Credabl Privacy and Credit Reporting Policy

Credabl Privacy Statement

1          PERSONAL AND CREDIT-RELATED INFORMATION

Credabl Pty Limited ABN 42 615 968 100 and its related bodies corporate (Credabl, we, us, our) collects and handles your personal and credit‑related information in accordance with our Privacy and Credit Reporting Policy, so that we can process your application, provide you with products and services, manage the products and services we provide to you, assess your suitability as a guarantor of credit, take a guarantee from you and administer that guarantee, or tell you about our products and services that we think may interest you.

If you do not provide all the information we request, we may be unable to consider or approve your application, complete the transaction you have entered into, accept you as a guarantor, or provide a product or service to you.

We may:

  • obtain commercial or consumer credit information about you from a credit reporting body to enable us to assess your credit worthiness;
  • obtain information about your activities or commercial or personal credit worthiness from a business which provides information about commercial or personal credit worthiness;
  • If you are a proposed guarantor, obtain credit reporting information about you from a credit reporting body for the purpose of assessing whether to accept you as a guarantor;
  • exchange personal information and credit-related information about you with other credit reporting bodies and credit providers to assess your application and credit worthiness and to notify them of any defaults by you; or
  • disclose credit-related information and other personal information about you to a guarantor (for the purpose of keeping them informed about the guarantee or the enforcement or proposed enforcement of the guarantee) or to a proposed guarantor (for the purpose of them considering whether to offer to act as guarantor).

We may also disclose your personal and credit‑related information to third party funders we act as agent for, the suppliers or retailers of any goods or services financed with credit we provide, other financial institutions, insurers, debt collectors, security registration bodies, our related bodies corporate, any person acting on your behalf including financial advisor, lawyer and accountant, and third parties we engage to assist us with our functions and activities or provide services to us. Some of the third parties service providers may have servers located overseas such as in US, Canada, Singapore and Japan for example.

As a provider of financial services, we are required or authorised to collect and disclose your personal and credit‑related information to government agencies and regulators in Australia and, in some cases, offshore to comply with our legal obligations such as the Anti‑Money Laundering and Counter‑Terrorism and Financing Act 2006(Cth).

You have a right to access your personal and credit‑related information that we hold, and may ask us to correct this. Our Privacy and Credit Reporting Policy on our website www.credabl.com.au contains more detail on your rights and contact details for questions or complaints and how we will deal with complaints.

Our website www.credabl.com.au also contains a Credit Reporting – Statement of Notifiable Matters. These are matters you should be aware of in relation to the use and disclosure of your credit‑related personal information. The Statement of Notifiable Matters includes:

  • details of the credit reporting bodies to which we are likely to disclose your credit information, the types of credit information we may give them and how this information will be used;
  • your rights over your credit information, including how you can access and correct your information and make complaints;
  • your rights to direct a credit reporting body to limit the use of your information for direct marketing purposes and what protections are available if you believe you are a victim of fraud; and
  • information about our Privacy and Credit Reporting Policy.

You can contact us using the details below for a hard copy of the Statement of Notifiable Matters.

2          OTHER ACKNOWLEDGEMENTS AND CONSENTS

Where you have provided information about another individual, you must make them aware of that fact and the contents of this Privacy Statement.

We may confirm the details of the information provided in this application which includes contacting your referees to confirm salary, address or other personal details.

3          CONTACT DETAILS

Email: privacyenquiries@credabl.com.au
Telephone: 1300 27 33 22
Post: Privacy Officer
Credabl Pty Limited
PO Box R1854
Royal Exchange NSW 1225

PRIVACY AND CREDIT REPORTING POLICY

1          INTRODUCTION

Credabl Pty Limited ABN 42 615 968 100 and its related bodies corporate (Credabl, we, our, us) respects the importance of protecting your privacy. We comply with our obligations under the Privacy Act 1998(Cth) (Privacy Act), including Part IIIA of the Privacy Act and the Australian Privacy Principles(APPs), as well as the Privacy (Credit Reporting) Code 2014(CR Code).

This Privacy and Credit Reporting Policy (Policy) describes how Credabl collects, handles, uses and discloses your personal information if:

  • you are an individual (e.g. as a sole trader or as a member of a partnership) applying for a lease or other credit product, or who holds a lease or other credit product, from us in a professional capacity;
  • you are an individual consumer applying for a lease or other credit product, or who holds a lease or other credit product, from us in a personal capacity; or
  • we deal with you in connection with an application for credit made by, or provided to, another customer (e.g. as a guarantor or proposed guarantor for such credit or as a director or a shareholder of a company obtaining such credit).

By providing us with your personal information, you consent to us using and disclosing it for the purposes set out in this Policy. We will update this Policy when our information handling practices change, or when required. Any revised Policy will take effect when it is published on our website and your continued use of our website or services will constitute your agreement to those changes. Please note that any websites that may be linked to our website are subject to their own privacy policy.

