Effective Date: 1 January 2021
References to “ARB”, “we” and “us” include ARB Corporation Ltd and its related bodies corporate. Please see www.arb.com.au for more information about our companies and brands.
When we collect, hold, use and disclose your personal information and data, we will manage that information openly and transparently, and in compliance with our legal requirements as described in this policy.
What personal information do we collect about you?
We may collect personal information such as:
- Your name, gender, address, email address, telephone number and details of products or services you have enquired about or purchased.
- Shipping and billing address, credit or debit card number, verification number, and expiration date.
- Demographic information, including gender and occupation, or special categories of personal data are not actively sought but may be submitted when you respond to an online job application or marketing survey. We will limit the information collected to only the minimum information required to complete your submission and is only processed with your explicit consent.
- Log-in credentials for our user accounts.
- Warranty registration and purchase history.
- Vehicle information such as make, model, trim, registration and VIN (Vehicle Identification Number) details.
- Information about your customer service history with us.
- Any other information you choose to directly provide to us in connection with your use of our products or services.
For California residents, additional information regarding the categories of personal information we collect is found in the California Privacy Rights section below.
When do we collect personal information?
We will generally collect this information directly from you, but in some cases, we may be provided with your personal information from third parties (including ARB’s network of independent distributors, stockists and resellers). The personal information we request is generally optional, but if you choose not to provide personal information to us, we may not be able to fulfil your request or provide you with the product or service you require. Sometimes, however, there are situations where we are required by law to collect certain personal information from you and, if this is the case, we will take reasonable steps to inform you of the law that imposes this requirement.
- When you contact us to request information or support in relation to our company, products or services (including about our brands, shares in our company, product quality, visiting our sites or employment opportunities).
- Register to use our site and/or subscribe to any of our products (including our newsletters and marketing communications).
- When you engage with our questionnaires, promotions, surveys or provide marketing responses to our engagement activities. Participate in discussion boards and/or other social media functions on our site, including reviews that you may submit about our products as well as entering into competition, promotion or surveys.
- The information contained in records of communications and other interactions you have with us (including telephone, email and online and website chat functions).
- If you have or had one of our products, information about the use of that product or your opinions about that product recorded when you respond to a survey.
- Correspond with us in relation to your account, our products you have purchased. (including post-sales support and warranties).
- Report a problem with our site.
Any information provided to ARB from third parties is collected and stored by ARB on the basis that consent regarding disclosure has been provided to the third-party recipient and also ARB. Where requested, we will provide you with details of the third party who provided ARB with your information.
Promotional (Direct Marketing) Communication
We may use your personal information to send you updates (by email, text message, telephone or post) about our products, including exclusive offers, promotions or new products.
We will always treat your personal information with the utmost respect and never sell it to other organisations outside our group of companies for marketing purposes without your consent.
You have an absolute right to opt-out of direct marketing, and to object to profiling we carry out for direct marketing purposes, at any time. You can do this by following the instructions in the communication (where this is an electronic message) or by contacting us using the details set out below. We may ask you to confirm or update your marketing preferences if you ask us to provide further products in the future, or if there are changes in the law, regulation, or the structure of our business. Note, however, that after you opt-out of promotional communications, we may still send you emails relating to the support, administration, and security of our products and services.
These third-party partners may place cookies and other auto tracking technologies as part of their service. There may be occasions when we supply our customer information (such as email addresses) to service providers, who may combine the data provided by us with cookies and other tracking data in an anonymized way (e.g. hashed matching) to enhance their service provision.
Information we collect through automated technologies
We use automated technologies to gather data when you use our Products. This data is processed by both us and third-party service providers working on our behalf. The data is collected by both us and our services providers using technologies including (but not limited to) cookies, web analytics and beacons.
As part of the automated collection of data, we and our third-party service providers may use server logs, cookies, web beacons, Google Analytics, Facebook ads and other similar technologies.
