Privacy Statement and Credit Reporting Policy

PRIVACY STATEMENT

Scope of this policy

Daimler Truck Financial Services Australia Pty Ltd (ABN 23 651 056 825) (“we”, “us” or “our”) takes the use, collection, and protection of your personal information seriously. We respect your personal information and privacy and are committed to keeping your personal information safe.

This Privacy Statement outlines the following:

1. The kinds of information we collect and hold about you (including sensitive information);

2. How we collect your information;

3. The purpose for which we collect, use and disclose your personal information (including overseas disclosure and direct marketing);

4. How to access, update or correct your personal information;

5. How we secure your personal information; and

6. How you can make a privacy complaint.

Where we deal with your personal information, we are governed by and comply with the following:

∙ The Privacy Act 1988 (Cth) (“the Privacy Act”), including the Australian Privacy Principles (“APPs”) located in Schedule 1 of the Privacy Act; and

∙ The Privacy (Credit Reporting) Code 2014 as set out in Part IIIA of the Privacy Act.

1. The kinds of information we collect and hold

1.1 Personal information

Personal information is defined in the Privacy Act as information or an opinion about an identified individual, regardless of whether that information or opinion is true or not or whether the information or opinion is recorded in a material form or not. We collect personal information that is reasonably necessary for or directly related to one or more of our functions and activities. The types of personal information we may collect include, but are not limited to, your:

∙ Name;

∙ Gender;

∙ Age and birth date;

∙ Occupation and employment details (including information about companies and/or businesses you are associated with);

∙ Contact details;

∙ Residential and/or business address;

∙ Vehicle, registration and drivers licence details;

∙ Vehicle’s location (if a right for us to repossess your vehicle arises under your finance contract or a finance contract of a company of which you are a director);

∙ Credit card and bank account details;

∙ Other financial information (including credit information and information about your financial position);

∙ Other forms of identification used to confirm your identity;

∙ Insurance history (if relevant, via a referrer model);

∙ Current and past vehicle information and details;

∙ Cookies and website tracking;

∙ Location through vehicle tracking technology in vehicles (if applicable);

∙ Voice (when we record inbound and outbound calls for quality, training and record keeping purposes);

∙ Image (by video and/or photograph at events, during market research or through security cameras on our premises);

∙ Educational qualifications, resume and reference checks;

∙ Personal interests; and

Personal preferences (such as your preferred vehicle specifications).

1.2 Credit information

When you apply for credit with us, receive credit from us or guarantee the obligations of another under their credit arrangements with us, we may also collect, hold, use and disclose credit information about you. Credit information is ‘personal information’, however it is also regulated by the Privacy (Credit Reporting) Code 2014 and Part IIIA of the Privacy Act. Credit information includes, but is not limited to:

∙ Information about your credit worthiness;

∙ Default information;

∙ Repayment history information;

∙ Payment information;

∙ Credit reports;

∙ Personal insolvency information; and

∙ Credit liability information.

1.3 Sensitive information

Sensitive information is personal information that, due to its nature, is given a higher degree of protection under the Privacy Act. It generally refers to information or an opinion regarding your:

∙ Racial or ethnic origin;

∙ Political opinions;

∙ Membership of a political association;

∙ Religious beliefs or affiliations;

∙ Philosophical beliefs;

∙ Membership of a professional or trade association;

∙ Sexual preference or practices;

∙ Criminal record;

∙ Health information; or

∙ Biometric information

We generally do not collect sensitive information unless it is reasonably necessary for a specific purpose, such as if you make a hardship application to us or if you use our eKYC tool (if applicable). We will only collect this information if we have your express consent or if the law requires its collection.

Anonymity

Where appropriate, we provide you with the option of remaining anonymous when dealing with us, unless such anonymity would be considered unlawful or impracticable. If you elect not to provide us with your personal information, the services or opportunities we can offer you may be limited, we may not be able to do business with you or consider you for recruitment opportunities.

