Privacy Policy

 

1) About I’m In The Right

1.1 This Privacy Policy describes how Reliance (Aus) Pty Ltd trading as I’m in the Right ABN 55 162 611 994 of Suite 4, Level 5, 3 Thomas Holt Drive, Macquarie Park New South Wales 2113 Australia (IITR, we, us, our) manages personal information. It was last updated on 26 October 2023. We may amend this Privacy Policy from time to time.

1.2 We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including, where applicable, the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (APP(s)), and the Privacy Act 2020 (NZ) including the Information Privacy Principles (IPP(s). If we decide to change this Privacy Policy, we will post the updated version on this webpage. Our policy is to be open and transparent about our privacy practices. We encourage our customers and other persons that we collect personal information about to familiarise themselves with this Privacy Policy to understand how and when we collect, hold, use, sell, transfer, disclose and otherwise process personal information about them.

1.3 We own and operate a website known as “I’m in the right” located at https://www.imintheright.com.au/ that we use to advertise our services and through which people involved in motor vehicle accidents may apply to become IITR customers (the IITR Platform).

1.4 We help individuals who have been involved in motor vehicle accidents (who are not at fault), who become our customers, by providing them with the following services:

a) Hiring replacement motor vehicles owned, maintained and operated by IITR or third party car rental or fleet companies to customers;

b) Cost recovery services to assist our customers to recover hire costs and other losses from the party at fault or their insurer; and

c) Accident management services including:

1.5  If you are an individual applying to become an IITR customer, you will be directed to our Privacy Consent Form. The Privacy Consent Form includes a brief summary of our privacy practices and other information set out in this Privacy Policy. You must consent to our collection, use, processing and/or disclosure of your personal information to access and/or use our Services. The Privacy Consent Form notifies our customers of (among other things) the circumstances under which we collect their personal information, the purpose for the collection and the likelihood that we will disclose their personal information to overseas recipients. A copy of the Privacy Consent Form is available at the following URL: https://imintheright.com.au/collection-notice/

2) Our Collection and Use of Personal Information

In addition to collecting information about motor vehicle accidents from our customers, at-fault parties, witnesses and others, we collect and use personal information as set out in the following table:

 

Category of individuals Type of personal information collected How we collect personal information Why it is necessary to collect the information and how we use the information
Customers First name

Last name

Address (business and/or personal)

Date of birth

Drivers Licence (including photo, age, date of birth, gender)

Signature

 When you provide it to us by email, telephone, letter, or by entering it into the IITR Platform;

·       When our referral partner refers you to us as requested by you;

·       When your insurers or other individual provide it to us;

·       By conducting online searches such as Google or social media;

·       For analytics and technical information, by use of IITR Platform;

·       From third party service providers;

·       For locational information, by using the replacement vehicle fitted with a telemetry device

 For identification and authentication of customers in provision of or in relation to our Services
Contact information:

·         Email address (business and/or personal)

·         Phone number (business and/or personal)

 To communicate with customers
Financial information:

Credit card details

 To charge customers for any toll fees or damages incurred by IITR in relation to the replacement vehicle provided to the customer.

Credit card details are not stored by us and are held by our payment gateway provider, Stripe. IITR validates a customer’s credit card by charging and reversing out an amount of $1.00
Location data:

IITR vehicles are fitted with telematics device to track vehicle location while the vehicle is provided on hire to the customer

 To mitigate damage to, loss, or theft or otherwise misuse of the replacement vehicle.
At-fault party First name

Last name

Contact email address (business and/or personal)

Contact phone number (business and/or personal)

Address (business and/or personal)

Drivers Licence (including photo, age, date of birth, gender)

Vehicle registration number

 ·         When a third party such as a customer, insurer or other individual or entity provides it to us;

·         By conducting online searches such as Google or social media;

·         From third party service providers;

·         When you provide it to us by email, telephone, or any other means;

