Privacy Policy                                                                                                                                                                                                                                                                                            

1. Applicability

Dealer Secure Solutions Pty Ltd (DSS) offers a wide range of asset tracking solutions, developed specifically for use within Australia, New Zealand, South Africa, Taiwan and the United States of America. DSS is registered in and subject to the law of Victoria, Australia.

In the context of law, information privacy, personal information, personally identifiable information and information pertaining to a data subject, refer to information that identifies or has the potential to identify an individual.

DSS services are all about information this kind of information and about security. We at DSS understand that information privacy, cannot exist without information security, so We strive to protect Your physical assets and Your information. In doing so it is important that we point out that:

THE VERY NATURE OF TELEMATICS SERVICES MEANS THAT YOU HAVE NO EXPECTATION OF PRIVACY. THE PROVISION OF TELEMATICS SERVICES INVOLVES A LIMITATION ON WHAT YOU MAY REGARD AS A RIGHT TO PRIVACY, BUT WHICH YOU CONSENT TO WAIVE TO SOME DEGREE IN EXCHANGE FOR ANOTHER BENEFIT, SUCH AS, FOR EXAMPLE, PERSONAL SECURITY, ASSET PROTECTION, RISK MANAGEMENT AND ECOMONIC EFFICIENCIES.

IF YOU DO NOT CONSENT TO A LIMITATION ON WHAT YOU MAY REGARD AS A RIGHT TO PRIVACY AS DESCRIBED IN THIS POLICY AND THE RELATED TERMS OF OUR TELEMATICS SERVICES, YOU SHOULD CAREFULLY CONSIDER WHETHER TELEMATICS SERVICES ARE RIGHT FOR YOU. IF YOU DO NOT CONSENT OR IF YOU HAVE ANY QUESTIONS, YOU SHOULD NOT USE THE SERVICES OR, YOU SHOULD CONTACT US AT THE INFORMATION PROVIDED IN CLAUSE 10 BELOW SO THAT WE CAN ADDRESS ANY CONCERNS YOU MAY HAVE.

As asset tracking services are inseparable from information privacy, personal information, personally identifiable information and information pertaining to a data subject, and in order to provide high quality services and to earn the trust of customers, DSS (We, Our, Us) elect to comply with the Australian Privacy Act 1988 that regulates the handling of personal information in Australia. Our Privacy Policy (Policy) is published on Our website for the benefit of anyone interested.

2. Personal Information, Privacy and Employee Records

Our Privacy Policy concerns information or an opinion about an identified individual or an individual that is reasonably identifiable. We make no distinction between employee records and other sources of personal information. Nor do we discriminate between different forms of personal information (electronic records, paper records, voice files etc.), nor between whether the information or opinions are true or not.

All personal information that We collect, hold (where We have possession or control of a record), use and disclose (where the information is outside of Our possession or control) is treated with the same respect.

For the purpose of this Policy ‘privacy’ and ‘personal information’ have the same meaning, and this meaning concerns information privacy, personal information, personally identifiable information and information pertaining to a data subject, information about Your assets, Your asset recovery, Our telematics services.

3. Scope and Purpose of Collection

This scope of this Policy extends to all personal information that We collect, hold, use and disclose in the course of providing the DSS services and in complying with law and managing risk.

In providing the services Our business activities include our client relationships, internal operations (management, employees, temporary staff, contractors) and external operations (third parties such as business partners and service providers).

The scope of this Policy extends to our services, external client-facing activities such as Our online presence www.DSS-telematics.com.au; www.gridtraqcentral.com.au; www.gridtraq.com.au ; and https://default.gridtraqcentral.com/, and to the personal information that is collected through Our Website and the use of email for general communications and marketing purposes.

This Policy does not extend to third party websites or to social media accessed via links on Our Website or email communications. Use of third party links and social media will be governed by the privacy policies and terms of use of the applicable service providers.

4. About this Privacy Policy

This Policy is written in simple language so that it is easy to understand. If something is not clear, We invite individuals to contact Us so that We can provide assistance. Our contact details are provided in section 10 below. They will also be provided every time that We make contact with an individual.

This Policy outlines the current personal information handling practices of DSS. We will update this Policy when Our information handling practices change and We will publish updates on Our Website and through Our email lists.

