Privacy Statement

MERCEDES-BENZ STORE PRIVACY STATEMENT AUSTRALIA


Thank you for visiting our websites and for your interest in our products and services. Mercedes-Benz Australia/Pacific Pty Ltd (“MBAuP” “Us” “Our” "We") attach great importance to the protection of your personal information. We process personal information in accordance with applicable data protection laws and regulations.

 

This Privacy Statement provides you with information about the ways in which we will handle your personal information in relation to our Mercedes-Benz Store which includes:

  • the Mercedes-Benz Store website;
  • the purchase of fee based Digital Extras and fee based Additional Digital Extras; and
  • the purchase of fee based Digital Extras and fee based Additional Digital Extras in the MBUX multimedia system located within your vehicle.
Further details on how your personal information will be handled by us can be found by referring to our full Privacy Policy www.mercedes-benz.com.au. This policy ontains information about how you can access the personal information that we hold about you, how you can seek to correct it and how to complain about a suspected breach of your privacy or about how we have handled your personal information.

 

We reserve the right to modify this Privacy Statement and our Privacy Policy from time to time. Any changes will be notified by posting an updated version on our website. Your continued use of our website and services following any updates constitutes acceptance of the data protection notices and/or privacy policy (as the case may be) as amended. We recommend you regularly review our website. If you do not agree with any aspect of our updated data protection notices or privacy policy, you must promptly notify us and cease using our website and services.

 

You may request access to the information we hold about you, or request that we update or correct any personal information we hold about you, by setting out your request in writing and sending it to us at mbaupprivacyofficer@mercedes-benz.com. We will review your request as soon as reasonably practicable (or such other period as required by law). If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.

 

Whilst our Mercedes-Benz Store can be accessed across the globe, the goods and services sold via the Australian Mercedes-Benz Store are targeted to those located in Australia and as such, this Privacy Statement is based on the applicable data protection laws of Australia. If however the GDPR applies to the collection, holding, storing, processing and/or disclosure of your personal information, then the GDPR sections of this statement shall also apply.

 

How to contact us:

Mercedes-Benz Australia/Pacific Pty Ltd
44 Lexia Place
Mulgrave, Victoria
Australia 3170
By phone: 1300 300 896*
By email: mbaupprivacyofficer@mercedes-benz.com

*Calls free from landlines, charges for calls from mobile phones may vary

 

Who is responsible for processing of my personal information?

 

General

The Mercedes-Benz Store is provided by MBAuP who collect and process your personal information. MBAuP uses MBAG as the technical service provider for operating the "backend" and the associated storage, provision and processing of your personal information.

Unless otherwise stated in this Privacy Statement, MBAG will act only as a processor on behalf of MBAuP and according to its instructions and shall not be responsible for the collection of your personal information.

Further details on how your personal information will be handled by MBAG can be found by referring to the following Privacy Policy: https://group.mercedes-benz.com/documents/company/other/mercedes-benz-dataprotectionpolicy-en.pdf

 

Mercedes me ID

During your use of our Mercedes-Benz Store, you may be asked to create a central Mercedes-Benz AG access service account (also referred to as a Mercedes Me ID). This enables you to create a single user account to log in to all websites and applications of the Mercedes-Benz and its brands that are offered through Mercedes Me ID.

Further details on how your personal information will be handled by MBAG in relation to a Mercedes Me ID account can be found by referring to the MBAG Privacy Policy available via the Customer Portal (access the portal at www.mercedes-benz.com.au).

 

Storage of Payment Information

If you request for us to keep your payment information (e.g. credit card details) available for future payments, Mercedes Pay GmbH (“Mercedes Pay”) shall directly collect and store this payment information. Further details on how your personal information will be handled by Mercedes Pay can be found by referring to the following Privacy Policy: https://privacy.mercedes-pay.com/au/en


Data protection information for the Mercedes-Benz Store website


Go to top of page

This section applies when you use or access our Mercedes-Benz Store via our website.

