Welcome to the Virtual Yard Platform
V1.0 – 26 April 2021
This Privacy Policy describes how CFS Group Pty Ltd ABN 64 659 918 000 of 411/11 Solent Circuit, Norwest NSW 2153 Australia (we, us, our) manages personal information. It was last updated on 26 April 2021. We may amend this Privacy Policy from time to time.
We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (APP(s)). If we decide to change this Privacy Policy, we will post the updated version on this webpage. Our policy is to be open and transparent about our privacy practices. We encourage our customers to familiarise themselves with this Privacy Policy to understand how and when we collect, hold, use, transfer, sell, disclose and otherwise process personal information about them.
This Privacy Policy governs personal information that we collect during the course of operating our business and when we provide services through our platforms and our websites. We own and operate the following platforms to advertise our services and through which our customers may access our services as follows:
our motor vehicle dealer management software platform, Virtual Yard, located at https:// virtualyard.com/ that is accessible using a web browser and our smartphone or tablet application for motor vehicle dealers. Virtual Yard provides motor vehicle dealers with vehicle stock management functionality such as sales, lead management, vehicle history checks, social media posting, website development and hosting, photo editing, invoicing, vehicle leasing record-keeping, payment and advertisement functionality (Virtual Yard Platform);
all websites created by our customers using the Virtual Yard Platform (Subscriber Dealer Website(s));
our motor vehicle dealer relationship software, Dealer Central, located at https:// dealercentral.com.au that connects motor vehicle dealers with each other (Dealer Central);
our motor vehicle dealer data distribution service, Advertising Partnership, located at https:// virtualyard.com/australia/advertising-partners that enables motor vehicle dealers to access dealership data and vehicle management data (Advertising Partnership);
our Application Programming Interface (API), located at https://virtualyard.com/api/ that enables you or your authorised third parties to access dealership data and vehicle data;
our vehicle search engine, cars.auto, located at https://cars.auto/ that enables users to search for vehicles that are advertised for sale on Subscriber Dealer Websites and third party motor dealer websites (Cars.auto);
our vehicle classifieds site, carsforsale.com.au, located at https://carsforsale.com.au/ that enables users to search for vehicles that are advertised for sale on the carsforsale.com.au platform; and
any smartphone apps that we release for use in connection with all or any of the above software, platforms, websites, services, search engines, classified sites and APIs,
(each, a Platform and together, our Platforms).
We collect the following types of personal information:
Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances.
We collect personal information about our customers in one or more of the following ways:
when our customers enter personal information into our Platforms;
when our customers provide personal information to us by letter, telephone, email and/or SMS;
when we conduct public searches via Google, Facebook and other social networks to determine the identity of our customers; and/or
when it is voluntarily disclosed to us during our provision of technical support or to answer any enquiries and/or in correspondence (such as via telephone, surveys, e-mail and online forms or support tickets).
We use personal information in the following ways:
Category |
How we use and process that personal information |
Our reason for collecting the personal information |
Personal information about our customers
|
• As required to provide our Platform to our customers. | • Performance of our contracts with our customers. |
Personal information about third parties (such as buyers and sellers of each vehicle transaction) |
• To provide and support the functionality of our Platforms to our customers. | • Performance of our contracts with our customers. |
How Google uses data when you use our partners' sites or apps: https://policies.google.com/technologies/partner-sites
We may collect information using “cookies” and other similar technologies. Cookies are small packets of data that our Platforms stores on your computers’ or mobile devices’ hard drive (or other storage medium that you use to browse our Platforms so that your computer will “remember” information about your use. We use both 1st and 3rd-party session cookies and persistent cookies as follows:
Session Cookies: We use session cookies to make it easier for you to navigate our Platforms. A session ID cookie expires when you close our Platform.
Persistent Cookies: A persistent cookie remains on your device for an extended period of time or until you delete them. You can remove persistent cookies by following directions provided in your web browser’s “help” file. To the extent we provide a log-in portal or related feature on our Platforms, persistent cookies can be used to store your passwords so that you don’t have to enter it more than once. Persistent cookies also enable us to track and target the interests of our visitors to personalise the experience on our Platforms.
We utilise Google products and services which are subject to the Google Privacy Policy and Google Maps/Google Earth Additional Terms of Service
If you do not want us to place a cookie on your electronic device or computer, you may be able to turn that feature off on your electronic device or computer. Please consult your browser’s documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, certain aspects of our Platforms may not function properly or as intended.
We also collect information about our customers through their use of our Platforms, known as analytics data. Such analytics data includes IP information, information about devices accessing our Platforms, the amount of time our customers spend on our Platforms and in which parts of it, and the path navigated through it. However, all such information is de-identified data and is not collected in a form that could reasonably be expected to identify an individual.