Whilst We publish Our Privacy Policy on Our Website so that it is easily accessible, We also make

Copies available on request in paper format. In most circumstances We do not charge a fee for providing a copy of the Policy. If however a request is made for a copy in some other format (foreign language requirements or those linked to disabilities such as sight or hearing impairment), special arrangements may need to be made and a charge may apply.

5. Consent

In all cases where consent is required, whether it be express consent (verbal, in writing, click-wrap tick box) or implied consent (browse-wrap without a tick-box and other behaviour which indicates consent through continued use), it must be voluntary, current, specific and based upon adequate information about the circumstances and choices available to an individual. Naturally, the individual must have the capacity to understand, to give (for example be 18 years or older) and communicate consent. Individuals who are not sure about giving consent are encouraged to contact Us. See section 10 for contact details.

6. The Australian Privacy Principles Governing the Handling of Personal Information

DSS is committed to making every reasonable effort to manage personal information in an open and transparent way.

6.1 Open and Transparent Management of Personal Information

To support this commitment, We have implement practices, procedures and systems to align Our handling of personal information with principles that have been derived from Australian privacy law, international standards and best practice.

These practices, procedures and systems are intended to regulate Our internal and external business operations through the use of administrative, technical and physical controls. The legal notices published on Our Website are examples of Our administrative controls. Technical and physical controls are generally not made publically available for security reasons.

This Policy, together with Our Website Terms of Use and Email Legal notice, set out how We provide for open and transparent management of personal information, and give individuals the ability to make informed choices about the DSS services and communications with Us.

6.2 Anonymity and Pseudonymity

An individual can choose to remain anonymous (they cannot be identified and We do not collect personal information), or choose to use a pseudonym (they can use a name, term or description that is different from their own) when dealing with Us.

Circumstances where We give individuals the option to remain anonymous or to use a pseudonym include, for example, where individuals prefer not to be identified, to be left alone, to avoid direct marketing, to keep their whereabouts and choices from others, and to express views in the public arena without being identified.

Examples of circumstances were We Will need to know the identity of the person that We are dealing with relate to the provision of the DSS services, where identification is required or authorised by law, where a refund is requested, for dispute resolution, where access to information is requested for correction and where cost becomes excessive or impractical without knowing the identity of an individual.

6.3 Collection of Solicited Personal information

We are committed to collecting personal information by lawful and fair means and wherever possible only collecting it directly from the individual concerned.

We collect personal information from individuals where the information is reasonably necessary for one or more of the DSS services, functions, activities and legal obligations relating to the service We provide.

In providing the service to individuals and to organisations, it is generally not necessary to collect sensitive personal information, unless of course it is directly related to the provision of a service, such as health and safety related information.

For internal human resourcing, We do collect sensitive personal information, such as religious beliefs, trade union memberships and health information when it is required for employment reasons, or by law. We may solicit or request personal information from a third party such as en employment agency or referees in the context of employment.

In most instances where We collect personal information, We only do so after a direct request to do so, and with the consent of the individual to whom the information relates. In exceptional circumstance and for human resourcing, or when authorised or required by law, We may collect personal information from some source other than the individual themselves.

In circumstances where We provide the DSS service to an organisation, We may solicit personal information from the organisation about an individual, but We still require the consent of each individual before their personal information is shared with Us.

6.4 Dealing with Unsolicited Personal information

Personal information is sometimes provided to Us in circumstances where We have not requested it. In these circumstances, where the information is unsolicited, We will examine whether it could have been collected under the Policy outlined in section 6.3 above. We will then apply Our minds and decide whether this unsolicited information should be retained, de-identified or destroyed. Having made that decision, We will implement the decision within a reasonable time.

We do not actively seek to collect unsolicited information.