2          OUR FUNCTIONS AND ACTIVITIES

We collect, hold, use and disclose your personal information so that we can carry out our business functions and activities and provide the best possible customer service, including as an agent for a third-party funder or to securitise the transaction. Our collection, use and disclosure of your personal information will depend on our relationship with you, the types of products or services you request from us and our obligations at law.

We may collect, hold, use and disclose your personal information for the following purposes:

  • to assess your application for a commercial or consumer credit account with us and whether to provide you, or an entity associated with you, with credit, including verifying your identity and evaluating your commercial and personal credit worthiness;
  • to verify your identity from particular documents such as your passport, driver’s licence, birth certificate when you apply for a commercial or consumer credit account with us, or when you request correction of your personal or credit information;
  • if you are a guarantor or a proposed guarantor for a commercial or consumer credit account, to assess your suitability as a guarantor, keep you informed about the guarantee and enforce the guarantee if necessary;
  • to provide products and services to you, including providing you with credit to hire, lease, rent or purchase goods or services;
  • to administer and manage the products and services provided to you or other relationships and arrangements in relation to those products and services or our business, including managing credit and assisting you to meet your credit‑related obligations;
  • to undertake securitisation activities and other activities relating to our funding needs and provision of products and services;
  • to administer your insurance policy, assess any insurance risks or claims associated with you or our products and services;
  • to participate in the credit reporting system and provide information to credit reporting bodies as permitted by Part IIIA of the Privacy Act and the CR Code;
  • to detect and prevent instances of fraud, unlawful conduct, and other risks to you or our products and services;
  • ongoing monitoring of credit worthiness and dealing with serious credit infringements;
  • to enforce our rights, including collection of outstanding payments, debt recovery and other enforcements and where necessary, initiating legal proceedings;
  • to process payments and invoices as well as attending to our internal accounting and administration requirements;
  • to provide customer support, including conducting and responding to enquiries, feedback, comments and complaints about our products and services;
  • to distribute our newsletters and other communications either alone or with the assistance of third party service providers on information about us;
  • to inform and conduct marketing activities including data analytics and promoting products and services from us and our related entities;
  • to undertake review and maintenance of our systems and infrastructure and conduct research about our products and services to improve our products and services, marketing activities and customer experience;
  • to perform data analyses and generate customer insights and statistical data which may include combining personal information from reputable data sources and public sources of information;
  • to manage and carry out our business and operational functions, including HR management, business decisions and assessing your suitability for appointment as a contractor or supplier; and
  • to maintain records and comply with our domestic and foreign legal and regulatory reporting and compliance obligations. Some of the key legislation which may apply include:
    • National Consumer Credit Protection Act 2009 (Cth);
    • Anti-Money Laundering and Counter-Terrorism Financing Act 2006(Cth),Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (Cth) and other anti-money laundering legislation;
    • PersonalProperty Securities Act 2009 (Cth) and State and Territory real property and security interest laws;
    • Financial Sector (Collection of Data) Act 2001 (Cth) and other regulatory legislation;
    • Taxation Administration Act 1953 (Cth),theIncome Tax Assessment Act 1936 and 1997 (Cth)and other taxation laws and regulation.

3          INFORMATION WE COLLECT

Personal information is any information about you, from which you can be identified. The types of personal information that we may collect include identity and contact information such as your name, residential and business address, driver licence and passport number for identification purposes, email address, date of birth, gender and telephone number, and financial and related information such as payment details, employment, current and two previous residential addresses, marital status, number of dependents, assets and liabilities. We may collect additional personal information from you from time to time.

Personal information also includes credit‑related information, such as credit information, which is information that relates primarily to your credit‑related dealings with us which we can disclose to credit reporting bodies, and credit eligibility information, which is information provided to us by credit reporting bodies, including information about your credit‑related dealings with other credit providers, any credit worthiness information that we derive from the data from a credit reporting body, for example credit ratings, scores and evaluations about you and your credit worthiness. The types of credit‑related information that we collect about you may include your account details, credit application history, credit payment and default history, court proceedings, insolvency actions and credit worthiness.

We generally do not collect sensitive information about you, unless you provide it to us voluntarily. For example, when you apply for a form of hardship relief, you may provide sensitive information such as health information. You may provide sensitive information when you otherwise interact with us, such as racial or ethnic origin, sexual orientation, religious or philosophical beliefs or political opinion and membership or affiliation information. You consent to us collecting sensitive information which you provide to us voluntarily.

If you are an employee or prospective employee, we may need to collect sensitive information about you and you consent to us collecting this information. For example, personnel records may include or sensitive information such as place of birth, racial or ethnic origin, criminal record, tax file number, disabilities and relationship information. Recruitment records may include employment history and experience, referees and other employment related information.