     

    1. Collection of your personal information

  1. We collect personal information via our website (including any microsites) including:

    1. if you choose to supply the information to us by entering your information into the interactive sections on our website (for example, enquiry forms, message boards, chat, profile pages, blogs, social networking features and the like). Please be aware that any information you post or disclose on this website may be available to other site visitors and the general public (depending on the privacy settings you have in place);
    2. if you choose to create a new login or use your existing login or otherwise provide information through our website; when you attend a (product) focus group, review a product or complete a survey;
    3. via cookies or other web technologies which are enabled on our website (please refer to clause 4 below and our Cookie Policy).

    You are under no obligation to submit your personal information however our Mercedes-Benz Store and the supply of the certain functions on our website may be dependent on you providing personal information, and as such, if you do not provide your personal information in such cases, certain functions may be restricted or unavailable.

     

    2. Purposes of use

    Where you provide us with personal information via our website, we use this information for the primary purpose of fulfilling or processing your order/request or responding to your enquiry or any purpose which we inform you about when we collect your personal information or to which you have provided your consent.

     

    We may also use the personal information for the following:

    1. in order to make the use of our websites as user-friendly as possible for you;
    2. to provide you with any goods or services you have requested including any Digital Services requested by you (eg: Digital Extras and smart control information and telematics services);
    3. market research, customer surveys, customer analysis and product development;
    4. responding to enquiries in relation to products we sell and services we offer;
    5. customer assistance, care, contact and information;
    6. marketing, events and promotional activities (including but not limited to the display of personalised content or advertising based on your user behaviour);
    7. customer management purposes including communicating to you about any goods and services, answering your requests and complaints or varying products and services;
    8. any related purpose which would be reasonably necessary or directly related to one or more of our functions or activities;
    9. as part of servicing and maintenance of IT systems and applications and to protect our IT systems from attacks and other illegal activities;
    10. accounting, billing or other internal administrative purposes including handling any business transactions and settling the appurtenant accounts;
    11. taking or responding to any legal action or protecting our legitimate interests;
    12. to comply with industry, legal and regulatory requirements; and/or
    13. where permitted or required by law, a court or tribunal.

     

    3. Transfer of personal information to third parties; social plug-ins; use of service providers

    General
    1. We may disclose your personal information to third parties, including but not limited to:
      1. those that you have consented we disclose your personal information to, either impliedly by your conduct, verbally or in writing;
      2. our authorised dealer network;
      3. contracted service providers including but not limited to advertising and marketing agencies, certain cookie and web technology providers referred to in our Cookie Policy, financiers, insurers, mailing houses, printers, organisations that assist us to conduct promotions, market research, product planning, analytics or research and development, debt collectors, data analysts, IT service providers, roadside assistance providers, database storage and service providers, cloud service providers, auditors and professional advisors;
      4. other members that are part of, related to or associated with the Mercedes-Benz (many of whom are based overseas)
      5. government agencies, enforcement authorities, regulators or other similar entities as required or permitted by law.
    2. Our websites may also include third-party offers. When you click on such an offer, we transfer the required scope of data to the offering party (e.g. information noting that you found this offer on our website and any other information which you have already provided on our website).
    3. Where we use so-called "social plug-ins" of social networks such as Facebook and Twitter on our websites, we integrate these as follows:
      1. When you visit our websites the social plug-ins are deactivated, i.e. no data is transferred to the operators of these social networks. If you wish to use one of the social networks, you can click on the relevant social plug-in to establish a direct connection to the server of the social network concerned.
      2. If you have a user account with the corresponding social network and you are logged in to this specific social network at the time you activate the social plug-in, this social network can attribute your visit to our website to your user account. If you would like to prevent this, please log out from the social network prior to activating the social plug-in. A social network is unable to attribute a visit to other Mercedes-Benz websites before you have not also activated any available social plug-in there.
      3. If you activate a social plug-in, the social network directly transfers the consequently available data to your browser, which integrates it into our websites. In this situation there may also be data transfers that are initiated and controlled by the corresponding social network. Your connection with a social network, the data transfer which takes place between the social network and your system, and your interactions on or with this social network and their platforms are subject solely to the data protection terms of the applicable social network.
      4. The social plug-in remains active until you deactivate it or delete your cookies (see Section 4 [Cookies- Managing preferences] below).

