Last updated on: 31 March 2021
We take your privacy very seriously. We understand that your privacy is important.
Personal information is information or an opinion, in any form and whether true or not, about an identified individual, or an individual who is reasonably identifiable.
This Policy explains several things, including:
- the kinds of personal information we collect;
- the purposes for which we collect this information;
- how we manage the personal information that we collect about you;
- how you can seek access to and correct that information;
- if necessary, how you can make a complaint relating to our handling of that information; and
- whether we are likely to disclose your information to overseas recipients and the countries in which those recipients are likely to be located.
2.0 Information we collect from you
2.1 When we collect Personal information
We collect information about you and your interactions with us, for example, when you request or use our products or services, phone us or visit any of our websites. When you use our website, we may collect information about your location or activity including your IP address, telephone number and whether you’ve accessed third-party sites. Some of this website information we collect using cookies.
This may include information collected directly from you and information that you authorise us to collect from third parties.
It is not mandatory for you to provide us with the personal information that we request – however if you do not do so it may affect the products and services that we can provide to you.
2.2 The Personal Information we collect
We typically collect the following types of personal information about you:
- mailing or street address;
- email address;
- telephone number;
- age or birth date;
- Medicare number, drivers’ licence number, tax file number and passport number (which may also include the other details which appear on your Medicare card, driver licence and passport if supplied pursuant to our identity verification systems and processes);
- profession, occupation or job title, together with other relevant employment details (such as your salary);
- information about your source(s) of income and your expenditure details;
- information about your assets and liabilities;
- any additional information relating to you that you provide to us through our website, applications or other online means (including personal information which may be collected via cookies and other online technologies and methods use as discussed in section 9 of this Policy such as information about the devices on which you visit us and your activities on those devices);
- third party account details (for example where you sign in through a social network);
- your public social profile information (e.g. name, profile picture) together with the email address you use to log into your social media account;
- any other information that you provide to us in person, including at our offices or during visits by our representatives;
- personal information you may provide to us if you participate in any surveys we, or a third party service provider acting on our behalf, may conduct from time to time including personal information relating to your survey responses; and
- Your transaction history (with us and our associates or relevant third parties). This information includes products you may have used with us in the past, your payment history, and the capacity in which you have dealt or deal with us.
2.3 Information we collect from others
We collect information about you from others such as service providers, agents, your bank, advisers, brokers, employers or family members. For example, if you apply for credit, we may need to obtain a credit report from a credit reporting body. We will also obtain bank account information from your bank throughout the term of the loan. We may collect information about you that is publicly available, for example, from public registers or social media, or made available by third parties.
If you elect to use bank statements and third party account aggregation service providers in connection with our assessment of your application, you permit such third party services to access your banking transaction data linked to the online banking credentials you provide. The third party service provider will access your personal information for the purpose of providing this personal and business bank account data to us.
The third party service provider may access transactional data from any account that is associated with the login credentials that you submit. This may include personal accounts as well as business accounts. Your provision of banking login credentials to utilise such third party service providers does not provide us with your login credentials or passwords or the ability to access your internet banking (other than as stated above).
Through the use of such third party service providers, we will obtain up to the last twelve (12) months bank transactions on the date you apply for a loan. We note that your bank’s terms may prohibit you from sharing your login, so you agree to appoint our third party service provider as your agent to access your internet banking on your behalf solely for this purpose and you consent.
2.4 Sensitive information
The Privacy Laws protect your sensitive information, such as health information (that may be relevant to hardship applications) or information about your memberships with professional or trade associations. If we need to obtain this type of information, we will ask for your consent, except where otherwise permitted by law.
2.5 Information about other people
3.0 How do we use your information?
We collect personal information about you so that we can perform our business activities and functions and to provide the best possible quality of customer service to you.
We generally collect, hold, use and disclose personal information for the purpose for which you provided it, the purposes disclosed in this Policy and/or in any specific collection statement, any related secondary purposes which you would reasonably expect and for any other purpose you have consented to.
