1) About Crash Not At Fault
1.1 This Privacy Policy describes how Crash Not At Fault trading as Crash Not At Fault ABN XX XXX XXX XXX of 61 Middle Row, Salisbury SA 5108, Australia (CNAF, we, us, our) manages personal information. It was last updated on 16 November 2024. We may amend this Privacy Policy from time to time.
1.2 We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including, where applicable, the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (APP(s)) including the Information Privacy Principles (IPP(s). If we decide to change this Privacy Policy, we will post the updated version on this webpage. Our policy is to be open and transparent about our privacy practices. We encourage our customers and other persons that we collect personal information about to familiarise themselves with this Privacy Policy to understand how and when we collect, hold, use, sell, transfer, disclose and otherwise process personal information about them.
1.3 We own and operate a website known as “Crash Not At Fault” located at https://crashnotatfault.com.au/ that we use to advertise our services and through which people involved in motor vehicle accidents may apply to become CNAF customers (the CNAF Platform).
1.4 We help individuals who have been involved in motor vehicle accidents (who are not at fault), who become our customers, by providing them with the following services:
a) Hiring replacement motor vehicles owned, maintained and operated by CNAF or third party car rental or fleet companies to customers;
b) Cost recovery services to assist our customers to recover hire costs and other losses from the party at fault or their insurer; and
c) Accident management services including:
-
-
- Towing services for the supply of tow truck drivers to our customers;
- Transport services by arranging transport for customers from the accident scene;
- Claim support services by providing advice and assistance to customers with the insurance claim process, including help with total loss claims;
- Repair management services by helping customers choose a suitable repairer and managing the repair of their vehicles;
- Referring customers to lawyers who may be able to assist with personal injury claims, (together, our Services)
-
1.5 If you are an individual applying to become an CNAF customer, you will be directed to our Privacy Consent Form. The Privacy Consent Form includes a brief summary of our privacy practices and other information set out in this Privacy Policy. You must consent to our collection, use, processing and/or disclosure of your personal information to access and/or use our Services. The Privacy Consent Form notifies our customers of (among other things) the circumstances under which we collect their personal information, the purpose for the collection and the likelihood that we will disclose their personal information to overseas recipients.
2) Our Collection and Use of Personal Information
In addition to collecting information about motor vehicle accidents from our customers, at-fault parties, witnesses and others, we collect and use personal information as set out in the following table:
| Category of individuals | Type of personal information collected | How we collect personal information | Why it is necessary to collect the information and how we use the information |
| Customers | First name Last name Address (business and/or personal) Date of birth Drivers Licence (including photo, age, date of birth, gender) Signature | When you provide it to us by email, telephone, letter, or by entering it into the CNAF Platform; · When our referral partner refers you to us as requested by you; · When your insurers or other individual provide it to us; · By conducting online searches such as Google or social media; · For analytics and technical information, by use of CNAF Platform; · From third party service providers; · For locational information, by using the replacement vehicle fitted with a telemetry device | For identification and authentication of customers in provision of or in relation to our Services |
| Contact information: · Email address (business and/or personal) · Phone number (business and/or personal) | To communicate with customers | ||
| Financial information: Credit card details | To charge customers for any toll fees or damages incurred by CNAF in relation to the replacement vehicle provided to the customer. Credit card details are not stored by us and are held by our payment gateway provider, Stripe. CNAF validates a customer’s credit card by charging and reversing out an amount of $1.00 | ||
| Location data: CNAF vehicles are fitted with telematics device to track vehicle location while the vehicle is provided on hire to the customer | To mitigate damage to, loss, or theft or otherwise misuse of the replacement vehicle. | ||
| At-fault party | First name Last name Contact email address (business and/or personal) Contact phone number (business and/or personal) Address (business and/or personal) Drivers Licence (including photo, age, date of birth, gender) Vehicle registration number | · When a third party such as a customer, insurer or other individual or entity provides it to us; · By conducting online searches such as Google or social media; · From third party service providers; · When you provide it to us by email, telephone, or any other means; | To contact the at-fault party; correctly identify and verify the identity of the at-fault party; verify an accurate account of events in relation to the motor vehicle accident; process insurance claims in relation to the motor vehicle accident; and recover CNAF’s costs arising from our provision of our Services to the customer in relation to the motor vehicle accident |