If you provide us sensitive information, we will treat it as personal information and handle it in accordance with this Policy.

You don’t have to give us all the information we request. However, if you do not provide us with some or all of the personal information required, we may be unable to consider or approve your application, complete the transaction you have entered into, accept you as a guarantor, or provide a product or service to you or information you request, to the requested standard or at all, and you may also miss out on receiving valuable information about us and our products and services.

4          HOW WE COLLECT INFORMATION

Where we can, we will collect information directly from you. We collect personal and credit‑related information when you:

  • complete any electronic or paper application for commercial or consumer credit or a Credabl agreement;
  • request us to provide our products and services or make an enquiry about our products and services;
  • subscribe to communications from us such as updates, publications or newsletters;
  • have entered into a business relationship with us and we are managing the products and services we provide to you;
  • contact us to provide feedback, comments or suggestions on our functions and activities;
  • interact or engage with us through our websites or social media platforms;
  • apply for a job with us or become an employee, or become a supplier or contractor that provide a product or service to Credabl; or
  • otherwise interact with us or disclose your personal information to us.

As well as collecting information directly from you, there may be occasions when we may collect information about you from other people or organisations, including from our related bodies corporate. Where we receive information about you indirectly from third parties, we require that the third party has collected and shared that information in accordance with the Privacy Act or the CR Code where applicable.

Third parties we collect information about you from may include:

  • agents of Credabl that provide our products and services on our behalf;
  • credit reporting bodies, other credit providers and businesses which provide information about credit worthiness to assess your credit worthiness;
  • law enforcement agencies and government agencies to verify your identity;
  • your representatives (lawyers, executors, administrators, real estate agents, guarantors, brokers, insurers, accountants and financial advisors);
  • your nominated referee or employer when you apply for a product or service;
  • your nominated bank when you apply for a product or service;
  • supplier, service providers and contractors that provide services to us such as debt collection agencies;
  • third parties that provide marketing leads, marketing and data analysis services to us; and
  • reputable data sources and publicly available sources of information; or
  • if you are a prospective employee, your nominated referee, law enforcement agencies for police checks or intermediaries such as recruitment agents and personnel providers.

5          COOKIES AND HOW WE USE THEM

We (and authorised third parties) may use cookies and tools, such as web beacons and web server logs, to collect, store and monitor visitor traffic information and actions on our website. Cookies are small data files which are placed on your computer that allows our websites to “remember you” when you return to our websites. These cookies and tools are not used to record any personal information but are only used to identify generic preferences and behavioural patterns of how our website and online resources are being used. Third party services may have their own privacy policies in relation to their use of cookies and tools.

The information collected by these tools may include geolocation data, the IP address of the device you are using and information about websites that IP address has come from, the pages accessed on our website and the next website visited. We may use and combine this information to maintain, secure and improve our websites, enhance your experience when using our websites, display and deliver relevant content, services and advertising and understand the effectiveness of our marketing and advertising (including direct marketing and online ads on third party websites).

If you want to prevent cookies being used, you can change your browser settings to disable cookies or to notify you when you receive a new cookie. However, you may not be able to access all or parts of our websites, or you may experience reduced functionality when accessing certain services.

6          DISCLOSURE OF PERSONAL AND CREDIT‑RELATED INFORMATION

Where the Privacy Act or the CR Code permits, we may disclose your personal and credit‑related information to our officers, employees, contractors, our related bodies corporate and other third parties in connection with our functions and activities, including:

  • to the supplier or retailer of any goods or services financed with credit we provide;
  • where we act as an agent for, or otherwise on behalf of, another person, such as third-party funders, to the principal or that other person;
  • to entities who may wish to purchase the goods or services financed with credit we provide, usually at the end of the credit term;
  • to other financial institutions, security registration bodies, insurers, valuers, brokers, credit reporting bodies and credit providers for funding or securitising transactions and for assessing your credit worthiness;
  • to organisations involved in debt assignment or securitisation arrangements;
  • to your authorised representatives (lawyers, executors, administrators, accountants and financial advisors) and guarantor or intending guarantor;
  • to regulatory bodies, government agencies and law enforcement bodies in any jurisdiction;
  • to debt collectors and utility companies;
  • to external dispute resolution schemes including the Australian Financial Complaints Authority (AFCA); or
  • when we may be required by law from time to time.

We may also disclose personal and credit‑related information to our suppliers and service providers that provide products and services to us in connection with our functions and activities, including third parties who:

  • deliver marketing and digital marketing services;
  • provide mailing, courier and print service providers;
  • conduct data analysis and data matching services;
  • conduct market research, surveys and analysis;
  • host our servers and websites;
  • provide IT services;
  • provide call centre services;
  • provide data processing, storage and back-up;
  • process payments;
  • are our lawyers, financial advisors and accountants;
  • provide recruitment consultant services; or
  • manage HR information such as payroll and superannuation.