Typically, we collect, hold, use and disclose your personal information for the following purposes:
- To send communications to you, including when applying for and updates in relation to the status of your application for finance as well as provide you access to our website and secure web services to enable these communications;
- for identity verification. This may involve the information being checked with the document issuer or official record holder;
- to prepare quotes or estimates for you in relation to any finance or other products that we provide or which we can arrange;
- to assess your application for finance and advise you on the outcomes of applications for finance;
- if your application is successful or you accept a quote that we provide, to provide finance over the life of your contract as well as updating our records and keep your contact details up to date from time to time;
- to answer enquiries and provide information or general advice about existing and new products and services;
- to conduct business processing functions including providing existing or updated personal information to our related bodies corporate, contractors, service providers or other third parties;
- to process and respond to any complaint made by you;
- to process and assess your application for a job with us; and
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority.
3.1 Direct marketing
We may use your information for direct marketing, including by email or other electronic means. If you no longer want to receive direct marketing, you can tell us by using any of the methods .
3.2 Gathering and combining data to get insights
Improvements in technology enable organisations to collect and use information to get a more integrated view of customers and provide better products and services. We may combine our customer information with information available from a wide variety of external sources (for example census or Bureau of Statistics data). We are able to analyse the data in order to gain useful insights which can be used for any of the purposes mentioned earlier in this policy. In addition, Group members may provide data insights or related reports to others, for example, to help them understand their customers better. These insights and reports are based on aggregated information and do not contain any information that identifies you.
4.0 Who do we exchange your information with?
We exchange your information with other members of the Group, so that the Group may adopt an integrated approach to its customers. Group members may use this information for any of the purposes mentioned in this section.
4.1 Third parties
We may exchange your information with third parties where this is permitted or required by law, or for any of the purposes mentioned in section 3.
Third parties include:
- Your co-applicant(s) (if any);
- Entities that provide services to us such as identity verification, mailing houses or call centre operators;
- Service providers, for example law firms, market research / data providers, and loyalty program redemption partners;
- Service providers to whom we outsource certain functions, for example, direct marketing, statement production, debt recovery and information technology support;
- Lenders, agents and advisers and persons acting on your behalf, for example guardians or persons holding power of attorney;
- References that you provide to us, for example landlord details or trade references;
- The supplier of any equipment or services financed with credit we provide;
- Guarantors or any person providing security for any service;
- Persons and lenders involved in arrangements that provide funding to us, including persons who may acquire rights to our assets (for example loans), investors, advisers, trustees and rating agencies;
- Other financial institutions such as banks and credit providers;
- Auditors, insurers and re-insurers;
- Employers or former employers;
- Government and law enforcement agencies or regulators (including but not limited to the Department of the Treasury or other relevant agency of the Commonwealth of Australia in relation to the Australian Government’s Coronavirus SME Guarantee Scheme (if applicable));;
- Credit reporting bodies – credit reporting bodies may collect the information we provide to them (including default information) and use it to provide their credit reporting services (see section 11 below);
- Entities established to help identify illegal activities and prevent fraud
- Overseas entities that provide products and services to us; and
- Any other parties that you authorise or that we are required or permitted by law to share information with.
4.2 Cross border of personal information
We use customer service teams located within Australia. However, we may send your information overseas, to service providers or other third parties who operate or hold data outside Australia. Where we do this, we take reasonable steps to ensure that appropriate data handling and security arrangements are in place. Please note that Australian law (as applicable) may not apply to some of these entities.
We may also send information overseas to complete a particular transaction or where this is required by laws and regulations of Australia (as applicable) or another country.
Where we send your information overseas, it is likely to be the Philippines, Indonesia and the United States.
Where we send your information to overseas service providers, we take reasonable steps to ensure that appropriate data handling and security arrangements are in place.
5.0 Keeping your information secure
We store your hard-copy or electronic records on our premises and systems or offsite using trusted third parties. We use reasonable endeavours to keep your personal information secure, however, this security cannot be guaranteed.
Our security safeguards include:
5.1 Staff education
We train and remind our staff of their obligations with regard to your information.
5.2 Taking precautions with overseas transfers and third parties
When we send information overseas or use third parties that handle or store data, we take reasonable steps to ensure that appropriate data handling and security arrangements are in place.
5.3 System security
When you transact with us on the internet via our website or mobile apps we encrypt data sent from your computer to our systems. We have firewalls, intrusion detection systems and virus scanning tools to help to protect against unauthorised persons and viruses accessing our systems.
5.4 Building security
We have protection in our buildings against unauthorised access such as alarms and security access cards.
5.5 Destroying data when no longer required
We keep information only for as long as required (for example, to meet legal requirements or our internal needs).