    Cross Boarder Transfers
    1. Your personal information collected from our website may be transferred, accessed, processed and/or stored in various countries which include but are not limited to, the European Union (most notably Germany, Iceland, Liechtenstein and Norway), the USA and India.
    2. You authorise such transfer and disclosures of your personal information outside of Australia and in doing so acknowledge that some recipients of this data may be located in countries which do not have laws which require them to protect the information in a way that provides comparable safeguards to those under Australian privacy law.
    3. Where we arrange for work or services to be undertaken on our behalf, that work is undertaken under conditions of confidentiality and may result in your personal information being transferred, accessed, processed and/or stored (for example, on clouds or servers) in various countries for the purpose of service delivery to us or you.
    4. Unless an exception applies in the Privacy Act 1988 (Cth), prior to disclosing personal information to overseas recipients we will take reasonable steps in the circumstances to ensure that the overseas recipient adheres to the APPs.

     

    4. Cookies

    General
    1. We use different web technologies (such as cookies, tracking technologies and retargeting technologies) so that we can make our webpages more user-friendly, continuously improve them, and show content, offers and advertisements that are more suited to you. We may also use this information to conduct reporting, customer analytics, market research and product development. For more information about what web technologies are and how we use them, please refer to our Cookie Policy on our website.
    2. Important: When certain web technologies are used, cookies on our websites track your browsing activity. In the process, random identifiers (so called “Cookie IDs”) are used which may be brought into connection with your name, your address or similar personally identifiable information that we may already hold (e.g. from an existing contractual relationship). On this basis, if you have already provided us with personally identifiable information, by consenting to the use certain web technologies you are consenting to us associating your browsing activity on our websites to you personally.
    3. For Analysis and Statistics web technologies, Comfort web technologies and Marketing web technologies, will only use these technologies if you agree. For Technically Required web technologies, by simply using our websites, you consent to their use. Further information about the above technologies, the respective providers and the associated processing of personal information, please refer to our Cookie Policy.

    Managing preferences
    1. You can manage the use of web technologies via our Cookie Policy or via your browser or device by following the manufacturer's instructions on how this is done for the respective browser or device you use.
    2. If you do not wish for us to use certain web technologies (other than those technically required), you can object or “Opt-Out” at any time. We will comply with your objection by placing an Opt-Out cookie in your browser. Please note that for technical reasons, an Opt-Out cookie affects only the browser in which it has been installed. If you delete the cookie or use a different browser or device, you will need to opt out again.
    3. To find out more, please visit our Cookie Policy.
  2.  

    5. Security

    We apply technical and organisational security measures to protect your data which we have under our control against manipulation, loss, destruction and access by unauthorised persons. Our security measures are subject to ongoing improvement in line with technological developments.

     

    6. GDPR

    The following only applies if the handling of your personal information is subject to the GDPR.

     

    Controller within the meaning of the General Data Protection Regulation (GDPR):
    Mercedes-Benz Australia/Pacific Pty Ltd
    44 Lexia Place
    Mulgrave, Victoria
    Australia 3170
    By phone: 1300 300 896*
    By email: mbaupprivacyofficer@mercedes-benz.com
    *Calls free from landlines, charges for calls from mobile phones may vary

     

    Data Protection Officer:
    Mercedes-Benz AG
    Chief Officer for Corporate Data Protection
    HPC E600
    Mercedesstraße 120
    D-70372 Stuttgart
    Germany
    Email: data.protection@mercedes-benz.com

     

    Web Technologies and Cookies

    We only collect and use cookies and web technologies for the pursuit of legitimate interests, to meet legal obligations or insofar as you have consented to the use in accordance with clause 5 above.

     

    Social Plug-ins

    When you click on a link to an offer or activate a social plug-in, it is possible that personal information may reach providers in countries outside of the European Economic Area which may not guarantee an "adequate level of protection" corresponding to EU standards. Please consider this before clicking on a link or activating a social plug-in and thereby initiating a transfer of your data.