 To contact the at-fault party; correctly identify and verify the identity of the at-fault party; verify an accurate account of events in relation to the motor vehicle accident; process insurance claims in relation to the motor vehicle accident; and recover IITR’s costs arising from our provision of our Services to the customer in relation to the motor vehicle accident
Witnesses First name

Last name

Contact email address (business and/or personal)

Contact phone number (business and/or personal)

 

 ·       When a third party such as a customer, or other individual or entity provides it to us;

·       When you provide it to us by email, telephone, or any other means;

 To contact the witness to verify their account of the events in relation to the motor vehicle accident the subject of a customer agreement
Other drivers First name

Last name

Contact email address

Contact phone number

Home address

Drivers Licence (including photo, age, date of birth, gender)

Signature

 ·       When a third party such as a customer, or other individual or entity provides it to us;

·       When you provide it to us by email, telephone, or any other means;

 To identify individuals who will also be using the replacement vehicle provided by IITR or on our behalf to ensure insurance coverage, and to ensure any fines or other infringements incurred by the other driver while the replacement vehicle is provided to the customer will be allocated correctly.
Partners, subcontractors, service providers etc First name

Last name

Contact email address

Contact phone number

 ·       When a third party such as a customer, or other individual or entity provides it to us;

·       When you provide it to us by email, telephone, or any other means;

 To communicate with IITR’s partners, subcontractors, service providers etc, in relation to the provision of our Services.
Service providers of customer or at-fault party
(e.g. panel beaters, mechanics, insurers)		 First name

Last name

Contact email address

Contact phone number

 ·       When a third party such as a customer, or other individual or entity provides it to us;

·       When you provide it to us by email, telephone, or any other means;

 To communicate with customer’s and at-fault party’s insurance companies in relation to the provision of our Services.

 
IITR Platform users IP Address

Network information

User access logs

DNS location

Log in details

Statistical data

Device information

Cookies

 ·       When you enter personal information into the IITR Platform;

·       By use of the IITR Platform

 In de-identified form to operate, maintain, market, improve and ensure the security of the IITR website.

 

3) How we hold and secure personal information

3.1 We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities, in particular personal information is stored at:

a) hosting facilities operated by Amazon Web Services;

b) company servers or those of our cloud-based email providers which have restricted access security protocols;

c) third party owned cloud-based customer relationship management and marketing providers; and

d) computers and other electronic devices at our offices and at the premises of our personnel.

3.2 We take reasonable steps to protect personal information that we hold using such technical and organisational security measures as are reasonable in the circumstances to take against loss, unauthorised access, modification and disclosure and other misuse. Such measures ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.

3.3 We implement the following technical and organisational security measures in our organisation:

a) use of reputable hosting provider, Amazon Web Services (PCI compliant Level II in the Sydney Data Centre) to host personal information;

b) 2-factor authentication capability for each user to access our system with minimum password length rules;

c) passwords and access control procedures in our computer systems and ensuring that our personnel have access controls and that system access is aligned to the duties and responsibilities assigned to each role within IITR;

d) third party COMODO 256 bit encryption for data transmitted via the IITR Platform both in transit and at rest;

e) disaster recovery procedures including a fallback data centre in Singapore;

f) blocking high level domain IP inbound access from our systems;

g) ensuring that our systems are periodically patched;

h) managing and logging security incidents;

i) electronic (e-security) measures for the purposes of securing personal information such as installing antivirus management and email phishing software on emails and applicable company computer software, devices and systems;

j) installing secure routers and firewalls to protect company devices and systems from any inbound attacks or viruses;

k) physical security measures in our buildings and offices such as door and window locks and visitor access management, cabinet locks, surveillance systems and alarms to ensure the security of information systems (electronic or otherwise);

l) all of our employees, agents and contractors to comply with privacy and confidentiality provisions in their employment contracts and contractor agreements that we enter into with them;

m) having a data breach response plan and ensuring that we have data breach response procedures, data backup, archiving and disaster recovery processes in place;

n) automated batch migration processes to silo personal information that is no longer needed to be kept on the IITR system;

o) with respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is securely destroyed;

p) mandatory changes to customers’ passwords to access the IITR Platform every 90 days, and retaining a history of the customers’ last 5 passwords so a customer cannot use the same password; and

q) multilayered application-driven encryption at targeted field and file level within the AWS database and file system.

