Privacy Policy
In this Privacy Policy, the expressions we, us and our includes us and our aggregator Australian Finance Group Ltd ABN 11 066 385 822 ('AFG') Australian Credit Licence 389087 and its subsidiaries.
Our commitment to protect your privacy
We understand how important it is to protect your personal information. This document sets out our privacy policy commitment in respect of personal information we hold about you and what we do with that information. It also includes our policy on the handling of credit reports and other credit information.
During your relationship with us, we may tell you more about how we handle your personal information in application forms or terms and conditions, for example. You should read these documents carefully.
We recognise that any personal information we collect about you will only be used for the purposes we have collected it or as allowed by law. It is important to us that you are confident that any personal information we hold about you will be treated in a way that ensures protection of your personal information.
Our commitment in respect of personal information is to abide by the Australian Privacy Principles for the protection of personal information, as set out in the Privacy Act 1988 (Privacy Act), the Privacy (Credit Reporting) Code 2014 (Credit Reporting Code) and any other relevant laws.
Personal information
When we refer to personal information we mean information from which your identity is reasonably apparent. This information may include information or an opinion about you.
The kinds of personal information we may collect about you include your name, date of birth, address, email address, phone number, account details, occupation, transaction history and any other information we made need to identify you.
If you are applying for finance we may also collect the ages and number of your dependants and cohabitants, the length of time at your current address, your employment details and proof of earnings and expenses, and your Tax File Number or tax residency status.
When you visit our websites or use our mobile apps, we collect your location information, IP address, mobile device and network information and any third party sites you access. For more information on how we do this, see the heading 'Cookies' below.
The personal information we collect, hold and use may include Credit-related information.
Credit-related information means:
- Credit information is personal information or an opinion about you that has a bearing on credit that has been provided to you or that you have applied for. This includes information about your identify; the type, terms and maximum amount of credit provided to you, including when the credit was provided and when it was repaid; repayment history information, default information (including overdue payments); payment information; new arrangement information; financial hardship arrangement information including whether you have made a financial hardship arrangement with us; details of any serious credit infringements; court proceedings information; personal insolvency information and publicly available information; and
- Credit eligibility information, which is credit reporting information supplied to us by a credit reporting body, and any information that we derive from it.
We use your Credit-related information to assess your eligibility to be provided with finance. Usually, Credit-related information is exchanged between credit and finance providers and credit reporting bodies.
If you want to make purchases from or through us we will also collect your payment information. We will also collect this information if we need to make payments to you. If you apply for employment with us we will collect information about your work history and ask your referees about you.
Why we collect your personal information
We collect and receive personal information about you (including Credit-related information) in order to conduct our business including for the purposes of assessing your application for finance and managing that finance establishing your identity, contacting you, managing our risk, and to comply with our legal obligations. We may also collect your personal information for the purposes of direct marketing and managing our relationship with you. Improvements in technology also enable organisations like ours to collect and use information to get a more integrated view of our customers. From time to time we may offer you other products and services.
If you apply to become a finance broker with us or apply for employment with us, we will collect information about you to assist us to decide whether to appoint you and to thereafter manage relationship your relationship with us, including to offer other services and products to you.
We collect payment information in order to process your payments.
How do we collect your personal information?
Where reasonable and practicable we will collect your personal information directly from you. We may also collect information about that is publicly available, such as from public registers or social media, or made available by third parties. We may also collect your personal information from credit reporting bodies, finance brokers, employers and other people such as accountants, lawyers and referees.
Do we disclose your personal information?
We may disclose your personal information:
- to existing or prospective funders or other intermediaries in relation to your finance requirements;
- to other guarantors, borrower and other security providers (if more than one);
- to borrowers or prospective borrowers, including in relation to any credit you guarantee or propose to guarantee;
- to other organisations that are involved in managing or administering your finance such as valuers, surveyors, third party suppliers, printing and postal services, call centres, lenders mortgage insurers, trade insurers, recovery firms, debt collectors, lawyers and credit reporting bodies;
- to our agents, contractors or external service providers to outsource certain functions, for example, statement production, debt recovery and information technology support;
- to businesses we have a relationship with that may want to market products to you;
- to companies that provide information and infrastructure systems to us;
- to anybody who represents you, such as finance brokers, lawyers, guardians, persons holding power of attorney and accountants;
- to anyone, where you have provided us consent;
- to our auditors, insurers, re-insurers and health care providers;
- to claims related providers, such as assessors and investigators who help us with claims;
- where we are required to do so by law, such as under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 or in accordance with a subpoena or summons issued by a court;
- to organisations involved in our funding arrangements such as trustees, warehouse funders, investors, rating agencies, agents, auditors or advisers, or any entity that has an interest in our business or your finance; or
- to your current or previous employer, referees or identity verification services.
Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that:
- the person or organisation has a commitment to protecting your personal information at least equal to our commitment, or
- you have consented to us making the disclosure.
We use cloud storage to store personal information that we hold. The cloud storage and the IT servers may be located outside Australia.
We may disclose your personal information to overseas entities that provide support functions to us (including in USA, Canada, Malaysia, India, Ireland, the United Kingdom and the Philippines). You may obtain more information about these entities by contacting us.
New technologies and data analytic software allows us to combine information we have about you and our other customers, with data sources, such as third party websites or the Australian Bureau of Statistics. We are able to analyse this data to learn more about you and other customers, and how to improve our products and service we provide to you. We may use this combined data to help other businesses better understand their customers, however we will not provide any personal information about you unless we are legally required to.
Credit-related information
We exchange Credit-related information for the purposes of assessing your application for finance and managing that finance. If you propose to be a guarantor, one of our checks may involve obtaining a credit report about you.
The credit-related information we hold about you may be held by us in electronic form on our secure servers and may also be held in paper form. We use cloud storage to store personal information and this credit-related information that we hold. The cloud storage and the IT servers may be located outside Australia.
When we obtain credit eligibility information from a credit reporting body about you, we may also seek publicly available information and information about any serious credit infringement that you may have committed.
We may disclose your credit-related information to overseas entities that provide support functions to us (including in USA, Canada, Malaysia, India, Ireland, the United Kingdom and the Philippines). You may obtain more information about these entities by contacting us. If we disclose your credit-related information to entities that are located overseas, we ensure that appropriate data handling and security arrangements are in place.
The credit reporting bodes we use are Equifax Pty Ltd, Experian Australia Credit Services Pty Ltd and Illion Australia Pty Ltd. You can download a copy of their privacy policies at: equifax.com.au; experian.com.au; or illion.com.au.
Notifiable matters
The law requires us to advise you of 'notifiable matters' in relation to how we may use your Credit-related information. You may request to have these notifiable matters (and this privacy policy) provided to you in an alternative form.
We exchange your Credit-related information with credit reporting bodies. We use the Credit-related information that we exchange with the credit reporting body to confirm your identity, assess your creditworthiness, assess your application for finance and manage your finance.
The credit reporting body may provide the information that we report about you to other credit providers to assist them to assess your credit worthiness. We may also obtain information that other credit providers have provided to the credit reporting body to use in our assessments of your credit-worthiness.
The information we may exchange with credit reporting bodies includes your identification details, what type of loans you have, how much you have borrowed, whether or not you have met your loan payment obligations and if you have committed a serious credit infringement (such as fraud).
If you fail to meet your payment obligations in relation to any finance that we have provided or arranged or you have committed a serious credit infringement then we may disclose this information to a credit reporting body.
You have the right to request access to the Credit-related information that we hold about you and make a request for us to correct that Credit-related information if needed. Please see the heading 'Access and correction to your personal and credit information' below.
Sometimes your Credit-related information will be used by credit reporting bodies for the purposes of 'pre-screening' credit offers on the request of other credit providers. You can contact the credit reporting body at any time to request that your Credit-related information is not used in this way.
You may contact the credit reporting body to advise them that you believe that you may have been a victim of fraud. For a period of 21 days after the credit reporting body receives your notification the credit reporting body must not use or disclose that Credit-related information. You can contact any of the following credit reporting bodies for more information:
Notifiable Data Breaches
The Privacy Actincludes a Notifiable Data Breaches ('NDB') scheme which requires us to notify you and the Office of the Australian Information Commissioner ('OAIC') of certain data breaches and recommend steps you can take to limit the impacts of a breach (for example, a password change).
The NDB scheme requires us to notify about a data breach that is likely to result in serious harm to affected individuals. There are exceptions where notification is not required. For example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.
If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as practicable and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy. If you believe that any personal information we hold about you has been impacted by a data breach, you can contact us.
Direct marketing
From time to time we may use your personal information to provide you with current information about finance offers you may find of interest, changes to our organisation, or new products or services being offered by us or any company with whom we are associated.
If you do not wish to receive marketing information, you may at any time decline to receive such information by emailing us. If the direct marketing is by email you may also use the unsubscribe function. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request within a reasonable timeframe.
Updating your personal information
It is important to us that the personal information we hold about you, such as current home address, email address and phone number, is accurate and up to date. During the course of our relationship with you we may ask you to inform us if any of your personal information has changed.
If you wish to make any changes to your personal information, you may contact us. We will generally rely on you to ensure the information we hold about you is accurate and complete.