     

    Legal basis for processing
    1. If you have given your consent to us processing your personal information, this constitutes the legal basis for said processing (Article 6 (1), letter a, GDPR).
    2. The legal basis for processing personal information for the purposes of initiating or compliance with a contract with you shall be Article 6 (1), letter b, GDPR.
    3. Where the processing of your personal information is necessary in order to meet our legal obligations (e.g. regarding the retention of data), we are duly authorised in accordance with Article 6 (1), letter c, GDPR.
    4. We also process personal information for the purposes of protecting and exercising our legitimate interests and the legitimate interests of third parties in accordance with Article. 6 (1), letter f, GDPR. Maintaining the operability of our IT systems, (direct) marketing our own and third-party products and services (if this is with your consent), and the legally required documentation of business contacts represent such legitimate interests. In weighing the interests in each instance, we accord due consideration in particular to the type of personal information, the purpose of processing, the circumstances relating to processing and your interest in the confidentiality of your personal information.

    Deletion of your personal information

    Generally we shall delete your IP address and the name of your internet service provider after storing it on security grounds for seven days. Similarly, we shall generally otherwise delete your personal information as soon as the reason for which we collected and processed the data no longer applies. Storage continues beyond this period only where required by the laws, ordinances or other statutory provisions to which we are subject provided that an adequate level of protection is available. Where deletion is not possible in an individual case, the relevant personal information will be marked with the aim of restricting its future processing.

     

    Data subject rights
    1. As a person affected by data processing, you have the right to information (Article 15 GDPR), correction (Article 16 GDPR), deletion of data (Article 17 GDPR), restricting processing (Article 18 GDPR) and transferring data (Article 20 GDPR).
    2. If you have consented to our processing your personal information, you have the right to revoke your consent at any time. Such revocation shall not affect the legality of processing your personal information up to the time of revocation. The further processing of these data on another legal basis, for example in order to meet legal obligations (cf. section "Legal basis of processing") shall also remain unaffected.
    3. You have the right to object to the processing of personal information concerning you at any time as a result of an extraordinary situation on the basis of Article 6 (1) e) GDPR (data processing in the interest of the public) or Article 6 (1) f) GDPR (data processing based on a weighing of interests). If you object, we shall only continue to process your personal information where we can provide mandatory, justifiable reasons that overrule your interests, rights and liberties or if the processing serves to assert, exercise or defend legal rights. Insofar as we process your personal information in order to carry out direct advertising to safeguard legitimate interests on the basis of a weighing of interests, you also have the right to object thereto at any time without stating any reasons.
      If possible, please send your claims or declarations to the Data Controller in accordance with the contact information stated above.
    4. If you are of the opinion that the processing of your personal information infringes statutory provisions, you have the right to file a complaint with a responsible data protection supervisory authority (Article 77 GDPR).

    Transfer of data to recipients outside the European Economic Area
    1. When using service providers and forwarding data to third parties with your consent, personal information may be transferred to recipients in countries outside the European Union (“EU“) and processed there, in particular in the USA, India and Australia.
    2. In the following countries, from the EU's point of view, there is an adequate level of personal information protection (so-called "adequacy"), in compliance with EU standards: Andorra, Argentina, Canada (limited), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uru-guay. We agree with recipients in other countries on the use of EU standard contractual clauses, binding corporate rules or other applicable instruments (if any) to create an "ade-quate level of protection" according to legal requirements. For more information, please contact the Data Controller in accordance with the contact information stated above.

    Last revised: November 2021 and may change from time to time.


Data protection information for the purchase fee based Digital Extras and fee based Additional Digital Extras


Go to top of page

This section applies when you purchase fee based Digital Extras and fee based Additional Digital Extras.

     

    1. Collection of your personal information

    1. We collect personal information when you order/purchase fee based Digital Extras and/or fee based Additional Digital Extras from us.
    2. You are under no obligation to submit your personal information however the sale/supply of these digital services or features are dependent on you providing personal information, and as such, if you do not provide your personal information, we will not be able to supply/sell you with these digital services or features.