Some of the third-party service providers we disclose your information to may have servers located overseas in various countries, including US, Canada, Singapore and Japan.

We require that all third parties, to whom we disclose personal and credit‑related information to, have appropriate controls to protect your information in a manner that is consistent with our Policy, including in relation to security and confidentiality. They must only use your personal and credit‑related information for authorised purposes. You consent to us disclosing your personal information to overseas recipients on this basis.

7          DIRECT MARKETING

Credabl may, from time to time, send direct marketing communications to you about us and our products and services and other material that we consider you would find interesting or useful. If you do not wish to receive such direct marketing communications, you can always opt out. If you are receiving email communications from us, there will be a mechanism to opt out contained in each of those emails. To stop receiving other communications from us, you can contact us via any of the channels listed below.

If you choose to opt out of all direct marketing communications, please note that Credabl may still contact you for other reasonable purposes, including information that Credabl is legally required to send, notifications of changes to Credabl products and services or policies and information regarding the use, rights, benefits or obligations of customers of our products and services.

8          HOW WE HOLD INFORMATION AND KEEP IT SECURE

Credabl holds your personal and credit‑related information both electronically, on our own servers and those of our service providers, and in hard copy at our secured offices or secure offsite storage facilities.

Credabl takes the security of your personal and credit‑related information seriously and we implement a range of technical, administrative, personnel and physical measures to safeguard your personal and credit‑related information against loss, interference and unauthorised access, modification and disclosure, and misuse, including using electronic (such as firewalls, password protection, encryption and secured systems) and physical (such as locked cabinets, offices and secured premises) access restrictions to files containing personal and credit‑related information and ensuring encryption of information sent and received.

We require that all third parties who may have access to personal and credit‑related information, have appropriate controls to protect your information in a manner that is consistent with our Policy, including in relation to security and confidentiality. These third parties must only use your personal and credit‑related information for authorised purposes.

Credabl retains your personal and credit‑related information while it is required for any of our business functions, or for any other lawful purpose. We use secure methods to destroy or to permanently de-identify your personal and credit‑related information when it is no longer needed or if we determine that the personal and credit‑related information received is required to be destroyed or permanently de‑identified.

9          ACCESS AND CORRECTION OF INFORMATION ABOUT YOU

It is important to us that the information we hold about you is up-to-date, accurate and complete, and we will try to confirm your details through our communications with you and promptly add updated or new personal and credit‑related information to existing records when we are advised. If any of your details change, please notify us as soon as you can. If you believe we are holding information about you that is inaccurate, incomplete, irrelevant or misleading, you can ask us to correct it.

If you would like to access your personal or credit‑related information, including credit information, or ask us to update or correct it, you can do so by contacting us in writing and verifying your identity. We will do our best to respond to your request within 30 days.

We will only refuse access in exceptional circumstances, and if this is the case, we will advise you of our reasons for doing so.

We may charge a fee for searching for, and providing access to, your information on a per request basis.

10       PRIVACY COMPLAINTS

We take your complaints seriously and will attempt to resolve your issue quickly and fairly.

If you believe that Credabl has breached the Privacy Act or the CR Code in relation to the way in which we manage personal and credit‑related information about you:

  • you may make a complaint addressed to the Credabl Privacy Officer using the contact details below. The complaint must identify you and be in writing;
  • you will receive an acknowledgement of receipt of your complaint from us as soon as reasonably practicable after we receive it and in any case within seven days of receipt. We will let you know if we need any further information from you to resolve your complaint;
  • the Credabl Privacy Officer will investigate your complaint and will endeavour to provide a response setting out Credabl’s decision in writing within 30 days of receipt of your complaint. If we cannot resolve your complaint within this period, we will write to you notifying you as to the reasons why, specifying when we expect the matter to be resolved and seeking your agreement to extend the 30‑day period. If you do not agree, we may then not be able to resolve your complaint;
  • where your complaint relates to your credit information, we may consult with a credit reporting body or other credit provider in order to investigate and resolve your complaint; and
  • if Credabl is unable to satisfactorily resolve your concerns you can contact the Office of the Australian Information Commissioner on their website oaic.gov.au.

11       OUR CONTACT DETAILS

If you require any further information or have any questions about this Privacy and Credit Reporting Policy or if you wish to access or correct your personal and credit‑related information or make a complaint about our handling of that information, please contact the Credabl Privacy Officer as follows:

Email: privacyenquiries@credabl.com.au
Telephone: 1300 27 33 22
Post: Privacy Officer
Credabl Pty Limited
PO Box R1854
Royal Exchange NSW 1225
Last Updated 21 June 2018