ABOUT 365 drivex Pty Ltd
365 drivex Pty Ltd (ABN 38647888211) is a mobile application platform partnering with 365 Assistance Pty Ltd (ABN 59160 076 200), under arrangement with 365 Assistance Group.
ABOUT 365 ASSIST GROUP
365 Assistance Group Pty Ltd (ACN 608 814 679) trading as 365 Roadside Assistance (365), is a digital assistance partnering group aligning roadside assistance networks and platform services to business to business (B2B) industry partners such as OEM’s, Dealerships, Insurance, Financiers and Fleets in which 365 Assistance Group support.
INFORMATION PROVIDED BY OUR B2B INDUSTRY PARTNERS
365 obtain information from industry partners and third-party sources, including publicly available sources. We require this information to comply with applicable laws regarding the collection and transferring of users’ information to us, inclusive of ensuring there is a legal basis for the transfer of the data in accordance with applicable laws prior to disclosure of the data to us. As an example, our partners with and Insurance PDS and policy information to allow us to offer our product or services.
OUR PRIVACY COMMITMENT TO YOU
365 is committed to protecting our user’s privacy on behalf of ourselves and our B2B industry partners. We take our obligations under the Australian Privacy Laws and the (APP’s) very seriously and are proactive in maintaining the confidentiality and security of users’ personal information (including any sensitive information) and managing it in an open and transparent way. To achieve this, we have created this Policy.
We ensure compliance with:
- The ‘APPs’ principles.
- Implementation practices, procedures and systems adhere with those principles and to enable us to deal with enquiries and complaints about our compliance with those principles.
- The processing of users’ personal data takes place in compliance with regulations in all states of Australia and across regional and global locations.
We appreciate there will be times users may have concerns about the information collected and how it is shared, stored or distributed.
We approach user privacy as an open and transparent management platform of information that helps users:
- Understand the kind of information we capture and log.
- How we use it.
- How they can protect and manage their information with us.
- Personal Data
Any information that directly, indirectly, or in connection with other information – relates to an identified or identifiable living individual who is a direct member of 365 and/or our partners.
A user is a person who utilises a computer or network service. Users of 365 or our partners computer systems and software products.
- Data Controller
The company which determines the purposes and means of collecting and processing personal data of users – The 365 Assistance Group, Level 11 66 Clarence Street SYDNEY NSW 2000.
- Data Controller
The place in which any personal data is maintained, managed, backed up remotely and made available to users over a network.
WHAT INFORMATION WE COLLECT
365 limits the collection of information to what is essential, for us to deliver products and services to the user and our partners.
- User input information:
- Email address, in order to receive information, updates and newsletters;
- Your full name (as seen on your membership cover)
- Mobile phone
- Vehicle make
- Vehicle model
- Vehicle registration plate
- Support requests or other forms of contact via our various customer support channels
- Your payment information – credit card type, last four digits, expiration date; PayPal or other relevant account information; date of payment, currency, amount.
It is at the user’s discretion to the degree of accuracy they wish to provide us in their information input, however where accurate information is not provided, it may limit our ability to provide services.
If you input or process any user or personal information in the Cloud using 365’s services, you are considered as a data controller and agree to take full responsibility for complying with the General Data Protection Regulations of the state and territories in which you operate and for how personal data is handled, processed and stored in the Cloud and in such cases 365 (and our third party organisations such as AWS) is not considered as the Data Controller or collector/processor of your personal data and user information disclosed.
- Personal data:
We only collect and process personal data that you provide us upon registration (joining 365 or one of our partners) regarding the use of the services on the website or mobile application.
Furthermore, 365 may collect and process any personal data or user input information that you voluntarily submit on the website or mobile application.
365 will perform only such actions of your personal data processing that are necessary to achieve the abovementioned purpose. Processing of personal data will be based on necessity for the performance of a contract or member support obligation that 365 provides through its supplier network. Any other actions of processing of personal data will be based on consent or other legal basis established in the General Data Protection Regulations of the state or country in which the user presides.
We will not retain personal data longer than is necessary to fulfil the purposes for which it was collected or as required by applicable laws, regulations or service provision. At the end of the term, personal data will be deleted.
In order to secure users personal data, we apply the following safety measures:
- Running firewall software, 2 factor authentications
- Keeping our servers up to date with security re-freshes/patches
- Preventing access to the Personal Data from the outside and taking other necessary measures to keep the personal data secure.
However, we cannot guarantee non-disclosure of personal information, due to factors beyond our control. Therefore, if the personal data is in the Cloud we cannot be responsible for third parties as service providers. If you believe that your account has been hacked and any of your personal data has been disclosed, please contact us as soon as possible.
- Event Integration:
- Event location as recorded by geo location
- Latitude for the co-ordinates
- Longitude for the co-ordinates
- Timestamp when the co-ordinates are recorded.