4) Sale of personal information

4.1 We may sell personal information about any person that we collect at any time, provided that we will only do this where we have the consent of the relevant person or in the circumstances set out in clause 2.

4.2 We may sell our business or its assets or be acquired, merge with another entity, acquire another entity or undergo a reorganisation of our corporate group. We may share your personal information with any such buyer, acquirer or other entity as part of such transactions or in the context of any possible sale, restructure, acquisition or merger.

5) Who we disclose personal information to

5.1 We may disclose personal information that we collect to third parties as follows:

a) to software developers, payment gateway providers, infrastructure support providers, insurers, finance brokers, dealerships, motor vehicle assessors, panel beaters, mechanics, repairers, salvage yards and auctioneers, law firms, third party drivers, owners, witnesses and other parties involved in motor vehicle accidents, motor vehicle fleet companies and cross hire partner companies who we contact in order to provide, or in relation to the provision of, our Services, in relation to law enforcement related activities, or in accordance with our contractual rights;

b) our personnel, contractors (such as hosting, lead generation, call centres, software developer, lead generation companies such as Stamp Media Ltd (UK Company Number SC661429), infrastructure support, referral and professional service providers), insurers, finance brokers, dealerships, motor vehicle assessors, panel beaters, mechanic and repairers, salvage yards and auctioneers, third party drivers, owners, witnesses and other involved parties in motor vehicle accidents, motor vehicle fleet companies, governmental authorities and regulators and/or cross hire partner companies for us to provide you with the IITR Platform and our services, when we engage third parties to make marketing calls or conduct customer satisfaction activities on our behalf and for our legal, accounting or financial advisors, insurers and debt collectors to operate our business;

c) to reputable hosting providers and backup hosting providers who host databases that we use to provide our Services;

d) our employees, officers, agents and/or suppliers. We ensure that all such personnel and suppliers that we engage are aware of their information security responsibilities and have entered into agreements requiring them to comply with privacy and confidentiality obligations that apply to personal information that we provide to them;

e) to lead generation companies or marketing companies who carry out direct marketing phone calls and send emails on our behalf to generate business for us. All individuals will be given the opportunity to ‘opt out’ of any direct marketing calls or emails;

f) when providing information to our legal, accounting or financial advisors/representatives or insurers, or to our debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;

g) where we license or sell personal information to any third parties;

h) where IITR undergoes a merger, corporate restructure or acquisition;

i) where a person provides written consent to the disclosure of their personal information;

j) where it is brought to our attention that specific personal information needs to be disclosed to protect the safety or vital interests of any person;

k) to governmental authorities, bodies and/or regulators for the enforcement of a law imposing a pecuniary penalty and/or to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences;

l) to any court or tribunal for the conduct of proceedings (being proceedings that have been commenced or are reasonably in contemplation); and/or

m) where otherwise required by law.

6) Offshore Disclosure

6.1 We may transfer your personal information to our contractors and service providers who assist us with the supply and provision of the IITR Platform to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance.

6.2 We will transfer your personal information to our hosting provider in Sydney and our offshore contractors and service providers located outside of Australia. Our offshore contractors and service providers are currently located in the United Kingdom and the Philippines.

7) Third Party Websites

7.1 IITR may send out tokenised emails and/or SMS links using the IITR Platform that directs our customers to a customer application form. The IITR Platform, emails and/or SMS (whether delivered by us and/or our contractors) may also include other links to third party websites. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third party website operator complies with applicable data protection and privacy laws. You should consider the privacy policies of any relevant third party website prior to sending personal information to them. Our customers should contact us in the first instance, if they have any enquiries about any links on the IITR Platform.

