Privacy & Data Protection Policy

ComfortDelGro Corporation Australia Pty Ltd (ACN 002 072 004) (CDC) and its Related Bodies Corporate (collectively, CDC Group, us, we or our) are committed to responsible privacy practices and to complying with the Privacy Act 1988 (Cth) (Privacy Act).

This privacy and data protection policy (Policy) describes how we manage personal information including how we collect personal information, the purposes for which we use this information and to whom this information is disclosed. We may amend the Policy from time to time at our discretion.

By interacting with us, submitting information to us, using, purchasing or signing up for any promotions or products or services offered by us, you agree and consent to the CDC Group, as well as our respective representatives collecting, using, disclosing and sharing amongst themselves your personal information, and disclosing such personal information to the CDC Group’s authorised service providers and relevant third parties in the manner set forth in this Policy.

For the avoidance of doubt, this Policy applies to our customers, passengers, agents, vendors, suppliers, employees, partners, contractors and service providers (collectively, you, your, or yours). In addition, this Policy will also provide you with more information on the basis upon which we may lawfully collect, use, and/or disclose your personal information without your consent, where permitted by applicable law.

Personal Information

In this Policy, personal information has the meaning set out in the Privacy Act.

Personal information we may collect

Depending on the nature of your interaction with us, we may collect contact information including your name, address, email address and phone and fax numbers. Where relevant, we may also collect your credit card and other payment details, billing address, your government ID (e.g. driver’s license) and vehicle registration details, and any special requirements you notify to us in respect of the use of our products and/or services, payment-related information, location data (such as your geographical location), your video and images taken by us (such as CCTV footage), usage and interaction data, marketing and communications data, transactional data, and any other information (including without limitation information relating to any individual) which you may have provided in any form to us.

We may collect personal information as otherwise permitted or required by law.

Sensitive Information

We will not generally require you to disclose any sensitive information (for example, details of race, religious beliefs, sexual orientation, health information, etc) to us.

However, we may collect or require you to provide or come into possession of your sensitive information such as health information if you or a third-party contacts us in relation to or engage our non-emergency medical / patient transport services (NEPT).

We may also require prospective employees, current employees, or contractors to provide us with certain sensitive information, such as health information (see the section below titled ‘Information for Job Applicants’). We may also request you inform us of any special accessibility requirements related to your use of our services.

If you do provide sensitive information to us for any reason, you consent to us collecting that information and to us using and disclosing that information for the purpose which you disclosed it to us and as permitted by the Privacy Act and other relevant laws.

How do we collect your personal information?

We collect personal information in a number of ways, including but not limited to:

  • when you enquire about or use our products and/or services;
  • when you provide it to us or our contractors or representatives;
  • when you use, access and/or interact with us via any of our websites, mobile applications and/or other channels (Platforms);
  • when you interact with our personnel (including third parties contracted by us);
  • when you enter a competition or promotion;
  • from customer surveys;
  • from our related companies; and/or
  • as otherwise permitted or required by law.

Where you disclose your personal information to us, you agree to be bound by this Policy in respect of the personal information collected about you.

If you provide us with any personal information relating to a third party (for example, information on your customers, spouse, children, parents, patients, students and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of such third party to you providing us with their personal information for the purposes in which it was disclosed to us and as permitted by the Privacy Act and other relevant laws.

Why do we collect, use or disclose your personal information?

We may collect, use and disclose your personal information:

  • For the purposes for which we collected it;
  • For other purposes to which you have consented; and/or
  • As otherwise permitted or required by law.

