GAC Australia

Asia Pacific
Middle East & Africa
America
Europe
Other Countries and Regions
lang
Register

Privacy Policy

Last Updated: September 28, 2025

 

1. Who We Are?

GAC International Australia Pty Ltd (“GAC” or “we” or “us”), with registered address of Suite 704, Level 7 46-48 Market Street, Sydney NSW 2000, is committed to protecting your personal information in accordance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (“Privacy Act”). 

We understand that your personal information is important to you, and we value your trust.

This Privacy Policy describes how we manage any personal information we hold about you (including personal information collected from and via the website, app and connected services) and does not cover information held or collected about our employees.

 

2. What is personal information?

Personal Information is defined in the Privacy Act. Its current definition is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not. If the definition in the Privacy Act changes, references to “Personal Information” in this Privacy Policy will have the updated meaning from the Privacy Act.

 

3. What Personal Information Does GAC collect?

GAC only collects personal information if it is reasonably necessary for one of our functions or activities, or as required by law. 

GAC may collect and hold the following kinds of personal information about you:

    • name
    • address
    • gender
    • age or date of birth
    • telephone number
    • email address
    • driver licence
    • photos, images and biometric information
    • information found on social media
    • contact details
    • payment details
    • customer history with us

We may also collect and store information about your visits to our website and your access and use of the app (as the case may be), including:

    • the browser type, device type, domain name, IP address and operating system of the computer from which you accessed the internet
    • the date and time you accessed the
    • the internet address of the website from which you linked directly to our website
    • the pages you accessed while visiting the website and your interactions with the website
    • vehicle related data which may be automatically transmitted from your vehicle to one or more of the GAC entities.

We may also collect and store information obtained through your phone calls to or from our dealerships and service centres, customer service lines and other dedicated business lines, including:

    • the phone number from which you are calling
    • the name displayed on the Caller ID (if available)
    • call recordings and transcripts of calls you place to us or from our business lines

We may use and analyse call information to increase or verify the accuracy of caller information, customise customer response according to call location, inform customer profiles and sentiment and as otherwise set out in this policy.

We may also collect, store and disclose between GAC Australia entities information obtained through your access to and use of the App, including but not limited to:

    • your full legal name;
    • email address;
    • mobile number;
    • vehicle identification details including model, VIN (vehicle identification number) and registration plate.

GAC may also collect telematics log data from the GAC vehicle you purchased from us. The data may be collected via remote access or in person at a service appointment. Telematics log data is required to improve the goods and services provided by the GAC Australia Network. Such data includes but is not limited to:

    • vehicle status information including speed, battery and charging, odometer readings, vehicle mechanisms, Electronic Control Unit information
    • cellular data usage
    • other data to assist in identifying issues and analysing the performance of the vehicle

If you use the map navigation systems in your GAC vehicle through an application (for example, confirm the Navigation System), GAC Australia entity may also collect information relating to the vehicle identification number (VIN), real-time locations and address details.

 

Data Analysis

When you visit and browse the website or our APP, in order to better provide you with products or services, and continuously improve our products, services, and optimize and enrich your user experience, we use Google Analytics, a web analytics service provided by Google LLC, to help us understand how visitors interact with the Platform and to improve our services accordingly. In the course of using Google Analytics, the following categories of data may be collected:

    • Analyzing your device preferences: device type (PC/mobile phone/tablet), operating system, browser type, screen resolution.
    • Traffic source analysis: network information: IP address (may be anonymized), internet service provider (ISP), approximate geographical location (country, city).
    • Optimizing user experience: collecting your behavior data: visited pages, time on page, click path, scroll depth, bounce rate.
    • Evaluating marketing effects: collecting your traffic sources: referring websites (such as search engines, social media), advertising campaigns (UTM parameters).
    • Distinguishing independent visitors: collecting your user identification.

Conversion Tracking (Google Ads)

    • In order to measure the effectiveness of our advertising campaigns and understand whether users complete desired actions (such as purchases or registrations) after clicking on ads, we use Google Ads Conversion Tracking. This allows us to perform cross-page and cross-domain attribution analysis. We may collect your advertisement click ID (gclid) and the corresponding click timestamp.