2. How we collect and hold your information

2.1 Collection of personal information

We take steps to ensure that whenever we collect your personal information, we do so by lawful and fair means. Depending on the circumstances, we may obtain your personal information in a variety of ways, including but not limited to:

∙ When you contact or correspond with us;

∙ When you phone our customer support and assistance centres or require support;

∙ When you attend our premises;

∙ When you visit an authorised dealership to test drive or purchase a vehicle, have your vehicle serviced or repaired or undertake the ID check associated with for example your use of smart control information and telematics services. Vehicles that you test drive or loan from us or one of our wholly owned dealerships may also be fitted with vehicle tracking technology and in this respect we may track your location (if applicable)

∙ If you apply to be a dealer or an agent or through dealer/agent communications;

∙ From third party roadside assistance service providers;

∙ If you order a product or service from us;

∙ If you, or a company or business you are associated with, applies to us for credit;

∙ Via our website (including our microsites) including: if you choose to supply the information to us by entering your information into interactive sections on our website, or by the use of Cookies;

∙ Via our Apps or the Apps of other related or Daimler Truck Group companies (for example, undertaking the ID check associated with your use of smart control information and telematics services via the App).

∙ If you choose to create a new login or use your existing login or otherwise provide information through our websites and microsites; when you attend a (product) focus group, review a product or complete a survey;

∙ Via social media;

∙ From publicly available sources such as data aggregators and public databases;

∙ From third party service providers;

∙ When you apply for work with us and during reference checks;

∙ From other related entities or Daimler Truck Group companies;

∙ From government bodies, enforcement and regulatory authorities.

∙ From an electronic identity verification service provider in order to verify your identity against government and/or commercial database.

When you provide personal information about other individuals to us (for example, joint owners, business or commercial partners and/or associates, family members or referees), we rely on you to inform those individuals that you are providing their personal information to us and tell them about this Privacy Statement.

2.2 Collection of credit information

If you, or a business or company you are associated with applies to us for credit, we will collect credit information about you from Credit Reporting Bodies (“CRB”) in the form of a credit report. The CRBs that we currently use are:

i. Equifax Pty Ltd

www.equifax.com.au

ii. Illion Australia Pty Ltd (formerly Dun & Bradstreet Pty Ltd)

www.illion.com.au

iii. Experian Australia Credit Services Pty Ltd

www.experian.com.au

The privacy policies for the above CRBs can be found on their websites.

You can request that a CRB not use or disclose credit information it holds about you for a period of 21 days (“ban period”) without your consent if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.

When you, or a business or company you are associated with applies to us for credit, you agree to us accessing your personal information (including credit information) held with a CRB, even if there is a ban period in place, for the purpose of assessing an application for in credit or in order to collect overdue payments.

In some cases, we may also obtain credit information about you from other lenders who appear in credit reports about you provided by CRBs.

3. Purposes for which we collect, hold use & disclose your information

3.1 How we may use your personal and sensitive information

We primarily collect your personal and sensitive information so that we can provide you with the best possible finance products and services or insurance solutions (if relevant, via a referrer model) that we and our authorised dealer network have to offer, to create a more personalised experience for you and to comply with our legal, regulatory, industry or workplace requirements. More specific purposes include but are not limited to:

∙ Any purpose which we inform you about when we collect your personal information or to which you have provided your consent;

∙ Any related purpose which would be reasonably necessary or directly related to one or more of our functions or activities;

∙ Responding to enquiries in relation to products we sell and services we offer;

∙ Providing support to our customers and authorised dealer network;

∙ Providing customer assistance and care;

∙ Fulfilling and processing orders, requests, applications and administering accounts;

∙ Carrying out marketing, event and promotional activities;

∙ Informing you of special events or offers;

∙ Performing market research, customer surveys, customer analysis and product development;

∙ For accounting, billing or other internal administrative purpose;

∙ Recruitment purposes;

∙ To protect our interests by registering a security interest on the Personal Property Securities Register;

∙ Checking against sanctions lists;

∙ To comply with industry, legal and regulatory requirements; and/or

∙ Where permitted or required by law, a court or tribunal.

3.2 How we may use your credit information

We primarily use your credit information for the following purposes:

∙ Assessing you as a borrower or guarantor and/or to assess a credit application by a company of which you are a director;

∙ Managing a finance contract (including a contract with a company of which you a director or secretary);

∙ Complying with our legislative and regulatory obligations, including but not limited to those arising under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (see 3.3.1 below);

∙ Assist you in managing your debts or to assist us to collect overdue payments on credit contracts.