| Witnesses | First name Last name Contact email address (business and/or personal) Contact phone number (business and/or personal) | · When a third party such as a customer, or other individual or entity provides it to us; · When you provide it to us by email, telephone, or any other means; | To contact the witness to verify their account of the events in relation to the motor vehicle accident the subject of a customer agreement |
| Other drivers | First name Last name Contact email address Contact phone number Home address Drivers Licence (including photo, age, date of birth, gender) Signature | · When a third party such as a customer, or other individual or entity provides it to us; · When you provide it to us by email, telephone, or any other means; | To identify individuals who will also be using the replacement vehicle provided by CNAF or on our behalf to ensure insurance coverage, and to ensure any fines or other infringements incurred by the other driver while the replacement vehicle is provided to the customer will be allocated correctly. |
| Partners, subcontractors, service providers etc | First name Last name Contact email address Contact phone number | · When a third party such as a customer, or other individual or entity provides it to us; · When you provide it to us by email, telephone, or any other means; | To communicate with CNAF’s partners, subcontractors, service providers etc, in relation to the provision of our Services. |
| Service providers of customer or at-fault party (e.g. panel beaters, mechanics, insurers) | First name Last name Contact email address Contact phone number | · When a third party such as a customer, or other individual or entity provides it to us; · When you provide it to us by email, telephone, or any other means; | To communicate with customer’s and at-fault party’s insurance companies in relation to the provision of our Services. |
| CNAF Platform users | IP Address Network information User access logs DNS location Log in details Statistical data Device information Cookies | · When you enter personal information into the CNAF Platform; · By use of the CNAF Platform | In de-identified form to operate, maintain, market, improve and ensure the security of the CNAF website. |
3) How we hold and secure personal information
3.1 We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities, in particular personal information is stored at:
a) hosting facilities operated by Amazon Web Services;
b) company servers or those of our cloud-based email providers which have restricted access security protocols;
c) third party owned cloud-based customer relationship management and marketing providers; and
d) computers and other electronic devices at our offices and at the premises of our personnel.
3.2 We take reasonable steps to protect personal information that we hold using such technical and organisational security measures as are reasonable in the circumstances to take against loss, unauthorised access, modification and disclosure and other misuse. Such measures ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.
3.3 We implement the following technical and organisational security measures in our organisation:
a) use of reputable hosting provider, Amazon Web Services (PCI compliant Level II in the Sydney Data Centre) to host personal information;
b) 2-factor authentication capability for each user to access our system with minimum password length rules;
c) passwords and access control procedures in our computer systems and ensuring that our personnel have access controls and that system access is aligned to the duties and responsibilities assigned to each role within CNAF;
d) third party COMODO 256 bit encryption for data transmitted via the CNAF Platform both in transit and at rest;
e) disaster recovery procedures including a fallback data centre in Singapore;
f) blocking high level domain IP inbound access from our systems;
g) ensuring that our systems are periodically patched;
h) managing and logging security incidents;
i) electronic (e-security) measures for the purposes of securing personal information such as installing antivirus management and email phishing software on emails and applicable company computer software, devices and systems;
j) installing secure routers and firewalls to protect company devices and systems from any inbound attacks or viruses;
k) physical security measures in our buildings and offices such as door and window locks and visitor access management, cabinet locks, surveillance systems and alarms to ensure the security of information systems (electronic or otherwise);
l) all of our employees, agents and contractors to comply with privacy and confidentiality provisions in their employment contracts and contractor agreements that we enter into with them;
m) having a data breach response plan and ensuring that we have data breach response procedures, data backup, archiving and disaster recovery processes in place;
n) automated batch migration processes to silo personal information that is no longer needed to be kept on the CNAF system;
o) with respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is securely destroyed;
p) mandatory changes to customers’ passwords to access the CNAF Platform every 90 days, and retaining a history of the customers’ last 5 passwords so a customer cannot use the same password; and
q) multilayered application-driven encryption at targeted field and file level within the AWS database and file system.
4) Sale of personal information
4.1 We may sell personal information about any person that we collect at any time, provided that we will only do this where we have the consent of the relevant person or in the circumstances set out in clause 2.
4.2 We may sell our business or its assets or be acquired, merge with another entity, acquire another entity or undergo a reorganisation of our corporate group. We may share your personal information with any such buyer, acquirer or other entity as part of such transactions or in the context of any possible sale, restructure, acquisition or merger.