IF YOU SUBSCRIBE TO OUR TELEMATICS SERVICES, WE COLLECT INFORMATION ABOUT YOU AND YOUR ASSET, WHICH MAY BE A VEHICLE, IN SEVERAL DIFFERENT WAYS, FOR EXAMPLE, FROM:

− WHAT YOU, YOUR ASSET SUPPLIER, VEHICLE DEALER AND MANUFACTURERS PROVIDE TO US WHEN YOU MAKE A PURCHASE AND SUBSCRIBE TO OUR

TELEMATICS SERVICES;

− BANKS AND FINANCE COMPANIES WHEN YOU BUY OR LEASE YOUR ASSET;

− YOUR USE OF THE SERVICES;

− CALLS, TEXT MESSAGES AND EMAILS BETWEEN US;

− THE INFORMATION YOU PROVIDE WHEN YOU REGISTER A SUBSCRIBER ACCOUNT ON OUR DSS PORTAL AND SELECT NOTIFICATION PREFERENCES (ALERTS), AS

WELL AS INFORMATION ABOUT YOUR NEXT OF KIN OR PREFERRED CONTACT

PERSON. PLEASE MAKE SURE YOU HAVE CONSTEN TO SHARE THEIR PERSONAL INDORMATION WITH US.

− OUR UNDERLYING WIRELESS CARRIER; AND

− YOUR ASSET ITSELF WHEN YOUR SYSTEM IS ACTIVE.

BECAUSE YOUR SERVICES ARE PROVIDED THROUGH WIRELESS NETWORKS, WE CANNOT PROMISE THAT YOUR COMMUNICATIONS WILL NOT BE INTERCEPTED BY OTHERS. YOU AGREE WE WILL NOT BE LIABLE FOR ANY DAMAGES FOR ANY PERCEIVED LOSS OF PRIVACY OCCURRING IN COMMUNICATIONS OVER SUCH NETWORKS.

IF YOU DO NOT NOTIFY US OF THE SALE OR TRANSFER OF OWNERSHIP OF YOUR VEHICLE, WE MAY CONTINUE TO SEND REPORTS OR OTHER COMMUNICATIONS ABOUT YOUR VEHICLE SUBSCRIPTION ACCOUNT TO THE BILLING ADDRESS CURRENTLY ON FILE WITH US. IN SUCH A CASE WE ARE NOT RESPONSIBLE FOR ANY PRIVACY-RELATED DAMAGES YOU MAY

SUFFER.

− INFORMATION ABOUT YOU:

∙ INFORMATION WE MAY GET ABOUT YOU INCLUDES THINGS SUCH AS YOUR ADDRESS, YOUR PHONE NUMBER, YOUR EMAIL ADDRESS, LANGUAGE

PREFERENCE, AND WHETHER YOU ARE HEARING IMPAIRED.

− INFORMATION ABOUT YOUR ASSET, WHICH MAY BE A VEHICLE:

∙ INFORMATION WE MAY GET FROM YOUR VEHICLE INCLUDE THINGS SUCH AS:

O DATA ABOUT ITS OPERATION (SUCH AS DIAGNOSTIC TROUBLE CODES, OIL LIFE REMAINING AND ODOMETER READING);

O ABOUT YOUR USE OF THE SERVICES;

O ABOUT WHERE YOUR VEHICLE IS JUST BEFORE WHEN DURING REQUESTS FOR LOCATION INFORMATION OR SERVICES THAT INVOLVE A WIRELESS CONNECTION TO YOUR VEHICLE; AND

O DATA ABOUT ACCIDENTS INVOLVING YOUR VEHICLE (DEPENDING ON YOUR SYSTEM, FOR EXAMPLE, THE DIRECTION FROM WHICH YOUR VEHICLE WAS HIT AND WHICH AIRBAGS HAVE DEPLOYED).

6.5 Notification of the Collection of Personal Information

This Policy, other legal notices published on Our website and Our internal practices, procedures and systems (administrative controls) are Our way to ensure that individuals know about the personal information that DSS collects.

We are committed to making all reasonable efforts to inform individuals about the personal information We collect before We collect it, for example by making this Policy and Our other Legal Notices available. We will also inform individuals about collection at the time We collect personal information, for example

When individuals engage Us to provide the DSS services, through website activity (such as cookies and payment gateways) and other forms of communication such as email.

In exceptional circumstances where this does not happen, for example, when We receive unsolicited personal information from a third party which We decide to retain, We will inform individuals as soon as reasonably possible after the collection of personal information.