3.3 Disclosure of information

During the course of our day to day business, we may disclose your personal and sensitive information to third parties outside our organisation, including but not limited to:

∙ Those that you have consented we disclose your personal information to, either impliedly by your conduct, verbally or in writing;

∙ Our authorised dealer network;

∙ Insurers or insurance brokers (if relevant);

∙ Contracted service providers including but not limited to advertising and marketing agencies, financiers, insurers, mailing houses, printers, organisations that assist us to conduct promotions or market research, payroll service providers, recruitment agencies, debt collectors, data analysts, IT service providers, roadside assistance providers, database storage and service providers, cloud service providers and professional advisors;

∙ To other members that are part of, related to or associated with the Daimler Truck Group (some of which are based overseas see 3.4 below). This includes without limitation Daimler Truck Australia Pacific Pty Ltd including for example any collection and disclosure in relation to Service Plan;

∙ Necessary third parties for the purposes of facilitating or implementing a sale or transfer of all or part of our assets or business; and/or

∙ As required by an enforcement authority, regulator, law, court or tribunal.

3.4 Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (“AML/CTF Act”)

We may be required by the AML/CTF Act to verify your identity before providing credit to you. In order to do this, if you provide your consent we may provide your name, residential address and/or date of birth to a CRB and ask the CRB to provide an assessment of whether this personal information matches the information held by the CRB and other bodies.

This assessment is not a credit check and we will not use the assessment for any purpose other than to verify your identity as required by the AML/CTF Act.

If you do not want us to provide a CRB with your personal information for the purposes of verifying your identity, you may request that we verify your identity by using independent and reliable documents such as a drivers licence or passport. In this case, DTFSAu or an authorised dealer will need to sight your original identification document(s) or an original certified copy/ies of same.

3.5 Cross border disclosure

In the ordinary course of our day to day business activities, your personal and sensitive information may be transferred, accessed, processed and/or stored in various countries within Asia, Africa, Europe and North America and other parts of Australasia. Though for the most part, this will mean Germany, Singapore, the United Kingdom, India, Japan, New Zealand, China and the Philippines.

Where we arrange for work or services to be undertaken on our behalf, that work is undertaken under conditions of confidentiality and may result in your personal information being transferred, accessed, processed and/or stored (for example, on clouds or servers) in various countries for the purpose of service delivery to us or you.

Unless an exception applies in the Privacy Act, prior to disclosing personal or sensitive information to overseas recipients we will take reasonable steps in the circumstances to ensure that the overseas recipient adheres to the Privacy Act or equivalent standards.

3.6 Direct marketing

Direct marketing involves us communicating directly with you to promote the sale of our goods and services. This can be done by a variety of methods including for example, by mail, telephone, e-mail or SMS/IM/MMS and potentially by third parties on our behalf. We will obtain your consent prior to using or disclosing your personal information for direct marketing purposes.

We do not actively market to children or knowingly collect personal or sensitive information about children without parental consent. Whilst we do take steps to ensure that children’s privacy and rights are not compromised, it is ultimately the responsibility of parents to monitor their children’s internet usage.

3.6.1 Electronic communications

Where we electronically communicate with you (e.g. by instant messaging, SMS/IM/MMS, and other mobile phone messaging (excluding voice to voice communications)) for the purpose(s) mentioned above, we comply with the Spam Act 2003 (Cth) as amended from time to time. We take steps to ensure that our electronic communications meet the following conditions:

a. They will only be sent with your consent, which you either provide expressly, or in very limited circumstances, that consent is inferred by your conduct or an existing ongoing business relationship;

b. They contain accurate information about us and how to contact us; and

c. They contain a functional unsubscribe facility to allow you to opt out of receiving electronic messages from us in the future.

3.6.2 Do Not Call Register Act 2006 (Cth)

The Do Not Call Register Act 2006 (Cth) allows telephone numbers to be registered if they are used primarily for domestic or private purposes in order to allow you to opt out of receiving most telemarketing calls or marketing faxes. If you have registered your private or domestic number on the register, then we will not contact you for telemarketing purposes for example, offering to sell you goods or services except if you have expressly opted in to receive direct marketing phone calls from us which you can opt out at any time.

