1.3. We help individuals who have been involved in motor vehicle accidents (who are not at fault) by hiring them a replacement vehicle to use until their vehicles are repaired or they receive a total loss payout (if the vehicle is a total loss). We then arrange for the hire cost to be recovered from the insurer of the party at fault, so they do not have to pay anything out-of-pocket (other than for certain things such as fuel and tolls). We also provide individuals with accident management support, including by organising the towing of their damaged vehicles, arranging transport from the accident scene, helping them to choose a suitable repairer, supporting them through the insurance claim process, managing the repair of their vehicles or assisting with their total loss claims, and helping them to obtain advice from a personal injury lawyer if they are injured. We own and operate a platform known as "I'm in the right" located at https://www.imintheright.com.au (the IITR Platform) that we use to advertise our services and through which people involved in motor vehicle accidents may apply to become IITR customers.
1.4. We provide the following services to our customers:
2.2. We collect the following types of personal information:
3.1. Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances.
3.2. We collect personal information about our customers in one or more of the following ways:
4.1. We use personal information in the following ways:
|Category||How we use and process that personal information||Our reason for collecting the personal information|
|Personal information about our customers||
|Personal information about third parties (passengers, witnesses, at fault parties to the motor vehicle accident and/or additional driver nominated by a customer)||
5.1. We also collect information about our customers through their use of the IITR Platform, known as analytics data. Such analytics data includes IP information, information about devices accessing the IITR Platform, the amount of time our customers spend on the IITR Platform and in which parts of it, and the path navigated through it. However, all such information is de-identified data and is not collected in a form that could reasonably be expected to identify an individual.
5.2. In any event, we only use analytics data to help us review, enhance, market and/or improve the IITR Platform (for statistical, marketing or research purposes).
6.1. We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities, in particular personal information is stored at:
6.2. We take reasonable steps to protect personal information that we hold using such technical and organisational security measures as are reasonable in the circumstances to take against loss, unauthorised access, modification and disclosure and other misuse. Such measures ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.
6.3. We implement the following technical and organisational security measures in our organisation:
7.1. We will transfer your personal information to our contractors and service providers who assist us with the supply and provision of the IITR Platform to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. We will transfer your personal information to our hosting provider in Sydney and our offshore contractors and service providers located outside of Australia. Our offshore contractors and service providers are currently located in India, the United Kingdom, Singapore, Vietnam and the Philippines.
8.1. We only disclose personal information that we collect to third parties as follows:
9.1. IITR may send out tokenised emails and/or SMS links using the IITR Platform that directs our customers to a customer application form. The IITR Platform, emails and/or SMS (whether delivered by us and/or our contractors) may also include other links to third party websites. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third party website operator complies with applicable data protection and privacy laws. You should consider the privacy policies of any relevant third party website prior to sending personal information to them. Our customers should contact us in the first instance, if they have any enquiries about any links on the IITR Platform.
9.2. You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on our website or integrated via notifications on the IITR Platform. These widgets and tools may collect your IP address and other personal information. Your interaction with such widgets and tools, and any single sign-on services is governed by the privacy policies of the relevant social media operators and single sign-on service providers – please read them so that you are aware of how they process your personal information.
11.1. We rely on our customers to ensure that all personal information collected from them and held by us is accurate, up to date, complete, relevant and not misleading. Customers who wish to access, update, modify and/or correct the personal information held by us about them should contact our Privacy Officer below.
11.2. Once an account is deleted, we may still be required to retain the data in accordance with our data retention obligations. We retain personal information held in the IITR Platform for a period of 7 years. We only use production data for the sole purpose of improving the IITR Platform. It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect your or any other person's vital interests).
11.3. We will handle all requests for access to personal information in accordance with our statutory obligations. We may require payment of a reasonable fee for a copy of your personal information by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request and we will endeavour to provide a response to any request for access within 72 hours from the time a request is made.
12.1. Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact our Privacy Officer using the following details:
12.2. We will use our best endeavours to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis and resolving the complaint.
12.3. If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the APPs, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:
13.2. We collect all types of personal data that are voluntarily provided by you and/or collected from third party sources. Please see section 2 above for more information about the categories of personal data that we collect.
15.1. Information about who we disclose personal information to is set out in section 8 above and applies equally to personal data.
16.1. We transfer your personal information to our contractors and service providers who assist us with the supply and provision of the IITR Platform to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. Provided that we comply with applicable law, we transfer your personal information to our hosting provider in Sydney and our offshore contractors and service providers located outside of Australia. Our offshore contractors and service providers are currently located in India, the United Kingdom, Singapore, Vietnam and the Philippines. When transferring personal data governed by the GDPR internationally, we will ensure that such transfers are in compliance with the GDPR and that we have legally binding agreements in place to govern the receipt and processing of personal data offshore. Information about other appropriate or suitable safeguards is available from us on request..
17.1. It is our policy to retain personal data in a form which permits identification of any person only as long as is necessary for the purposes for which the personal data was collected for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal data (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect any other person's vital interests).
18.1. Please see section 10 above for information about the requirement to provide personal information to us and the limitations that apply where personal information is not provided. Those requirements and limitations apply equivalently to personal data governed by the GDPR.
19.1. We do not use automated decision making during our supply of the IITR Platform and/or services for the purposes of the GDPR (although we use bots on the IITR Platform that includes certain decision making logic).
20.1. Under the GDPR, you have a number of rights, including:
20.2. You also have the right to lodge a complaint with any relevant supervisory authority. You are encouraged to contact us in the first instance, if you wish to exercise any of your applicable rights under the GDPR.