Alto Nissan Wollongong Privacy Policy

ALTO GROUP PRIVACY POLICY
Last updated: April 2026

1. Our Commitment to Privacy
The Alto Group ("we", "us", "our") is committed to protecting the privacy of personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy explains how we collect, use, disclose, store and protect personal information when you interact with us, including when you:
•    purchase or enquire about a vehicle or equipment;
•    apply for finance, leasing or insurance;
•    book vehicle or equipment servicing or repairs;
•    participate in a vehicle or equipment demonstration or test drive;
•    interact with us online or in person;
•    participate in promotions or events;
•    apply for employment.

2. What Is Personal Information?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in material form or not.
This may include:
•    name, address, phone number and email address;
•    driver licence details;
•    date of birth;
•    financial information;
•    vehicle and/or equipment purchase, ownership and servicing history.
Some personal information may be sensitive information and is subject to additional protection under the Privacy Act.

3. Anonymity and Pseudonymity
Where practicable, you may deal with us anonymously or using a pseudonym. However, we may require identification for certain activities where it is not practical or lawful to do so anonymously, including:
•    vehicle or equipment test drives;
•    finance, leasing or insurance applications;
•    vehicle registration or equipment compliance requirements;
•    warranty administration;
•    servicing and repair work.

4. Personal Information We Collect
We collect personal information that is reasonably necessary for our business activities, which may include:
•    identification and contact details;
•    driver licence and identity verification information;
•    finance and employment details (where relevant);
•    vehicle and equipment details, including trade-ins or hire arrangements;
•    service, warranty and repair information;
•    payment information;
•    online identifiers such as IP address and cookies.

5. How We Collect Personal Information
We collect personal information in a number of ways, including when you:
•    complete forms (paper or electronic);
•    contact us in person, by phone, email or online;
•    apply for finance, leasing, insurance or extended warranties;
•    book or attend vehicle or equipment servicing or repairs;
•    use our websites or digital platforms.

If we receive unsolicited personal information that we are not permitted to retain, we will destroy or de-identify it as required by law.

6. Why We Collect and Use Personal Information
We collect, use and hold personal information for purposes including:
•    selling and delivering vehicles and equipment;
•    facilitating and managing test drives or equipment demonstrations;
•    arranging finance, leasing and insurance;
•    servicing, repairing and warranting vehicles and equipment;
•    administering customer accounts and relationships;
•    responding to enquiries and complaints;
•    complying with legal and regulatory obligations;
•    internal business operations and staff management;
•    marketing our products and services (where permitted by law).

7. Test Drive Personal Information
When you request or participate in a vehicle test drive or equipment demonstration, we collect personal information for safety, insurance, fraud prevention and legal compliance purposes.

The personal information we may collect includes:
•    your full name;
•    contact details such as phone number and email address;
•    driver licence details, including licence number, licence class and expiry date, and where required, a copy or image of the licence;
•    test drive date and time;
•    details of the vehicle or equipment used.

We collect and use this information to:
•    verify that you are legally permitted to drive the vehicle or operate the equipment;
•    meet insurance, risk management and liability requirements;
•    protect our vehicles, equipment, staff and customers;
•    manage incidents, damage, infringements or insurance claims;
•    comply with legal and regulatory obligations.

Driver licence and identification information is:
•    accessible only by authorised staff;
•    stored securely in physical or electronic form;
•    retained only for as long as reasonably necessary for operational, legal or insurance purposes;
•    securely destroyed or de-identified when no longer required.

Providing personal information for a test drive is voluntary; however, we may be unable to offer a test drive or equipment demonstration if required information is not provided. We may disclose test drive-related personal information to our insurers or professional advisers in the event of an incident, damage, claim or legal requirement.

8. Disclosure of Personal Information
We may disclose personal information where reasonably necessary to:
•    finance, leasing and insurance providers;
•    vehicle and equipment manufacturers, suppliers and distributors;
•    service and repair contractors;
•    IT, data hosting and software providers;
•    marketing and communications service providers;
•    customer support and contact centre providers;
•    regulators, courts and government authorities as required by law.

Some customer service and administrative functions may be performed on our behalf by a wholly Australian‑owned service provider operating an offshore call centre. We take reasonable steps to ensure that any such provider handles personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

9. Overseas Disclosure
We may disclose personal information to overseas recipients in limited circumstances, including where customer support or administrative services are provided through an offshore call centre.

Specifically, some customer contact services are performed from Manila, Philippines by an Australian‑owned and Australian‑controlled company operating on our behalf.

Where personal information is accessed or handled overseas:
•    the service provider remains contractually bound by Australian privacy laws;
•    we require compliance with the Australian Privacy Principles or equivalent protections;
•    access is restricted to authorised personnel only; and
•    appropriate security and confidentiality safeguards are in place.

Where personal information is handled overseas, Alto Group remains responsible for compliance with the Australian Privacy Principles and takes reasonable steps to ensure that overseas handling does not breach those principles.

10. Automated Systems and Technology
Some administrative, marketing or communication processes may involve automated systems, such as customer relationship management platforms or digital marketing tools. We do not use automated decision-making to make significant decisions about individuals without human involvement.

11. Direct Marketing
We may use personal information to provide information about vehicles, equipment, services, events or promotions where permitted by law.
You may opt out of receiving marketing communications at any time by using an unsubscribe facility or by contacting us directly. We comply with APP 7 and the Spam Act 2003 (Cth).

12. Cookies and Online Analytics
Our websites may use cookies and similar technologies to ensure functionality, analyse usage and support marketing activities. You can manage cookies through your browser settings.

13. Security of Personal Information
We take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure. Safeguards include access controls, staff training, secure IT systems and secure storage and destruction practices.

14. Data Breaches
If a data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme.

15. Access and Correction
You may request access to, or correction of, personal information we hold about you by contacting us. We may require verification of identity before processing your request.

16. Complaints
If you have a concern about how we handle personal information, you may contact us using the details below. We will investigate and respond within a reasonable timeframe. If you are not satisfied, you may lodge a complaint with the Office of the Australian Information Commissioner.

17. Contact Us
Privacy Officer
Alto Group
Email: privacy@alto.com.au

18. Changes to This Policy
This Privacy Policy may be updated from time to time. The current version will be available on our website and at our premises. www.alto.com.au/privacypolicyaltogroup.pdf