The Royal Automobile Club of Queensland Limited is the owner of a group of companies, which include (but are not limited to), the following:
- CD Operations
- CD Insurance Help
- Members Banking Group Limited trading as CD Bank
- CD Financial Planning
- Club Insurance Help Holdings
- Club Finance Holdings
(collectively referred to as the ‘CD’, ‘we’, ‘us’ or ‘our’).
CD collect, hold, use and disclose your personal information in a number of ways. CD is bound by the by the Privacy Act 1988 (Cth) (Act) and the Australian Privacy Principles contained within the Act.
CD collects personal information from you, in order to identify you and provide products, benefits and services to you. To discuss the exact information we require for each product, please us on 19 05 or visit any CD branch. You may also email us at
The protection of your privacy and confidentiality of your personal information is important to us.
If you chose not to provide us with the information that we have requested, in most cases, we will be unable to provide the product, service or benefit you have applied for, or administer a service that you have already purchased. Where this arises, we will advise you why.
Questions, comments and complaints
If you have any questions or comments regarding your privacy in relation to CD, please us on 19 05 or email us at
If you believe that we have not fulfilled our obligations under the Privacy Act or you do not agree with a decision made by CD in relation to the access or update of your personal information, you can make a complaint to us by writing to us at:
Group Risk & Compliance
PO Box 4 Springwood QLD 4127
Once we have received your complaint, we will investigate and endeavour to respond to you within 10 working days. If you are unhappy with the response from CD, you can direct your complaint to the Federal Privacy Commissioner at: Office of the Australian Information Commissioner (OAIC) GPO Box 5218 Sydney NSW 1042
Phone: 00 363 992
TTY: 620 241
Changes to this privacy statement
This privacy statement was last updated on 24 September 2017. CD continuously reviews our privacy statement and procedures to keep up to date with relevant legislative and operating requirements. As a result, we may update and change this privacy statement from time-to-time and these changes will be updated on our website. If you have a concern or query about this process and how it may affect you, please us at
You consent to CD collecting, handling, using and disclosing your personal information in accordance with this privacy statement, as it may change from time-to-time, and as permitted by any law.
From time-to-time we may require your consent to collect, handle, use, and disclose your personal information in order to continue to provide you the products, services or benefits you have requested or you have already purchased. Your consent can be express or implied.
Express consent can be verbal or written, for example when you apply for membership, after signing the application, you are giving express consent to share your information with other roadside assist organisations should you require assistance outside of Queensland.
Your implied consent is taken when CD can reasonably conclude by some action you take, or if you decide to take no action, for example when you call us and continue to speak to us after hearing that calls maybe recorded or when you provide us with personal information that we have not specifically requested.
Keeping your information safe
CD has policies and procedures that prescribe how we handle and store information, and to ensure that information is only be accessed by people that have the authority and need to do so. Both physical (such and locks and security systems) and electronic (such as firewalls and access controls for computer systems) security mechanisms are in place and undergo routine review and testing.
CD will destroy personal information if it is no longer needed for the purposes for which we collected it, or for the purposes of meeting legal and regulatory requirements. CD will properly dispose of all paper files, correspondence and any other hardcopy documents. Electronic records will be appropriately deleted from systems.
Types of personal information that we collect
We will only collect information from you that is reasonably necessary to undertake our business activities and functions. The types of information that we will collect will depend on the products, benefits and services you have asked us to provide. Additionally, the types of information that we will collect will depend on the means which you chose to communicate with us, such as e-mail, online, telephone or in person.
The types of personal information we may ask for include, but are not limited to the following :
- your name, address, and date of birth;
- your details;
- identification information such as drivers license or passport details;
- vehicle or property details;
- relevant licensing or registration details;
- your driving history
- your preferences and history in regards to products, services, benefits and marketing; or
- your communication history with us.
Collection of personal information via online resources
When you engage with us through our online resources including, but not limited to websites and mobile applications ‘apps’
The types of personal information we may ask for include, but are not limited to:
- server or IP addresses;
- date and time of visit to our site;
- pages visited;
- documents downloaded;
- the site you visited prior to visiting our website;
- the browser that you are using to access our resources;
- if you have visited our website before; or
- tracking user preferences.
In addition to the above, mobile apps may collect location data, however, you will be notified if this is the case. Most of our online resources use sessions and/or cookies. The functionality of these resources will function if you disable these, however, you may be unable to access some functions if these are disabled.
If you use the CD Bank internet banking facility available on the CD Bank website, we may collect the following information:
- login time and date (successful and unsuccessful)
- logout time and date
- account transactions (including type, time and date)
- home phone number
- work phone number
- mobile phone number
- fax number
- email address
- postal address
- transaction payee details
- transaction biller details, and
- password changes (including time and date).
We use up-to-date security measures on our website to protect your personal information and your credit information. Any data containing personal, credit or related information which we transmit via the internet is encrypted. However, we cannot guarantee that any information transmitted via the internet by us, or yourself, is entirely secure. You use our website at your own risk.
