We’re here to protect your privacy.
At Volkswagen Financial Services, we want to provide a safe and secure environment for you to explore what we can offer you. That’s why we’re absolutely committed to protecting your privacy while you look at our content, products and services online.
1. Document Summary & Purpose
It sets out in detail how we manage the “Personal Information” and/or “Credit Information” of or about our customers, employees and other individuals we deal with in the course of our business activities.
We have defined the terms “Personal Information” in section 3 (“Personal Information” defined) and “Credit Information” in section 4 (“Credit Information” defined).
1.1. Changes to Policy
2. Our Names
We are Volkswagen Financial Services Australia Pty Ltd ABN 20 097 071 460 (“VWFSA”), a wholly-owned subsidiary of the global financial services organisation, VWFS AG, which is headquartered in Braunschweig, Germany.
In Australia, VWFSA uses various business names including “Volkswagen Financial Services”, “Audi Financial Services”, “ŠKODA Financial Services”, “Bentley Motors Financial Services”, “Lamborghini Financial Services” and “Volkswagen Group Leasing”.
In the remainder of this Policy, we refer to VWFSA or any of the above business names we use simply as “we”, “us” or “our”.
3. “Personal Information” Defined
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is:
For the purposes of this Policy, Personal Information includes:
4. “Credit Information” Defined
"Credit Information” is Personal Information that includes:
5. Reasons for Collecting Information
In general, we will only collect Personal Information that is reasonably necessary for us to achieve any or a combination of the primary purposes mentioned in section 5.1 and 5.2 below and the secondary purposes mentioned in section 5.3.
5.1 Primary purpose – assess applications & manage accounts
We collect, hold, use and disclose Personal Information for the following primary purposes, that is, to:
5.2 Primary purpose – to comply with law
We also collect Personal Information in compliance with our legal or regulatory obligations including those we have under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, the National Consumer Credit Protection Act 2009, the Corporations Act 2001, the Privacy Act 1988 (“Privacy Act”) and various Australian employment, taxation and immigration laws.
Furthermore, we will collect Personal Information if we are required by or under a court or tribunal order to collect that information.
If the collection of Personal Information is required by any other law or court or tribunal order, we will advise you of the relevant law or the details of the court or tribunal order at the time of collecting the information or as soon as practicable after we have collected the information.
5.3 Secondary purposes
We collect, hold, use and disclose your Personal Information for any or a combination of the following secondary purposes:
Undertake other direct marketing unless you tell us to stop;
6. Whose Information We Collect
We will collect your Personal Information if you are an individual who:
7. When We Collect Information
We will collect Personal Information (from you) in the following circumstances:
7.2 Credit Information
In addition to the circumstances mentioned in section 7.1 (General), we may collect Credit Information from a Credit Reporting Body (“CRB”) (as defined in section 17.2) when we are assessing a credit application you have made to us or you have made on behalf of a business, organisation or agency.
Also, we will collect and use Credit Information in our own records including information on your payments, repayments or default.
Furthermore, we will obtain Credit Information from other Credit Providers with whom you have or had a credit account.
Finally, we will collect your Credit Information from publically available sources including personal insolvency information entered or recorded in the National Personal Insolvency Index (as defined in the Bankruptcy Act).
8. How We Collect Information
8.1 Lawful, Reasonable & Transparent Means
We will only collect Personal Information by lawful, fair and transparent means.
Except in a limited number of cases, we will collect Personal Information directly from you and with your consent.
8.2 You Do Not Have to Provide Information
You are under no legal or moral obligation to provide Personal Information we ask for and we will not oblige you to provide Personal Information (see section 9).
8.3 Consequences For Not Providing Information We Request
If you fail or refuse to provide any Personal Information we ask for, we may not be able to do any or a combination of the things mentioned in section 5.1 (Primary purpose – assess product application and manage accounts) or section 5.2 (Primary purpose – to comply with law).
In some cases if we do not collect, use and/or disclose the Personal Information we ask for we may not only risk providing you an unsuitable product or service, but we may also be in breach of our legal or regulatory obligations.
8.4 Important Details About Credit Information
If the information we are collecting includes Credit Information:
a. We are likely to disclose your information to any or all of the following CRB’s as defined in section 17.2 (Credit reporting bodies):
For contact details and information on how credit reporting bodies manage credit information, please see their privacy policies available at the links above.
d. You can contact the CRB’s outlined in Section 8.4 (a) to:
e. You can also contact us in relation to your Credit Information in any of the circumstances mentioned in section 16.1 (Reasons for contacting us).
