Version commencement date: 01 January 2022
1. Respecting your privacy
OLA Australia Pty Ltd and its related bodies corporate (including its ultimate holding company, ANI Technologies Private Limited) (the OLA Group) is committed to compliance with privacy laws which apply to its businesses and which set out standards for the management of personal information, including the Privacy Act 1998 (Cth) and the Australian Privacy Principles (APPs).
This policy outlines our personal information management practices for all aspects of our business in Australia including from our relationships with customers, drivers, operators, users of our services and others who may contact us or about whom we may be provided with personal information.
Specifically, this policy outlines:
- the kinds of personal information we collect and hold;
- how we collect and hold it;
- the purposes for which we collect, hold, use and disclose it;
- your right to access and seek correction of it;
- how you may complain about privacy matters; and
- our sharing of your personal information outside Australia.
There are some matters to which this policy does not apply. These are referred to below (see clause 11 below).
2. What kinds of personal information do we collect and hold?
The personal information we collect and hold is what is reasonably necessary for our business functions and activities. When we collect and hold personal information, it is of the following kinds:
- your personal details such as your name (including account username), addresses (including email addresses and website addresses), telephone numbers, account login details and passwords, age and gender, and certain personal details of your emergency contacts;
- the reference number you provide or which we allocate to you when engaged in services which we provide or services procured or booked using our services;
- what, how, when and where you have engaged in services which we provide or services procured or booked using our services;
- details about your stated or likely preferences and your experiences with services which we provide or services procured or booked using our services;
- details about your membership in any loyalty programs;
- whether you have a connection with others whose personal information we may collect or hold, for example family members;
- if you use social media or a mobile device to interact with us, any information that you allow the social media site or device to share with us; and
- depending on the nature of your dealings with us or the services which we provide to you or which you may obtain or make available to others using our services, other types of personal information. Examples are:
- where you are involved in providing transport-related services, identification, taxation, government or regulatory identifier (such as drivers licence details), and vehicle and insurance details;
- personal information relating to any complaints you make or are made about you, including recording of any calls in that regard;
- personal information collected and held via financial or payment systems about the payment mechanism or method that you might use (including credit card details) and the payments you may make for our services or any services procured or booked using our services; and
- personal information which is accessible from your use of online sites or applications in which we have an interest or provide (such as messages for the purposes of issuing and receiving one time passwords and other device verification) and device-related or device-generated personal information. The latter might include your device details, device IDs, your location, network connections, network access and communication and session data.
You generally have the option of not identifying yourself or of using a pseudonym when dealing with us. But not where this is impractical (for example when you transact online with us or you apply to provide transport-related services) or where the law or a court order provides otherwise.
3. How do we collect and hold personal information?
When we collect personal information about you, we do so by making a record of it. We do this when:
- you register with us, for example when you create an account for any of our products and services;
- you communicate with us online;
- you take part in our promotions, competitions, testimonials, surveys and focus groups; and
- you deal with us in other ways involving a need for personal information to be provided such as when you contact one of our call centres, fill in a form, log into our website or application or make a complaint. We may record all calls and so collect any personal information provided during such calls.
We may also collect personal information about you by accessing data from other sources and then analysing that data together with the information we already hold about you in order to learn more about your likely preferences and interests.
When you visit our electronic sites, such as websites or applications, we may also collect information about you using technology which is not apparent to you, for example using “cookies” and other similar technologies. There is a lot of information available about how cookies work and how to change your browser’s cookie preferences. For example, see https://www.staysmartonline.gov.au/alert-service/all-aboutcookies-and-your-privacy-sso-alert-priority-low.
Most of the personal information we collect and hold about you is from your direct dealings with us, for example information you tell us or information we learn directly from your dealing with us or our partners, e.g. through “cookies”.
We may sometimes collect your personal information other than from you directly. For example,
- from other suppliers who, in common with us, have a relationship with you or have information about you;
- from those to whom we have given access to our online sites (such as through application programming interfaces);
- from those we regard as our business partners, our other customers or our driver partners;
- from publicly available information and from third party ratings and feedback.
Our contractors and service providers who perform services for us, such as payment processing, fraud management, marketing, data analytics and identity verification and background checks may also provide us information about you.
Personal information we hold is generally stored in servers and other computer systems. These may be operated by us or by our service providers. In all cases, we have rigorous information security requirements aimed at minimising risks of unauthorised access to, and loss, misuse or wrongful alteration of, personal information.
4. Why do we collect, hold, use and disclose personal information?
When we collect, hold, use and disclose your personal information, we do so primarily in connection with the provision, sale and promotion of goods and services which we provide or are provided or procured using our services and to improve on and enhance the range of those services and offerings.
