Personal information includes any information or an opinion about an identified individual, or an individual who is reasonably identifiable. The kinds of personal information we may collect about you include your name, date of birth, address, account details, occupation, and any other information we may need to identify you including publicly available information from public registers and social media. If you are applying for finance, we may also collect the number and ages of your dependants and cohabitants, the length of time at your current address, your employment details and proof of earnings and expenses. If you use our website or mobile applications we may collect information about your location or activity including IP address, telephone number and whether you have accessed third party sites, the date and time of visits, the pages that are viewed, information about the device used and other user location information. We may collect some of this information using cookies (see below). It does not include information where we have removed any reference to a person, so that they cannot be identified.
Credit information includes information such as your identity information, the type, terms and maximum amount of credit provided to you, repayment history information, default information (including overdue payments), court information, new arrangement information, personal insolvency information and details of any serious credit infringements. Credit eligibility information is credit reporting information supplied to us by a credit reporting body, and any information that we derive from it. Collectively, we refer to this as credit-related information.
1. Who the policy applies to?
It applies to any individuals in respect of whom we may collect in the future, personal information and credit-related information. It describes the personal information and credit-related information we collect, and how we use and handle that personal information and credit-related information.
By using our websites and applications on electronic devices and providing your personal information and credit-related information to us, you agree to the terms of this policy, and the collection and use of the personal information and credit-related information provided to us as set out in this policy.
If we decide to change our policy, we will post any new terms on this page so that you can always be aware of how we collect, use and handle your personal information and credit-related information.
2. What information do we collect?
We may collect and hold personal information and credit-related information about you if you are an individual or one of the following individuals in relation to:
company: the directors and shareholders of that company;
partnership: the partners;
sole trader: the sole trader; or
trust: the trustee and beneficiaries.
We primarily collect your personal information and credit-related information directly from you, for example through the account registration process, telephone calls and written correspondence.
The personal information and credit-related information that we collect directly from you includes:
information we use to identify you such as your name, date of birth, phone number and residential address;
financial information about you such as bank account details, details in relation to your income and expenditure;
information about your employment such as proof of earnings;
social media information about you; and
other information we request in relation to the provision of our products and services.
We may also collect personal information and credit-related information about you from third parties such as credit reporting bodies and from publicly available information.
At or soon after the time that we collect personal information and credit-related information, we will take reasonable steps to ensure that the person is aware that we have undertaken the collection, the purpose(s) of the collection, the main consequences (if any) if the information is not collected, the types of organisation (if any) to which the information may be disclosed (including those located overseas), any law that required the particular information to be collected, and the fact that this policy contains details on access, correction and complaints.
If we receive personal information and credit-related information which we has not requested from you (unsolicited information) and we determine that we could not have collected that information lawfully under Australian privacy law if we had requested it, then we will destroy or de-identify the information so far as it is lawful to do so.
You have the option to not identify yourself (or to use a pseudonym) when dealing with us. However, if you do, it may be impractical for us to deal with you and we may elect not to do so.
3. Cookies and pixels
A pixel is a snippet of code added to the code of a website in order to gather information, similar to a cookie.
4. How do we use and disclose information?
We collect, hold, use and disclose personal, credit and credit eligibility information to third parties primarily to assess whether to provide credit to you and in the ongoing management of your accounts. These third parties include Stripe Payments Australia Pty Ltd and its affiliate, Data Zoo Pty Limited as trustee for Data Zoo Trust (Datazoo) and Illion Australia Pty Ltd. We may also use your information as permitted or required by law and government agencies.
We are also required to collect your personal information and credit-related information to comply with our obligations under Australian law, including the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
We may use your information for purposes relating to:
processing requests you make;
managing and better understanding our relationship with you including tracking and making payments due to you;
managing our relationship with financial institutions;
identifying opportunities to improve our service to you and improving our service to you;
allowing us to run our business efficiently and to perform administrative and operational tasks;
preventing or investigating any fraud or crime or any suspected fraud or crime;
assisting in improving industry standards relating to engaging in credit activities;
assisting to recover amounts payable by you;
telling you about other products or services we or our related companies make available and that may be of interest to you, unless you tell us not to;
as required by law, regulation or codes binding us; and
any purpose to which you have consented.
From time to time, we may send direct marketing communications to you. If you do not wish to receive these communications, you can unsubscribe at any time by clicking the unsubscribe button at the bottom of the marketing email or by updating your online account settings.
We may disclose information to our related companies or our related entities. We may also disclose your information to credit reporting bodies, for the purpose of ensuring that credit-related information held by those organisations is up-to-date and so that they can assess your credit worthiness. We will only disclose an individual’s information in accordance with the Privacy Act 1988 (Cth) and the Privacy (Credit Reporting) Code 2014 (Cth).
We may exchange personal information and credit-related information with the following types of entities, some of which may be located overseas. The types of entities include:
credit reporting bodies, including for a credit guarantee purpose;
finance brokers, mortgage managers, and persons who assist us to provide our products to you;
any person or entity who represents you including financial consultants, accountants, lawyers, mortgage brokers, persons holding power of attorney, guardians and advisers;
any industry body, government authority, tribunal, court or otherwise in connection with any complaint regarding the approval or management of your lease or loan – for example if a complaint is lodged about us;
any investors, agents or advisers, trustees, ratings agency or businesses assisting us with funding for credit made available to you or any entity that has an interest in your finance or our business;
where we are authorised to do so by law, such as under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth), government and law enforcement agencies or regulators;
entities to whom we outsource some of our functions or that provide information and infrastructure systems;
trade insurers, other insurers, valuers and debt collection agencies;
auditors, insurers, re-insurers and health care providers;
other borrowers or guarantors (if more than one) or borrowers or prospective borrowers of any credit you guarantee or propose to guarantee;
any person where we are required by law to do so or where you have provided us consent;
any of our associates, related entities or contractors such as claims related providers including assessors and investigators that help us with claims;
your referees, such as your employer, to verify information you have provided;
any person considering acquiring an interest in our business or assets;
associated businesses that may want to market products to you;
other financial institutions, for example to process a claim for mistaken payment; and
any organisation providing online verification of your identity.