8.5 How We Collect Information
If reasonable and practicable, we will collect Personal Information or Credit Information directly from you:
8.6 Using third parties to collect information
In some cases, we may authorise another person, such as a motor vehicle dealership, a recruitment organisation or background checking service provider (if you have applied for a job, business or contracting opportunity with us) to collect your Personal Information on our behalf.
8.7 Collecting information from another person
With the exception of the circumstances mentioned in section 8.8 (Related organisations), we will only collect your Personal Information from another person with your express or implied consent. Some third parties from whom we may collect Personal Information include:
Finally, we may collect Personal (other than sensitive) Information from someone else if it is unreasonable or impracticable to collect the information from you.
8.8 Related organisations
In some cases we may collect your Personal Information from an organisation or person that is related to us if the primary purpose for which that organisation or person collected your information in the first place was or is related to the primary purpose for which we would collect your information.
8.9 Unsolicited information
9. Anonymity & Psuedonymity
If it is lawful, practicable and reasonable when collecting Personal Information, we will give you the option of not identifying yourself or the option of your use of a pseudonym. An example would be where we are conducting a customer, product or market survey or research and it is practicable to obtain the information we want for the purposes of that survey or research without the need for you to tell us your names, date or birth or residential address in particular.
10. Accuracy of Information
We will take all reasonable steps in the circumstances to ensure that Personal Information we collect from or about you is accurate, complete and up-to-date.
Accordingly, in some cases, we may ask you for an independent and reliable document or use an electronic data source to verify that the Personal Information you have given us is accurate, complete and up-to-date.
If we identify any discrepancy between information you provided us and information in an independent and reliable document or electronic data source, we will give you an opportunity to correct or reconcile the discrepancy, if it is reasonable or practicable for us to do so, before using the information for the purposes for which we have collected it.
We may terminate a product or service we have agreed to provide you, your employment with us or your business or contracting relationship with us if we find that Personal Information we relied on to offer you the product, service, job or business or contracting opportunity was not accurate, complete or up-to-date at the time we collected or used it.
11. Sending Information Overseas
From time to time, we will send data containing Personal Information to our parent and related companies.
Whilst it is not practicable to list every country in which recipients may be located, receipients of such disclosures are likely to include Germany, Singapore and the United Kingdom.
12. Use or Disclosure for Permitted Purposes
We will use or disclose Personal Information we hold if:
13. How We Protect Your Information
The security of your Personal Information we hold is important to us and we take all reasonable steps in the circumstances to protect it from unauthorised access, misuse, interference, loss, disclosure or modification.
We keep Personal Information we hold in various formats including paper and electronic formats.
Some of the ways we secure your Personal Information are:
We can store Personal Information physically or electronically with third party data storage providers. Where we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put that information.
13.2 Destroying and de-identifying of information
In general, we will destroy Personal Information or any document or record containing Personal Information we no longer need the information or if we are not required by or under an Australian law to keep the information or the document or record beyond a required period.
If it is not practicable to destroy the information or the document or record containing the Personal Information, we will put the document “beyond use” (as defined in the Credit Reporting Code).
In some circumstances, we will “de-identify” Personal Information instead of destroying it including circumstances we are required by or under an Australian law to keep the information or the document or record.
14. Requesting Access To Your Information
You can request access to your Personal Information by contacting us [see section 16.1 (Reasons for contacting us) and section 16.2 (Our contact details)].
Also, you may use a third party (access-seeker) to make a request to us for access to your Personal Information.
14.2 Adequate verification before giving access
In whatever manner and whenever you contact us, we will verify your identity or that of any person you have authorised to be given access to your Personal Information before we agree to give access.
Also, if you authorise an access-seeker to request access to your Personal Informationyou must do so in writing before we can give them access.
We reserve the right to change our identity verification requirements from time to time without notice.
14.3 Period for giving access to Personal Information
We will endeavour to respond to your request for access to Personal Information within a reasonable period of time after the date we have verified your identity in accordance with section 14.2 (Adequate verification etc).
If for any reason we cannot or we refuse to give access to your Personal Information within the above timeframe, we will give you a written notice that sets out the reason for the refusal and/or the reasons we are unable to provide access within the above timeframe. If necessary, we may request you to agree to an extension of time to give access.
Also, in any of the above circumstances, we will advise you of how you can make a complaint about our refusal to give access or our failure to give access within a reasonable time.
14.4 Period for giving access to Credit Information
For a request to access your Credit Information, we will endeavour to provide access to you within 30 days of receiving your request, unless unusual circumstances apply. In those circumstances, we will notify you with our reasons (if reasonable for us to do so) and advise you of your right to refer our refusal or failure to provide access within the timeframe to the Credit & Investments Ombudsman [see section 16.5 (Referral to EDR)] and/or to the Privacy Commissioner [see section 16.6 (Referral to Privacy Commissioner)].