- To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. For Facebook visit facebook.com/help/568137493302217.
We automatically collect the following information about visitors to our site:
- Date/time of visit
- Pages visited, including the last page visited before the visitor exits the site
- Time spent on each page of the site
- Referring site details – the URL through which the user came to the site and the search terms used by the visitor to find the site
- Type of web browser used by the visitor
- The visitor’s operating system
Information we collect from social media platforms
If you like or follow posts on social media or post to our feeds (including Twitter, Instagram and Facebook, among others) then we may collect information about your accounts such as name, username, email address and content relevant to our products.
Why do we collect your personal information, and what do we do with it?
The table below explains what we use (process) your personal information for and our reasons for doing so:
|What we use your personal information for||Our reasons|
|To provide product and/or related information to you||We collect, use and disclose your personal information to carry on our business; to provide, administer, improve and personalise our products and services; to identify and interact with you; to let you know about other products and services which might interest you; to assess and improve the quality of our products and services; to protect our lawful interests; to deal with your concerns and enquiries; and to assist us generally in managing transactions with you, suppliers, consumers and others.
For the performance of our contract with you or to take steps at your request before entering into a contract.
To comply with our legal and regulatory obligations.
|ARB may exchange your personal information within the ARB group, and may also disclose your personal information to our distributors, stockists, resellers, licensees and other third parties.||For the purposes of those parties providing services to us or performing business services or functions on our behalf.
Circumstances may arise where we are required to disclose your personal information to third parties such as if the disclosure is required by the applicable law.
We may also disclose your personal information in corporate transactions involving the transfer of all or part of our assets (including our associated customer lists containing your personal information) or business or in a corporate restructure.
We may also exchange information with other ARB entities and with our service providers including our print service providers, call centres and mail houses, advertising agencies, accountants, auditors and lawyers, credit reporting and collection agencies, and providers of archival, banking, payment, data processing, data analysis, information broking, research, investigation, website and technology services. We may also disclose your personal information to market research agencies, who may contact you in a similar manner to conduct market research in relation to products and services you have acquired from or are offered by ARB and related matters (unless or until you tell us not to).
|To prevent and detect fraud against you or us||For our legitimate interests or those of a third party, that is, to minimise fraud that could be damaging for us and you.|
|Conducting checks to identify you and verify your identity. Screening for financial and other sanctions or embargoes. Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business.||To comply with our legal and regulatory obligations.|
|Gathering and providing information required by or relating to enquiries or investigations by regulatory bodies.||To comply with our legal and regulatory obligations.|
|Statistical analysis to help us manage our site and/or business: for example, in relation to a customer base, product range or other efficiency measures.||For our legitimate interests or those of a third party: that is, to be as efficient as we can so we can deliver the best service for you at the best price.|
|Preventing unauthorised access and modifications to our site and/or systems||For our legitimate interests or those of a third party- that is, to prevent and detect criminal activity that could be damaging for us and for you.
To comply with our legal and regulatory obligations.
|Updating and enhancing customer records||For the performance of our contract with you or to take steps at your request before entering into a contract.
To comply with our legal and regulatory obligations
For our legitimate interests or those of a third party. For example, making sure that we can keep in touch with our customers about existing orders and new products.
|Marketing our products and, where agreed, those products of selected third parties to:
· existing and former customers;
· third parties who have previously expressed an interest in our Products;
· third parties with whom we have had no previous dealings.
|For our legitimate interests or those of a third party, for example, to promote our business to existing and former customers.|
|Credit reference checks via external credit reference agencies||For our legitimate interests or those of a third party – that is, to ensure our customers are likely to be able to pay for our products and services.|
|Administering, managing and maintaining your accounts and/or subscriptions with us.||For the performance of our contract with you or to take steps at your request before entering into a contract.