5.6 Your log-in details
You are advised to keep your log-in details private and confidential. Your log-in details are your responsibility and we advise you not to share those details with any party. You hereby acknowledge that any party that accesses your account does so as your agent and accordingly you agree to be bound by any transactions effected through their use of your account. We are entitled to rely on any access to or use of your account without making any further enquiries.
6.0 Accessing, updating and correcting your information
6.1 Can I get access to my information?
You can ask for access to your basic information by calling us. To obtain a copy of current credit-related information we hold about you, you can call or email us.
6.2 Is there a fee?
There is no fee for making the initial request. However, in some cases, where permitted by law, there may be an access charge to cover the time we spend locating, compiling and explaining the information you ask for. If there is an access charge, we’ll give you an estimate up front and confirm that you’d like us to proceed. Generally, the access charge is based on an hourly rate plus any photocopying costs or other out-of-pocket expenses. You’ll need to make the payment before we start, unless you’ve authorised us to debit your account.
6.3 How long does it take to gain access to my information?
We try to make your information available within 30 days of your request and we will respond to your request within 20 days. Before we give you the information, we’ll need to confirm your identity.
6.4 Can you deny or limit my request for access?
In certain circumstances we’re allowed to deny your request, or limit the access we provide. For example, we might not provide you access to commercially sensitive information. Whatever the outcome, we’ll write to you explaining our decision.
6.5 Updating your basic information
It’s important that we have your correct details, such as your current address and telephone number. You can check or update your information by emailing or phoning us.
6.6 Can I correct my information?
You can ask us to correct any inaccurate information we hold or have provided to others (including credit-related information) by contacting us. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests.
If your request relates to credit-related information provided by others, we may need to consult with credit reporting bodies or other credit providers. We’ll try to correct information within 30 days. If we can’t complete the request within 30 days, we’ll let you know the reason for the delay within 20 days and try to agree a timeframe with you to extend the period.
If we’re able to correct your information, we’ll inform you when the process is complete.
6.7 What if we disagree that the information should be corrected?
If we disagree with you that information should be corrected, we’ll let you know in writing our reasons. You can ask us to include a statement with the relevant information, indicating your view that the information is inaccurate, misleading, incomplete, irrelevant or out-of-date. We will take reasonable steps to comply with such a request.
6.8 Can I ask you not to provide my information to my referrer?
If you were introduced or applied to us through a broker or other agent, we will provide them with information about each application you make with us and each loan which we provide to you. Your account will be linked to that referrer and we may continue to provide them your information for each application you make with us whether that application is made through that broker or direct with us. If you do not wish us to provide your information to your referrer or other agent, you must advise us by contacting email@example.com.
7.0 Making a privacy complaint
7.1 We’re here to help
If you have a concern about your privacy, you have a right to make a complaint and we’ll do everything we can to put matters right.
7.2 How do I make a privacy complaint?
To lodge a complaint, please get in touch with us using your point of contact or one of the customer service teams set out in section 8. We’ll review your situation and try to resolve it straight away. If you’ve raised the matter through your point of contact or through our customer service teams and it hasn’t been resolved to your satisfaction, please contact our Customer Relations team using the details in section 8.
7.3 How do we handle a privacy complaint?
We acknowledge every complaint we receive and provide you with our name, a reference number and contact details of the investigating officer. We keep you updated on the progress we’re making towards fixing the problem.
Usually, it takes only a few days to resolve a complaint. However, if we’re unable to provide a final response within 45 days we’ll contact you to explain why and discuss a timeframe to resolve the complaint.
7.4 External review of privacy complaints
If you’re not satisfied with our handling of your matter, you can refer your complaint to external dispute resolution. We suggest you do this only once you’ve first followed our internal complaint processes set out above.
If your complaint is about the way we handle your personal information you may also contact:
The Office of the Australian Information Commissioner by calling them at 1300 363 992, online at www.oaic.gov.au or writing to the Office of the Australian Information Commissioner (“OAIC”), GPO Box 5218 Sydney NSW 2001.
We are a member of the Australia Financial Complaints Authority (“AFCA”). AFCA will consider privacy disputes if they’re about the provision of credit, or if the privacy issue is part of a broader dispute with us.
8.0 How to contact us or find out more
For privacy related queries, access or correction requests, or complaints, or to request a printed version of this policy, please contact us:
Phone 1300 465 363 We’re open Monday to Friday, 9am-5pm AEST
8.1 To update your direct marketing preferences or request not to receive direct marketing
You can call us using the number above or email us.