14.5 If unreasonable to give access in a particular form
Your request for access may specify the form or manner you wish your information to be provided to you including whether you wish the information to be given to you over the telephone or in writing and by regular post, email or facsimile.
If reasonable or practicable, we will give you access in the form or manner you have specified.
If it is not reasonable or practicable to give you access in the form or manner you have requested, we will take steps that we consider are reasonable in the circumstances to give access in a way that meets both your and our needs, including, giving access through a mutually agreed intermediary.
14.6 Fees and Charges
In general, we will not charge you a fee for making a request for access to your Personal Information.
Also, we will not charge you any fee for providing you a copy of this policy in a form you have requested if it is reasonable for us to provide the information in that form.
We may charge a fee for retrieving and preparing the information and/or giving it to you in the manner you have requested it to be provided to you. However, any such fee will not be excessive in the circumstances and will not apply to the making of the request.
We may ask you to pay any charge or fee before we can progress your request.
14.7 When we may refuse access
We will refuse you access to your Personal Information if:
h. Both of the following apply:
i. Giving access would be likely to prejudice one or more enforcement related activities (as defined in the Privacy Act) conducted by, or on behalf of, a law enforcement body; or
j. Giving access would reveal evaluative information we have generated in connection with a commercially sensitive decision‑making process.
We may refuse to give access to your Credit Information if:
15. Requesting Correction Of Information
15.1 Correcting Inaccurate Information Ourself
If we are satisfied on reasonable grounds that the Personal Information we hold about you is inaccurate, out‑of‑date, incomplete, irrelevant or misleading, we will take appropriate steps to correct the information [see generally, section 10: (Accuaracy of informtion)].
If we correct your Personal Information we will take appropriate steps within 7 days of the correction, to notify you and any other person, organisation. If the information corrected is Credit Information, any “affected information recipient” (as defined in the Privacy Act) or “CRB”, to which we had provided the pre-corrected information, that your information has been corrected.
15.2 Asking Us to Correct Your Information
You too can ask us to correct the Personal Information we hold about you if you consider the informtion is not accurate, up‑to‑date, complete, relevant or it is misleading or deceptive.
Also, you may request us to take reasonable, practicable or lawful steps to notify any other organisation to which we provided your Personal Information on a previous occasion, that we have corrected your information.
15.3 Timeframe for Correcting Personal Information
If your request relates to Personal Information that is not Credit Information, we will respond to the requests within a reasonable period of time of receiving it.
15.4 Timeframe for Correcting Credit Information
If the request relates to your Credit Information, we will respond to the request within 30 days from the date you make the request.
If we are not able to meet the above timeframe we will seek your written consent for an extension of time to respond to your request.
15.5 No Fees for Requests
We will not charge you any fees for making a request to us to correct your information.
15.6 If We Refuse to Correct Information
If we refuse to correct your Personal Information, we will give you a written notice that sets out:
If we refuse to correct your Personal Information, you may request us to associate a statement with the Personal Information that you consider is inaccurate, out‑of‑date, incomplete, irrelevant or misleading. Within a reasonable period of time after receiving your request, we will take any step that is reasonable, practicable and lawful in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.
We will not charge any fee for a request to associate a statement as described above.
15.7 Request to associate statement
If we refuse to correct your Personal Information, you may request us to associate a statement with the Personal Information that you consider is inaccurate, out‑of‑date, incomplete, irrelevant or misleading.
Within a reasonable period of time after receiving your request, we will take any step that is reasonable, practicable and lawful in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.
We will not charge any fee for a request to associate a statement as described above.
16. Contacting Us
16.1 Reasons for contacting us
Amongst other things, you may contact us if you:
h. Wish to make a complaint including a complaint:
i. Wish to ask us to stop sending you direct marketing or promotional material;
j. Wish to ask us to stop sharing your Personal Information with our brand partners [see section 5.3 (b) (Secondary purposes)] above or for the purposes mentioned in that section; or
k. If you do not want to participate in a customer survey we have invited you to participate in.
16.2 Our Contact Details
You may write to or email us as follow:
Mail: The Privacy Officer
Volkswagen Financial Services Australia Pty Limited.
Locked Bag 4002, Chullora NSW 2190
16.3 Acknowledging requests and complaints
We will endeavour to acknowledge your request or complaint within 7 days after we have received it. Depending on the circumstances, we may acknowledge your request or complaint by phone, email, regular post or facsimile.
A complaint in relation to Credit Information will be acknowledged by email, regular post or facsimile.
16.4 Request & Complaint Process
We will take reasonable steps to investigate the subject matter of your request or complaint. Such steps may include liaising with our external representatives who are familiar with the subject matter of the request.
