Privacy Policy

Your privacy has always been important to us. As our client, or someone in a business relationship with our client, we respect your right to be aware of who has information about you, what they are doing with it and why, and who else they are sharing it with. We have adopted a privacy compliance culture that cements this relationship with you. Its foundation is the Privacy Act 1988 (as amended, including by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and the Privacy Amendment (Notifiable Data Breaches) Act 2017), the Privacy Regulation 2013, and the Credit Reporting Privacy Code.

This privacy policy explains how we manage personal information which is not credit information or credit eligibility information. In particular it explains:

• the kinds of personal information we collect and hold;
• how we collect the personal information;
• the purposes for which we collect, hold, use and disclose the personal information;
• how an individual may access personal information about the individual that we hold and seek the correction of that information;
• how an individual may complain about a breach of the Australian Privacy Principles and the Credit Reporting Privacy Code and how we may deal with the complaint; and
• whether we are likely to disclose the personal information to overseas recipients and the countries where those recipients are likely to be located.

This privacy policy also explains how we manage credit information and credit eligibility information. In particular it explains:

• the kinds of credit information we collect and hold and how we collect and hold that information;
• the kinds of credit eligibility information we hold and how we hold that information;
• the kinds of credit policy derived information that we usually derive from credit reporting information disclosed to us by a credit reporting body under Division 2 of Part IIIA of the Privacy Act 1988;
• the purpose for which we collect, hold, use and disclose credit information and credit eligibility information;
• how an individual may access credit eligibility information about the individual that we hold;
• how an individual may seek the correction of credit information or credit eligibility information about the individual that we hold;
• how an individual may complain about our failure to comply with Division 3 of Part IIIA of the Privacy Act 1988 or the Credit Reporting Privacy Code;
• how we will deal with the complaint; and
• whether we are likely to disclose credit information or credit eligibility information to entities which do not have an Australian link and the countries where those recipients are likely to be located.

We collect and hold credit information about individuals who are clients, guarantors, debtors and associates. This information includes:

• identification information, such as the individual's name, address and date of birth;
• the note we make of the disclosure of credit information we make to a credit reporting body so that we can obtain credit information from a credit reporting body;
• the type of commercial credit and the amount of credit sought in an application that has been made by the individual and in connection with which we have made an information request;
• court proceedings information about the individual — information about a judgment of an Australian court against the individual in proceedings (other than criminal proceedings) that relate to any credit that has been provided to, or applied for by, the individual; and
• personal insolvency information about the individual, including information entered or recorded in the National Personal Insolvency Index that relates to bankruptcy of the individual.

We obtain credit reporting information about individuals from credit reporting bodies only to the extent we are entitled to under the Privacy Act 1988. Credit reporting information includes:

• the credit information outlined above but which relates to the individual's dealings with other credit providers;
• consumer credit liability information, default information, payment information, new arrangement information and publicly available information concerning consumer credit; and
• credit worthiness information that credit reporting bodies derive from the above information, including credit scores, risk ratings and other evaluations.

Under various laws we may be authorised or required to collect personal information. These laws include the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, Personal Property Securities Act 2009, Corporations Act 2001, Autonomous Sanctions Act 2011, Income Tax Assessment Act 1997, and the Australian Securities and Investments Commission Act 2001.

We collect personal information about individuals in a variety of ways. Where possible and practical we collect the information directly from the individual. When it is not practical or reasonable to do so we may collect it from a third party — such as an authorised representative (broker, agent, accountant or lawyer), another financial institution, a referee, an employer or a government body.

Credit eligibility information is obtained from a credit reporting body.

We take all reasonable steps to ensure that personal information we hold is protected from misuse, interference or loss and from unauthorised access, modification or disclosure.

We do this by having physical, electronic and procedural safeguards — personal information is stored in secure office premises or secure archiving facilities, and logins and passwords are required to access electronic databases.

Our staff are required to maintain the confidentiality of personal information and access is restricted to persons who require it to perform their duties.

We collect, hold, use and disclose credit information and credit eligibility information for purposes permitted by law which are reasonably necessary for our business activities. Those purposes include:

• if the individual is a client, to determine if we should provide a facility and, if so, to assist in its provision — including assessment, account management, debt recovery and dealing with security;
• if the individual is a guarantor, to determine whether to accept the guarantee and to deal with or enforce our rights under it;
• if the individual is a debtor, to assess and verify the debt, collect it, and enforce it;
• if the individual is an associate, to assist in determining and managing the facility provided to the client or debtor;
• to assist in the management and enforcement of facilities we provide, for data analysis and internal management;
• to provide information to credit reporting bodies to the extent permitted by the Privacy Act 1988;
• to undertake securitisation activities, raise funding, assign debts and rights, and enter into insurance arrangements;
• to deal with complaints and legal proceedings;
• to meet our legal and regulatory requirements; and
• to assist other credit providers in accordance with an authorisation provided by the individual.

We do not hold any CP derived information.

We disclose credit information to the following credit reporting bodies:

An individual has the right to request that the credit reporting body exclude his or her credit reporting information from any direct marketing activities. The individual also has the right to request that the credit reporting body not use or disclose his or her information if the individual believes they have been, or are likely to be, the victim of fraud.

If an individual does not want their personal information used for direct marketing purposes they can opt-out by contacting our Privacy Contact Officer:

An individual may access personal information (including credit eligibility information) that we hold by contacting our Privacy Contact Officer:

We will need to verify the individual's identity before giving access. We will usually provide the requested personal information within 30 days of receiving the request. There is no charge to make a request but we may levy an administration fee for providing access.

If there is a reason why we do not make the requested information available, we will provide our reason in writing.

If an individual considers that any personal information we hold is incorrect, the individual may ask us to correct it by contacting our Privacy Contact Officer on the telephone number or at the address above.

In certain situations we may decide not to agree to a correction request. We will tell you in writing why we have not agreed.

We have an internal dispute resolution system that covers complaints, complying with ISO 10002-2006. If an individual considers that we have failed to comply with the Privacy Act 1988, the Credit Reporting Privacy Code or the Australian Privacy Principles, they should contact our Privacy Contact Officer using the details above.

We will acknowledge the complaint within 7 days and advise a decision within 30 days (or a longer period as may be agreed).

If the individual is not satisfied with the decision they may complain to the Office of the Australian Information Commissioner (OAIC):

Generally, we do not disclose personal information to overseas recipients. However, we may do so — for example if the debtor is located overseas or if we use service providers located overseas. In each case, personal information is provided to an overseas recipient only when permitted under the Privacy Act.

Countries where overseas recipients are likely to be located include: New Zealand, United States, Canada, United Kingdom, Austria, Belgium, Finland, France, Germany, China (including Hong Kong), Ireland, Italy, Ukraine, Japan, Luxembourg, Malta, the Netherlands, Portugal, Singapore, South Africa, Spain and Switzerland.

We recognise the obligation to notify affected individuals, as well as the Australian Information Commissioner, of any 'eligible data breaches' as defined for the purposes of Part IIIC of the Act.