     

    2. Purposes of use

    1. MBAuP will collect your personal information for the primary purpose of and to the extent required to fulfil any order or purchase your make.
    2. MBAuP may also use personal information which it receives for certain secondary purposes including but not limited to:
      1. market research, customer surveys, customer analysis and product development;
      2. responding to enquiries in relation to products we sell and services we offer;
      3. customer assistance, care, contact and information;
      4. marketing, events and promotional activities (including but not limited to the display of personalised content or advertising based on your user behaviour);
      5. customer management purposes including communicating to you about any goods and services, answering your requests and complaints or varying products and services;
      6. any related purpose which would be reasonably necessary or directly related to one or more of our functions or activities;
      7. as part of servicing and maintenance of IT systems and applications and to protect our IT systems from attacks and other illegal activities;
      8. accounting, billing or other internal administrative purposes including handling any business transactions and settling the appurtenant accounts;
      9. taking or responding to any legal action or protecting our legitimate interests;
      10. to comply with industry, legal and regulatory requirements; and/or
      11. where permitted or required by law, a court or tribunal.

     

    3. Transfer of personal information

    General
    1. MBAuP shall pass your personal information to Mercedes-Benz AG who operate the backend for the Mercedes-Benz Store the digital services. Further details on how your personal information will be handled by MBAG can be found by referring to the following Privacy Policy: https://group.mercedes-benz.com/documents/company/other/mercedes-benz-dataprotectionpolicy-en.pdf.
    2. If you request for us to keep your payment information (e.g. credit card details) available for future payments, Mercedes Pay GmbH (“Mercedes Pay”) shall directly collect and store this payment information. Further details on how your personal information will be handled by Mercedes Pay can be found by referring to the following Privacy Policy: https://privacy.mercedes-pay.com/au/en.
    3. We may also disclose your personal information to third parties, including but not limited to:
      1. those that you have consented we disclose your personal information to, either impliedly by your conduct, verbally or in writing;
      2. our authorised dealer network;
      3. contracted service providers including but not limited to payment service providers, advertising and marketing agencies, certain cookie and web technology providers referred to in our Cookie Policy, financiers, insurers, mailing houses, printers, organisations that assist us to conduct promotions, market research, product planning, analytics or research and development, debt collectors, data analysts, IT service providers, roadside assistance providers, database storage and service providers, cloud service providers, auditors and professional advisors;
      4. other members that are part of, related to or associated with the Mercedes-Benz (many of whom are based overseas)
      5. government agencies, enforcement authorities, regulators or other similar entities as required or permitted by law.

    Cross Boarder Transfers
    1. Your personal information may be transferred, accessed, processed and/or stored in various countries which include but are not limited to, the European Union (most notably Germany), India and the USA.
    2. Specifically:
      1. MBAuP has appointed technical service providers and payment service providers to handle and manage payment transactions. These companies are located in the European Union and have access only to such personal information as are required to perform their tasks. MBAuP has concluded contracts with these service providers, which contain provisions on the handling and protection of personal information.
      2. If you wish to make an electronic payment in order to purchase products or services, it will be necessary to transfer the corresponding payment transaction data (e.g. bank account number or credit card number, name of card holder, card's period of validity, amount and time of payment) to these service providers located in the European Union, in order to enable conclusion of the purchase transaction
    3. You authorise such transfer and disclosures of your personal information outside of Australia and in doing so acknowledge that some recipients of this data may be located in countries which do not have laws which require them to protect the information in a way that provides comparable safeguards to those under Australian privacy laws.
    4. Where we arrange for work or services to be undertaken on our behalf, that work is undertaken under conditions of confidentiality and may result in your personal information being transferred, accessed, processed and/or stored (for example, on clouds or servers) in various countries for the purpose of service delivery to us or you.
    5. Unless an exception applies in the Privacy Act 1988 (Cth), prior to disclosing personal information to overseas recipients we will take reasonable steps in the circumstances to ensure that the overseas recipient adheres to the APPs.

