Penske treats the handling of your personal information seriously. To that end, Penske has systems and procedures in place to protect your privacy in relation to the handling of your personal information. Penske’s objective is to handle personal information responsibly and provide you with some control over the way your personal information is handled.
Penske abides by applicable privacy principles, including those under the Privacy Act 1988 (Cth). Those principles relate to the collection, disclosure, use, and storage of personal information. Certain exemptions apply under these laws including, in Australia, in relation to employee records. Penske may rely on those exemptions despite this Policy. Further information about the privacy laws mentioned is available from the relevant Australian privacy regulator, whose details are set out in section 8 of this Policy.
2. Collection of Personal Information
- Personal information is information or opinion from which an individual’s identity may be reasonably ascertained. The nature of personal information collected by Penske generally includes an individual’s name and contact details (including address, phone, fax and e-mail).
- Penske also collects other types of personal information from time to time (e.g. credit information and driver’s licence details). Penske will take reasonable steps to notify you the purpose for which the personal information is being collected.
- You may deal with Penske using a pseudonym if it is practical and lawful for you to do so in the circumstances. However, in doing so, this may limit the manner in which Penske is able to assist or respond to you.
- Penske requires all potentially successful job applicants to undergo a pre-employment medical examination and drug and alcohol screening prior to employment with Penske. Penske requires all personnel to undergo drug and alcohol screening during the course of their employment with Penske. Penske may require personnel and contractors to undergo a medical examination in relation to a Penske related workplace injury.
- Penske does not collect personal information unless it is necessary for Penske to perform one or more of its functions and activities. On occasion, some of this personal information may be sensitive and Penske will only collect it with your consent or when required or authorised by law.
- Penske will take reasonable steps to de-identify or destroy personal information when it is no longer required for such functions and activities.
- Penske will generally collect personal information from you directly where reasonable and practical to do so. For example, Penske may collect personal information via telephone or letter, or when you provide a resume or enter into an agreement.
- There may be other occasions when Penske sources personal information from another Penske company or an external third party, including public sources and the parties described below under ‘Use and disclosure of Personal Information’. For example, Penske may collect personal information from credit agencies when establishing a credit account.
- For security, training, dispute resolution and quality purposes Penske may monitor and record your communications with Penske (including email and telephone) and operate video surveillance devices in Penske’s premises.
3. Use and disclosure of Personal Information
- Personal information provided to Penske may be shared with related companies associated with Penske.
- Penske may use and disclose your personal information for the purpose for which the personal information was initially collected.
- Penske may also use and disclose that personal information for a purpose related to the initial purpose of collection if that other purpose would be within your reasonable expectations.
- Penske uses and discloses personal information for a range of purposes including internal auditing and administration, staff management, payroll, superannuation, health and safety, security, insurance (including worker’s compensation), providing and improving our products and services, verifying identity, conducting market and workplace research, product warranties, marketing, managing complaints and claims, managing and investigating misconduct, conducting credit checks, conducting security clearances, protecting our lawful interests and the rights of third parties, adding your name to a contact list or helping us to identify business activities which may be of benefit or interest to you.
- Penske may also use or disclose your personal information with your express or implied consent or where the use or disclosure is:
- required in order to investigate an unlawful activity;
- required by an enforcement body for investigative activities;
- necessary to prevent a serious and imminent threat to a person’s life, health or safety, or to public health or safety; or
- otherwise required or authorised by law.
- Penske may not be able to provide its services and perform its functions without your personal information. For example, Penske may not be able to contact you or verify your creditworthiness. As with most other businesses, Penske uses third party suppliers who are contracted to provide a range of services including repairs and maintenance, insurance brokering, telecommunications, equipment supply, facilities maintenance, engineering, security, marketing and research, data processing, data analysis, information broking, credit reporting, online computing, printing, contact centre, legal, accounting, business consulting, auditing, archival, delivery, mailing, surveillance, investigation, payroll, superannuation, training, employee share scheme, staff benefits, travel and hospitality services. While personal information may be provided to these suppliers in order to enable them to perform the agreed tasks, Penske will make every effort to ensure that the suppliers handle the personal information in accordance with appropriate privacy and confidentiality principles. Penske may require such to provide privacy undertakings and enter confidentiality agreements.