- Start timestamp if a trip is detected/selected and being recorded
- End timestamp if a trip is detected/selected and being recorded
- A Unique Trip ID(UUID) to record the trip when a trip is detected/selected
- Device Information:Membership reference which is a unique insurance number associated with the user and vehicle rego selected.The current version of the app installed on the mobileDevice ID
- Device Driver Behaviour Information (if activated):Speed (over 40 kms per hour)
WHY WE COLLECT USER INFORMATION
365 may collect, record and analyse users’ personal data in order to:
- Operate, monitor, analyse and improve the services on the website or mobile application.
- Provide the security and stability of the services on the website or mobile application.
- Provide you with notifications in order to administer the broader benefits of the membership.
- Drive safety announcements and reduce un-safe driving practices.
- Show related benefits and customise other content for users.
HOW THE INFORMATION IS COLLECTED
Information is collected from various sources and produced within our service delivery platform. By providing information through the users account setup and/or using our service, the user consents to our collection and storage of the information. This consent is obtained from each user via a prompt upon first use on:
- Installing a mobile application
- Opting into and/or purchasing a membership cover
- Using the 365 membership portal
- Information may be collected through the user or users Insurer providing the input via online form during user setup or otherwise received directly
All information is securely managed and stored by AWS. AWS provides managed hosting services in a dedicated secure environment and meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards such as the Australian IRAP.
The AWS data centres are located on the east coast of Australia and are certified with enterprise level encryption (AES-256). AWS also commits to operate within ISO/IEC 27018 which is the code of practice for cloud privacy.
365 protects data with real-time redundancy.
SECURE TRANSMISSION OF INFORMATION
All transmissions between our servers and users are protected by SSL encryption to secure and maintain the data integrity.
Transmissions between the 365 devices and platforms and our servers are raw data string only and does not have any personally identifiable information. 365 decodes the data in our secure cloud environment.
THIRD PARTY SERVICES
We may share users personal data to third parties only if it is necessary for the following purposes:
- When we use our service providers.
- If the 365 application has been downloaded and supports an insurance program, finance offering or OEM led initiative – to which we have been introduced to you as the member of their behalf.
- Due to a request from Law Enforcement or National authority.
We may use third-party services for the purpose of facilitating payment and the completion of your purchases.
If a user visits our website or mobile application, we collect the following data, which is necessary in order to display the website correctly and guarantee required stability and security:
- User statistics – date and time stamp, time difference to GMT, general location.
Session cookies are temporary cookies that remain only until you log out of the website/mobile application or exit your web browser. Session cookies store only a unique visitor ID number that may be used to ensure users are properly authenticated and can view website information.
Persistent cookies remain in the cookie file of your browser for much longer, even after users leave the website or mobile application. Persistent Cookies store preferences that should persist from visit to visit and enables us to understand how users use the website and mobile application.
INFORMATION ABOUT YOUR RIGHTS
In compliance with 365, users have these rights regarding personal data and user input information:
- Right of access – the right to be informed of and request access to the personal data we collect and process about users; (365 offers Member Portals so users can visibly review, update or change the data we have)
- Right to rectification – the right to request that we amend or update personal data where it is inaccurate or incomplete; (Membership portal as noted in the point above)
- Right to erasure – the right to request that we delete users personal data;
- Right to restrict – the right to request that we temporarily or permanently stop processing all or some of a users personal data;
- Right to object – the right, at any time, to object to us processing a user’s personal data on grounds relating to particular situation and the right to object to a user’s personal data being processed for direct marketing purposes;
- Right to personal data portability – the right to request a copy of a user’s personal data in electronic format and the right to transmit that personal data for use in another party’s service;
- Right not to be subject to Automated Decision-making – the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on
you or produce a similarly significant effect.
ENQUIRY AND COMPLAINT HANDLING PROCESS
We are committed to maintaining an open and transparent channel to deal with requests from users related to their privacy.
A user can at any time access personal information that is held by 365 and seek correction of such information by emailing email@example.com where requests can be lodged. We undertake to respond to all requests within 24 hours.
Upon receipt of an enquiry or complaint our team will investigate the issue and respond with a solution. If more time is required, an outline of the steps 365 will be taking to address the query and an estimated time frame when 365 expect to have a response will be sent to the user.
Please note that where the request involves information access and/or correction, we will require a formal identification process of the requestor to be completed before any requests will be processed.
USER INFORMATION UPDATES
Your user information is available and can be accessed via our membership portal and mobile application. A user may also receive alerts via email, push notification or SMS. Alerts disclose limited information, instead of requiring the user to login to action the alert.
Information can be accessed and updated by the user or the user may contact 365 directly to submit a request for update. All update fields are protected by a secure login and any updates will be implemented in real-time.
Need clarification or have any questions? We encourage you to contact us on firstname.lastname@example.org with any further queries.