     

    4. Security

    We apply technical and organisational security measures to protect your data which we have under our control against manipulation, loss, destruction and access by unauthorised persons. Our security measures are subject to ongoing improvement in line with technological developments.

     

    5. GDPR

    The following only applies if the handling of your presonal information is subject to the GDPR.

     

    Controller within the meaning of the General Data Protection Regulation (GDPR):
    Mercedes-Benz Australia/Pacific Pty Ltd
    44 Lexia Place
    Mulgrave, Victoria
    Australia 3170
    By phone: 1300 300 896*
    By email: mbaupprivacyofficer@mercedes-benz.com
    *Calls free from landlines, charges for calls from mobile phones may vary

     

    Data Protection Officer:
    Mercedes-Benz AG
    Chief Officer for Corporate Data Protection
    HPC E600
    Mercedesstraße 120
    D-70372 Stuttgart
    Germany
    Email: data.protection@mercedes-benz.com

     

    Legal basis for processing
    1. If you have given your consent to us processing your personal information, this constitutes the legal basis for said processing (Article 6 (1), letter a, GDPR).
    2. The legal basis for processing personal information for the purposes of initiating or compliance with a contract with you shall be Article 6 (1), letter b, GDPR.
    3. Where the processing of your personal information is necessary in order to meet our legal obligations (e.g. regarding the retention of data), we are duly authorised in accordance with Article 6 (1), letter c, GDPR.
    4. We also process personal information for the purposes of our legitimate interests and the legitimate interests of third parties in accordance with Article. 6 (1), letter f, GDPR. Maintaining the operability of our IT systems, (direct) marketing our own and third-party products and services (if this is with your consent), and the legally required documentation of business contacts represent such legitimate interests. In weighing the interests in each instance, we accord due consideration in particular to the type of personal information, the purpose of processing, the circumstances relating to processing and your interest in the confidentiality of your personal information.

    Deletion of your personal information

    Your personal information will be stored for the duration of the contractual relationship and will subsequently be retained in conformity with the legal commercial and legal tax record-keeping requirements. The personal information will then be deleted, unless further storage is required for the protection of our legitimate interests (in particular for the assertion, exercise and defence of legal claims).


    Data subject rights

    To the extent that MBAuP processesa customer's personal information, the customer is entitled:

    1. to request information on the personal information processed by MBAuP (right to information),
    2. to demand the adjustment of incorrect data and - in consideration of the purpose of the processing - completion of incomplete data (right to rectification);
    3. to demand the deletion of data for legitimate reasons (right of erasure);
    4. to demand limited processing of data if the legal prerequisites for this are met (right to restrict processing),
    5. to receive the data provided by the Customer in a structured, valid and machine-readable form if the legal prerequisites for this are met as well as to transmit these data to another responsible party or, to the extent technically feasible, to have them transmitted by MBAuP (right to data portability).

    Furthermore, the Customer has the right to object to the processing of personal information which is carried out for the protection of MBAuP legitimate interests, for reasons related to the personal situation of the Customer in accordance with the legal regulations (right to object).


    To exercise these rights, the Customer can contact us using the contact details presented above. Furthermore, the Customer has the right to file a complaint with a data protection supervisory authority.


    Transfer of data to recipients outside the European Economic Area
    1. When using service providers and forwarding data to third parties with your consent, personal information may be transferred to recipients in countries outside the European Union (“EU“) and processed there, in particular in the USA, India and Australia.
    2. In the following countries, from the EU's point of view, there is an adequate level of personal information protection (so-called "adequacy"), in compliance with EU standards: Andorra, Argentina, Canada (limited), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay. We agree with recipients in other countries on the use of EU standard contractual clauses, binding corporate rules or other applicable instruments (if any) to create an "adequate level of protection" according to legal requirements. For more information, please contact the Data Controller in accordance with the contact information stated above.


    Last revised: November 2021 and may change from time to time. Any updated versions will be posted on this website and will be effective from the date of posting.




Data protection information for the purchase and use of fee based Digital Extras and fee based Additional Digital Extras in the MBUX multimedia system


This section applies when you access or use the “in vehicle” Mercedes-Benz via the vehicle MBUX multimedia system.

