Vroom Group Holdings Pty Ltd (ABN 39 162 955 320) and our related companies including Vroom Vroom Vroom Pty Ltd (ABN 19 050 417 037) and V2B Travel Pte Ltd (UEN 201710991D) (“Vroom”, “we”, “our” or “us”) are committed to the protection of personal privacy within the scope of applicable law.
We collect and use personal information in compliance with the Australian Privacy Act 1988 (Cth) (“Australian Privacy Act”) to provide services to our customers and other visitors to our Sites, to facilitate our customer relationships, to comply with our financial, regulatory and other legal obligations, and to pursue Vroom’s legitimate business interests.
We do not sell or rent personal information to marketers or unaffiliated third parties.
The vehicle rental providers and suppliers of other products or services available via our Sites have their own policies governing their use of your personal information. Please refer to the privacy policies published by those third parties for more information.
Types of personal information collected
The types of personal information that we collect and hold will vary depending on your dealings with us. This information may include any or all of the following:
- name, address(es), telephone number(s) and other contact details;
- electronic address(es);
- payment information, including credit card type and expiry date (this information is collected by our third party payment processor);
- frequent flyer loyalty reward program number;
- driver’s licence number;
- flight number;
- other personal information required to provide our services, including age and residency status; and
- transaction details relating to your use of our products, services or benefits.
We will not collect sensitive information from you or any third party.
You do not have to provide us with any personal information, however if you do not do so we will not be able to provide you with the products, services or benefits you have requested.
We also collect the following information from you when you use our website:
- anonymous non-personal information about how you use our website; and
- “cookie” based information that makes your use of our website easier by recording your preferences so that when you return to our website the “cookie” re-loads that information into your web browser. More information set out below.
How we collect personal information
We collect personal information directly from you, such as:
- when you submit information through our Sites;
- when you call or email us, or use the online live chat function to speak with one of our customer service agents;
- in person;
- in the course of us providing you with a requested product, service or benefit;
- when you interact with us via a social media platform; or
- when you have other dealings with us.
We also collect personal information through:
- our related bodies corporate;
- our business partners; and
- third parties who supply services to us.
Why we collect, use and disclose personal information
We will collect personal information for the following purposes:
- to establish and maintain your relationship with us;
- to provide the products or services you have requested from us; or
- to answer any inquiry you make.
We will disclose personal information as required to the providers of the products and services you have booked or purchased (such as car rental and insurance companies). You accept that not all recipients of your information may have privacy policies or be subject to privacy laws equivalent to us and you consent to the disclosure of your personal information for that purpose.
We may also disclose your personal information to third parties who work with us in our business to provide, promote or improve the products or services you have requested or are interested in, such as:
- marketing consultants and promotions companies; website hosts;
- consultants and professional advisers;
- your company or organisation if you use our services under a corporate account;
- one of our program partners if you are a member of their frequent traveller program and you have asked us to send them details of your rental agreement with us;
- our contracted service providers (including our payment gateway, market research company and our mail house);
- debit and credit card providers;
- credit reporting and fraud checking agencies;
- debt collection agencies, if you default in payment of monies owed to us;
- councils, government and private organisations responsible for the processing or handling of traffic related infringements or the payment of road and traffic tolls;
- in relation to an accident or claim, insurers, the police and other persons involved in the accident or claim;
- driver licensing authorities; and
- government, regulatory and law enforcement agencies where the disclosure is required or authorised by law.
We do not rent or sell your personal information to unaffiliated third parties.
We will use and disclose your personal information to send direct marketing to you from
- us; and
- our related bodies corporate.
The direct marketing may relate to:
- our products and services;
- the products and services of other parties (such as car rental and insurance companies); or
- new developments we believe may be of interest to you.
You may opt-out of receiving this direct marketing through the unsubscribe function that will be made available to you with each direct marketing communication.
How we store and protect personal information
We store personal information in a combination of computer storage facilities, paper-based files and other records. We take numerous steps to protect your personal information from misuse, interference and loss, and unauthorised access, modification or disclosure.
Additionally, we take reasonable steps to destroy or permanently de-identify personal information when we no longer need it.
The internet is not a secure method of transmitting information. Although we take reasonable steps to ensure information is securely transmitted and processed, we cannot and do not accept responsibility for the security of information you send to or receive from us over the internet, or for any unauthorised access or use of that information.
Do we send personal information overseas?
Vroom is a multi-national business operating in the global travel services industry. We will disclose some of your personal information, for the purposes described above, to organisations located overseas, including our overseas related companies, travel service providers and third party service providers as detailed in paragraphs (a), (b) and (c) below.
(a) Our overseas related entities
We have operations in Australia, Singapore and the United States. Your personal information may be disclosed to our overseas related entities in connection with the provision of the goods or services you have requested and to enable the performance of administrative, advisory and technical services, including the storage and processing of such information.
(b) Travel service providers
In providing our services to you, if you have confirmed a booking to be picked up overseas we will also disclose your personal information to the travel service provider located in that overseas pick up location.
(c) Our third party service providers located overseas
We will also disclose your personal information to third parties located overseas for the purpose of performing services for us, including for customer service, travel service aggregation, payment, marketing, fraud detection and prevention services, and the storage and processing of such information. We only disclose your personal information to these overseas recipients in connection with facilitation of your travel booking and/or to enable the performance of customer services, administrative and technical services by them on our behalf.
We use key service providers located in the Philippines, the United States and the European Union, among other countries. We also deal with many different service providers all over the world, so it is not possible for us to set out in this Policy all of the different countries to which we may send your personal information.
How you can access your personal information
We will take reasonable steps to make sure that the personal information we collect, use or disclose is accurate, complete and up to date. If your personal details change, such as your address or phone number, please contact our Privacy Officer by email or at the address detailed below.
At your request, we will provide you with a copy of any personal information which we hold about you, unless an exception under the Australian Privacy Act applies. We may charge a fee for retrieving this information, in which case we will inform you of the fee and obtain your agreement to that fee before providing the information.
We will promptly acknowledge and investigate any complaint about the way we manage personal information.
Information is also generated whenever a page is accessed on our website that records information such as the time, date and specific page. We collect such information for statistical and maintenance purposes that enables us to continually evaluate our website performance.
We do not tie the information gathered using third-party analytics to your personal information.
We take data breaches seriously and will act in compliance with the Notifiable Data Breaches scheme established by the Privacy Amendment (Notifiable Data Breaches) Act 2017.
We will use our best endeavours to contain, assess and remedy actual and suspected data breaches as soon as possible and no later than 30 calendar days after the date we become aware of the actual or suspected data breach in accordance with our company data breach response policies and procedures.
Where your personal information held by us is lost or subjected to unauthorised access, modification, use or disclosure or other misuse, and this is likely to result in serious harm to you or other individuals, we will take steps to remedy the risk of serious harm as quickly as possible. If we have not been able to prevent the likely risk of serious harm with remedial action, we will notify you, other affected individuals, and the Office of the Australian Information Commissioner.
How to contact us or make a complaint
The Privacy Officer
Level 1A, 10 Finchley Street, Milton, Queensland, 4064
We will take reasonable steps to remedy any issues resulting from our failure to comply with our privacy obligations.
If you are not satisfied with the outcome of your complaint you may refer the matter to the Office of the Australian Information Commissioner (OAIC).
Telephone: 1300 363 992
OAIC complaints page: http://www.oaic.gov.au/privacy/privacy-complaints
Last updated on 24 June 2019