Privacy Policy

Privacy Policy

At Indigo We respect privacy and your rights to control your personal data. Our principle guidelines are simple. We will be clear about the data we collect and why. We do not and will not sell your data to third parties unless we are given express permission by yourself to do so.

Whether we are collaborating with your repairer to ensure your replacement vehicle is ready when you are, talking to the driver who was at fault in your accident or calling up insurance companies, so you won’t have to. We go above and beyond to ensure you stay mobile.

When we collect or use your personal information, we only do this to meet our end goal: To reduce the inconvenience of your motor vehicle accident.

Our privacy policy covers the personal information that we collect and how we protect that information in compliance with the Australian Privacy Principles and under other applicable privacy laws. The policy also elaborates on the choices you can make about the data we collect, and how you can control these decisions.

1 What Is Collected

1.1.We collect personal information necessary to provide our services when you request or apply to us for accident management services or deal with us over the telephone or e-mail us.

This information can include:

a. Personal information such as your name, address, email address, telephone number and date of birth

b. Government identifiers and related information, such as your driver’s licence, passport. Depending on the circumstances of your claim/case or hire;

c. Details about other parties involved in your accident or claim.

d. Details about your family, business, financial details, occupation and income, account activities and transactions with us or third parties;.

e. We may monitor and record telephone calls for training and security purposes.

1.2. Any other information lawfully obtainable under the relevant Privacy Law.

2 How do we collect information

2.1. We collect the majority of the personal information directly from you. This is including when you interact with us in person, over the phone or electronically, when you access our website, or via email and when we provide our services to you.

2.2. We may receive and gather personal information from third parties. If we do, we will protect it as set out in this privacy policy.

3 How Information Is Used

3.1. We may use the personal information collected from you to provide you with our services and information, updates related to our services and information about our business and the industry in general

3.2. We use the personal information provided for purposes consistent with the reason you provided it, or for a directly related purpose, where required or permitted by law or where you have provided us with your express or implied consent.

These purposes include, but are not limited to:

a. provision of commercial and consumer vehicle leasing arrangements, including accident replacement vehicle services;

b. processing a product application or service or purchase request;

c. managing our products and services or other relationships and arrangements;

d. processing receipts, invoices and payments and servicing customer accounts, including determining liability for payment;

e. responding to customer enquiries about applications, accounts, products or services;

f. understanding customer needs and offering products and services to meet those needs;

g. assessing, processing and investigating insurance risks or claims;

h. accounting, billing and other internal administrative purposes;

i. From time to time we may use your personal information to provide you with information on our services by direct mail email/SMS or telephone. You may request that your information is not to be used for these purposes

j. considering, and contacting you about, any application you make for a job with us;

k. enforcing our rights, including undertaking debt collection activities and legal proceedings;

l. any other legal and regulatory requirements. Various laws may expressly require us to collect your personal information, or we may need to do so in order to be able to comply with other obligations under those laws

4 Disclosure of your personal information

4.1. We may disclose your personal information to any of our employees, officers, insurers, professional advisors, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy. Personal information is only supplied to a third party when it is required for the delivery of our services.

4.2. We may from time to time need to disclose personal information to comply with a legal requirement, such as law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request.

4.3. Information that we collect may from time to time be processed in or transferred between our offices overseas: As at the date of this edition of our policy we may use technical support in The Philippines or the UK but such technical support does not require the transfer of personal information.

As at the date of this edition of our policy we may use technical support in the Philippines or the UK but such technical support does not require the transfer or storage of personal information. To the extent that the laws and rights of these countries are not equivalent to the laws of Australia, you agree to be bound by the laws and rights of the relevant extraterritorial jurisdiction as far as they apply. These countries have data protection laws that are not equivalent to the laws of Australia and you may not have equivalent rights of enforcement.

4.4. By providing us with personal information, you consent to the terms of this Privacy Policy and the types of disclosure covered by this policy. Where we disclose your personal information to third parties, we will request that the third party follows this Policy regarding handling your personal information.

5 Security of your personal information

5.1. Indigo Corp is committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorized access, modification and disclosure.

5.2. Information is retained for the period required for business purposes or by law. Files electronic or hard format are usually stored for 7 years to meet legal requirements. We will destroy or re-identify personal information in circumstances where it is no longer required, unless we are otherwise required by to law to retain the information.

