GREYHOUND AUSTRALIA PTY LTD – PRIVACY COLLECTION NOTICE FOR PEOPLE IN EUROPE

This notice applies to the collection and processing of your personal information (or data) if you are an individual normally resident in a country that is a member of the European Economic Area (EEA) by or on behalf of Greyhound Australia Pty Ltd (ACN 104 326 383) and our subsidiaries as described in our Privacy Policy ('Greyhound', 'we', 'us', 'our') and Greyhound collects and processes your personal information for the purposes of responding to you, administering your purchase, providing services to you or providing you with information about our products and services. This notice is provided in addition to the information included in Greyhound's Privacy Policy in order to meet our applicable GDPR notice requirements.

Legal grounds for processing: Greyhound relies on the following legal grounds in the GDPR to process your personal information:

• With your consent – where required, Greyhound will only use your personal information for the purpose/s for which you have given your valid or explicit consent, which Greyhound will obtain before processing your information. You can withdraw your consent by contacting the Privacy Officer as set out in Greyhound's Privacy Policy.
  
  
• Contract performance - Greyhound may need to collect and process your personal information in connection with an agreement with you, or to perform our obligations under a contract with you, your employer or a travel agent with whom you have dealt, in relation to your purchase of our products or services.
  
  
• If it is necessary for Greyhound's legitimate interests and does not override your rights and interest. This may be when:
• identifying opportunities to improve Greyhound's offerings and operations
• conducting research to serve you better by understanding your preferences (including to ensure Greyhound sends you appropriate information about our products and services)
• providing a safe and secure environment to you and the public
• allowing Greyhound to operate our services and perform administrative and operational tasks (such as training staff, risk management; developing and marketing products and services; undertaking planning and statistical analysis; and systems development and testing)
• investigating and taking appropriate action in relation to an identified or potential serious threat or risk to you or other members of the public, for example an incident involving one of our vehicles
• notifying third parties about accidents or incidents
• responding to an emergency
• making an insurance claim.
• To comply with laws or regulation that apply to Greyhound.

Storage of data: Greyhound generally stores your personal information in Australia. However, when you subscribe to one of our newsletters, we use a third party service provider in the United States of America who will store the personal data you provide. Whilst Australia and the United States are not considered by the European Commission to have equivalent and adequate privacy protections to the GDPR, Greyhound will take steps to protect your personal information transferred from the EEA to us, and which we transfer to other third parties, in a manner consistent with legal requirements applicable to the information. We will do this by:

• transferring personal data to organisations in the Unites States that are certified in accordance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
• meeting the requirements of an applicable derogation in the GDPR for the transfer, such as obtaining your consent; or
• asking the recipient of personal information from Greyhound to sign a contract based on 'standard contractual clauses' approved by the European Commission, requiring them to protect your personal information.

Your additional rights and choices

You can:

• obtain information from us about the processing of your personal information
• ask us to erase your personal information without undue delay in certain circumstances, such as if you withdraw your consent and Greyhound is not otherwise legally entitled to retain it
• object to, and ask us to restrict, the processing of your personal information in certain circumstances, such as while we verify your assertion the information is inaccurate or if we are processing your information for our legitimate interests or for direct marketing purposes (we may be legally entitled to refuse that request)
• in some circumstances, such as where we process your information with your consent, receive some personal information you have given us in a structured, commonly used and machine-readable format and/or ask us to transmit it to someone else if that is technically possible and feasible for us to do
• withdraw your consent (but we may be able to continue processing without your consent if there is another legitimate reason to do so)
• lodge a complaint with the relevant European data protection authority if you think that any of your rights have been infringed by Greyhound – we can, on request, tell you the relevant authority for the processing of your personal information.

Retention of your personal information: The length of time we keep your personal information depends on what it is and whether we have an ongoing business need to retain it (for example, to continue to provide marketing and information to you as an ongoing customer or to comply with applicable legal, tax or accounting requirements). If we no longer need your information, we will make sure it’s deleted or anonymised. Greyhound may need to retain certain personal information to issue or resolve legal claims, to comply with Greyhound's regulatory obligations and/or for proper record keeping purposes. If you choose to unsubscribe from receiving marketing or service-related emails from us, Greyhound may also retain a record of any stated objection by you to receiving marketing about its services or activities or withdrawal of your consent for the purpose of ensuring we can continue to respect your wishes.

Contacting us
Individuals and data protection supervisory authorities in the EU and the UK may contact our data protection representatives according to Articles 27 EU and UK GDPR:

EU: DP-Dock GmbH, Attn: Greyhound Australia Pty Ltd., Ballindamm 39, 20095 Hamburg, Germany
UK: DP Data Protection Services UK Ltd., Attn: Greyhound Australia Pty Ltd., 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
www.dp-dock.com
greyhound@gdpr-rep.com