5) Who we disclose personal information to
5.1 We may disclose personal information that we collect to third parties as follows:
a) to software developers, payment gateway providers, infrastructure support providers, insurers, finance brokers, dealerships, motor vehicle assessors, panel beaters, mechanics, repairers, salvage yards and auctioneers, law firms, third party drivers, owners, witnesses and other parties involved in motor vehicle accidents, motor vehicle fleet companies and cross hire partner companies who we contact in order to provide, or in relation to the provision of, our Services, in relation to law enforcement related activities, or in accordance with our contractual rights;
b) to reputable hosting providers and backup hosting providers who host databases that we use to provide our Services;
c) our employees, officers, agents and/or suppliers. We ensure that all such personnel and suppliers that we engage are aware of their information security responsibilities and have entered into agreements requiring them to comply with privacy and confidentiality obligations that apply to personal information that we provide to them;
d) to lead generation companies or marketing companies who carry out direct marketing phone calls and send emails on our behalf to generate business for us. All individuals will be given the opportunity to ‘opt out’ of any direct marketing calls or emails;
e) when providing information to our legal, accounting or financial advisors/representatives or insurers, or to our debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
f) where we license or sell personal information to any third parties;
g) where CNAF undergoes a merger, corporate restructure or acquisition;
h) where a person provides written consent to the disclosure of their personal information;
i) where it is brought to our attention that specific personal information needs to be disclosed to protect the safety or vital interests of any person;
j) to governmental authorities, bodies and/or regulators for the enforcement of a law imposing a pecuniary penalty and/or to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences;
k) to any court or tribunal for the conduct of proceedings (being proceedings that have been commenced or are reasonably in contemplation); and/or
l) where otherwise required by law.
6) Offshore Disclosure
6.1 We may transfer your personal information to our contractors and service providers who assist us with the supply and provision of the CNAF Platform to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance.
6.2 We will transfer your personal information to our hosting provider in Sydney and our offshore contractors and service providers located outside of Australia. Our offshore contractors and service providers are currently located in the United Kingdom and the Philippines.
7) Third Party Websites
7.1 CNAF may send out tokenised emails and/or SMS links using the CNAF Platform that directs our customers to a customer application form. The CNAF Platform, emails and/or SMS (whether delivered by us and/or our contractors) may also include other links to third party websites. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third party website operator complies with applicable data protection and privacy laws. You should consider the privacy policies of any relevant third party website prior to sending personal information to them. Our customers should contact us in the first instance, if they have any enquiries about any links on the CNAF Platform.
7.2 You may interact with social media platforms via social media widgets and tools such as the Facebook Like button and the Facebook pixel that may be installed on our website or integrated via notifications on the CNAF Platform. These widgets and tools may collect your IP address and other personal information. Your interaction with such widgets and tools, and any single sign-on services is governed by the privacy policies of the relevant social media operators and single sign-on service providers – please read them so that you are aware of how they process your personal information.
8) Interacting with us without disclosing personal information
8.1 If you do not provide us with your personal information, you can only have limited interaction with us. For example, you can browse our website without providing us with personal information, such as the pages that generally describe our Services, and our Contact Us page. However, when you submit a form on our website or become a customer, we need to collect personal information from you in order to identify who you are, so that we can provide you with our Services, and for the other purposes described in this Privacy Policy. It is not practical for us to provide you with access and/or use of our Services if you refuse to provide us with personal information.
9) How to access and correct personal information held by us
9.1 If we are contacted by any person who represents to us that they are our customer, for security purposes, we will only discuss the personal information that we hold about them with them if they identify themselves accurately and truthfully.
9.2 We rely on our customers to ensure that all personal information collected from them and held by us is accurate, up to date, complete, relevant and not misleading. Any person who wishes to access, update, modify and/or correct the personal information held by us about them should contact our Privacy Officer below.
9.3 Once an account is deleted, we may still be required to retain the data in accordance with our data retention obligations. In general, we retain personal information for a period of 7 years. We only use production data for the sole purpose of improving our Services. It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the data in order to comply with our legal obligations, where that information is necessary for CNAF’s operations, or to retain the data to protect your or any other person’s vital interests).
9.4 We will handle all requests for access to personal information in accordance with our statutory obligations. We may require payment of a reasonable fee for a copy of your personal information by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request and we will endeavour to provide a response to any request for access within 72 hours from the time a request is made.
10) Our Account Details
10.1 Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact our Privacy Officer using the following details:
claim@crashnotatfault.com.au
10.2 We will use our best endeavours to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis and resolving the complaint.
10.3 If you are located in Australia and the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the APPs, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Address: GPO Box 5218, Sydney NSW 2001