Through this Policy and other legal notices published on Our Website, We seek to ensure that individuals are informed about the reasons for the collection, and that they know how to contact the accountable office bearers at DSS. See section 10 below for details.

6.6 Use or Disclosure of Personal Information

Where We hold personal information about an individual that was collected for a particular purpose (the primary purpose) We will not use or disclose the information for another purpose (a secondary purpose) unless required or authorised by law, the individual has consented, or the individual would reasonable expect Us to use or disclose it for a related purpose. An example of a related purpose in these circumstances might be disclosure to a next-of-kin or health care provider in the case of an employee.

In some circumstances, for example, where We believe that the DSS service may be improved through new technologies such as data science, (analytics) or where We see a benefit to individuals,

We may use personal information that has been provided to Us by the individual themselves or received from third parties for a purpose that is different from the purpose for which it was given to Us in the first place. Where We do this, We will use and/or disclose the personal information in a de-identified format.

Broadly speaking We use (handle and manage) personal information internally for 2 reasons:

− To provide the DSS service to organisations and to individuals:

O Examples include: Name, address (physical, postal, email and Internet Protocol address), cookies, change management, assessments and reports [Add more]; and

− For internal human resourcing:

O Examples include: Name, address (physical, postal, email and Internet Protocol), address, health information, medical service provider and counselor details, next-of- kin, spouse or partner, banking details, tax, photo identity, trade union membership, religious beliefs, gender, cultural and ethnic identity, qualifications, training and the like.

We do not collect biometric forms personal information such a fingerprints.

We also use and retain personal information records which are required to be retained for legal, business and evidential reasons. Sometimes these come from external sources and third parties.

Broadly speaking We disclose personal information (release it outside of Our possession or control) for the same primary reasons listed above, providing the service, for human resourcing and where there is a legal obligation to do so.

IF YOU SUBSCRIBE TO OUR TELEMATICS SERVICES, WE SHARE AND MAY DISCLOSE INFORMATION ABOUT YOU AND YOUR ASSET, WHICH MAY BE A VEHICLE, IN SEVERAL DIFFERENT WAYS, AND YOU AGREE THAT WE, SUBJECT TO APPLICABLE LAW, CAN USE ANY OF THIS INFORMATION THAT WE COLLECT TO:

− PROVIDE SERVICES TO YOU OR YOUR ASSET, WHICH MAY BE A VEHICLE (INCLUDING BUT NOT LIMITED TO, SHARING THAT INFORMATION WITH ROADSIDE ASSISTANCE

PROVIDERS, EMERGENCY SERVICE PROVIDERS, OR OTHERS, AS NEEDED);

− COMMUNICATE WITH YOU ABOUT YOUR ACCOUNT;

− CHECK OR MAINTAIN YOUR SYSTEM;

− PROVIDE INFORMATION TO THE MAKER OF YOUR VEHICLE ABOUT THE VEHICLE'S PERFORMANCE, AGGREGATE PRODUCT USAGE, AND INFORMATION GENERALLY TO

ENABLE THE MAKER OF YOUR VEHICLE TO COMPLY WITH LAW;

− PROVIDE INFORMATION ABOUT YOU TO DEALERS AND DEALER ASSOCIATIONS FOR THEIR OWN USE;

− PROVIDE INFORMATION ABOUT YOU TO OUR BUSINESS PARTNERS (INCLUDING THIRD PARTY SERVICE PROVIDERS) TO FULFILL ANY REQUEST YOU MAY MAKE AND

TO IMPROVE OUR SERVICE TO YOU;

− HELP YOU TO MAINTAIN YOUR ASSET OR VEHICLE;

− EVALUATE AND IMPROVE OUR SERVICE;

− ENFORCE THIS AGREEMENT WITH YOU OR OTHERS;

− PREVENT FRAUD OR MISUSE OF SERVICE;

− COMPLY WITH LEGAL REQUIREMENTS, INCLUDING VALID COURT ORDERS;

− PROTECT THE RIGHTS, PROPERTY, OR SAFETY OF YOU AND OTHERS;

− OFFER YOU NEW ADDITIONAL PRODUCTS OR SERVICES;

− PERFORM MARKET RESEARCH; AND

− RESPOND TO LEGAL REQUESTS FROM LAW ENFORCEMENT AND FINANCE COMPANIES ABOUT THE LOCATION OF YOUR VEHICLE AS OTHERWISE PROVIDED IN

THIS AGREEMENT.