However, we may still contact you for purposes that are not telemarketing purposes, including but not limited to the following:

∙ Product issues and fault rectification calls;

∙ Calls relating to payments;

∙ Calls relating to a contact or the subject matter of a contract we have with you; and

∙ Solicited calls.

3.6.3 Opting out

If you do not wish to receive direct marketing, electronic communications or telephone calls from us for direct marketing purposes, you can opt out at any time. Please let us know by contacting us on 1300 243 052 or at privacy_dtfsau@daimlertruck.com . When you opt out, we will stop sending the material until such time as you change your preferences.

If you elect not to receive any direct marketing material from us, you are likely to miss out on special product and service promotions, invitations to public events, publications and other items that fall into this category.

4. Access and correction of information

4.1 Access to information we hold about you

At any time you can request access to information we hold about you. We aim to respond to your request within 21 days. We may charge a reasonable fee for information requests.

Whilst we are obliged to provide you with access to your information, there are exceptions and those are outlined in the Privacy Act. If one of the exceptions applies to your access request, we will (if reasonable in the circumstances) work with you and attempt to provide you with access in a way to meet both of our needs. If it is reasonable in the circumstances, we will also notify you in writing if we have determined to refuse access to your personal or sensitive information due to one of the exceptions listed above and the reasons for that refusal.

4.2 Correction of information we hold about you

We also encourage you to actively engage with us and let us know when your details change or if your personal or sensitive information needs correction or updating via our contact information provided below. To correct personal information, we need to be satisfied on reasonable grounds that the information we hold about you is inaccurate, out of date, incomplete or misleading.

We will respond to requests to correct your personal information within 21 days. If we correct your personal information, we will notify you and any other person or organisation that the information is relevant to. If we refuse to correct your personal information, we will provide you with written notice setting out:

∙ The reasons for the refusal;

∙ Mechanisms available to complain about the refusal; and

∙ Any other matter required by law.

If we refuse to correct your personal or sensitive information, you can request that we associate a statement with the information you believe to be inaccurate in a way that makes the statement apparent to other users of the information.

5. Security of personal and sensitive information

5.1 Integrity and quality of personal and sensitive information

We take reasonable care to ensure that personal or sensitive information we use, store and subsequently destroy/delete (where relevant) meets certain quality requirements, in that the personal and sensitive information is accurate, up to date and complete.

5.2 Security of personal and sensitive information

While care is taken to protect your personal and sensitive information, unfortunately no data transmission over the internet is guaranteed as being 100% secure. Accordingly, we cannot guarantee the security of any information you send to us or receive from us online. That is particularly true for information you send to us via email as we have no way of protecting the information until it reaches us. Once we receive your personal or sensitive information, we are required to protect it in accordance with the Privacy Act.

We follow the Daimler global policies, guidelines and standards which are designed to secure your information. We continually train and remind our staff of the importance of keeping information safe and secure.

We have adopted active security measures to ensure that your personal and sensitive information is kept safe from misuse, interference, loss, unauthorised access, disclosure and modification, such as:

a. System security: Our application systems are password protected and can be accessed only by people authorised to do so. Our policies require us to encrypt confidential information, for instance, when you provide information to us by using our website or when you send information from your computer to us. Security is inbuilt into the design and operations of our systems through the use of firewalls, ethical hacking and virus scanning tools.

b. Physical security: Our premises are protected against unauthorised access by way of access card for entry, cameras, alarms and security services.

c. Data retention: If personal or sensitive information is no longer required for the purpose for which we are permitted to use, disclose or legally retain it, then we will permanently remove from a record any information by which an individual may be identified on order to prevent future re-identification from the data available. We retain information as long as needed to comply with the law or our own corporate policies and procedures.

Whilst we seek to keep your personal and sensitive information secure, errors may occur from time to time and we will act quickly to investigate them and implement measures to avoid them from happening again (where possible).

6. Automated collection of information via website

6.1 Collection of information

We collect statistics about the use of our websites to help make the sites more usable. We do this using software techniques such as cookies (which is described in more detail below). While this information is about users, we do not use these tools to identify individual users of the websites.