Types of sensitive information that we collect
Sensitive information, as defined by law, includes any information about a person’s racial or ethnic origin, political opinion, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health information.
We will always explain the purpose for collecting sensitive information. For example, we may request health information to assess, process and manage a claim made under an insurance policy.
CD also use third party providers, whilst we will only deal with reputable service providers, we recommend that you read the privacy statement of the third-party site if you are redirected.
How we collect your information
In most cases, we will only collect information from you directly, including written applications, face-to-face transactions in our branches or when you us via telephone or an electronic means such as the Internet or email.
We may collect personal information from other parties when required, such as to process an insurance claim, or when you provide personal information to one of our business partners to provide you a product, service benefit connected to your CD membership.
When you provide us with personal information of a third party
When you provide us with the personal information of a third- party (such as an authorised party on your account, or the details or a driver in a claim) you warrant that you have notified that third-party that you will be providing the personal information to CD, and the purpose for which it is provided.
When you provide us with the personal information of a third-party we will only use, handle or disclose that personal information for the purposes for which it was provided.
Using your information to provide you with requested products and services
We use the personal information we collect to provide services, benefits and products to you. In order to do this, we may need to disclose some of your personal information to other people or organisations. This may include, but is not limited to contractors, agents, our business partners or organisations that we have an alliance or arrangement with.
We may also use personal information for other purposes where you would reasonably expect us to and the purpose is related to the purpose of collection, or where otherwise permitted by law.
Using your information to market products and services to you
CD may use your personal information that we have collected to identify a product or service that may be of benefit to you and may you to let you know about these. CD may also disclose your personal information to our business partners or related entities to enable them to tell you about a relevant CD product or service.
If you do not wish to receive marketing s, you can us at any time and we will generally process your request within 10 business days of receipt.
Disclosure of your information to third-parties
Personal information that we collect from you may be disclosed to:
- any entity to which we are required or authorised by or under law to disclose such information (for instance, law enforcement agencies and investigative agencies, courts, various other government bodies);
- other third-parties that you have consented to;
- our contractors, agents or business partners for purposes directly related to the purpose for which the personal information is collected, for example, other roadside assist organisations should you require assistance outside of Queensland;
- our professional advisors and other contractors (for example IT consultants)
- external providers of services where you have engaged us to act as your agent, such as booking flights, hotels tours etc; or
- other insurers, insurance investigators and claims or insurance reference services, loss adjusters and reinsurers.
We may also disclose your personal information where otherwise permitted or required by law.
Disclosure of your information to third parties overseas
CD may need to disclose your personal information to an overseas recipient.
You consent to CD making these disclosures as we deem necessary to administer and supply the requested services to you. You acknowledge that overseas recipients are not required to comply with the requirements of the Privacy Act 1988 (Cth) and you acknowledge that you are not able to enforce your rights under the Privacy Act 1988 (Cth) if an overseas entity breaches that Act.
Your personal information may be disclosed overseas for the following purposes:
- Where you have to have engaged us to act as your agent and the services you have requested us to provide require us to deal with overseas organisations (Where CD acts as your travel agent, it may be necessary for us to disclose personal information to an overseas travel provider for the purposes of arranging your booking with them. As we deal with many providers world-wide, it is not possible for us to set out in this policy, all of the different countries to whom we may send your information, however, should you have any specific questions relating to whom your personal information may be sent, please refer to your travel consultant).
We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed.
- Where you have agreed that CD may communicate with you regarding your membership, and associated offers, by e-mail (we may disclose to entities in Thailand and China).
- Where you communicate with us by e-mail, and when we communicate about you, your membership, your insurance policy, or your loan.
- As required for the maintenance and sustainment of our systems and databases.
- As required for the maintenance and sustainment of our systems (we may disclose to entities in India, Singapore, the Philippines and the United States of America).
Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.
Accessing your personal information
If you request it, we will provide you a summary of any personal information held about you in accordance with our obligations under the Privacy Act 1988 (Cth). If you request detailed information, CD may charge a fee for the retrieval of this information.
Any requests for information will be processed within a reasonable timeframe (usually within 10 business days). If the retrieval of information involves accessing archived information and will take longer than normal, we will endeavour to provide you with an estimated timeframe.
Under some circumstances, we may refuse you access to personal information where denying access is required or authorised by law, for example if access would pose a threat to life or the health of anyone, where the request for access is regarded as frivolous or vexatious, or where information relates to anticipated or legal proceedings. If you are denied access to your information, we will explain why.
How we keep your information up to date
We will take reasonable steps to ensure that your personal information is accurate and up to date and we will correct this as soon as we know otherwise. You have the right to ask us to correct your information. If you learn that your information needs to be updated, you should us as soon as possible and we will process your request. If we refuse to correct your information, we will explain why in writing, and advise you of the mechanisms available to you to complain. You also have a right for a statement to be attached to your personal information if CD disagrees with your request to correct the information held.