THIS LIST IS NOT MEANT TO BE EXHAUSTIVE.

YOU UNDERSTAND THAT FOR QUALITY ASSURANCE PURPOSES AND FOR MANAGING BUSINESS RISK, WE (AND OUR THIRD-PARTY SERVICE PROVIDERS) MAY MONITOR AND RECORD CONVERSATIONS BETWEEN OUR RESPECTIVE CONTROL CENTRES (INCLUDING THIRD PARTY SERVICE PROVIDERS) AND YOUR VEHICLE'S OCCUPANTS. WE (AND OUR THIRD PARTY SERVICE PROVIDERS) MAY ALSO MONITOR AND RECORD ANY CALLS COMING INTO OUR (AND OUR THIRD PARTY SERVICE PROVIDERS) CONTROL CENTRE FROM ANY SOURCE. THEREFORE, YOU AND YOUR VEHICLE'S OCCUPANTS AND ANYONE CONTACTING US ON YOUR BEHALF:

− CONSENT TO ALL SUCH MONITORING AND RECORDING; AND,

− RELEASE US, THIRD PARTY BENEFICIARIES AND THE UNDERLYING WIRELESS CARRIER(S) FROM CLAIMS, LIABILITIES AND LOSSES THAT MAY RESULT FROM

ANY SUCH MONITORED AND/OR RECORDED CONVERSATIONS.

− ACKNOWLEDGE AND AGREE THAT WHILE YOU HAVE CERTAIN RIGHTS UNDER VARIOUS WORKPLACE SURVEILLANCE LAWS IN AUSTRALIA, YOU ARE

CONSENTING TO SURVEILLANCE AND MONITORING.

6.7 Direct Marketing

When We provide a service to individuals and to organisations, We ask for consent to communicate directly with the individuals concerned in order to provide information and to promote Our service.

Whenever We do, We allow individuals to opt-out of receiving direct communications and direct marketing notifications. When individuals request Us to stop communicating with them, We will comply with that request.

If an individual requests information about how We came to have their personal information, We will respond, and provide the source of an individual’s personal information wherever possible. We will respond to these requests within a reasonable time (thirty (30) business days).

We do not disclose, sell or share personal information to third parties for direct marketing purposes.

6.8 Cross-border Disclosure of Personal Information

DSS operates from offices in Australia. These operations include all aspects of internal operations that support the service that We provide as well as the provision of ‘live’ services (where personal information travels over telecommunications lines) and the storage of static personal information in data warehouses and on information systems.

Subscribers to the Dealer Secure Solutions Services are located in Australia, New Zealand, South Africa, Taiwan and the United States of America, but may also be located in or travelling through other countries, with the result that personal information may flow through these and other jurisdictions..

DSS relies on various third party service providers such as telecommunications providers, and Internet Service Providers. These are primarily based in Australia, but may also be located in other countries.

Because information systems enable Our service, personal information may be located or disclosed in transit and in a static format in countries outside Australia. Whilst We do not currently employ ‘Cloud’ technology services, individuals are nevertheless cautioned to consider how their personal information moves and is stored on global information systems and to make appropriate choices.

6.9 Adoption, Use or Disclosure of Government Identifiers

We do not adopt, use or disclose government identifiers of an individual as Our own identifiers.

We do use and disclose government identifiers such as Australian Tax File Numbers, for example, for human resource purposes and where required or authorised by law.

6.10 Quality of Personal Information

We are committed to taking such steps as are reasonable in the circumstances to ensure that the personal information We collect, hold, use and disclose is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant.

To do this, We ask individuals to assistance Us. We provide various technical means, including email notifications and user registration access where individuals can access, verify and update personal information records that We hold. We ask

individuals to participate by ensuring their information is accurate, up-to-date, complete and relevant. . Individuals are also encouraged to use the access and correction facilities that We provide. See sections 6.12 and 6.13.

6.11 Security of Personal Information

We are committed to taking reasonable steps to protect personal information that We hold from misuse, (wrong or improper use) interference (access even where the content is not necessarily modified) and loss (accidental, inadvertent, misplaced personal information).