Go to top of page

     

    1. Collection of your personal information

    1. We collect personal information when you visit or use the "in Vehicle Store".
    2. You are under no obligation to submit your personal information however access and use of our "in Vehicle Store" may be dependent on you providing personal information, and as such, if you do not provide your personal information, certain functions may be restricted or unavailable.

     

    2. Purposes of use

    1. MBAuP will collect your personal information for the primary purpose of the extent required to fulfil any order or purchase your make and to show you goods and services which may be available.
    2. Furthermore, MBAuP may use personal information which it receives for certain secondary purposes including but not limited to:
      1. market research, customer surveys, customer analysis and product development;
      2. responding to enquiries in relation to products we sell and services we offer;
      3. customer assistance, care, contact and information;
      4. marketing, events and promotional activities (including but not limited to the display of personalised content or advertising based on your user behaviour);
      5. customer management purposes including communicating to you about any goods and services, answering your requests and complaints or varying products and services;
      6. any related purpose which would be reasonably necessary or directly related to one or more of our functions or activities;
      7. as part of servicing and maintenance of IT systems and applications and to protect our IT systems from attacks and other illegal activities;
      8. accounting, billing or other internal administrative purposes including handling any business transactions and settling the appurtenant accounts;
      9. taking or responding to any legal action or protecting our legitimate interests;
      10. to comply with industry, legal and regulatory requirements; and/or
      11. where permitted or required by law, a court or tribunal.

     

    3. Transfer of personal information

    General
    1. MBAuP shall pass your personal information to Mercedes-Benz AG who operate the backend for the "in Vehicle Store". Further details on how your personal information will be handled by MBAG can be found by referring to the following Privacy Policy: https://group.mercedes-benz.com/documents/company/other/mercedes-benz-dataprotectionpolicy-en.pdf
    2. If you request for us to keep your payment information (e.g. credit card details) available for future payments, Mercedes Pay GmbH (“Mercedes Pay”) shall directly collect and store this payment information. Further details on how your personal information will be handled by Mercedes Pay can be found by referring to the following Privacy Policy: https://privacy.mercedes-pay.com/au/en.

    Cross Boarder Transfers
    1. Your personal information may be transferred, accessed, processed and/or stored in various countries which include but are not limited to, the European Union (most notably Germany), India and the USA.
    2. Specifically:
      1. MBAuP has appointed technical service providers and payment service providers to handle and manage payment transactions. These companies are located in the European Union and have access only to such personal information as are required to perform their tasks. MBAuP has concluded contracts with these service providers, which contain provisions on the handling and protection of personal information.
      2. If you wish to make an electronic payment in order to purchase products or services, it will be necessary to transfer the corresponding payment transaction data (e.g. bank account number or credit card number, name of card holder, card's period of validity, amount and time of payment) to these service providers located in the European Union, in order to enable conclusion of the purchase transaction
    3. You authorise such transfer and disclosures of your personal information outside of Australia and in doing so acknowledge that some recipients of this data may be located in countries which do not have laws which require them to protect the information in a way that provides comparable safeguards to those under Australian privacy laws.
    4. Where we arrange for work or services to be undertaken on our behalf, that work is undertaken under conditions of confidentiality and may result in your personal information being transferred, accessed, processed and/or stored (for example, on clouds or servers) in various countries for the purpose of service delivery to us or you.
    5. Unless an exception applies in the Privacy Act 1988 (Cth), prior to disclosing personal information to overseas recipients we will take reasonable steps in the circumstances to ensure that the overseas recipient adheres to the APPs.

     

    4. Security

    MBAuP uses technical and organisational security measures in order to protect the data which is provided by you and managed by us from manipulation, loss, destruction and access by unauthorised parties. The security measures are subject to ongoing improvement by MBAuP in line with technological developments.

     

    5. GDPR

    The following only applies if the handling of your personal information is subject to the GDPR.