Some of the specific purposes for which we collect, use and disclose personal information are as follows:

  • To provide or facilitate the requests for and provision of products and/or services and to respond to your queries, including processing requests for those products and services. For NEPT Services, this includes dispatching of vehicles and assessing the level of care that is required;
  • To contact you (directly or through our service providers) to obtain your feedback and to find out your level of satisfaction with our services through surveys;
  • To deal with complaints, disputes or any incidents that occur while utilising our services ;
  • To keep you informed of operational changes;
  • Processing orders, payments, and administering accounts;
  • Providing customer support;
  • To verify your identity;
  • To facilitate your entry and participation in a competition or promotion;
  • To receive products or services;
  • To administer matters related to your employment or contractual relationship with us, including entering into and cessation of such relationships;
  • For marketing or client relationship purposes;
  • To address any issues or complaints that we or you have regarding our relationship or that any third parties may have;
  • To improve our services and products, including through training and research conducted by us or our service providers;
  • Training and development, research, surveys, statistical analysis, service improvements, business improvements, and business strategy development;
  • communicating with you and/or any third parties in relation to any products and/or services we provide which are relevant to your existing or proposed relationship with us in connection with any of the purposes stated in this Policy, such as your insurers. For NEPT Services, this includes communicating and liaising with your representatives and/or other healthcare providers in relation to the NEPT Services;
  • When reasonably necessary to protect or enforce our legal rights or interests (and related entities) or to defend any claims made against us (and related entities) by any person;
  • For occupational health and safety purposes, such as the use of CCTVs and body-worn cameras;
  • To comply with our legal obligations; and/or
  • To contact you regarding the above, including via electronic messages such as SMS and email, by mail, by phone or in any other lawful manner.

Without limiting the above, our products and services include ride-hailing or other transportation services (“Transportation Services”). When you access or use the Transportation Services, we may access and use your location to:

  • facilitate and process ride-hail bookings and requests for the Transportation Services (such as to determine your pick-up location);
  • detect and provide location based discounts.

In addition, and without prejudice to the generality of the foregoing, where permitted under applicable law, we may also collect, use, disclose and/or process your personal information for any of the following purposes:

  • providing or marketing services, products and benefits to you, including promotions, loyalty reward, and/or similar programmes, including joint marketing and/or cross promotions with third parties;
  • matching or combining personal information with other data collected for other purposes and from other sources (including third parties) in connection with the development, customisation, provision or offering of products, services, marketing or promotions, whether by us, our service providers, and/or other third parties;
  • administering contests and competitions, and personalising your experience at our touchpoints;
  • sending you details or products, services, special offers and rewards, either to our customers generally, or which we have identified may be of interest to you;
  • conducting market research or customer satisfaction research, or analysing and/or profiling your location, preferences, demographics, purchases, transactions, and/or behaviour so as to enable us, our service providers, and/or third parties to design products and/or services, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of products and/or services, and/or to provide you with personalised products and/or services (e.g. special offers and marketing programmes which may be relevant to your preferences and profile);
  • to enable us, insurance companies, and other third party product and service providers to develop, identify and offer products and services that may interest you and/or third parties; and/or
  • recommending, identifying and contacting you to inform you of products and services that are or may be relevant to you, including on behalf of third parties, or sharing your personal information with such third parties or their service providers for them to collect, use, disclose or process your personal information for such purposes.

In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use, disclose and/or process your personal information. If so, subject to applicable law, we shall have the right to collect, use, disclose and/or process your personal information for such purposes as well.

Information for job applicants

If you submit a job application to us, we will use the information provided by you to assess your application. We may disclose the information contained in your application to governmental authorities and/or contracted service providers for purposes such as screening, verification, background checks, aptitude testing and medical testing.

If we request you undergo a medical assessment, you will be asked to give specific consent for the relevant medical service provider to disclose the results of the assessment to us. If you do not provide this consent, we will be unable to consider your application.

We will handle health information in accordance with applicable laws.

Platforms

If you access, download or use any of our Platforms, you agree we may collect, use, disclose and/or process your personal information for any of the following purposes:

  • where the Platform includes services, to process your application for these services;
  • to maintain your account with us;
  • to verify and process your personal particulars and payments in relation to the provision of products and services connected to the Platform;
  • to provide you with the products and services which you have signed up for and to push articles to you which may be relevant to you;
  • communicating with you to inform you of changes and development to our policies, terms and conditions and other administrative information, including for the purposes of servicing you in relation to products and services offered to you;
  • resolving complaints and handling requests and enquiries;
  • conducting market research for statistical, profiling and statistical analysis for the improvement of services provided to you; and/or
  • the processing of your personal information in relation to any of the purposes stated above.