For example, we collect, hold, use and disclose your personal information:
- in connection with transport-related services by:
- providing customers’ and drivers’ personal information (including current location, photograph, ratings and vehicle information) to each other in connection with the arrangement of specific transport-related services and to facilitate communications between drivers and customers;
- using your location data to record and verify trip and payment information if you provide or procure transport-related services using our services or are logged onto our website or application; and
- facilitating the search of any missing property which may have been left behind by a customer in a driver partner’s vehicle or assisting with any police or regulatory enquiries;
- to process and facilitate your payment for goods and services, including as required by law;
- for direct marketing (see clause 5 below);
- for verification of your identity;
- to develop insights about you or to personalise your offerings or experience in using our services or services of our third party business partners, including drivers or to assist our service providers and third parties to conduct data analytics;
- for research and development or to improve goods and services, for example in connection with safety and security and preventing fraud;
- where you are involved in providing transport-related services, for criminal history and background checks (including verification of health information) and other manual processing checks regarding the verification of drivers and vehicles;
- to assist in dispute resolution, investigating complaints and in enquiries and support;
- for incidental or other purposes related to the provision of goods and services to you or the purposes referred to above. For example, we may disclose your personal information within the OLA Group for OLA Group’s internal operational purposes (including to help us provide our goods and services, and monitor and improve our goods and services), to service providers who assist us in our day-to-day business operations and as part of buying or selling businesses; and
- as required or permitted by law, court order and any government, law enforcement or other regulatory body.
We may collect, hold, use and disclose your personal information for other purposes which are within reasonable expectations (these may relate, for example to acting on your requests; our involvement in relationships between customers, drivers and third party suppliers of goods or services to you) or legal reasons (for example where permitted by law).
In addition, we may anonymise, de-identify or aggregate your personal information in circumstances where it is appropriate to do so. We may share this anonymised, de-identified or aggregated data with third parties to assist them in conducting analytics and marketing of products and services to you that are likely to be relevant to your interests and preferences. It is not practicable to outline the details of all third parties to whom your personal information is disclosed, however, in addition to those contemplated above, we may disclose your personal information to:
- members of the OLA Group, which may include, for example, disclosure to and use of information by ANI Technologies Private Ltd (registered and located in India) for the purposes of information and identification verification;
- our service providers and their contractors and parties who we regard as business partners of us or the OLA Group, including payment processors, fraud and security providers, those providing technology services and support, loyalty schemes and services, contact centre services, analytics or business services, marketing, promotions and advertising services, financial services, insurance services or professional or legal services;
- your family members or emergency contacts in the event of an incident or emergency;
- comply with our and the OLA Group’s legal, compliance, regulatory and operational purposes; and
- third parties to whom you offer to provide goods or services or from whom you procure goods or services (including any preliminary requests or communications regarding such goods and services) using our services. For example, this would include sharing information between drivers and customers of transport-related services arranged or facilitated using our services.
5. Direct marketing
We may also collect, use and disclose your personal information to supply, advertise and promote goods and services which may be of interest to you, including through email, SMS, third party channels such as WhatsApp, post, phone and also targeted and online marketing and advertising. This includes the products and services of our suppliers and other third parties who offer products and services that may be of interest to you.
We may disclose your personal information to these third parties and their and our marketing, promotions and advertising service providers for this purpose and you consent to receiving these types of direct marketing and commercial electronic messages. You may opt out of our direct marketing to you (and our direct marketing materials will tell you how to do this).
6. How can you enquire about, access and correct your personal information?
We will provide you with access to any of your personal information we hold (except in limited circumstances permitted by law). If you wish to access your personal information or have an enquiry about your privacy, please contact us at firstname.lastname@example.org. You can address your queries to the City Manager. Before we provide you with access to your personal information we may require some proof of identity. We may charge a reasonable fee for giving access to your personal information if your request requires substantial effort on our part. If you need to correct your personal information, please contact us using one of the above means of contact.
7. How can you complain about our management of personal information?
If you wish to complain about a breach of the privacy rules that bind us, you may contact us using one of the means of contact specified in clause 6 above. We may ask you to put your complaint in writing and to provide details about it. We may discuss your complaint with our personnel and our service providers and others as appropriate. We will investigate the matter and attempt to resolve it in a timely way. We will inform you in writing about the outcome of the investigation. If we do not resolve your complaint to your satisfaction and no other complaint resolution procedures are agreed or required by law, we will inform you that your complaint may be referred to the Office of the Australian Information Commissioner for further investigation and will provide you with the Office of the Australian Information Commissioner’s contact details.
The security of your personal information is important to us. We take reasonable steps to prevent the personal information we hold about you from misuse, interference or loss, and from unauthorised access, modification or disclosure. This includes the use of technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of your personal information. However, to the maximum extent permitted by law, we exclude and limit our liability to you in respect of any breach of security or misuse, interference or loss, and from unauthorised access, modification or disclosure of your personal information.
9. Our disclosure of your personal information overseas
It is our policy to require all of our overseas use or disclosure of personal information to be done in a way which requires observance of privacy and security standards, both during transit and at rest at any overseas storage location. We may allow your personal information to be used or disclosed to our personnel, OLA Group companies and third party service providers who are in countries outside of Australia.