Test Drive Reservation Service

    • In order to provide you with test drive reservation services, you need to provide us with your mobile phone number, email address, and preferred vehicle model, so that we can arrange test drive services for you.

 

4. HOW DOES GAC COLLECT PERSONAL INFORMATION?

GAC will generally collect your personal information directly from you, including when you: 

    • interact with GAC, including via our websites at[https://www.gacgroup.com/en-au] (“GAC Websites”), social media, tradeshows and events, telephone, email or in writing; 
    • purchase a GAC vehicle, power product, or service;
    • purchase GAC genuine parts, merchandise, accessories or event tickets
    • register for a GAC customer or member account and provide information through that account;
    • make an enquiry, request or complaint, including to book a test drive, download a vehicle brochure or in relation to a pre-owned GAC vehicle listed;
    • participate in our customer surveys, research focus groups, competitions and marketing campaigns;
    • are engaged to supply products and services to GAC;
    • apply for a current or future career at GAC;
    • supply personal information as part of contractual arrangements;
    • apply to be, or are appointed, a “GAC Representative” of GAC under Representative Agreement, or a “dealer” of GAC under a Dealer Agreement (as applicable); and

GAC may also collect your personal information from third parties, such as dealers, our service providers, your finance or insurance company, regulatory authorities, road traffic authorities and from marketing lists that we legally acquire. 
If you provide us with personal information about another person (such as a joint vehicle owner or secondary driver), we rely on you to obtain that person’s consent to the disclosure of their personal information to us and notify them that the applicable privacy collection statement and this Privacy Policy contain information about our collection of their personal information.  The privacy collection statement of GAC Australia can be obtained here.

 

5. Who We Share Your Personal Data With

Certain modules or functions within our products or services are provided by external suppliers. For companies, organizations, and individuals that we entrust with the processing of personal data, we will enter into strict confidentiality agreements or other data protection-related agreements with them. These agreements require them to handle your personal data in accordance with our instructions, applicable laws and regulations, and any other appropriate confidentiality and security measures.

In principle, we will not share, transfer, or disclose your personal data with any third-party companies, organizations, or individuals, except in the following circumstances:

5.1 With other third parties that you direct or provide consent.

5.2 Sharing for legal reasons. Subject to the requirements of this Policy, we may share your personal data in specific circumstances, such as to comply with legal regulations, mandatory government directives; to safeguard the legitimate rights and interests of you, us, or third parties; to prevent or address issues related to fraud, security, or technical problems, etc.

5.3 Share with affiliates. To assist, operate, enhance, and fulfill services on our behalf based on our legitimate interests to outsource certain operations, we may share your personal data with Companies that are owned or controlled by us, or where we have a substantial ownership interest.

5.4 Sharing with third-party service providers. To arrange your test drive reservation, we may share the following personal data with our local affiliated company or distributors: mobile phone number, email address, preferred vehicle mode.

5.5 Sharing with Third-Party Technology Integrations (SDKs). To provide certain functionalities and improve your experience, we may integrate technologies from third parties into our Platform through Software Development Kits (SDKs). These third parties may collect or process personal data on our behalf or in connection with your use of our services.

SDK Name

Purpose of Sharing

Types of Personal Data Shared

Sharing Method

Privacy Policy Link

Google Map SDK

To provide map and location-based services

User device information, user interaction coordinates, and IP-inferred coarse location

SDK embedded

https://policies.google.com/privacy

Google Analytics SDK

To analyze user behavior and optimize the app experience

App information; device information (system settings, system attributes, device model, operating system, IP address, approximate location); network information (network connection type, Wi-Fi status, carrier information); user behavioral data

SDK embedded

https://policies.google.com/privacy

You may request us to assist in contacting the third-party recipient to exercise your statutory rights through the contact details described in Article 9.

5.6 Sharing as a result of a change in our corporate structure. In the event of a merger, division, dissolution, acquisition, or declaration of bankruptcy that involves the transfer of personal data, we will inform you of the name and contact details of the recipient of your personal data. We will require the new company or organization that holds your personal data to continue to be bound by this Privacy Policy; otherwise, we will require that company or organization to obtain your authorization and consent again.