Who do we share your personal information with?

Subject to applicable law, you hereby agree, acknowledge and consent that your personal information may be disclosed for any of the purposes listed above in this Policy (as applicable), to the following entities or parties, regardless of whether they are located overseas or in Australia:

  • any member of the CDC Group;
  • any agent, contractor or third party service provider who provides services to the CDC Group (such as information technology, payment processing, loyalty, marketing, customer support services etc.), including market research companies, and insurers, as well as their respective employees, agents and/or other third parties that any of the foregoing persons rely on to provide their respective services and products;
  • any vendor or third party business partner, including any vendor who offers products and services or sponsors contests or other promotional programs on any Platform (whether in conjunction with us or not), advertisers and/or marketplace aggregators;
  • any external business and charity partner in relation to corporate promotional events;
  • any credit bureau, and/or in the event of default or disputes, any debt collection agencies or dispute resolution centres;
  • any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);
  • any person to whom we transfer or may transfer our rights and duties;
  • banks, credit card companies and their respective service providers;
  • our professional advisors such as our auditors and lawyers;
  • relevant government regulators, authorities or law enforcement agencies to comply with any laws or rules and regulations imposed by any governmental authority;
  • analytics, search engine providers or other third party service providers that assist us in delivering any of our products, services, and/or Platforms as well as improving and optimising the same; and/or
  • any other party to whom we are authorised by you or by law to disclose your personal information.

What happens if you don’t provide personal information?

Generally, you have no obligation to provide any personal information requested by us. However, if you choose to withhold requested personal information, we may not be able to provide you with the services that depend on the collection of that information. For example, if we did not collect your personal information when you raised a query regarding lost property on one of our services, we would be unable to notify you if that lost property was later located.

Anonymity

You have the option to engage with us anonymously. However, if you choose to interact with us anonymously, we may not be able to provide our products or services to you, or make some offers available to you without your personal information. For example, we may not be able to provide ride-hailing services if you do not provide us with the address of your destination.

Cookies, Web Beacons, and Other Technologies

Our Platform(s) may include technologies that automate the collection, use, disclosure, and/or processing of data (including your personal information). Such technologies may include cookies, web beacons and other web analytics. If you do not wish to have your data collected through such technologies you should disable the operation of these technologies on your devices (where possible), or refrain from using our Platform(s).

The CDC Group may also use independent companies and service providers (Market Research Companies), and our Platform(s) may be coded with software or other technologies to assist the Market Research Companies in measuring and analysing the user behaviour across any of our Platforms, and to track visitors. For example, we may use the Market Research Companies’ services to collect the following information on the usage of our Platform(s), including without limitation: (a) the number of page views or page impressions that occur on our Platform(s); (b) the number of unique visitors to our Platform(s); (c) how long these unique visitors (on average) spend on our Platform(s) when they do visit; (d) common entry and exit points into our Platform(s); (e) user travel patterns; (f) location data (including geographical location); (g) time spent at a particular location, (h) quantity and value of transactions for purchases on our Platform(s); (i) user spending behaviour; (j) user’s choice of products and/or services purchased or used on our Platform(s); and (k) “dwell time” information. Such information is provided by the Market Research Companies to the CDC Group to assist the CDC Group in analysing the usage of our Platform(s).

You may change the settings on your device to block the use of cookies, web beacons and/or other web analytics. However, if you choose to block such technologies used in any of our Platforms, you accept that you may not be able to use certain features and functions of our Platform(s).