For our legitimate interests or those of a third party- that is, to be as efficient as we can so we can deliver the best service for you at the best price.
|Corresponding with you in relation to your account, our products you have purchased (including post-sales support and warranties).||For the performance of our contract with you or to take steps at your request before entering into a contract
For our legitimate interests or those of a third party – that is, to be as efficient as we can so we can deliver the best service for you at the best price.
|Notifying you about changes to our products and/or our site.||For the performance of our contract with you or to take steps at your request before entering into a contract
For our legitimate interests or those of a third party, that is, to be as efficient as we can so we can deliver the best service for you at the best price.
|Customising our products to provide more personalized content.||For our legitimate interests or those of a third party, that is, to be as efficient as we can so we can deliver the best service for you at the best price.|
|Measuring or understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.||For our legitimate interests or those of a third party – that is, to be as efficient as we can so we can deliver the best service for you at the best price.|
Note that we may process your personal data for more than one reason (lawful ground) depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific reason, we are processing your personal data where more than one reason has been set out in the table above.
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your information for other purposes, such as those set out in this policy.
Storage and Security
We may hold your personal information in electronic formats or in hard copy. To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have instigated physical, electronic and managerial procedures to safeguard and secure the information we collect. However, we cannot guarantee that the information you submit to us will be unobtainable by an unauthorised party.
We retain your personal information as long as necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or allowed by law. To determine the period for which your personal information will be retained, ARB considers criteria such as: (i) the nature of our relationship with you and the types of products, or services we have provided to you, or you have requested; (ii) the sensitivity of the information and the purposes for which it was collected; (iii) the nature and timing of your interactions with us (including with our websites, communications, etc.); (iv) any applicable legal or contractual requirements to retain information for a certain period of time, including any retention obligations related to actual or potential litigation or government investigations; and (v) the impact on our products and services we provide if the relevant information were deleted.
Where personal information collected by ARB is no longer required for any purpose for which it was collected, ARB will take reasonable steps to destroy or permanently de-identify such personal information.
In the event of a breach of our systems that involves the disclosure of your information without your consent, ARB will notify you in accordance with our legal obligations under the applicable law.
Due to its nature, the transmission of information via the internet is not completely secure. Although we will protect your personal data in accordance with this policy, we cannot guarantee the security of any data transmitted to our websites and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security measures to try to prevent unauthorised access.
International data transfers
Personal data of our European Economic Area (EEA) users may be transferred outside the EEA to countries that may not have data protection rules that require the same level of protection, but we will make sure that there are appropriate mechanisms and controls in place to protect your data.
California Privacy Rights
Sales of Personal Information
Your rights under the CCPA
You have certain choices and rights regarding our use and disclosure of your personal information which you can exercise free of charge:
|Access||You have the right to request, twice in a 12-month period, that we disclose to you the personal information related to you we have collected during the past 12 months. This may include:
· The categories and specific pieces of personal information we have collected about you.
· The categories of sources from which we collected the personal information.
· The business or commercial purpose for which we collected or sold the personal information.
· The categories of third parties with whom we shared the personal information.
· The categories of personal information about you that we sold or disclosed for a business purpose, and the categories of third parties to whom we sold or disclosed that information for a business purpose.
|Deletion||Subject to exceptions under the CCPA, you have the right to request that we delete certain personal information we have collected from you.|
|Opt-Out of Sale||You have the right to opt-out of the sale of your personal information.|
|Shine the Light Request||You also may have the right to request that we provide you with (a) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year and (b) the identity of those third parties.|
Please note that most of these rights are not absolute, and our response may be limited as permitted by the CCPA. For example:
- Requests to exercise these rights are subject to our ability to reasonably verify your identity and request in light of the personal information relevant to the request and the requirements in the CCPA. Please note that we may ask for additional information to verify your request before responding to it.
- The right to have personal information deleted is subject to a number of exceptions set out in the CCPA, such as when we need to maintain the information to provide products or services you requested, or to comply with our legal obligations.
