As defined within the Act, personal information relates to information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether:
- The information or opinion is true or not; and
- The information or opinion is recorded in a material form or not.
Types of Personal Information Collected
Busabout collects personal information when required to assist with operational activities, employment, vehicle hire, customer feedback, and to ensure public health and safety. Types of personal information collected includes, but is not limited to:
- Address and contact details
- Date of birth
- Bank account, credit card, or other payment details (if applicable)
- Billing details
- Driver’s licence
- Other licences or qualifications
- Vehicle registration details (if applicable)
- Employment and income details
- Details of an individual’s communications with Busabout, including records of phone, email, and online conversations
- Photographs or Closed-Circuit Television (CCTV) footage taken whilst on Busabout premises, or whilst on a Busabout vehicle
How Personal Information is Collected
Personal information is typically obtained:
- Directly from the individual (via phone, email, letter, online, fax, or in person)
- Via our website when contacting Busabout online, including through social media and online review systems
- Through customer surveys
- Via completion of employment application forms
- By way of information collected through a related entity of Busabout.
How Personal Information is Used
Busabout uses personal information collected to:
- Investigate, verify and manage incidents and accidents
- Investigate, verify, respond to and resolve customer feedback
- Assess employment applications for suitability
- Communicate with parties impacted by our services
- Promote opportunities available
- Facilitate payment for services received
- Facilitate payment for services provided
- Provide further information, where requested
- Assess staff performance and rectify issues raised
- Assist law enforcement and regulatory authorities with investigations of incidents or accidents
How Personal Information is Managed
Busabout may disclose any personal information obtained to relevant third-party companies, such as Transport for NSW, insurance companies, and/or other Busabout entities. We may also provide this information to contracted service and content providers, such as website hosting companies, providers of data cloud services, and/or software hosting companies that are engaged by us in relation to our services.
Busabout stores personal information both manually and electronically across Busabout Group entities. Sensitive or confidential information, including CCTV footage, is restricted to be accessed only by those required to use, investigate, or action the information. Controls and procedures are in place to ensure this information remains restricted. Information security is important, and Busabout staff take all reasonable steps to protect it from misuse, loss, unauthorised access, modification or disclosure. Some methods of this include:
- Confidentiality requirements for our employees
- Document storage security policies
- Security measures for systems access
- Providing a discreet environment for confidential discussions
- Restricting access to personal information
- Access controls and surveillance for our buildings and premises.
Once the personal information collected is no longer required by Busabout or any of its entities, every effort is made to ensure this information is destroyed appropriately. Government agencies, such as the Australian Securities and Investment Commission (ASIC), require company records to be kept for a period of seven (7) years. As such, Busabout records (excluding CCTV footage) will be kept for a minimum of seven (7) years.
Recorded CCTV footage is kept for a minimum of thirty (30) days and is maintained by the Operations department. After this timeframe, the recordings may be erased or securely destroyed, unless they have been identified as evidence relating to a misconduct proceeding, insurance matter, legal action, or any other authorised purpose outlined in the Workplace Surveillance Act 2005, or Passenger Transport (General) Regulation 2017.
Busabout takes care to ensure that the personal information provided through our websites are protected. Our websites have electronic security systems in place, including the use of firewalls, data encryption user identifiers, passwords, and other access codes to control access to personal information.
External websites are accessible through links on our websites. These external websites are not subject to our privacy standards, policies and procedures, and must be contacted directly to ascertain their own privacy standards, policies and procedures.
Gaining Access to and Updating Personal Information
Any individual that has provided personal information to a Busabout Group entity is able to update their personal details. They are also able to gain access to this information, except in situations where:
- Access would pose a serious threat to the life or health of any individual.
- Access would have an unreasonable impact on the privacy of others.
- It is a frivolous or vexatious request.
- The information relates to a commercially sensitive decision-making process.
- Access would be unlawful.
- Access would prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security function, or negotiations with the individual.
- It relates to a legal dispute or resolution proceedings.
- Denying access is required or authorised by law.
Requests to update or access personal information must be provided in writing. Busabout will provide reasons if access to personal information is denied.
Busabout will review and evaluate this policy when required, with respect to changes in legislation or operations, and at least annually.