sydney, NSW, 2001, Australia
Telephone: 1300 363 992
Office of the Privacy Commissioner
PO Box 10094
Telephone: 0800 803 909 (Monday to Friday, 10:00 am to 3:00 pm)
10. Contact details
The contact details for our Privacy Officers are as follows:
Australian Privacy Officer
Address: 61-63 Gower Street, Preston, Victoria, 3072, Australia
Phone: +61 9914 5555
New Zealand Privacy Officer
Address: 21 - 27 Omega St, Rosedale 0632, Auckland, New Zealand
Phone: +64 9 414 3200