General information

The types of information that we collect and hold about you could include:

• ID information such as your name, postal or email address, telephone numbers, and date of birth;
• other contact details such as social media handles;
• financial details such as your tax file number; and
• other information we think is necessary.

When the law authorises or requires us to collect information

We may collect information about you because we are required or authorised by law to do so. There are laws that require us to collect personal information. For example, we require personal information to verify your identity under Australian Anti-Money Laundering law.

What do we collect via your website activity?

If you’re an internet customer of ours, we monitor your use of internet services to ensure we can verify you, receive information from you, and identify ways we can improve our services for you.

If you start but don’t submit an online application, we can contact you using any of the contact details you’ve supplied to offer help completing it. The information in applications will be kept temporarily and then destroyed if the application is not completed.

We also know that some customers like to engage with us through social media channels. We may collect information about you when you interact with us through these channels. However, for all confidential matters, we’ll ensure we interact with you via a secure forum. We sometimes collect de-identified information from web users to improve our services and products. That information could include IP addresses or geographical information to ensure your use of our web applications is secure.

How we collect and hold your information

Unless it’s unreasonable or impracticable, we will try to collect personal information directly from you (referred to as ‘solicited information’). For this reason, it’s important that you help us to do this and keep your contact details up-to-date.

There are a number of ways in which we may seek information from you. We might collect your information when you fill out a form with us, when you’ve given us a call or used our website. We also find using electronic means, such as email or SMS, a convenient way to communicate with you and to verify your details.

However, we’ll never ask you for your security details in this way – if you are ever unsure, just contact us.

How we collect your information from other sources

Sometimes, we will collect information about you from other sources as the Privacy Act 1988 permits. We will do this only if it’s reasonably necessary to do so, for example, where:

• We collect information from third parties about the loan or lease made available to you arising out of the services we provide you;
• We can’t get hold of you and we rely on public information (for example, from public registers or social media) or information made available by third parties) to update your contact details; or
• We exchange information with your legal or financial advisers or other representatives.

What if you don’t want to provide us with your personal information?

If you don’t provide your information to us, it may not be possible:

• for us to give you the credit assistance you seek from us;
• to assist in finding a loan or lease relevant to your circumstances;
• verify your identity or protect against fraud; or
• Let you know about other products or services that might suit your financial needs.

How we collect and hold your credit information

We will collect your credit information while you answer the enquiries we make of you relating to the credit assistance you seek from us. In addition to what we say above about collecting information from other sources, other primary sources for collecting credit information are:

• your co-loan applicants or co-borrowers;
• your guarantors/proposed guarantors;
• your employer, accountant, real estate agent or other referees;
• your agents and other representatives, like the person who referred your business to us, your solicitors, conveyancers and settlement agents;
• Organisations that help us to process credit applications;
• Organisations that check the security you are offering, such as valuers;
• bodies that issue identification documents to help us check your identity; and
• Our service providers are involved in helping us to process any application you make for credit through us

What do we do when we get information we didn’t ask for?

Sometimes, people share information with us that we haven’t sought out (referred to as ‘unsolicited information’). Where we receive unsolicited personal information about you, we will check whether that information is reasonably necessary for our functions or activities. If it is, we’ll handle this information the same way we do with other information we seek from you. If not, we’ll ensure we do the right thing and destroy or de-identify it.

When will we notify you that we have received your information?

When we receive your personal information directly, we’ll take reasonable steps to notify you how and why we collected it, who we may disclose it to, and how you can access it, seek correction of it, or make a complaint.

Sometimes, we collect your personal information from third parties, and you may not be aware that we have done so. If we collect information that can be used to identify you, we will take reasonable steps to notify you of that collection.

How do we take care of your personal information?

We store information in different ways, including in paper and electronic form. The security of your personal information is important to us, and we take reasonable steps to protect it from misuse, interference, loss, and unauthorised access, modification or disclosure. Some of the ways we do this are:

• document storage security policies;
• security measures for access to our systems; and
• only giving access to personal information to a person who is verified to be able to receive that information

We may store personal information physically or electronically with third-party data storage providers. Where we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put it.

What happens when we no longer need your information?

We’ll only keep your information for as long as necessary for our purposes. We may be required to keep some of your information for certain periods of time under the law. When we no longer need your information, we’ll ensure that it is destroyed or de-identified.

What are the main reasons we collect, hold and use your information?

Collecting your personal information allows us to provide you with the products and services you requested. This means we can use your information to:

• Give you credit assistance;
• Give you information about loan products or related services, including help, guidance and advice;
• Consider whether you are eligible for a loan or lease, or any related service you requested, including identifying or verifying you or your authority to act on behalf of a customer;
• Assist you to prepare an application for a lease or a loan;
• Administer services we provide, for example, to answer requests or deal with complaints; and
• Administer payments we receive, or any payments we make, relating to your loan or lease.