6.2 Cookies

Cookies are pieces of information that the websites use to recognise repeated usage, facilitate better access to and use of the website. The use of cookies is standard and you will find that most websites use them. Most internet browsers are pre-set to accept cookies. If you prefer not to receive cookies, you can adjust your internet browser to refuse cookies or to warn you when cookies are being used. However, if you disable cookies, this may affect the functionality of our website for you. For more information on the use of Cookies please see:

https://www.daimlertrucks.com.au/assets/build/images/pdf/cookies-policy.pdf

We will at no time sell, rent or trade your personal information to or with any other unrelated entity.

7. Changes to this privacy statement

7.1 Amendments

This Privacy Statement may be reviewed and amended periodically without prior notice. We may change this Privacy Statement at any time by publishing the amended version on our website. Any changes to our Statement will become effective upon posting of the updated Statement on our website. You can tell when this Statement has been last updated by checking the date on the Statement. If changes are significant, we’ll provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes).

7.2 Privacy and Collection Statements

We may also issue privacy and collection statements through our website or other points of contact and collection which will refer to this Privacy Statement but will also give more specific information about the collection, use and disclosure of personal information being collected at that time (by reference to the relevant circumstances of collection).

8. Complaints

If you have any concerns regarding:

∙ This Privacy Statement;

∙ The way we have handled your personal information;

∙ You believe that we have breached the Privacy Act, APPs or the Credit Reporting Code;

Please contact us at:

Privacy Officer

Daimler Truck Financial Services Australia Pty Ltd

Level 3, 631 Springvale Road Mulgrave VIC 3170

privacy_dtfsau@daimlertruck.com

We will endeavour to respond to all complaints as soon as possible and will notify you of our decision within 21 days. If we are unable to meet this timeframe, we will let you know the reasons for the delay and the expected timeframe for resolving the complaint.

If you are dissatisfied with our response to your complaint, you may contact the Office of the Australian Information Commissioner (details set out below).

Office of the Australian Information Commissioner

GPO Box 5218

Sydney NSW 2001

1300 363 992

enquiries@oaic.gov.au

www.oaic.gov.au

Last updated: May 2024

CREDITING REPORTING POLICY

Overview

Daimler Truck Financial Services Australia Pty Ltd ABN 23 651 056 825 (‘DTFSAu’, ‘we’, ‘us’, or ‘our’) collects credit information about you to assess your credit or guarantor application, or an application by the company of whom you are a director, and to manage any resulting credit contract.

When we deal with your credit information, we are governed by and comply with the following:

∙ The Privacy Act 1988 (Cth) (“the Privacy Act”), including the Australian Privacy Principles (“APPs”) located in Schedule 1 of the Privacy Act; and

∙ The Privacy (Credit Reporting) Code 2014 as set out in Part IIIA of the Privacy Act.

If relevant, we will also comply with the Australian Retail Credit Association Credit Reporting Privacy Code and Credit Reporting Standard.

This Credit Reporting Policy sets out what credit information we obtain, how we collect it and to whom and under what circumstances we disclose your credit information. It also sets out your rights to access that credit information, have it corrected where necessary, and to lodge a complaint if you are dissatisfied with how we manage your credit, or any other, information.

This Credit Reporting Policy is to be read in conjunction with our Privacy Statement regarding the handling of personal information in accordance with the APPs.

Credit information

Credit information is personal information that includes:

∙ Identification details

∙ Credit liability

∙ Credit eligibility information

∙ Repayment history

∙ Credit Reporting Body enquiries

∙ Product details – loan/lease details

∙ Defaults

∙ Payment information

∙ Payment arrangements

∙ Court actions

∙ Insolvency events

∙ Publicly available credit information

∙ Serious credit infringements – credit fraud (attempted or actual) and/or avoidance of loan/lease obligations

Collection of your credit information

We collect as much information as possible directly from you in your application for credit. We also collect your credit information from a Credit Reporting Body (‘CRB’) in the form of a credit report. The CRBs that we currently use are:

i. Equifax Pty Ltd

www.equifax.com.au

ii. Illion Australia Pty Ltd (formerly Dun & Bradstreet Pty Ltd)

www.illion.com.au

iii. Experian Australia Credit Services Pty Ltd

www.experian.com.au

The privacy and credit reporting policies for the above CRBs can be found on their websites.