 

6. How We Store and Protect Your Personal Data

6.1 Safeguarding Personal Data Security

We are committed to ensuring the security of your personal data. We employ a variety of security technologies and procedures to protect your personal data from unauthorized access, use, modification, destruction, or disclosure. Our primary security measures include:

  1. We store your personal data in computer systems located in controlled facilities and have implemented general security measures.
  2. We only permit specific employees who need to process the relevant data for the purpose of operating our products and services to access personal data, and we require them to fulfill strict confidentiality obligations.
  3. We continuously strive to ensure the security of your personal data and employ end-to-end encryption during data transmission to prevent unauthorized access, use, modification, destruction, or disclosure of your data.
  4. When transmitting and storing your sensitive or special categories of personal data, we will exercise greater caution and employ technical security measures such as encryption to ensure data security.
  5. In the event of a personal data security incident, we will notify you in a timely manner in accordance with legal and regulatory requirements, using push notifications or public announcements. The notification will inform you of the basic facts and potential impacts of the incident, the measures we have taken or plan to take, suggestions for your own risk mitigation, and any remedies we may provide. We will promptly address system vulnerabilities, network attacks, virus intrusions, and other security threats.

6.2 Retention Period of Personal Data

We will retain your personal data only for the shortest period necessary to achieve the purposes described in this Policy (such as the duration of the services we provide to you), unless otherwise stipulated by law or administrative regulations (for example, tax records are typically required to be retained for at least six years). Since the retention period may vary depending on different scenarios and the types of products or services, we determine the appropriate retention period by primarily consider the following criteria and use the longest applicable period among them:

    1. The period required to retain personal data to fulfill the relevant business purposes, including providing products and services, maintaining corresponding transaction and business records, managing and enhancing the performance and quality of products and services, ensuring the security of systems, products, and services, addressing potential user inquiries or complaints, and troubleshooting;
    2. Whether you have consented to a longer retention period;
    3. To address potential inquiries, complaints, or legal proceedings;
    4. Whether there are any special requirements for data retention under applicable laws, contracts, etc.

Once the storage period necessary to achieve the purposes set forth in this Policy has expired, we will irreversibly delete your personal data or anonymize it in accordance with applicable legal requirements, unless otherwise stipulated by law or you have separately agreed to extend the retention period.

6.3 Location of Personal Data Storage

The personal data is stored on our behalf and in accordance with our instructions on servers of the following service providers:

Cloud Service Providers

Purpose of Sharing

Types of Personal Data Shared

Sharing Method

Privacy Policy Link

Storage Location

Huawei Cloud

To provide cloud server, database, and storage services

User stored data (order information / content, etc.), operational metadata (access logs / IP, etc.)

API call / Service subscription

https://www.huaweicloud.com/intl/en-us/declaration/sa_prp.html

Ireland

 

7. International Transfers

As a multinational company headquartered in the People’s Republic of China (“China”), the personal data we collect may be processed or accessed in the country/region where you use the platform, or in other countries/regions where we or our affiliates, service providers, or business partners are located. As such, your personal data may be transferred to China or other jurisdictions where privacy laws may not offer the same level of protection as those in your jurisdiction. In such cases, we will take measures to ensure that the personal data we collect is processed in accordance with this Policy and applicable laws.

 

8. Your Rights

Depending on your country/region and the applicable data protection laws, you may have certain rights with respect to your personal data. These rights may include, but are subject to any exceptions or limitations:

    • Right to be Informed: You have the right to obtain information regarding whether your personal data is being processed, as well as the categories of personal data and the  purposes of the processing.
    • Right to Rectification: You have the right to request that we rectify any of your personal data that is incorrect or incomplete.
    • Right to Restrict Processing: You have the right to request the restriction of the processing of your personal data if the requirements specified under applicable law have been met. This is the case, for example, if you dispute the accuracy of your data. You may request that processing is restricted for as long as it takes to examine the correctness of your data.
    • Right to Object: If the processing is based on a predominantly legitimate interest, you have the right to object to the processing of your data. In the event of objection, we ask you to inform us of the reasons for which you object to data processing. In addition, you have the right to object to data processing for direct marketing purposes. This also applies to profiling in so far as it is related to direct marketing.
    • Right to Data Portability: If data processing is based on consent or contract fulfilment and is also based on the use of automated processing, you have the right to receive your data in a structured, standard and machine-readable format and to transmit it to another data processor.
    • Right of Revocation: Insofar as the data processing is undertaken based upon consent, you have the right to revoke your consent for the data processing, with future effect at any time, free of charge.
    • Right to Erasure: You have the right, in the event that the requirements specified in applicable law have been met, to demand the deletion of your data. Accordingly, you may request the deletion of your data, for instance, if it is no longer necessary for the purposes for which it was collected. Furthermore, you may request deletion if we process your data on the basis of your consent and you revoke this consent.