Can we use your information for marketing our products and services?

We may use or disclose your personal information to inform you about other products or services we or a third party make available and that may interest you.

We will always let you know that you can opt out from receiving marketing offers.

With your consent, we may disclose your personal information to third parties to connect you with other businesses or customers. You can ask us not to do this at any time. We won’t sell your personal information to any organisation.

Yes, You Can Opt-Out

If you no longer wish to receive direct marketing offers from us, you can let us know at any time. We will process your request as soon as practicable.

What are the other ways we use your information?

We’ve just told you some of the main reasons why we collect your information, so here’s some more insight into the ways we use your personal information, including:

• Telling you about other products or services we make available and that may be of interest to you, unless you tell us not to;
• Identifying opportunities to improve our service to you and improving our service to you;
• Allowing us to run our business efficiently and perform general administrative tasks;
• Preventing any fraud or crime or any suspected fraud or crime;
• As required by law, regulation or codes binding us; and
• Any purpose to which you have consented.

What are the grounds under which we will deal with your personal information under
the GDPR?

Under the GDPR, we must have legal grounds to process your personal information. The legal grounds that we may rely on are:

• Performance of our contract with you;
• Compliance with a legal obligation;
• Where you have provided your consent; and
• For our legitimate interests: Our main legitimate interests in processing your personal information are fraud, security, due diligence, business operations, and direct marketing.

We are required to keep some of your information for certain periods of time under law, such as the Corporations Act, the Anti-Money Laundering & Counter-Terrorism Financing Act, and the Financial Transaction Reports Act.

We are required to keep your information for 7 years from the closure of accounts, or otherwise as required for our business operations or by applicable laws.

We may need to retain certain personal information after we cease providing you with products or services to enforce our terms, prevent fraud, identify, issue, or resolve legal claims, and/or maintain proper record keeping.

Sharing Your Information

We sometimes need to share your personal information with others to ensure we can meet your specific needs and for the purposes described in ‘How we use your personal information’. We may share your information with other organisations for any purpose for which we use your information.

We may use and share your information with other organisations for the abovementioned purpose.

Sharing with your representatives and referees

We may share your information with:

• Your representative or any person acting on your behalf (for example, lawyers, settlement agents, accountants or real estate agents); and
• Your referees, like your employer, to confirm details about you.

Sharing with third parties

We may share your information with third parties concerning services we provide you.

Those third parties may include:

• The mortgage aggregator through whom we may submit loan or lease applications to lenders or lessors on the mortgage aggregator’s panel;
• The Australian Credit Licence holder that authorises us to engage in credit activities;
• Referrers who referred your business to us;
• Valuers;
• Lenders, lessors, lender’s mortgage insurers and other loan or lease intermediaries;
• Organisations, like fraud reporting agencies, that may identify, investigate and/or prevent fraud, suspected fraud, crimes, suspected crimes, or other misconduct;
• Government or regulatory bodies (including ASIC and the Australian Taxation Office) as required or authorised by law. In some instances, these bodies may share the information with relevant foreign authorities;
• Guarantors and prospective guarantors of your loan or lease;
• Service providers, agents, contractors and advisers that assist us to conduct our business for purposes including, without limitation, storing or analysing information;
• Any organisation that wishes to take an interest in our business or assets; and
• Any third party to whom you consent to us sharing your information.

Sharing outside of Australia

We may use overseas organisations to help conduct our business. As a result, we may need to share some of your information (including credit information) with such organisations outside Australia.

We may store your information in the cloud or other networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your data is stored this way, disclosures may occur in countries other than those listed.

Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.

Where we transfer your information from the EEA to a recipient outside the EEA, we will ensure that an adequate level of protection is in place to protect your personal information, such as contractual protections to ensure the security of your information.

How you can generally access your information

We‘ll always give you access to your personal information unless there are specific legal reasons why we can’t. You can ask us in writing to access your personal information that we hold. In some cases, we may be able to deal with your request over the phone.

We will give you access to your information in the form you want it, where it’s reasonable and practical. We may charge you a small fee to cover our costs when giving you access, but we’ll always check with you first.

We’re not always required to give you access to your personal information. Some of the situations where we don’t have to give you access include when:

• We believe there is a threat to life or public safety;
• There is an unreasonable impact on other individuals;
• The request is frivolous;
• The information wouldn’t be ordinarily accessible because of legal proceedings;
• It would prejudice negotiations with you;
• It would be unlawful;
• It would jeopardise taking action against serious misconduct by you;
• It would be likely to harm the activities of an enforcement body (e.g. the police); or
• It would harm the confidentiality of our commercial information.