We may disclose personal information and credit-related information about you to an organisation, including a credit reporting body to verify your identity. The organisation will give us a report of whether or not the information we have matches information held by the organisation. If we use these methods and are unable to verify your identity in this way we will let you know. We may also use information about your Australian Passport, state or territory driver licence, Medicare card, citizenship certificate, birth certificate, and any other identification documents to match those details with the relevant registries using third party systems and record the results of that matching.
We may disclose your personal information and credit-related information to overseas entities including related entities and service providers located overseas including in China. Overseas entities may be required to disclose information to relevant foreign authorities under a foreign law. More information on overseas disclosure may be found in the entities’ privacy policies. Whilst we attempt to select and secure reputable offshore service providers, we are not liable for any breach or misuse of information sent offshore. An overseas entity may not be subject to privacy laws or principles similar to those which apply in Australia, and any information disclosed to an overseas entity may not have the same protection as under the Australian Privacy law. You may not be able to seek redress for any breach of your privacy which occurs outside of Australia.
We will only collect your sensitive information with your consent. Sensitive information is personal information that includes information about your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record or health.
5. What happens if you don’t provide information
If you don’t provide your information to us, we may not be possible for us to consider a request you make or provide services to you, and we may choose not to do so.
6. How do we protect your personal information and credit-related information?
We have policies and processes in place to protect your personal information and credit-related information from misuse, interference, loss or unauthorised access, modification or disclosure. These include training programs which aim to ensure that relevant employees are aware of any privacy obligations regarding personal information to which they may have access.
We do not sell, trade, or rent your personal information and credit-related information to third parties. We may provide aggregate statistics about our customers, sales, traffic patterns, and related site information to reputable third-party vendors, but these statistics will include no personally identifying information.
We retain your personal information and credit-related information for as long as needed to provide services to you and as otherwise necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
In the event there is a breach of our security and your personal information and credit-related information is compromised, we will promptly notify you in compliance with the applicable law.
We will use all reasonable means to protect the confidentiality of your personal information and credit-related information while in our possession or control. All information we receive from you is stored and protected on our secure servers from unauthorized use or access. Credit card information is encrypted before transmission and is not stored by us on our servers.
We may store your personal information and credit-related information in cloud or other types of networked or electronic storage and will take reasonable steps to ensure its security. However, it is not always practicable to find out where your information may be accessed or held, as electronic or networked storage can be accessed from various countries via an internet connection.
We will take reasonable steps to destroy or permanently de-identify personal information and credit-related information if it is no longer needed for the purposes for which we are authorised to use it.
7. Notifiable matters
We are required to tell you about ‘notifiable matters’ in relation to how we may use your credit-related information.
We exchange your credit-related information to credit reporting bodies.
We use your credit-related information exchanged with to credit reporting bodies to confirm your identity and to assess your creditworthiness.
We may also disclose information to a credit reporting body regarding where:
you default in your payment obligations in relation to any credit that we provide or arrange; or
you have committed a serious credit infringement.
You have the right to request access to the credit-related information that we hold about you and make a request for us to correct that credit-related information if needed.
Sometimes your credit-related information will be used by credit reporting bodies for the purposes of ‘pre-screening’ credit offers on the request of other credit providers. Some of the information may adversely affect your credit worthiness (for example if you have defaulted on your loan) and accordingly, may affect your ability to obtain credit from other lenders.
You can contact the credit reporting body at any time to request that your credit-related information is not used in this way.
You may contact also the credit reporting body to advise them that you believe that you may have been a victim of fraud.
You can contact our credit reporting body for more information:
Illion Australia Pty Ltd (www.illion.com.au)
8. How to access your personal information and credit-related information and make corrections
If you wish to access your information held by us, please contact us. Our contact details are at the end of this policy.
We will provide you with the information unless:
the request is frivolous or vexatious;
providing access would have an unreasonable impact on the privacy of another person;
providing access would pose a serious and imminent threat to the life or health of any person;
providing access would prejudice our legal rights; or
there are other legal grounds to deny the request.
If we refuse to give you access to your information, we will explain why in writing.
We will not charge an application fee, but we may charge a reasonable fee for providing access, including photocopying fees.
We will take reasonable steps to ensure the accuracy and completeness of the personal information and credit-related information held. If you believe that any of the personal information and credit-related information is inaccurate or out of date, please contact us.
9. Contact for privacy issues and complaints
Phone: 1800 777 290 for customers and general enquiries and 1800 777 296 for merchants
In order for us to investigate the complaint, you will need to provide us with sufficient details as well as any supporting information. We will acknowledge your complaint in writing within 7 days, conduct an investigation and notify you in writing within a reasonable time (usually 30 days from the date on which the complaint was made) about the outcome of our investigation.
If you would like more information about the privacy laws, you may contact:
The Privacy Commissioner:
Office of the Federal Privacy Commissioner GPO Box 5218, Sydney NSW 2001 Phone: 1300 363 992 Website: www.oaic.gov.au