5.3. We will seek to secure the breach, notify you if your information is compromised, take steps to prevent any further breaches and report serious breaches to the appropriate authorities.

6 Access and Correction of Your Information

6.1. You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth). If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, Please email us at: [email protected] At Indigo we pride ourselves in ensuring that the information we hold about you is correct and up to date at all times.

6.2. We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act. In this context a refusal of access would cover situations where it is subject to legal entitlement, the information relates to commercially-sensitive decision-making processes or prejudicial to the services that you have requested that we provide.

7 Changes to our Privacy Policy

7.1. Please be aware that we may change this Privacy Policy in the future. We may modify this Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our website. Please check back from time to time to review our privacy policy.

8 Website

8.1. When you visit our website we may collect certain information such as browser type, operating system and from what source you came before entering our website, etc. This information is used in aggregated manner to analyse how people use our website, such that we can improve our service.

8.2. We may from time to time use cookies on our website. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer. Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings.

8.3. Our website may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval. Please be aware that Indigo Corp is not responsible for the privacy practices of such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.


9.1. Generally, the General Data Protection Regulation (EU) 2016/679 as it is incorporated into the law of the UK (the UK GDPR) and the UK Data Protection Act 2018 does not apply to our customers. In certain circumstances it may apply in relation to IndigoCorp UK Ltd, our UK entity. If the UK GDPR applies to you, you have the following additional and specific rights in relation to your personal data under (where applicable). If any provision in the privacy policy is inconsistent with this UK GDPR section, the terms of this UK GDPR section shall apply to the processing of personal data subject to the UK GDPR. Terms used in this UK GDPR section shall have the meaning ascribed to them by the UK GDPR, including the definition of personal data.

9.2. If you are an employee located in the UK, our Data Privacy Statement will also apply to you.

Legal bases for processing personal data

9.3. We may process your personal data using the following legal bases:

a. performance of a contract: where we need to perform a contract which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract;

b. legal obligation: the processing is necessary for us to comply with our legal obligations;

c. legitimate interests: the processing is necessary for our (or a third party’s) legitimate interests, provided that your fundamental rights do not override such interests; or

d. consent: you have given your express consent that we may process your information for these specific reasons.

9.4. If we process special category personal data, we will also ensure we are permitted to do so under applicable laws, e.g.:

a. we have your explicit consent;

b. the processing is necessary for us to comply with our obligations as an employer;

c. the processing is necessary for reasons of substantial public interest;

d. the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; or

e. the processing is necessary to establish, exercise or defend legal claims.;

9.5. We process information that we collect about you or that you provide to us, including any personal data, as set out in the below table:

Purpose and/or activity Legal basis for processing (UK GDPR)
To manage our supplier and partner relationships. • Necessary to our legitimate interests: to maintain and develop further our business relationships with you and our suppliers and partners (as appropriate)
To provide any ongoing support services. • Performance of a contract
• Necessary to our legitimate interests: to provide our services
For other everyday business purposes such as contract management, IT and website administration and security, fulfillment, analytics, fraud prevention, corporate governance, reporting and legal compliance. • Necessary to our legitimate interests: to ensure the ongoing, efficient and secure running of our Website and our business, including through maintaining information technology services, network and data security and improving
• Necessary to comply with a legal obligation to which we are subject
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection. • Performance of a contract
• Necessary to our legitimate interests: to provide our services to you and comply with our obligations under our contract with you
To recruit job applicants and contractors, including processing and assessing applications and discharging the Company’s legal obligations. • Performance of a contract
• Necessary to comply with a legal obligation
• Necessary for legitimate interests: to assess employment candidates
To manage your employment or engagement, including to process payroll, manage superannuation / pension administration, tax obligations. • Performance of a contract
• Necessary for legitimate interests: to assess employment candidates
To conduct processes connected to your employment or engagement including in relation to performance, claims, complaints, investigations, training and development and/or disciplinary action. • Performance of a contract
• Necessary to our legitimate interests to manage your employment and handle any complaints or disciplinary action
To ensure that the physical condition of employees is sufficient for relevant roles. • Necessary to comply with a legal obligation
To ensure the security of our offices and properties and to monitor the attendance of employees. • Necessary for legitimate interests: to ensure the security of our business, assets, information and attendees at our offices and properties and to monitor employees’ performance of their employee duties.
To respond to inquiries and complaints. • Necessary for legitimate interests: to develop our relationship with you and deal with complaints in a proper and efficient manner.
• Necessary to comply with a legal obligation
To train team members, contractors and other workers. • Necessary to comply with a legal obligation
• Performance of a contract
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred. • Necessary for legitimate interests: to manage responsibly the ongoing trading of the business as may be necessary or appropriate in the circumstances.

