We are bound by the Australian Privacy Principles of the Privacy Act 1988 (Cth) (Privacy Act) in our handling of your personal information. We are also bound by Division 3 of Part IIIA of the Privacy Act, and the Credit Reporting Privacy Code (CR Code) in our handling of your credit-related information. References in the policy to “information” include both personal information and credit-related information.
We may tell you more about how we handle your information at the time we collect it.
What is personal information?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.
Personal information may be sensitive information, which includes, for example, information about an individual’s health, religion and any criminal convictions they may have.
What is credit-related information?
Credit-related information is a variety of personal information that includes information about your credit history or creditworthiness. It includes information about your past experiences with us and other lenders, the kinds of credit products you have had or sought, how you have managed your obligations, information contained in a credit report about you which is obtained by us from a credit reporting body (CRB) and information about your creditworthiness that has been derived by us from such a credit report about you.
Collecting your information
We collect personal information (including credit-related information) about you and about your interactions with us, for example when you call us or visit our website.
The personal information we collect may include your name, address and contact details and information specific to a loan you seek such as details of your financial position, employment and your reasons for seeking the loan.
In some circumstances, we may collect information about you (from third parties, such as your employer, other credit providers and CRBs in order to assess your eligibility for a loan. We may collect information about you, in the form of a report about your transaction account (the details of which you provide to us) from one of our service providers, Credit Sense, for the purpose of verifying your financial position. We may also collect information about you from publicly available sources, such as public registers.
The Privacy Act restricts our collection of your sensitive information, such as health information. If we need to collect such information, for example in connection with a hardship application, we will ask for your consent.
We are required by the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 (Cth) to collect information to identify you and, by the National Consumer Protection Act 2009 (Cth) to learn about and verify your financial situation.
Using your information
We use and exchange your information for the main purpose of providing you with a loan and to manage our relationship with you, including to:
Generally, we will not use or exchange your information for any purpose other than one that:
Disclosing your information
We may exchange your information for any of the reasons mentioned above with third parties including:
When we disclose your information to third parties, we limit their use and disclosure of that personal information to the specific purpose for which it is disclosed and require them to protect your information in accordance with the Privacy Act.
Exchanging information with credit reporting bodies
We may obtain a credit report about you from a CRB. A credit report will provide us with information about you that is held by the CRB and which has any bearing on your creditworthiness.
We may use this information to arrive at our own assessment of your creditworthiness.
Further, to enable us to verify your identity, we may disclose your name, date of birth and residential address to a CRB for the purpose of obtaining an assessment of whether that personal information matches information held by the CRB.
CRBs may include information which we provide in reports to other credit providers to assist them to assess your creditworthiness.
From 12 March 2014, you can ask a CRB not to use or disclose credit information it holds about you for a period of 21 days (called a “ban period”) without your consent if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud. You agree to us accessing your personal information (including consumer credit information) held with a CRB, even if there is a ban period in place, for the purposes of assessing an application for credit or in order to collect overdue payments.
From 12 March 2014, CRBs may use credit information they hold to respond to requests from us or other credit providers to “pre-screen” you for direct marketing. You can ask a CRB not to do this. However, you may still receive direct marketing from us (unless you ask us not to) that has not been “pre-screened” by a CRB.
Protecting your information
We keep your hard copy or electronic records on our premises and systems or offsite using trusted third parties.
We take all reasonable steps to ensure that information we hold about you is protected from:
Your information is only accessible by you and those authorised to access it. Employees and third parties who deal with your information are bound by confidentiality obligations and are required to complete training about information security.
When you transact with us on the internet via our website we encrypt data sent from your computer to our systems. We have firewalls and virus scanning tools to protect unauthorised access. When we send electronic data, we use dedicated secure networks or encryption.
When we no longer need your information, including when we are no longer legally obliged to keep records relating to you, we take to destroy it or de-identify it.
Accessing and correcting your personal information
We take all reasonable steps to ensure that the information we may collect, use or disclose is accurate, complete and up-to-date. You have rights to access your information and correct it if it is inaccurate, out-of-date or incomplete.
You may request access to the information we hold about you at any time by contacting the Compliance Officer on 1300 889 688 or at email@example.com. We will respond to your request within a reasonable time. There is no fee for making a request but we may charge you the reasonable costs of providing our response to a request for access to personal information.
If we refuse to give you access to any of your personal information, we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act on which we rely to refuse access.
You may also ask us to correct any information we hold about you by contacting us using the details noted above. We encourage you to advise us as soon as there is a change to your contact details, such as your phone number or address. We will deal with your request to correct your information in a reasonable time. If we correct your information and it is information we have provided to others we will notify them of the correction where we are required to do so by the Privacy Act. If your request to correct your information relates to information which has been provided to us by a CRB or another credit provider we may need to consult with them about your request. We will correct information, where we decide to do so, within 30 days of your request, or longer if you agree.
If we do not agree with the corrections you have requested, we are not obliged to amend your information accordingly, however, we will give you a written notice which sets out the reasons for our refusal.
Direct marketing and your information
We may use your information to let you know about our products or services, or those of third parties, that we believe may be relevant and of interest to you, including by email or telephone. We may also provide your information to other organisations for specific marketing purposes. However, we will not do so where you tell us not to.
You may opt out of receiving marketing communications at any time if you no longer wish to receive them, or if you no longer wish to receive them in a particular way (e.g. via SMS). To opt out, please contact the Compliance Officer on 1300 889 688 or at firstname.lastname@example.org.
Complaints, questions and concerns
Additionally, if you believe that in handling your personal information we have breached the Australian Privacy Principles, Part IIIA of the Privacy Act or the CR Code and you would like to make a complaint, you may use these same contact details noted above to lodge a complaint.
Once we receive your complaint, we will respond to you as soon as possible and will let you know if we need any further information from you. We will notify you of our decision within 30 days, however if we are unable to do so, we will let you know the reason for the delay and the expected timeframe to resolve the complaint.
If you are not satisfied with our response to your complaint, or the way in which we have handled your complaint, you may contact the Credit Ombudsman Service Limited, our external dispute resolution scheme, or the Office of the Australian Information Commissioner. The contact details of these entities are as follows:
Credit Ombudsman Service Limited
PO Box A252
SOUTH SYDNEY NSW 1235
1800 138 422
Office of the Australian Information Commissioner
GPO Box 5218
SYDNEY NSW 2001
1300 363 992
Either of these entities may forward your complaint to another external dispute resolution body if they consider that the complaint would be better handled by that other body.