We are also committed to securing personal information from unauthorised access (by someone that is not permitted access the information), modification (alteration by someone that is not permitted to do so, or who acts beyond the scope of their authority to modify personal information) and unauthorised disclosure (where personal information is released from Our effective control without authority).

To comply with law and manage risk, Our practices, procedures and systems aim to protect the confidentiality, integrity and availability of Our information systems and information, especially the personal information, that We collect, hold, use and disclose.

Where there is no legal obligation to retain records and evidence, and in circumstances where We no longer need personal information to provide the DSS services or for any purpose for which the information may be used or disclosed under Australian law, We take reasonable steps to destroy the information or to ensure that the information is de-identified.

Our information security and privacy practices include circumstances where Our data handling practices are outsourced to third parties. Because of this We endeavour wherever possible to bind third party service providers through appropriate legal agreements. We also endeavour to monitor their privacy and security practices where possible.

Whilst there is no current obligation upon DSS to notify individuals or regulators of a breach of personal information, Our policy, in the event of a breach is to inform affected parties in order for them to better protect themselves from possible damage, for example, by changing passwords.

6.12 Access to Personal Information

Where We hold, or have the right and power to deal with personal information (for example, where it is stored by one of Our third party service providers), We will, on request by an individual, normally give that individual access to their information.

We do this so that individuals know what information We hold on them and because it assists Us to ensure that the personal information that We hold is up-to-date, complete and relevant.

In considering a request for access to personal information by an individual, We will require identification. We reserve the right not necessarily to give access to an individual to their personal information in circumstances, for example, where provided for in law, in instances of commercial sensitivity and where a third party may be negatively affected.

We will respond to an individual’s request for access to their information within a reasonable time (thirty (30) business days), and We will consider reasonable requests for access to be given in a particular format, for example, through user registration login, by facsimile, email and postal services. As a matter of courteousy, We will provide reasons for the refusal if access is refused.

No charge will apply when an access to information request is received. We do however reserve Our rights to charge a fee where We incur costs, for example, for photocopying, postage and costs associated with using an intermediary if one is required.

6.13 Correction of Personal Information

Where We hold personal information, We will take reasonable steps to correct it to ensure that, having regard to the purpose for which We hold it, it is accurate, up-to-date, complete, relevant and not misleading.

An individual may request that We correct personal information that We hold about them in circumstance where they believe that the information is inaccurate, out of date, incomplete, irrelevant or misleading.

In considering a request for the correction of personal information that We hold, We will require identification of the requesting individual. We reserve the right not necessarily to effect the changes sought, but undertake to consider reasonable requests and to associate a statement to the record reflecting Our refusal to correct the failed request for correction if We consider refusal the appropriate action.

We will respond to a request to change information within a reasonable time (sixty (60) business days) although changes sought may take longer, for example, because We may need to contact and notify other organisations and individuals about the request.

No charge applies for making a request, correcting personal information or associating a statement for refusal to change a record.

As a matter of courteousy, We will provide reasons for the refusal if correction is refused, and also a reminder of the complaint process available to individuals that feel aggrieved by the refusal.

7. Complaints, Enquiries and Access to Information Requests

In most circumstances, the Australian Information Commissioner will not investigate a complaint if an individual has not first raised the matter with Us. For this reason, We ask individuals to agree to submit all complaints relating to this Policy to Us first, so that We have an opportunity to resolve complaints

Before they proceed to any relevant authority. Individuals are asked to direct all complaints and enquiries to Us at info@protect-plus.co and to see sections 8 and 10 below for further details.

8. How to make a Complaint, Enquiries and Access to Information Requests

Individuals can make general enquiries, request access to their information and complain to Us in writing. This includes email communications.

We will respond to complaints within a reasonable time (thirty (30) business days). As in the case of requests to change information, a longer response time may be needed, for example, because We may need to contact and notify other organisations and individuals affected by the complaint. In this case We will endeavor to respond within sixty (60) business days.

9. Skill, Diligence, Care

DSS will exercise reasonable skill, diligence and care as may reasonably be expected from a similar service provider.

10. How to Contact us