We also collect your credit information from credit providers identified in your credit application/report and other third parties where necessary.

Information we obtain from your credit application and/or from a CRB is defined as credit eligibility information. We use this information, called derived information, to assist us to determine whether you meet our credit criteria. We also use other information to decide whether to accept or decline your credit application.

Security of your credit information

We have adopted active security measures to ensure your credit information is kept safe from misuse, interference, loss, unauthorised access, disclosure and modification, such as:

b. Physical security: Our premises are protected against unauthorised access by way of access card for entry, cameras, alarms and security services.

c. Data retention: If credit information is no longer required for the purpose for which we are permitted to use, disclose or legally retain it, then we will permanently remove from a record any information by which an individual may be identified in order to prevent future re-identification from the data available. We retain information as long as needed to comply with the law or our own corporate policies and procedures.

Whilst we seek to keep your credit information secure, errors may occur from time to time and we will act quickly to investigate them and implement measures to avoid them from happening again (where possible).

Use and disclosure of your credit information

When we collect your credit information, we use that credit information in a number of ways to assess your credit application and to manage any resulting credit contract. We may:

∙ Disclose your credit information to a CRB.

∙ Use credit information provided by a CRB to assist us to assess your credit or guarantor application, or the application of a company of which you are director.

∙ Provide a CRB with your repayment history of your consumer credit.

∙ Notify a CRB of any overdue payments on consumer credit, provided they are more than 60 days overdue, we have attempted to collect the payment and we have notified you of our intention to do so.

∙ Notify a CRB of a serious credit infringement of your consumer credit if we have reasonable grounds to believe you fraudulently obtained, or attempted to obtain, credit from us or that you have shown an intention to evade your obligations under the contract with us:

∙ We will only do this if we have not been able to contact you over a 6 month period.

∙ Confer with a CRB for updated contact details if we lose contact with you.

∙ Ask a CRB to assess your eligibility to receive direct marketing material from us.

CRBs may include your credit information in reports to other credit providers to assist them in assessing your credit worthiness.

You can ask CRBs not to use or disclose credit information it holds about you for a period of 21 days (called a "ban period") without your consent if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.

CRBs may use credit information they hold to respond to requests from us or other credit providers to "pre-screen" you for direct marketing. You can ask a CRB not to do this.

Offshore disclosures

In the course of our day to day business activities, your credit information may be transferred, accessed, processed and/or stored in various countries within Asia, Africa, Europe, North America and other parts of Australasia. For the most part, this will mean Singapore, Germany, the United Kingdom, India, the United States of America, Japan, China, Philippines and New Zealand.

Your rights

You have the right to:

∙ Ask us to provide you with the credit and personal information we hold about you; and

∙ Ask us to correct the credit information we hold if it is incorrect.

If you require the above information, please contact our Privacy Officer at privacy_dtfsau@daimlertruck.com.

If any information is incorrect, out of date or incomplete, you have the right to have that information updated and corrected. If, for any valid reason, we refuse to correct your information, we will provide you with an explanation.

In some cases, an administration fee may be charged to cover the cost of providing your credit and personal information.

Complaints

If you are dissatisfied with how we manage your credit information, you can lodge a complaint with our Internal Dispute Resolution Specialist:

Email: customersupport_dtfsau@daimlertruck.com

Address: Dispute Resolution Specialist

Daimler Truck Financial Services Australia Pty Ltd

Level 3, 631 Springvale Road

Mulgrave, Victoria 3170

Telephone: 1300 243 052

We will endeavour to respond to all complaints as soon as possible and will provide you with written notice of our decision within 21 days. If we are unable to meet this timeframe, we will let you know the reasons for the delay and the expected timeframe for resolving the complaint.

CRB Access and CRB Privacy Policies

You can also access the information CRBs hold about you, and request a copy of a CRB’s privacy policy, by contacting them directly at:

Equifax

Website: www.equifax.com.au/contact

Illion Australia Pty Ltd (formerly Dun & Bradstreet Pty Ltd)

Website: www.illion.com.au

Telephone: 13 23 33

Experian

Website: www.experian.com.au/about/contact.html

Telephone: 1300 783 684

Last updated May 2024