California residents also have the right, as set out in the CCPA, to not be discriminated against for exercising their rights under the CCPA.
Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. During the 12-month period prior to the effective date of this Policy, we may have collected the following categories of personal information about you.
- Identifiers: This category may include: name, postal address, unique personal identifiers, online identifiers, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. Under the CCPA, “unique identifiers” or “unique personal identifier” means a persistent identifier that can be used to recognize a consumer, a family, or a device that is linked to a consumer or family, over time and across different services, including, but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device.
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): This category may include: name, signature, Social Security number, physical characteristics, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education or employment information, financial account numbers, medical information, or health insurance information.
- Protected classification characteristics under California or federal law: This category may include: age, race, colour, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex and gender information, veteran or military status, or genetic information.
- Commercial information: This category may include: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Biometric information: This category may include: imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
- Internet or other electronic network activity information: This category may include: browsing history, search history, and information regarding interactions with an Internet Web site, application, or advertisement.
- Geolocation data: This category may include: physical location or movements.
- Sensory data: This category may include: audio, electronic, visual, thermal, olfactory, or similar information.
- Professional or employment-related information: This category may include: current or past job history or performance evaluations.
- Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)): This category may include: education records directly related to a student maintained by an educational institution or party acting on its behalf (e.g., grades and transcripts).
- Inferences drawn from other personal information: This category may include: inferences drawn from the above information that may reflect your preferences, characteristics, predispositions, behaviour, attitudes, or similar behavioural information.
Please note that some of the categories of personal information described in the CCPA overlap with each other; for instance, your name is both an Identifier and a type of data described in Cal. Civil Code 1798.80(e).
Personal information does not include publicly available information from government records or any deidentified or aggregated consumer information. In addition, the CCPA excludes the following from its scope: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
ARB obtains the categories of personal information listed above directly from you (for example, from forms you complete or products and services you purchase) and/or indirectly from you (for example, from observing your actions on our website).
Children: we do not intentionally collect information from children under the age of 13, or the relevant minimum age under applicable local law. The website are not directed to or intended to be used by children under the age of 13, and we request that children under the age of 13 not provide personal information through the websites.
UK and EEA users
ARB Corporation Limited is the data controller for the processing of your personal data, as defined under the GDPR, collected by ARB.
You have the following rights, which you can exercise free of charge:
|Access||The right to be provided with a copy of your personal information (the right of access).|
|Rectification||The right to require us to correct any mistakes in your personal information.|
|To be forgotten||The right to require us to delete your personal information in certain situations.|
|Restriction of processing||The right to require us to restrict processing of your personal information in certain circumstances for example, if you contest the accuracy of the data.|
|Data portability||The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations.|
|To object||The right to object:
· at any time to your personal information being processed for direct marketing (including profiling);
· in certain other situations to our continued processing of your personal information – for example, processing carried out for the purpose of our legitimate interests.
|Not to be subject to automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.|
If you would like to exercise any of those rights please contact us on the details below.
Any requests are to be made in writing and directed to the ARB appointed representative, details of which are included below.
Any complaints regarding the use and disclosure of your information by ARB should also be directed to the nominated representative, specifying details of your complaint. The representative will endeavour to respond to your complaint as soon as reasonably practicable, and within the provided timeframes as required by the applicable legal regulations.
California residents may submit CCPA requests to know (access) and requests to delete their personal information through one of the following methods:
- Online by emailing firstname.lastname@example.org
- By phone at +425 264 1391
UK and European enquiries
- Online by emailing email@example.com
- By phone at +420-323-040-900
Australia and New Zealand general enquiries
- Online by emailing firstname.lastname@example.org
- By phone at +61 3 9761 6622
When contacting ARB, please:
- provide enough information to identify you for example, your full name, address and customer or invoice/order number;
- provide proof of your identity and address (a copy of your driving licence or passport and a recent utility etc); and
- let us know what right you want to exercise and the information to which your request relates.