Due to technical limitations, we may not be able to delete your personal data immediately. Such data will be removed during subsequent system updates. In the interim, upon receiving your deletion request, we will cease all processing activities related to your personal data. If we are required to retain your personal data due to applicable legal or regulatory obligations, or if immediate deletion is technically infeasible, we will cease all processing other than storage and the implementation of necessary security measures.

    • Right to lodge a complaint: You also have the right to lodge a complaint with your local data protection supervisory authority regarding our processing of your data. However, we would appreciate it if you first contact us to try and solve your problem – you can find our contact details below.
    • Other Rights: If the personal data protection laws of your country/region provide for different protections of data subjects’ rights than those stipulated in this Policy, please inform us through the contact details listed in Section 12. We will take appropriate measures to protect your rights, taking into account the applicable laws of both the data processing jurisdiction and your location, as well as the available technical safeguards.

 

9. Respond to Your Request

When you wish to exercise the aforementioned rights, you may contact us through the contact details described in Article 9. Upon receiving your request, we may first verify your identity and may ask you to provide necessary information for the purpose of identity verification.

We will contact you as soon as possible after receiving your request. For requests that are technically infeasible, or not required to be fulfilled under applicable laws or regulations, or where fulfilling the request would violate legal or regulatory obligations, we may refuse such requests and explain the reasons to you. If we have reason to believe that no action needs to be taken in response to your request, we will also inform you of our decision and provide a corresponding explanation.

 

10. Protection of Children’ Personal Data

This Platform and its services are primarily intended for adults. We do not knowingly collect personal data from children under the minimum legal age in their jurisdiction (e.g., 16 in most EU Member States). If you are under the minimum legal age in your jurisdiction, you may only use this Platform with the participation of your parents or guardians.

If we discover that we have collected personal data from children without obtaining verifiable parental consent in advance, we will endeavor to delete the relevant data as soon as possible. If you are a guardian of a child and have questions about the processing of the personal data of a child under your guardianship, or if you have evidence that a child has registered to use this platform without your consent, please contact us using the contact details provided in this Policy. We will take steps to delete the child’s personal data from our systems as soon as possible, unless otherwise required by applicable laws or regulations.

 

11. Contact Us

If you have any questions or suggestions regarding this Policy, or if you discover any violations of this Policy, please feel free to contact us. We provide multiple channels to assist you and hope to offer a satisfactory resolution:

Designated Email Channel: You may reach out to us via email at infoau@gac-international.com

We will make every effort to help resolve your concerns.

 

12. Update to the Privacy Policy

We are committed to keeping this Policy clear and up to date. Whenever we make material changes to this Policy, and in particular when this notice underlies your consent, we will inform you of the changes and acquire your consent where required. This Policy is current as of the date which appears at the top of the document.

Changes referred to in this Policy include, but are not limited to:

    • Significant changes to our service model, such as the purposes for which personal data is processed, the types of personal data collected, or how such data is used
    • Changes to the primary recipients of shared, transferred, or disclosed personal data;
    • Changes to your rights regarding the processing of personal data and how you may exercise those rights;
    • Any other changes that may have a significant impact on your rights and interests relating to personal data.

13. External Services

If you have contacted us to make a privacy complaint and are not satisfied with our response or Internal Dispute Resolution Process, you may also refer the matter to:

 

The Office of the Australian Information Commissioner GPO Box 5218

Sydney NSW 2001

Tel: 1300 363 992

Fax: 02 9284 9666

Website: www.oaic.gov.au