In any event, we only use analytics data to help us review, enhance, market and/or improve our Platforms (for statistical, marketing or research purposes).
We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities, in particular personal information is stored at:
hosting facilities operated by reputable hosting providers;
company servers or those of our cloud-based email providers which have restricted access security protocols;
third party owned cloud-based customer relationship management and marketing providers; and
computers and other electronic devices at our offices and at the premises of our personnel.
We take reasonable steps to protect personal information that we hold using such technical and organisational security measures as are reasonable in the circumstances to take against loss, unauthorised access, modification and disclosure and other misuse. Such measures ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.
We implement the following technical and organisational security measures in our organisation:
we only use reputable hosting providers to host personal information;
passwords and access control procedures in our computer systems;
encryption for data transmitted via our Platforms both in transit and at rest;
disaster recovery procedures;
managing and logging security incidents;
electronic (e-security) measures for the purposes of securing personal information such as installing antivirus management and email phishing software on emails and applicable company computer software, devices and systems;
physical security measures in our buildings and offices such as door and window locks and visitor access management, cabinet locks, surveillance systems and alarms to ensure the security of information systems (electronic or otherwise).
We will transfer your personal information to our contractors and service providers who assist us with the supply and provision of our Platforms to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. We will transfer your personal information to our hosting provider in Sydney and our offshore contractors and service providers located outside of Australia. Our offshore contractors and service providers are currently located in United States of America.
We only disclose personal information that we collect to third parties as follows:
where we license or sell personal information to other individuals when they subscribe to our Advertising Partnership service in exchange for a fee;
to software developers, payment gateway providers and insurers who we need to contact in order to operate our Platforms and in accordance with our contractual rights;
to reputable hosting providers and backup hosting providers who host databases that we use to provide our Platforms;
our employees, officers, agents and/or suppliers. We ensure that all such personnel and suppliers that we engage are aware of their information security responsibilities and have entered into agreements requiring them to comply with privacy and confidentiality obligations that apply to personal information that we provide to them;
to marketing companies who carry out direct marketing phone calls and send emails on our behalf to generate business for us. All individuals will be given the opportunity to ‘opt out’ of any direct marketing calls or emails;
when providing information to our legal, accounting or financial advisors/representatives or insurers, or to our debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
where we undergo a merger, corporate restructure or acquisition;
where a person provides written consent to the disclosure of their personal information;
where it is brought to our attention that specific personal information needs to be disclosed to protect the safety or vital interests of any person;
if we are contacted by any person who represents to us that they are our customer, for security purposes, we will only discuss the personal information that we hold about them with them if they identify themselves accurately and truthfully;
to governmental authorities, bodies and/or regulators for the enforcement of a law imposing a pecuniary penalty and/or to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences;
to any court or tribunal for the conduct of proceedings (being proceedings that have been commenced or are reasonably in contemplation); and/or
where required by law.
We may send out tokenised emails and/or SMS links using our websites when you register an account with us and as a potential or actual customer of our Platforms and our websites, emails and/or SMS (whether delivered by us and/or our contractors) may also include other links to third party websites. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third party website operator complies with applicable data protection and privacy laws. You should consider the privacy policies of any relevant third party website prior to sending personal information to them. Our customers should contact us in the first instance, if they have any enquiries about any links on our Platforms.
You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on our website or integrated via notifications on our Platforms. These widgets and tools may collect your IP address and other personal information. Your interaction with such widgets and tools, and any single sign-on services is governed by the privacy policies of the relevant social media operators and single sign-on service providers – please read them so that you are aware of how they process your personal information.
If you do not provide us with your personal information, you can only have limited interaction with us. For example, you can browse our website without providing us with personal information, such as the pages that generally describe our Platforms that we make available, and our Contact Us pages. However, when you submit a form on our website or become a customer registered with an account on any of our Platforms, we need to collect personal information from you in order to identify who you are, so that we can provide you with our Platforms, and for the other purposes described in this Privacy Policy. It is not practical for us to provide you with access and/or use of our Platforms (or any part thereof) if you refuse to provide us with personal information.
We rely on our customers to ensure that all personal information collected from them and held by us is accurate, up to date, complete, relevant and not misleading. Customers who wish to access, update, modify and/or correct the personal information held by us about them should contact our Privacy Officer below.
We will handle all requests for access to personal information in accordance with our statutory obligations. We may require payment of a reasonable fee for a copy of your personal information by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request and we will endeavour to provide a response to any request for access within 72 hours from the time a request is made.
Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact our Privacy Officer using our contact details set out on the applicable Platform.
We will use our best endeavours to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis and resolving the complaint.
If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the APPs, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:
Telephone: 1300 363 992 Email: enquiries@oaic.gov.au