Access and correction to your personal and credit information
We will provide you with access to the personal and Credit-related information we hold about you. You may request access to any of the personal information and Credit-related information we hold about you at any time.
We may charge a fee for our costs of retrieving and supplying the information to you.
Depending on the type of request that you make, we may respond to your request immediately. Otherwise, we usually respond to you within 30 days of receiving your request. We may need to contact other entities to properly investigate your request.
There may be situations where we are not required to provide you with access to your personal information or Credit-related information, for example, if the information is commercially sensitive or relates to existing or anticipated legal proceedings, or if your request is vexatious.
An explanation will be provided to you if we deny you access to the personal information or Credit-related information we hold about you.
If any of the personal information or Credit-related information we hold about you is incorrect, inaccurate or out of date you may request that we correct the information. If appropriate we will correct the personal or Credit-related information. Otherwise, we will provide an initial response to you within seven days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected your personal or credit-related information within 30 days.
We may need to consult with other entities as part of our investigation.
If we refuse to correct personal or Credit-related information we will provide you with our reasons for not correcting the information.
Using government identifiers
When we collect government identifiers, such as your tax file number, we do not use or disclose this information other than as required by law. We will never use a government identifier to identify you.
Business without identifying you
In most circumstances it will be necessary for us to identify you in order to successfully do business with you, however, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information, for example, if you make general inquiries about interest rates or current promotional offers.
Sensitive information
We will only collect sensitive information about you with your consent. Sensitive information is personal information that includes information relating to your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record, or health or biometrics (for example, your fingerprints).
How safe and secure is your personal information that we hold?
We will take reasonable steps to protect your personal information by storing it in a secure environment. We may store your personal information in paper and electronic form. We will also take reasonable steps to protect any personal information from misuse, loss and unauthorised access, modification or disclosure.
Complaints
If you are dissatisfied with how we have dealt with your personal information or Credit-related information, or you have a complaint about our compliance with the Privacy Act and the Credit Reporting Code, you may contact us. We will acknowledge your complaint within seven days. We aim to provide you with a decision on your complaint within 30 days. We will let you know if we will take longer than 30 days and the relevant extension of time we will require to complete the complaints process.
If you are dissatisfied with our response after you have been through the internal complaints process, you may make a complaint to our External Dispute Resolution Scheme, the Australian Financial Complaints Authority (AFCA) which can be contacted by phone on 1800 931 678, by email at info@afca.org.au, or in writing to GPO Box 3, Melbourne VIC 3001; or the OAIC which can be contacted on either www.oaic.gov.au or 1300 363 992.
Cookies
The information that we collect from you when you interact with us online depends on the tasks you complete on this website. When you visit and browse through the website, we collect general information that is not capable of identifying you for statistical and maintenance purposes that enables us to continually evaluate the performance of this website. This general information includes the number of users visiting this website and the number of pages viewed as well as the path taken through this website.
This information is used to generate aggregated, anonymous information about how you and other users use this website and its features. For instance, we collect information about which pages on this website you visit most often, if you open or read the communications we send, which advertisements you view or interact with on this website or other websites on which our advertisements appear, and if you receive any error messages. The information collected may be used to improve users' online experience generally, to collate statistics, or customise your online experience by showing you content we think you will like. We do not collect information that identifies you personally; however, if you have a registration account with us, the information collected by us using the cookies may be associated with your registration account.
We also may allow third-party advertisers to place their cookies on your device through their advertisements on this website. The information these third-party cookies collect is used to determine which third-party advertisements to display on this website, how often to display them, and in which locations of this websites the third-party advertisements perform best. These third-party cookies do not collect information that identifies you personally.
Any information, which is not capable of identifying you, is collected through code embedded in the webpages of this website. You cannot disable the code on these pages.
Other information, such as browser type, is included in a 'cookie' that is sent to your computer when you are completing certain tasks on this website. A cookie contains bits of information that enables our servers (i.e. the computers that house this website) to identify and interact efficiently with your computer. Cookies are designed to provide a better, more customised website experience, and to make it easier for you to use this website.
You can configure your browser to either accept all cookies, reject all cookies or to notify you when a cookie is being sent to your computer. The 'help function' on your browser will provide you with details on how to change your browser configurations. You will need to accept cookies in order to use some functionality on this website. If you do not wish to receive any cookies you may set your browser to refuse them. However, your use of our website may be affected.
Further information
You may request further information about the way we manage your personal or credit information by contacting us.
Change in our privacy policy
We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. Technology is constantly changing, as is the law and market place practices.
As a consequence, we may change this privacy policy from time to time or as the need arises. You may request this privacy policy in an alternative form.
This Privacy Policy was last updated on 30 June 2022.