9.6 We will process your personal data for the purpose for which we collected it and for further purposes only if we deem them compatible with that original purpose.

9.7 You are not required to provide any personal data; however, if you choose not to provide certain requested information, we may, for example, be unable to perform the contract we have entered into with you.

International data transfers

9.8 We are a global organisation. Your personal data may be transferred outside of the UK. It is likely that your personal data will be transferred within our group of companies which operate in different jurisdictions around the world, including in Australia.

9.9 From time-to-time, we may also give secure access to the personal data to third party contractors located in the Philippines . We will only do this where it is necessary or appropriate to achieve the purposes set out in this privacy policy.

9.10 We will always ensure that any transfer complies with applicable laws and your personal data will be secure.

9.11 Whenever we transfer personal data outside of the UK, we ensure at least one of the following safeguards is implemented:

a. we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission (and as recognised by the UK); or

b. we may enter into standard contractual clauses (or equivalent measures) with the third party located outside of the UK.

9.12 Please contact us using the contact details set out below to request further details.

Data retention

9.13 We will only retain your personal data for as long as necessary to fulfil the purposes set out in this privacy policy, including for satisfying any legal, accounting, or reporting requirements. In some circumstances we may anonymise your personal data, in which case we may use such information without further notice to you.

9.14 To determine the appropriate retention period for your personal data, we consider the amount, nature and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure of the personal data; the purposes for which we process the personal data and whether we can achieve those purposes through other means; and the applicable legal requirements.

Your rights

9.15 We make every attempt to process your personal data in accordance with applicable law. In addition to the information provided above, you have the following rights:

a. Access: You have the right to request a copy of any personal data we hold about you. We request that your request for access to or a copy of your personal data be in writing and we will endeavour to respond within a reasonable period and in any event within one month.

b. Rectification: You have the right to request the rectification of your personal data if you believe that it is inaccurate.

c. Deletion (also known as the right to be forgotten): You have the right to request that we delete the personal data that we process about you in certain circumstances. The right to deletion does not apply in some circumstances (for example, if we need to retain such personal data in order to comply with a legal obligation or to establish, exercise or defend legal claims).

d. Restriction: You have the right to require us to restrict your personal data in certain circumstances (for example, if you contest the accuracy of your personal data and we are verifying the accuracy of it).

e. Portability: You have the right to ask us to transfer a copy of your personal data to you in a structured, commonly used and machine-readable format or transmit the personal data to another service provider or third party in certain circumstances.

f. Objection: You have the right to object to the processing of your personal data in certain circumstances (for example, to your personal data being used for direct marketing purposes or if the processing is for our legitimate interests).

g. Complaint: If you are unhappy with our treatment of your personal data, and you have contacted us as set out below, you have the right to lodge a complaint with the local data protection authority.

h. Automated individual decision-making: You have the right not to be subject to automated decisions where the decision produces a legal effect concerning you or similarly significantly affects you.

9.16 You also have the right to withdraw, at any time, any consent that you have previously given to us for use of your personal data. In certain circumstances, even if you withdraw your consent, we may still be able to process your personal data if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.

9.17 To make a request to exercise any of these rights (where applicable) in relation to your personal data, please contact us using the contact details below.

10 Complaints about privacy

10.1. We take Complaints very seriously. Every complaint is investigated, replied to promptly and in a confidential manner. If you have any complaints about our privacy practices, please feel free to send in details of your complaint to:

[email protected]

Or Post a letter to:

Indigo Corp

Attn: Privacy Officer

4 Dickson Avenue,

Artarmon NSW 2064

10.2. You can also contact the information Commissioner or visit the Commissioner’s web site here if you would like further information about privacy.

10.3 If you are located in the UK, the UK GDPR gives you the right to lodge a complaint with the supervisory authority, which is the Information Commissioner’s Office who may be contacted at .

Last updated: November 2022