We do this:
- where we have made a business decision to store or process data with a trusted service provider (and their contractors) or business partner. Examples are those who store and process our email and mobile application data, provide payment processing services or contact centre services, or conduct verification activities. These services commonly involve diverse geographic locations which change from time to time for reasons which include data protection and processing efficiency. Where these services are used by us, it is not practical for us to notify you of which country your personal information may be located in (however note that it includes, without limitation, Singapore, the Philippines, Indonesia, the United Kingdom, the United States of America and India);
- for disclosures between OLA Group companies who provide various support services to us (including, without limitation, legal, tax, finance, HR and IT support including document verification support). Our main business location is in Bangalore, India, but some of the OLA Group companies may be based in other countries from time to time;
- when our business which collected your personal information is in a different country to your location, for example where you are registered for our service Australia, but use our service in a different country; and
- where you are involved with liability or other issues concerning goods or services which we provide or are provided or procured using our services. In such cases we may disclose your personal information to any overseas supplier of such goods or services in the course of managing those issues.
Where we disclose any of your personal information outside of Australia to any third party (including an OLA Group company), we take reasonable steps to ensure that such third party protects your personal information and complies with our privacy obligations under the APPs.
11. Other privacy terms and limits of this policy
This is a policy. There may be additional privacy notices and terms relevant to you depending on the nature of your dealings with us and on our particular businesses. In particular, there are additional privacy terms in our terms concerning our online sites and applications and account registration processes. We have separate charters concerning our employees – this policy does not apply to the personal information of our employees in their capacity as such. This policy also does not apply to information which may be collected from an individual by a driver of a vehicle which is not provided by us. This policy does not include that of any third parties whose promotions we may facilitate or whose online locations may be accessible via links from our online locations.
12. More information
More information about privacy law and privacy principles is available from the Privacy Commissioner. The Privacy Commissioner may be contacted at www.oaic.gov.au (or by email at email@example.com).
This notice explains how the Ola Group manages your COVID-19 related personal information, consistent with our obligations under the Privacy Act and the APPs, when you choose to register as a driver on the Ola platform.
2. When we collect COVID-19 related personal information
- When you register as a driver on the Ola platform, we may ask you for COVID-19 related personal information.
- We will do this only if we are required to collect such information by law as a booking service provider.
- In certain states or territories in Australia, it is a mandatory obligation for Ola to:
- collect evidence of a driver’s vaccination status; and
- keep a register of such vaccination status.
- In these states or territories, eligibility to drive with Ola is conditional upon the provision of valid evidence showing that you have been vaccinated against COVID-19 or you have an exemption from the need for such vaccination.
3. The type of COVID-19 related personal information which we collect
- The following COVID-19 related personal information which we may collect include:
- whether you have received a COVID-19 vaccination;
- if so, evidence of such vaccination in the form of a copy of your digital COVID-19 vaccination certificate or immunisation history record;
- whether you have an exemption from the need for a COVID-19 vaccination;
- if so, evidence of such exemption may be recorded in your digital COVID-19 vaccination certificate or immunisation history record.
- The digital COVID-19 vaccination certificate and/or the immunisation history record you provide will include the following personal information:
- date of birth;
- Medicare number (if any);
- healthcare identifier (if any); and
- whether you have had your first or second COVID-19 vaccine dose.
4. Why we collect COVID-19 related personal information
- Collection of your COVID-19 related personal information and maintenance of such records for this purpose are required by law in certain states or territories.
- This means that the collection will meet the requirements of the Privacy Act and the APPs.
5. When we use COVID-19 related personal information
- We collect this information to assist with Ola’s COVID-19 legal obligations.
- The information will be accessed only by our staff who need to see it and will be used to determine whether Ola is able to send you booking requests via the Ola app.
- We will not use your COVID-19 related personal information for any other purpose.
6. When we disclose COVID-19 related personal information
- We will disclose COVID-19 related personal information only to regulatory authorities in accordance with our legal obligations.
- We will not share your personal information with other individuals or organisations without your permission, except where required by law.
7. How we store COVID-19 related personal information
- In all cases, we have rigorous information security requirements aimed at minimising risks of unauthorised access to, and loss, misuse or wrongful alteration of, personal information.
8. Opting out from the need to supply COVID-19 related personal information
- You may decide to opt out from submitting your COVID-19 related personal information to us, including evidence of your vaccination status.
- If you decide to do so and if you are registered as a driver with Ola in a state or territory where mandatory vaccination and collection have been imposed by a state or territory law, we may have no choice but to prevent any bookings from being sent to you and to block you from being able to accept bookings.
9. Accessing or correcting your COVID-19 related personal information
- You can access your COVID-19 related personal information by emailing us via your registered Ola app.
- If you have previously submitted incorrect details to us, you should email us immediately.
- If you wish to make a complaint about the way your COVI-19 related personal information has been managed, you can lodge a complaint with us via your Ola app. Please provide as much information as possible so we can investigate and respond.
- We will:
- let you know that we have received your complaint
- do our best to respond within 30 days of receiving your complaint. If we can’t respond within this timeframe we will let you know.
- If you are not satisfied with our response, you can contact the Privacy Commissioner at www.oaic.gov.au (or by email at firstname.lastname@example.org).