     

    Controller within the meaning of the General Data Protection Regulation (GDPR):
    Mercedes-Benz Australia/Pacific Pty Ltd
    44 Lexia Place
    Mulgrave, Victoria
    Australia 3170
    By phone: 1300 300 896*
    By email: mbaupprivacyofficer@mercedes-benz.com
    *Calls free from landlines, charges for calls from mobile phones may vary

    Data Protection Officer:
    Mercedes-Benz AG
    Chief Officer for Corporate Data Protection
    HPC E600
    Mercedesstraße 120
    D-70372 Stuttgart
    Germany
    Email: data.protection@mercedes-benz.com

     

    Legal basis for processing
    1. If you have given your consent to us processing your personal information, this constitutes the legal basis for said processing (Article 6 (1), letter a, GDPR).
    2. The legal basis for processing personal information for the purposes of initiating or compliance with a contract with you shall be Article 6 (1), letter b, GDPR.
    3. Where the processing of your personal information is necessary in order to meet our legal obligations (e.g. regarding the retention of data), we are duly authorised in accordance with Article 6 (1), letter c, GDPR.
    4. We also process personal information for the purposes of protecting and exercising our legitimate interests and the legitimate interests of third parties in accordance with Article. 6 (1), letter f, GDPR. Maintaining the operability of our IT systems, (direct) marketing our own and third-party products and services (if this is with your consent), and the legally required documentation of business contacts represent such legitimate interests. In weighing the interests in each instance, we accord due consideration in particular to the type of personal information, the purpose of processing, the circumstances relating to processing and your interest in the confidentiality of your personal information.

    Deletion of your personal information

    Your personal information will generally be deleted as soon as the purpose for which MBAuP has collected and processed the data no longer applies.Beyond this period of time, data is only stored if this is necessary to comply with the laws or further storage is required for the protection of MBAuP legitimate interests (in particular for the assertion, exercise and defence of legal claims).


    Your personal informtion will be stored for the duration of the contractual relationship and will subsequently be retained in conformity with the legal commercial and legal tax record-keeping requirements. The data will then be deleted, unless further storage is required for the protection of MBAuP legitimate interests (in particular for the assertion, exercise and defence of legal claims).


    Data subject rights

    To the extent that MBAuP processes a customer's personal information, in accordance with the statutory provisions the data subject has the following rights:

    1. to request information on the personal information processed by MBAuP (right to information),
    2. to demand the adjustment of incorrect data and - in consideration of the purpose of the processing - completion of incomplete data (right to rectification);
    3. to demand the deletion of data for legitimate reasons (right of erasure);
    4. to demand limited processing of data if the legal prerequisites for this are met (right to restrict processing),
    5. to receive the data provided by the data subject in a structured, valid and machine-readable form if the legal prerequisites for this are met as well as to transmit this data to another responsible party or, to the extent technically feasible, to have it transmitted by MBAuP (right to data portability).

    Furthermore, the data subject has the right to object to the processing of personal information which is carried out for the protection of MBAuP legitimate interests, for reasons related to the personal situation of the Customer in accordance with the legal regulations (right to object).If your personal information are processed in order to carry out direct advertising, you also have the right to declare your objection to this processing at any time without providing separate reasons.


    To exercise these rights, the Customer can contact MBAuP using the contact details presented above. Furthermore, the Customer has the right to file a complaint with a data protection supervisory authority.


    Transfer of data to recipients outside the European Economic Area
    1. When using service providers and forwarding data to third parties with your consent, personal information may be transferred to recipients in countries outside the European Union (“EU“) and processed there, in particular in the USA, India and Australia.
    2. In the following countries, from the EU's point of view, there is an adequate level of personal information protection (so-called "adequacy"), in compliance with EU standards: Andorra, Argentina, Canada (limited), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay. We agree with recipients in other countries on the use of EU standard contractual clauses, binding corporate rules or other applicable instruments (if any) to create an "adequate level of protection" according to legal requirements. For more information, please contact the Data Controller in accordance with the contact information stated above.

Last revised: November 2021 and may change from time to time. Any updated versions will be posted on this website and will be effective from the date of posting.