Please take time to read this important section
We care about your privacy
EXACTO Driving School (Exacto) is committed to respecting your privacy and to complying with applicable data protection and privacy laws.
Please take a moment to familiarise yourself with our Policy and let us know if you have any questions.
What information do we collect?
We collect your personal data and other information when you make a purchase, schedule or register to use our services, take part in marketing or post reviews, etc or otherwise interact with us.
This includes the following categories:
- Telephone enquiries and/or reservations
- Internet website site search, enquiries, etc
- Internet website reservations and payments
- Internet website related reviews, etc
- Internet online and in person electronic payments
- Electronic communications voice, text and/or email
Use of services
When you access our services online, via our web servers, this may automatically trigger digital records about your visit and related online activity.
These records typically include IP addresses, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser or application type and other such information.
Information you provide us. When you create an account, make a purchase, request services, participate in marketing, post reviews or otherwise interact with us, we may ask for information such as your name, email address, phone number, street address, usernames and passwords, feedback, etc.
We may also collect service specific information relating to your driving lessons and/or driving tests such as drivers licence details, driving experience, driving logbook status, driving test reservations, and for payments information such as bank account number, credit card details and other such financial information. We may also maintain records of your consents, preferences and settings relating to, for example, secondary contact details for permissions and/or emergency contacts etc and the sharing of personal data.
Your transactions with us. We maintain records of your purchases, the content you have provided us with, your requests, the services provided to you, payment and schedule details, your contact details, communications and other interactions with us. We may, in accordance with applicable law, track your communication with our driving instructors or with other such contact points.
Third-party sources. We may receive personal information via third-party service providers, for example if you post a review on Google My Business or when you make a payment via our third-party reservations and payments platforms such as Acuity Scheduling, Stripe, Square, etc.
Why do we process personal data?
Exacto may process your personal data for the following purposes. One or more purposes may apply simultaneously.
Providing services. We use your personal data to provide you with our driving lessons, to process your requests or as otherwise may be necessary to perform the contract between you and Exacto, to ensure the functionality and security of our services, to identify you as well as to prevent and investigate fraud and other misuses.
Personalising services. We use your personal data to develop and personalise the services you are using and to provide you with more relevant services that match with your profile and requirements.
Accounts. Some services may require an account to help you manage your content and preferences. This will usually entail students selecting a username and password in order to access their account to make reservations, payments and review their history.
Developing services. We may use your personal data, feedback and reviews etc help us to develop our services, customer care, sales and marketing.
Communicating with you. We use your personal data to communicate with you, for example to inform you that our services have changed or to send you critical alerts and other such notices relating to our services and to contact you for customer care related purposes.
Marketing. We may contact you to inform you of new services or promotions we may offer and to conduct market research when we have your consent or it is otherwise allowed. We may use your personal data to personalise what we offer and to provide you with more relevant services that match with your profile and interests.
What are the bases for this processing?
Exacto processes your personal data only when it is lawful to do so. The processing is based on the following legal grounds:
Contract. Processing your personal data is necessary for the performance of a contract between you and Exacto. We use your personal data to provide you with our services and to ensure their scheduling, functionality and security.
If you do not provide us with the necessary information, it means that we are not able to provide the services to you. The contract is the basis for this processing, for example, when we:
- collect necessary personal data to process the payment and deliver your purchases.
- communicate with you, for example, to inform you about services and scheduling updates, to send you critical alerts and other important notices relating to our services and to contact you for customer care-related purposes.
Legitimate interest. Exacto processes personal data when it is necessary for the purposes of legitimate interests pursued by Exacto. Legitimate interest refers to an interest that is lawful and important for Exacto. In processing activities based on legitimate interest, your rights are taken into account and balanced with the interests of Exacto.
We may use your personal data to personalise our offering and to provide you with more relevant services that match with your profile and interests, for example, to make recommendations and to display customised content and marketing in our services. This may include displaying third-party content.
We analyse information about your interests, buying behaviour and feedback to develop our business operations, products and services.
We process personal data to prevent and investigate fraud and other misuses and defend Exacto legitimate interests, for example, in civil or criminal legal proceedings.
Consent. Processing your personal data can be based on your consent. In these situations, we ask your consent before your personal data is processed.
