Capital Cabs Privacy Policy
Effective: 27/02/2024
Last updated: 09/08/2025
About this policy
Capital Cabs is a Canberra based rideshare dispatch business. We respect your privacy and are committed to protecting the personal information we collect and hold. This policy explains what personal information we collect, why we collect it, how we use and disclose it, how we keep it secure, how long we keep it, and how you can access, correct or complain about the information we hold.
This policy is written with the Australian Privacy Principles (APPs) in mind and the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. If you are a resident of the ACT, note that federal privacy obligations (the Privacy Act and the APPs) generally apply to private businesses; small businesses with turnover under the statutory threshold may be excepted but may also opt-in. If you are unsure whether the Privacy Act applies to us, please contact us.
We collect the personal information reasonably necessary to provide safe, reliable rideshare and dispatch services, manage bookings, run our business, meet legal obligations and communicate with you. This may include:
Identity & contact details: full name, phone number, email, postal address.
Trip and service data: pickup/drop-off locations, trip times, route and distance, driver assigned, fare amounts, booking reference.
Payment & billing: We use third-party payment processors Square, Please check their privacy policy at https://squareup.com/au/en/legal/general/privacy?country_redirection=true
Location data: GPS and real-time location data collected while you use our app or during a booked trip.
Driver/vehicle information: driver name, licences/registration details required for ACT Laws.
Communications & support logs: emails, chat or phone records, customer service notes and any feedback or complaints you send us.
CCTV / in-vehicle recordings: audio/video footage from in-vehicle cameras if fitted and lawful to use (we will notify passengers/drivers where required).
Optional info: profile photo, preferences, marketing consents, and any other information you choose to provide.
We do not collect more personal information than necessary for the purpose. Where practicable, you may use pseudonymous or limited details for some enquiries.
We use personal information for purposes including (but not limited to):
Providing, operating and improving rides, bookings and dispatch services.
Processing payments, refunds and invoices.
Communicating about bookings, safety alerts, promotions (where you consent) and customer support.
Safety, incident investigation, driver vetting and complying with legal and regulatory obligations.
Fraud prevention, dispute resolution and enforcement of our Terms of Service.
Improving our services and analytics (in an aggregated or de-identified form where possible).
We will only use your personal information for purposes that are reasonably expected, directly related to the service, or where we have your consent, or otherwise permitted by law. Where required by the APPs, we will take reasonable steps to notify you at collection about the purposes for which we collect your information.
We may disclose personal information to:
Service providers and contractors (payment processors, cloud hosting, mapping/GPS services, SMS/email providers, analytics and marketing platforms, background check providers).
Drivers and their contractors (for the purpose of fulfilling bookings).
Law enforcement, regulators or courts when required by law.
Entities involved in a business sale, merger or restructuring (subject to confidentiality and legal protections).
Some of our service providers may be located overseas. When we disclose personal information overseas we will take reasonable steps to ensure the overseas recipient handles the information in a way that protects privacy — including contractual protections and vendor due diligence — consistent with APP 8 (cross-border disclosure) and OAIC guidance. If you would like details of countries where your information may be held, contact us.
We take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification or disclosure. Measures include technical controls (encryption in transit and at rest where appropriate, access controls), contractual protections with third-party providers, and internal policies and staff training.
If we suspect an eligible data breach that could result in serious harm, and the Privacy Act applies to us, we will follow the Notifiable Data Breaches scheme (which requires notifying affected individuals and the OAIC in specified circumstances).
We retain personal information only as long as necessary to fulfil the purposes outlined in this policy, meet legal and tax obligations, resolve disputes and enforce our agreements. Retention periods vary by type of information (e.g., booking records, payment receipts, CCTV footage, employment/driver records). If you want details about the retention period that applies to particular information, contact us.
Access & correction: You may request access to personal information we hold about you and ask us to correct any inaccuracies. We will respond in accordance with the APPs and applicable law. If we refuse a request we will provide reasons and review options.
Deletion: You may ask us to delete information we hold about you where we are not required to retain it for legal or legitimate business purposes. We will explain any limitations (for example, transactional records we must keep for tax or regulatory reasons).
Opt-out of marketing: You can opt out of promotional communications at any time via the unsubscribe link or by contacting us.
Complaints: If you have a privacy complaint, please contact our Privacy Officer (details below). We will attempt to resolve your complaint promptly and fairly. If you remain unsatisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). See OAIC guidance for how complaints and notifiable data breaches are handled.
We do not knowingly collect or retain personal information from children without parental/guardian consent. If you believe we hold a child’s personal information and wish it removed or to make an access request, contact us and we will take appropriate steps.
We may update this policy to reflect changes to our practices or legal requirements. The “Last updated” date at the top will indicate when changes were made. Significant changes will be highlighted where practicable.
Privacy Officer
Capital Cabs
3/15 Moon Place, Gordon ACT2906.
Email: support@capitalcabs.com.au
Phone: 0261721107
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) for guidance or to lodge a complaint. OAIC guidance on the APPs and the Notifiable Data Breaches scheme is available on their website.
This policy summarises our approach to managing personal information under Australian privacy laws and OAIC guidance. It is provided for information only and does not constitute legal advice. If you require legal certainty (for example, if you operate at scale or hold particularly sensitive information), we recommend you obtain tailored legal advice and review OAIC guidance applicable to your circumstances. You may also consider opting into the Privacy Act if the Act would not otherwise apply to your business.