7.2 You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on our website or integrated via notifications on the IITR Platform. These widgets and tools may collect your IP address and other personal information. Your interaction with such widgets and tools, and any single sign-on services is governed by the privacy policies of the relevant social media operators and single sign-on service providers – please read them so that you are aware of how they process your personal information.

8) Interacting with us without disclosing personal information

8.1 If you do not provide us with your personal information, you can only have limited interaction with us. For example, you can browse our website without providing us with personal information, such as the pages that generally describe our Services, and our Contact Us page. However, when you submit a form on our website or become a customer, we need to collect personal information from you in order to identify who you are, so that we can provide you with our Services, and for the other purposes described in this Privacy Policy. It is not practical for us to provide you with access and/or use of our Services if you refuse to provide us with personal information.

9) How to access and correct personal information held by us

9.1 If we are contacted by any person who represents to us that they are our customer, for security purposes, we will only discuss the personal information that we hold about them with them if they identify themselves accurately and truthfully.

9.2 We rely on our customers to ensure that all personal information collected from them and held by us is accurate, up to date, complete, relevant and not misleading. Any person who wishes to access, update, modify and/or correct the personal information held by us about them should contact our Privacy Officer below.

9.3 Once an account is deleted, we may still be required to retain the data in accordance with our data retention obligations. In general, we retain personal information for a period of 7 years. We only use production data for the sole purpose of improving our Services. It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the data in order to comply with our legal obligations, where that information is necessary for IITR’s operations, or to retain the data to protect your or any other person’s vital interests).

9.4 We will handle all requests for access to personal information in accordance with our statutory obligations. We may require payment of a reasonable fee for a copy of your personal information by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request and we will endeavour to provide a response to any request for access within 72 hours from the time a request is made.

9.5 If you are located in New Zealand:

a) you may request urgent access to your personal information in accordance with section 41 of the Privacy Act (New Zealand) and state why the request should be treated as urgent. We will on receipt of such request, consider the request and reasons, determine the priority given to it and ensure that we provide reasonable assistance to a person who makes such a request;

b) in the event that you wish to access your personal information and it is readily retrievable by us, you can also request from us either of the following: (a) to obtain confirmation from us as to whether or not we hold such personal information; (b) access to the personal information; and (c) be advised if you are able to correct such personal information;

c) we will as soon as possible and in any event no later than 20 working days from the date on which the request is made, decide to grant or refuse the request and provide the person who made the request with or post to them, our decision. We may in our discretion charge a reasonable fee for making information available in compliance with the request or for correcting any information in compliance with a request (in whole or in part) or for attaching a statement of any correction sought but not made, subject to our compliance with applicable law;

d) if you submit a request to access your personal information to us, we may refuse the request on one or more of the grounds set out in the Privacy Act (New Zealand). If we refuse to comply with a request for you to access your personal information, we will provide you with our reasons for our denial and an opportunity to file a complaint with the Commissioner, to seek an investigation and a review of the refusal;

e) where we hold personal information governed by the Privacy Act (New Zealand) about you, you are entitled to request correction of the information and request that there be attached to the information a statement of the correction sought but not made.

 

10) Our Account Details

10.1 Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact our Privacy Officer using the following details:

Mike Muskens (General Manager)

feedback@imintheright.com.au

10.2 We will use our best endeavours to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis and resolving the complaint.

10.3 If you are located in Australia and the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the APPs, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:

Telephone: 1300 363 992

Email: enquiries@oaic.gov.au

Address: GPO Box 5218, Sydney NSW 2001

10.4 If you are located in New Zealand and you are not satisfied with our response to any privacy-related concern that you may have, you can contact the Privacy Commissioner:

Office of the Privacy Commissioner

PO Box 10-094, Wellington, New Zealand

Phone: 04 474 7590 / Fax: 04 474 7595

Enquiries Line (from Auckland): 302 8655 / Enquiries Line (from outside Auckland): 0800 803 909

Email: enquiries@privacy.org.nz

Please Find Link To Downloadable PDF Version IITR Privacy Policy