If the request or complaint concerns Credit Information, we may consult with other external organisations or agencies in particular a relevant Credit Reporting Body [as defined in section 17.2 (Credit reporting body)], other credit providers and “affected information recipients" (as defined in the Privacy Act). Whether such consultation is necessary will depend upon whether we provided your information to those external organisations or agencies or whether we obtained your information from them.
Also, in some cases we may seek advice from our own legal or other professional advisors in relation to your request or complaint.
We will give you reasonable opportunity to present your case.
Any information we discover during the investigation stage will be analysed and evaluated before a decision is reached on the merits of your request or complaint.
You will be advised about our decision within the timeframes specified in this Policy if applicable to your request or complaint or within the timeframe specified in the Privacy Act or Credit Reporting Code.
If our decision is in writing, it will contain the reasons for the decision and information on your right to refer our decision to the Credit & Investments Ombudsman [see section 16.5 (Referral to EDR)] or to the Privacy Commissioner [see section 16.6 (Referral to Privacy Commissioner)] if you are not satisfied with the decision.
16.5 Referral to EDR
If you are not satisfied with our response to your request or complaint, you may refer it to the Credit & Investments Ombudsman, external dispute resolution (EDR) scheme of which we are a member.
The Credit & Investments Ombudsman’s contact details are:
Mail: Credit & Investments Ombudsman
PO Box A252
South Sydney NSW 1235
Fax: (02) 9273 8440
16.6 Referral to Privacy Commissioner
You may also refer our decision to the Privacy Commissioner if you are not satisfied with it. The Privacy Commissioner’s contact details are:
Mail: Privacy Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
Employees may make requests directly to the Human Resources team for access to their Personal Information.16.7 Employee requests & complaints
Employees may also request the Human Resources team to correct their Personal Information if they consider the information we hold on them is not accurate, up‑to‑date, complete, or relevant or if they consider the information is misleading.
Within a reasonable time after we have corrected an employee’s Personal Information, we will advise any person, organisation or agency we provided the pre-corrected information to that the information has been corrected.
Alternatively, employees may log into their personal accounts in the pay roll system to correct their own Personal Information if they wish to do so.
Employees also have the right to make a complaint if they consider we have not handled their Personal Information appropriately including in accordance with this Policy or in accordance with the Australian privacy principles or the Privacy Act.
Employees may make privacy complaints directly to the Compliance and Operational Risk Manager or through our external whistle blower service provider whose website address is www.whistleblowing.com.au. Because of the inherent nature of privacy complaints, employees are advised that it may not be practicable for the Compliance and Operational Risk Manager or external whistle blower service providers to guarantee employees anonymity during the investigation of privacy complaints.
17. Definitions Of Some Terms Used In This Policy
The following definitions are based on the definitions in the Privacy Act. If there is any inconsistency between any definition in this section and a corresponding definition in the Privacy Act, the latter definition will apply.
17.1 Consumer Credit Liability Information
In relation to consumer credit provided to an individual the following information about the consumer credit is consumer credit liability information about the individual:
e. The terms or conditions of the consumer credit:
f. The maximum amount of credit available under the consumer credit;
g. The day on which the consumer credit is terminated or otherwise ceases to be in force.
17.2 Credit Reporting Body (“CRB”) or Credit Reporting Bodies (CRB’s)
Means organisation/s or an agency or agencies prescribed under the Privacy Act that are in the business of collecting, holding, using or disclosing Personal Information or Credit Information about individuals for the purposes of providing others information about the Credit Worthiness of an individual.
17.3 Credit Worthiness Information
Means a statement or opinion about your:
17.4 Default Information
Means information about a payment (including a payment that is wholly or partly a payment of interest) that you are overdue in making in relation to consumer credit provided to you and:
17.5 Identification Information
For the purposes of this Policy, Identification Information includes your:
17.6 Information Request
Means any information we have sought from a CRB (as defined in section 15.2) that relates to:
17.7 New Arrangement Information
Means a statement that the terms or conditions of an original consumer credit we have provided to you has been varied or that we have provided you with a new consumer credit because of you had been overdue in making the payments under the original consumer credit.
17.8 Payment Information
Means a statement that on a specified date or day, you have paid in part or wholly an amount of an overdue payment we included in default information we had disclosed to a CRB (as defined in section 15.2).
17.9 Personal Insolvency Information
Means information about you entered or recorded in the National Personal Insolvency Index and relates to:
17.10 Repayment History Information
17.11 Sensitive Information
a. Information or an opinion about your:
b. Your health information; or
c. Your genetic information that is not otherwise health information;
d. Your biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
e. Your biometric templates.
17.12 Serious Credit Infringement
c. Any act on your part: