Home Important Information Statement Of Notifiable Matters

Statement of Notifiable Matters and Data Breaches

1. INTRODUCTION

Credabl Pty Limited ACN 42 615 968 100 and its related bodies corporate ("Credabl, we, us, our") generally provide credit to medical professionals who apply for a commercial or consumer credit account with us. This statement sets out important information about credit reporting and data breaches that is relevant to you if:

- you are an individual (e.g. as a sole trader or as a member of a partnership) applying for a lease or other credit product, or who holds a lease or other credit product, from us in a professional capacity;

- you are an individual consumer applying for a lease or other credit product, or who holds a lease or other credit product, from us in a personal capacity; or

- we deal with you in connection with an application for credit made by, or provided to, another customer (e.g. as a guarantor or proposed guarantor for such credit or as a director or a shareholder of a company obtaining such credit).

The way we manage your personal and credit-related information is governed by the Privacy Act 1988(Cth) (Privacy Act) and the Privacy (Credit Reporting) Code 2014(CR Code). This includes ensuring that any data breaches of personal information are dealt with appropriately in line with the relevant guidelines of the Office of the Australian Information Commissioner ("OAIC").

This statement complements the Credabl Privacy and Credit Reporting Policy available on our website www.credabl.com.au, which sets out how we manage personal and credit-related information that we hold about you.

2. DISCLOSURE TO CREDIT REPORTING BODIES

If you apply for or hold any kind of credit from us, or offer to act as a guarantor, we may collect from and disclose your personal and credit-related information to credit reporting bodies. In addition, we may disclose to the credit reporting body the fact that you are dealing with us for a commercial or consumer credit-related purpose. Credit reporting bodies may include the information we disclose in reports that they provide to other credit providers to assist them to assess your commercial or personal credit worthiness.

The credit reporting body we deal with is Equifax – equifax.com.au

For the most up‑to‑date contact details and information on how these credit reporting bodies manage personal and credit‑related information, please see their privacy policies available on their respective websites.

3. EXCLUDING YOUR CREDIT REPORTING INFORMATION FROM PRE‑SCREENING FOR DIRECT MARKETING

Credit reporting bodies offer a service known as “credit pre‑screening” that enables a credit provider to determine if you are eligible to receive direct marketing material about credit offers. You have the right to request that a credit reporting body not use your credit reporting information for this purpose. You should contact the relevant credit reporting body directly if you wish to request this.

4. PROTECTING YOUR CREDIT REPORTING INFORMATION IF YOU BECOME THE VICTIM OF FRAUD

You have the right to request that a credit reporting body not use or disclose your credit reporting information for a period if you believe on reasonable grounds that you have been, or are likely to be, the victim of fraud (e.g. if you suspect that someone is using your identity details in connection with a credit application). You should contact the relevant credit reporting body directly if you wish to request this.

5. ACCESSING OR CORRECTING YOUR PERSONAL INFORMATION OR MAKING A PRIVACY COMPLAINT

You have the right to request access to personal information (including credit-related information) that Credabl holds about you, or seek correction of that information. You also have the right to make a complaint if you consider that we have not complied with the Privacy Act or CR Code in relation to your information. Our Privacy and Credit Reporting Policy available on our website sets out further information about these rights and how we deal with your requests and complaints.

6. DATA BREACH INCIDENTS OF PERSONAL INFORMATION

The OAIC has determined, under the Notifiable Data Breach ("NDB") scheme, that a data breach incident occurs when:

·      a device that contains a customer's personal information is lost or stolen;

·      a database containing personal information is hacked; and/or

·      personal information is incorrectly given to the wrong person.

The OAIC further determines that, under the NDB scheme, an eligible data breach must be reported to the OAIC. An eligible data breach occurs when:

·      there is unauthorised access to or unauthorised disclosure of personal information or any loss of personal information that Credabl holds;

·      it is likely to result in serious harm to one or more individuals; and/or

·      Credabl has not been able to prevent the likely risk of serious harm with remedial action.

Credabl takes any breach of personal information seriously and as a result all incidents will be escalated to the Compliance Manager. The Credabl team will notify the relevant individual/s that have had their personal information compromised. If the breach is considered a significant data breach the Compliance Manager will report the data breach to the OAIC.  

The OAIC provides guidance, which Credabl will follow, in relation to responding to data breaches including that organisations including Credabl should:

1.    Contain the information subject to the data breach;

2.    Assess the data breach by capturing the relevant information;

3.    Notify any and all individuals involved and the OAIC if the breach is considered an eligible data breach; and

4.    Reviewing the incident to prevent future breaches.

As well as ensuring that Credabl follows the NDB scheme, Credabl representatives must ensure they follow all internal policies when dealing with a breach of personal information including the process of:

  1. Identifying the breach;
  2. Capturing the relevant information of the breach;
  3.  Assessing the breach and ensuring the appropriate person is assigned the task to investigate the breach;
  4. Review the investigation and provide sufficient evidence of remediation; and
  5. Monitor the breach to ensure that actions are completed in a timely manner.

If you are the subject of a data breach incident Credabl will notify you immediately following notification that a breach has occurred and will work with you to determine a reasonable outcome.

7. CONTACT US

If you require any further information or have any questions about our Privacy and Credit Reporting Policy and practices or if you would like a copy of this Statement of Notifiable Matters and Data Breaches in hard copy form, please contact our Privacy Officer:

Email: privacyenquiries@credabl.com.au

Telephone: 1300 27 33 22 (1300 CREDABL)

Post: Privacy Officer Credabl Pty Limited GPO Box 455 Sydney NSW 2001

 

Last Updated: 28 February 2023

×

Home Loan Information

Access to your Home Loan is now direct via Bendigo Bank.

Please contact Bendigo Bank on 1300 652 220 for assistance.

Back to Credabl