Giving consent is always voluntary and you have the possibility to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal. We maintain records of your consents, preferences and settings relating to, for example, driving experience, driving lessons and tests, and sharing of personal data. Consent is the basis for processing in the following situations:
You participate in driving lesson and/or driving test and we collect details of how you use a particular Exacto service. We use the data to improve our services.
You subscribe to our mailing list to hear about new services and promotions. You can withdraw your consent for marketing by using the unsubscribe link at the bottom of the newsletter.
The service requires an account to help you manage your content and preferences. You may be able to manage your consents for the processing in your account’s settings.
Legal obligation. Exacto may need to process your personal data to comply with legal requirements to which Exacto is subjected. Exacto can have, for example, a legal obligation to disclose your personal data to the authorities when requested.
Do we share personal data?
We do not sell, lease or rent your personal data to third-parties. We disclose your personal data to third parties in the following situations only:
Exacto companies and authorised third-parties. We may share your personal data with other Exacto companies or authorised third-parties who process personal data for Exacto the purposes described in this Policy. This may include for example billing through your financial services provider or otherwise, scheduling of your services, providing services including customer service, managing and analysing student data, conducting research, etc.
When you purchase an exacto service, we may need to exchange information with our payments platform providers. These third parties are not permitted to use your personal data for any other purposes. We require them to act consistently with this Policy and to use appropriate security measures to protect your personal data.
Marketing. We may share your personal data with our third party partners, for example who manage a marketing campaign. We may conduct marketing and other communications with our partners. To avoid duplicate or unnecessary communications and to tailor the message to you, we may need to match information that Exacto has collected with information that the partner has collected where this is permitted by law. Our marketing partners are not permitted to use your personal data for any other purposes. We require them to act consistently with this Policy and to use appropriate security measures to protect your personal data.
International transfers of personal data. Our services are provided using resources and servers located in various countries and regions around the world which include the EU, USA, Singapore, etc. Therefore, your personal data may be transferred across international borders outside Australia that have different legal rules on data protection.
In such cases we ensure that there is a legal basis for such a transfer and that adequate protection for your personal data is provided as required by applicable law and by requiring the use of other appropriate technical and organisational information security measures.
Mandatory disclosures. We may be obliged by mandatory law to disclose your personal data to certain authorities or other third parties. We may also disclose and otherwise process your personal data in accordance with applicable law to defend Exacto’s legitimate interests, for example, in civil or criminal legal proceedings.
Mergers and Acquisitions. If we decide to sell, buy, merge or otherwise re-organise our business, this may involve us disclosing certain personal data to prospective or actual purchasers and their advisers, or receiving personal data from sellers and their advisers.
What steps are taken to safeguard personal data?
Privacy and security are key considerations in the creation and delivery of our services. We have assigned specific responsibilities to address privacy and security related matters. We enforce our internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, security and privacy engineering and assessments.
We take appropriate steps to address online security, physical security, risk of data loss and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. Also, we limit access to our databases containing personal data to those authorised persons who have a justified need to access such information.
Our domains may include third party elements that set cookies on behalf of a third-party service providers, for example relating to third-party social networks.
How long is the data retained?
We take reasonable steps to keep the personal data we possess accurate and to delete incorrect or unnecessary personal data. Retention periods vary depending on type of data and the service in question. The retention time of your personal data may be determined determined in accordance with the following criteria: currently active account, non-use of the account and/or regulatory requirements.
What are your rights?
You have a right to know what personal data we hold about you as specified below. You have a right to get any incomplete, incorrect, or outdated personal data completed or updated. In certain cases, you have a right to erasure, restriction or data portability, or to object to processing of your personal data.
You may exercise your rights by managing your account and choices through available profile management tools on your device and our services or by contacting us. In some cases, especially if you wish us to delete or stop processing your personal data, this may also mean that we may not be able to continue to provide the services to you.
Who is the controller of your personal data?
Exacto is the controller of your personal data when the personal data is processed in connection with our services.
In matters pertaining to Exacto’s privacy practices you may also contact us at: email@example.com.
Our services may contain links to other companies’ websites and/or services that have privacy policies of their own. All links to such websites and services are provided for your convenience only. Before submitting your personal data to third-parties, Exacto recommends you take a moment to familiarise yourself with these third-party’s privacy policies.
What has been changed?
No changes have been noted to date.
Revision 2021.07a: Thursday, 1st July 2021.