If we can’t provide your information as you requested, we will explain why in writing. If you have concerns, you can complain. See ‘Contact Us’.

Contact us if you think there is something wrong with the information we hold about you and we’ll try to correct it if it’s:

• inaccurate;
• out of date;
• incomplete;
• irrelevant; or
• misleading.

If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We’ll try to help where we can—if we can’t, we’ll let you know in writing.

What additional things do we have to do to correct your credit information?

If you ask us to correct credit information, we will help you with this in the following way.

Helping you manage corrections​
Whether we made the mistake or someone else made it, we are required to help you ask for the information to be corrected. So we can do this, we might need to talk to others.

However, the most efficient way for you to make a correction request is to send it to the organisation that made the mistake.

Where we correct information​
If we’re able to correct the information, we’ll let you know within five business days of deciding to do this. We’ll also let the relevant third parties know as well as any others you tell us about. We’ll let you know in writing if there are any instances where we can’t do this.

Where we can’t correct information​
If we’re unable to correct your information, we’ll explain why in writing within five business days of making this decision. If you have any concerns, you can access our external dispute resolution scheme or make a complaint to the Office of the Australian Information Commissioner.

Time frame for correcting information​
If we agree to correct your information, we’ll do so within 30 days from when you asked us or a longer period that you’ve agreed to.

If we can’t make corrections within a 30-day time frame or the agreed time frame, we must:

• Let you know about the delay, the reasons for it and when we expect to resolve the matter;
• Ask you to agree in writing to give us more time; and
• Let you know you can complain to our external dispute resolution scheme or the Office of the Australian Information Commissioner.

How do you generally make a complaint?

If you have a complaint about how we handle your personal information, we want to hear from you. You are always welcome to contact us.

You can contact us by using the details below:
E: ​
P: 1300 350 777

We are committed to resolving your complaint and doing the right thing by our customers. Most complaints are resolved quickly, and you should hear from us within five business days.

Need more help?

If you still feel your issue hasn’t been resolved to your satisfaction, then you can raise your concern with the Office of the Australian Information Commissioner:

• Online: www.oaic.gov.au/privacy
• Phone: 1300 363 992
• Email:
• Fax: +61 2 9284 9666
• Mail: GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601

If you are located in the EEA, you can contact the relevant data protection authority (for example, in the place you reside or where you believe we breached your rights). For example, the Office of the UK Information Commissioner:

• Online: www.ico.gov.uk
• Phone: 0303 123 1113
• Live chat: https://ico.org.uk/global/contact-us/live-chat

What additional things do we have to do to manage your complaints about credit information?

If your complaint relates to how we handled your access and correction requests​

You may take your complaint directly to our external dispute resolution scheme or the Office of the Australian Information Commissioner. You are not required to let us try to fix it first.

For all other complaints relating to credit information​:

If you make a complaint about something (other than an access request or correction request) related to your credit information, we will let you know how we will deal with it within seven days.

Ask for more time if we can’t fix things in 30 days​
If we can’t fix things within 30 days, we’ll let you know why and how long we think it will take. We will also ask you for an extension of time to fix the matter. If you have any concerns, you may complain to our external dispute resolution scheme or the Office of the Australian Information Commissioner.
​
We’ll let you know about our decision within 30 days or any longer agreed-upon time frame. If you have any concerns, you may complain to our external dispute resolution scheme or the Office of the Australian Information Commissioner.

If you reside in the EEA, you can also:

• You can object to the processing of your personal information or ask us to delete, restrict, or stop using it. However, there may be circumstances where we are required to or entitled to retain or continue using your information.
• You can withdraw your consent to our processing of your information. However, we may continue to process your information if we have another legitimate ground to do so.
• Ask us to send an electronic copy of your personal information, including to another organisation.

You can contact us to exercise these rights. See ‘Contact Us’ for more information. If we refuse any request you make regarding these rights, we will write to you to explain why and how you can make a complaint about our decision.

We care about your privacy. Please get in touch with us if you have any questions or comments about our privacy policies and procedures. We welcome your feedback.

You can contact us by using the details below:

E: ​
P: 1300 350 777

What if you want to interact with us anonymously or use a pseudonym?

If you have general enquiry type questions, you can choose to do this anonymously or use a pseudonym. We might not always be able to interact with you this way, however, as we are often governed by regulations that require us to know who we’re dealing with. In general, we won’t be able to deal with you anonymously or where you are using a pseudonym when:

• it is impracticable; or
• we are required or authorised by law or a court/tribunal order to deal with you personally.

What do we do with government-related identifiers?

In certain circumstances, we may be required to collect government-related identifiers such as your tax file number. We will not use or disclose this information unless authorised by law.