Personal information is any information that identifies or could identify you, and includes credit-related information, which is information about your credit history (including information about your past experiences with lenders, the kinds of credit products you have had or sought, how you have managed your obligations, information contained in a credit report about you, and information about your credit worthiness that has been derived from a credit report about you).
Collection of personal information
We will collect and hold personal information about you that is reasonably necessary for, or directly related to, our business relationship with you. The personal information we may collect about you includes your name, date of birth, address, occupation, financial situation, and any other information we may need to identify you.
As far as possible, we will collect your personal information directly from you. However, in some cases we may be required to collect this information from third parties such as your employer or a credit reporting body (CRB). We may also collect information about you from publicly available sources.
If we are unable to collect all of the personal information that we require, we may be unable to provide you with a product or service.
Use of personal information
We use your personal information so that we can provide products and services to our customers, including to:
assess and process any application for credit made by an entity for which you are a director, shareholder, signatory, representative or guarantor;
identify you or our customer;
execute your instructions or assist with your inquiries, or those of our customer;
manage our relationship with you or our customer;
comply with legislative or regulatory requirements;
undertake internal processes, including product development, strategic planning, risk management and pricing;
meet our obligations in relation to credit reporting systems and our funding arrangements;
collect overdue payments; and
identify and (unless you tell us not to) tell you about our products and services, and those of third parties that might interest you.
We may also use your personal information for other purposes that you would reasonably expect, or otherwise where you have given us your consent.
Disclosure of personal information
We may exchange your information for any of the reasons mentioned above with third parties including:
other persons to verify that it is correct;
our customer and any current and prospective guarantors, co-guarantors and security providers;
our related bodies corporate, agents, contractors, service providers and external advisers;
your agents, referees, employer, executors, and advisers;
law enforcement, regulatory, government and dispute resolution bodies;
your and our insurers or prospective insurers and their underwriters;
any person we consider necessary to execute your instructions;
other credit providers and financial institutions; and
any person who is considering whether to acquire or who has acquired our business, any part of it, or an interest in a loan we provide (for example, an assignee), and their professional advisers.
Exchanging information with credit reporting bodies
If your personal information is collected in connection with an application for credit or if you are providing a guarantee we may obtain a credit report about you from a CRB. A credit report will provide us with information about you that is held by the CRB and which has any bearing on your creditworthiness.
We may use this information to arrive at our own assessment of your creditworthiness.
Further, to enable us to verify your identity, we may disclose your name, date of birth and residential address to a CRB for the purpose of obtaining an assessment of whether that personal information matches information held by the CRB.
The CRBs we may use from time to time include:
13 83 32
Dun & Bradstreet Australia
13 23 33
CRBs may include information which we provide in reports to other credit providers to assist them to assess your creditworthiness.
You can ask a CRB not to use or disclose credit-related information it holds about you for a period of 21 days (called a “ban period”) without your consent if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.
CRBs may use credit-related information they hold to respond to requests from us or other credit providers to “pre-screen” you for direct marketing. You can ask a CRB not to do this.
Transfer of personal information overseas
We may disclose your personal information to third parties who may be located overseas, including in Hong Kong and Singapore.
Protecting your information
We keep your hard copy or electronic records on our premises and systems or offsite using trusted third parties. We take all reasonable steps to ensure that information we hold about you is protected from misuse, interference and loss, and unauthorised access, disclosure or modification.
When we no longer need your information, including when we are no longer legally obliged to keep records relating to you, we will destroy it or de-identify it.
Accessing and correcting your personal information
We take reasonable steps to ensure that the information we handle is accurate, complete and up-to-date, however, you have the right to request to access your information and correct it if you believe that it is inaccurate, out-of-date or incomplete.
You may request access to the information we hold about you at any time by contacting our Compliance Officer. We will respond to your request within a reasonable time. There is no fee for making a request but we may charge you the reasonable costs of providing our response to a request for access to personal information.
If we refuse to give you access to any of your personal information, we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act on which we rely to refuse access.
You may also ask us to correct any information we hold about you by contacting us using the details noted above. We will deal with your request to correct your information in a reasonable time. If we correct your information and it is information we have provided to others we will notify them of the correction where we are required to do so by the Privacy Act. If your request to correct your information relates to information which has been provided to us by a CRB or another credit provider we may need to consult with them about your request. We will correct information, where we decide to do so, within 30 days of your request, or longer if you agree.
If we do not agree with the corrections you have requested, we are not obliged to amend your information accordingly, however, we will give you a written notice which sets out the reasons for our refusal.
Complaints, questions and concerns
Level 1, Suite 5
300 Pacific Highway
Crows Nest NSW 2065
02 8417 7350
Additionally, if you believe that in handling your personal information we have breached our privacy obligations and you would like to make a complaint, you may use the contact details noted above to lodge a complaint.
Once we receive your complaint, we will respond to you as soon as possible and will let you know if we need any further information from you. We will notify you of our decision within 30 days, however if we are unable to do so, we will let you know the reason for the delay and the expected timeframe to resolve the complaint.
If you are not satisfied with our response to your complaint, or the way in which we have handled your complaint, you may contact the Office of the Australian Information Commissioner on 1300 363 992 or by going to www.oiac.gov.au.
Either of these entities may forward your complaint to another external dispute resolution body if they consider that the complaint would be better handled by that other body.