For more information about the Australian Privacy Principles and credit reporting rules visit:
- Office of the Australian Information Commissioner (“OAIC”) (privacy generally); or
- Australian Retail Credit Association (“ARCA”) (credit reporting rules).
10.0 Credit Reporting Policy (credit checks and credit reporting)
10.1 The kind of credit information we collect
When you apply for credit or propose to be a guarantor, we need to know if you’re able to meet repayments under your agreement with us. We also want to avoid giving you further credit if this would put you in financial difficulty. One of our checks involves obtaining a credit report about you.
As part of the finance application process, we may collect credit information and exchange it with credit reporting bodies and other entities.
“Credit information” is:
- Identification information, such as your name, address and date of birth;
- credit liability information about your existing finance;
- the note we make of the disclosure of credit information we make to a credit reporting body so that we can obtain credit information from a credit reporting body;
- the type of commercial credit and the amount of credit sought in an application that has been made by you or our borrower and in connection with which we have made an information request;
- court proceedings information about you; this is information about a judgment of an Australian court against you in proceedings (other than criminal proceedings) that relate to any credit that has been provided to, or applied for by, you;
- personal insolvency information about you; this is information that is entered or recorded in the National Personal Insolvency Index that relates to your bankruptcy, a debt agreement proposal given by you, a personal insolvency agreement executed by you, a direction given (or an order made) under section 50 of the Bankruptcy Act 1966 (Cth) that relates to your property or an authority signed under section 188 of that Act that relates to your property; and
- default information.
10.2 Credit reports and credit eligibility information we collect about you
A credit report contains information about your credit history that helps credit providers assess your credit applications, verify your identity and manage accounts you hold with them. Credit reporting bodies collect and exchange this information with credit providers like us and other service providers such as phone companies.
Credit eligibility information includes credit reporting information that is disclosed to us by a credit reporting body. This includes credit information of the kinds described in section 10.1 above but relating primarily to your dealings with other credit providers (such as about credit applications you have made or credit that you obtain from credit providers). It also includes credit worthiness information about you that credit reporting bodies derive from credit reporting information, such as credit scores, risk ratings and other evaluations about you. Credit eligibility information also includes any credit worthiness information about you that we derive from credit reporting information we receive from a credit reporting body.
10.3 The credit reporting bodies we use
The Privacy Act and Credit Reporting Privacy Code limit the information that credit providers can disclose about you to credit reporting bodies, as well as the ways in which credit providers can use credit reports.
We may use one or more of the following credit reporting bodies:
0800 692 733
GPO Box 276
Sydney, NSW 2001
1300 50 13 12
13 23 33
0800 733 707
10.4 What information can we exchange with credit reporting bodies?
If you are in Australia, the information we can exchange includes:
- your identification details;
- the type of loans you have;
- how much you’ve borrowed;
- whether or not you’ve met your loan repayment obligations; and
- if you have committed a serious credit infringement (such as fraud).
We also ask the credit reporting body to provide us with an overall assessment score of your creditworthiness.
If you are in New Zealand, we may exchange credit information with credit reporters and we also ask the credit reporters to provide us with an overall assessment score of your creditworthiness.
The credit reporting bodies we use will hold your personal information on their terms and treat your information in accordance with their own privacy policies.
10.5 What do we do with credit-related information?
We use information from credit reporting bodies to confirm your identity and check your credit history and manage our relationship with you. We also use this information as part of arriving at our own internal assessment of your creditworthiness.
We store credit-related information with your other information. You can access credit-related information we hold about you, request us to correct the information and make a complaint to us about your credit-related information. See sections 8 and 9.
10.6 Other rights you have
Credit providers may ask credit-reporting bodies to use their credit-related information to pre-screen you for direct marketing. You can ask a credit reporting body not to do this. Also, if you’ve been, or have reason to believe that you’re likely to become, a victim of fraud (including identity fraud), you can ask the credit reporting body not to use or disclose the credit-related information it holds about you.
You may contact us to access credit eligibility information we hold about you or to seek the correction of credit information or credit eligibility information we hold about you – see section 6 above.
You may complain about our failure to comply with the credit reporting privacy rules or the Credit Reporting Code – see section 7 above for how to do this and for more information about how we will deal with such a complaint.
See section 4.2 above for information about entities which do not have an Australian link and to which we are likely to disclose credit information or credit eligibility information.