- Penske may disclose the personal information of its personnel to Penske’s customers or prospective customers where appropriate; for example to facilitate the provision of our goods or meet our customers’ regulatory or security obligations.
- Penske aims to co-operate with government agencies and may disclose personal information where appropriate or in response to reasonable requests from such agencies including workers compensation insurer.
- Some of the third parties to whom Penske may disclose personal information (including our suppliers, related companies and governmental agencies) may be located in other countries overseas, including without limitation, the United States of America. In these circumstances, Penske will either obtain your express or implied consent, use reasonable endeavours to ensure that your personal information will receive protection similar to that which it would have if the information were in Australia or otherwise comply with relevant laws restricting cross-border disclosure of personal information.
4. Personal Information quality
Penske’s objective is to ensure that all personal information collected by Penske is accurate, complete, and up-to-date. To assist Penske in achieving its objective, please contact the Privacy Officer (details below) if any of your details change. Further, if you believe that the information Penske holds is not accurate, complete, or up-to-date, please contact the Privacy Officer in order to have the information corrected.
5. Personal Information security
- Penske is committed to keeping your personal information secure, and we will take reasonable precautions to protect your personal information from loss, misuse and interference, and from unauthorised access, disclosure and alteration.
- Your personal information may be stored in hard copy documents or electronically on our software or systems.
- Penske maintains physical security over its paper and electronic data stores, such as locks and security systems. Penske also maintains computer and network security using passwords to control and restrict access to authorised staff for approved purposes.
6. Access to and correction of Personal Information
- You may request access to the personal information Penske holds about you. You may request correction of personal information Penske holds about you.
- The procedure for gaining access or seeking correction is as follows:
- All requests for access to, or correction of, your personal information should be addressed to the Privacy Officer;
- In relation to access requests, you should provide as much detail as possible regarding the business entity, department or person to whom you believe your personal information has been provided, and when, and about the specific information you seek, as this will allow us to process your request faster;
- In relation to correction requests, you should provide as much detail as possible regarding the business entity, department or person to whom the information was provided, and when, and about the correction you seek, as this will allow us to process your request faster;
- Penske will acknowledge your request within 14 days. Access will usually be granted within 14 days after acknowledging your request, or if it is more complicated, 21 days. Correction requests will be assessed within 14 after acknowledging your request but if the matter is complicated, 21 days. Penske will inform you if this timeframe is not achievable;
- You will be asked to verify your identity;
- A fee may apply to such access (not correction) in the event that a request for access is onerous or time consuming. Such a fee will cover staff costs involved in locating and collating information, and reproduction costs, and will not exceed legal maximums (if any);
- In relation to access requests, depending on the circumstances, you may be forwarded the information by mail or email, or you may be given the opportunity to personally inspect your records at the appropriate place; and
- In relation to correction requests, where Penske refuses to correct your personal information, Penske will provide you with reasons in writing and you may make a complaint in accordance with the procedure in section 8.
- In some circumstances, we may not be in a position to provide access. Such circumstances include where:
- Access would create a serious threat to safety;
- Providing access will have an unreasonable impact upon the privacy of other individuals;
- Denying access is required or authorised by law;
- The request is frivolous;
- Legal proceedings are underway or are anticipated and the information would not be available through the process of discovery in relation to those proceedings;
- Negotiations may be prejudiced by such access; or
- Access would reveal a commercially sensitive decision making process.
- If Penske denies access to your personal information, we will provide you with reasons in writing.
7. Changes to this Policy
Penske may change this Policy from time to time for any reason and will update the Policy accordingly.
If you believe that your privacy has been infringed then you are entitled to complain. All complaints should initially be in writing and directed to the Privacy Officer. Penske will respond to your complaint as soon as possible, within 14 days, to let you know who is responsible for managing your query. We will try to resolve the complaint within 30 days of receiving your query. When this is not possible we will contact you to provide an estimate of how long it will take to handle the complaint.
If you believe Penske has not adequately dealt with your complaint, you may complain to the Privacy Commissioner whose contact details are as follows:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
+ 61 2 9284 9749
9. Privacy Officer’s contact details
Please address all written correspondence to:
“Private and Confidential”
Penske Commercial Leasing Australia
72 Formation Street
Wacol, QLD 4076
This Policy was reviewed on 17 July 2014
Copyright © Penske Truck Leasing Co., L.P., 2014. All Rights reserved.