Implied Consent

In addition to the matters set forth above, subject to and in accordance with applicable law, you shall be implied to have consented to us collecting, using, disclosing and sharing amongst ourselves your personal information, and disclosing such personal information in accordance with the Policy where it may reasonably be inferred in the circumstances that you have consented to this. Such circumstances may include, but is not limited to:

  • where in response to a request for your personal information in connection with identified purposes, you voluntarily provide such personal information to us for such purpose(s) and it is reasonable that you would voluntarily provide such personal information; and
  • where the collection, use or disclosure of your personal information is reasonably necessary for the conclusion and/or performance of a contract between you and us or any other organisation entered into at your request, which may include recipients of your personal information not indicated in this Policy.

Withdrawal of Consent

Subject to our compliance with applicable law, you may refuse to give or withdraw your consent for us to collect, use or disclose your personal information by giving us reasonable notice as long as there are no legal or contractual restrictions preventing you from doing so. Please note that if you withdraw your consent to any or all use of your personal information, depending on the nature of your request, we may not be in a position to continue to provide our products or services to you or administer any contractual relationship in place, and this may also result in the termination of any agreements with us and you being in breach of your contractual obligations or undertakings, and our legal rights and remedies in such event are expressly reserved.

Please note that if your personal information has been provided to us by a third party, you should contact such party directly to make any queries, feedback, and access and correction requests to us on your behalf.

Should you wish to withdraw your consent, please notify us by writing to our Privacy Officer, the contact details are listed in the last paragraph of this policy.

Ensuring Personal Information is Up-to-Date

It is very important that the personal information we hold is accurate, complete and up-to-date. Please ensure that all personal information submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested. Please update us immediately if there is any change to the personal information you submitted to us.

How can you access and correct your personal information?

If you would like to access or correct your personal information, you may contact us at privacy@cdcbus.com.au. We will respond to your request as soon as reasonably practicable.

On request, we will provide you with access to the information we hold about you in accordance with the Privacy Act. If any request is refused, we will provide you with written reasons, including the relevant grounds under the Privacy Act or applicable law.

Please note that a reasonable fee may be charged for providing access to the requested personal information. If so, we will inform you of the fee before processing your request. We will respond to your access request as soon as reasonably possible. Should we not be able to respond to your access request within 30 days after receiving your request, we will inform you in writing via email within 30 days of the time by which we will be able to respond to your request.

Security of Personal Information

Security of personal information is very important to us and we take reasonable steps and care to protect your personal information from misuse, interference and loss; and from unauthorised access, modification or disclosure. Some of the ways we protect personal information include:

  • external and internal premises security;
  • restricting access to personal information only to those who need it to perform their day to day functions;
  • maintaining technology products to prevent unauthorised computer access or damage to electronically stored information, such as requiring identifiers and passwords, firewalls and anti-virus software; and
  • maintaining physical security over paper records.

Retention

If the personal information we hold about you is no longer required, we will take reasonable steps to destroy the information or ensure that the personal information is de-identified.

Transfers of Personal Information Outside of Australia

We may share your personal information with third parties as described under the section “Who do we share your personal information with?” for the purposes described under this Policy and/or as permitted or required by applicable law.

The systems and service providers we use, and other third parties to whom we may disclose personal information to, are located within Australia and in overseas locations that include Singapore and the United States of America. From time to time, this list of countries may change.

Right to Amend the Policy

We reserve the right to amend this Policy from time to time at our sole discretion. If we make any changes to this Policy and the way in which we use your personal information, we will update these changes on our websites. You agree that it is your responsibility to review the Policy regularly.

How to lodge a complaint

If you would like to access or correct your personal information, have a question or complaint about the collection or use of your personal information, or believe that the privacy of your personal information has been compromised, please write to:

Privacy Officer
ComfortDelGro Corporation Australia Pty Ltd
Email: privacy@cdcbus.com.au
Mail: PO Box 16098, Collins Street West, VIC 8007

We will take any privacy complaint seriously and we request that you co-operate with us and provide any relevant information we might need to assess your complaint. We will provide a response as soon as practicable, but within 30 days. If you are not satisfied with our response to your complaint, or at any time, you may refer your complaint to the Office of the Australian Information Commissioner (www.oaic.gov.au).

Global offices