Privacy Policy
Respecting your privacy
We respect your personal information, and this Privacy Policy explains
how we handle it. The policy covers Matthew Stack
This Policy also includes our credit reporting policy, that is, it
covers additional information on how we manage your personal information
collected in connection with a credit application, or a credit facility. We refer to this credit-related information
below as credit information.
If you are in a country that is a member of the European
Economic Area (EEA), the EU General Data Protection Regulation 2016/679 (‘GDPR’) governs the way we collect, use,
hold, process and disclose your personal information. Under the GDPR, we are a
data controller. We make decisions on how and why your personal information is
processed.
What personal information do we collect and hold?
General
information
The types of information that we collect and hold about
you could include:
·
ID information such as your name, postal or email
address, telephone numbers, and date of birth;
·
other contact details such as social media handles;
·
financial details such as your tax file number; and
·
other information we think is necessary.
When the law
authorises or requires us to collect information
We may collect information about you because we are required or
authorised by law to collect it. There are laws which require us to collect
personal information. For example, we require personal information to verify
your identity under Australian Anti-Money Laundering law.
What do we collect via your
website activity?
If you’re an internet customer of ours, we monitor your use of internet
services to ensure we can verify you and can receive information from us, and
to identify ways we can improve our services for you.
If you start but don’t submit an on-line
application, we can contact you using any of the contact details you’ve
supplied to offer help completing it. The information in applications will be
kept temporarily then destroyed if the application is not completed.
We also know that some customers like to engage
with us through social media channels. We may collect information about you
when you interact with us through these channels. However, for all confidential
matters, we’ll ensure we interact with you via a secure forum.
To improve our services and products, we sometimes
collect de-identified information from web users. That information could
include IP addresses or geographical information to ensure your use of our web applications
is secure.
How do we collect your personal
information?
How we collect and hold your information
Unless it’s
unreasonable or impracticable, we will try to collect personal information
directly from you (referred to as ‘solicited
information’). For this reason, it’s
important that you help us to do this and keep your contact details up-to-date.
There are a
number of ways in which we may seek information from you. We might collect your
information when you fill out a form with us, when you’ve given us a call or
used our website. We also find using
electronic means, such as email or SMS, a convenient way to communicate with
you and to verify your details[1].
How we collect your
information from other sources
Sometimes, we will collect information about
you from other sources as the Privacy Act 1988 permits. We will do this only if it’s reasonably
necessary to do so, for example, where:
·
we collect information
from third parties about the loan or lease made available to you arising out of
the services we provide you;
·
we can’t get hold of
you and we rely on public information (for example, from public registers or
social media) or made available by third parties) to update your contact
details; or
·
we exchange information
with your legal or financial advisers or other representatives.
What if you don’t want to provide us with your personal information?
If you don’t provide your information to us, it
may not be possible:
·
for us to give you the credit assistance you seek
from us;
·
to assist in finding a loan or lease relevant to
your circumstances;
·
verify your identity or protect against fraud; or
·
to let you know about other products or services
that might be suitable for your financial needs.
How we collect and
hold your credit information
We will collect
your credit information in the course of you answering the enquiries we make of
you relating to the credit assistance you seek from us. In addition to what we
say above about collecting information from other sources, other main sources
for collecting credit information are:
·
your co-loan applicants or co-borrowers;
·
your guarantors/proposed guarantors;
·
your employer, accountant, real estate agent or
other referees;
·
your agents and other representatives like the person who referred your business to
us, your solicitors, conveyancers and settlement agents;
·
organisations that
help us to process credit applications;
·
organisations that
check the security you are offering
such as valuers;
·
bodies that issue identification documents to help
us check your identity; and
·
our service providers involved in helping us to
process any application you make for credit through us.
What do we do
when we get information we didn’t ask for?
Sometimes,
people share information with us we haven’t sought out (referred to as ‘unsolicited information’). Where we
receive unsolicited personal information about you, we will check whether that
information is reasonably necessary for our functions or activities. If it is,
we’ll handle this information the same way we do with other information we seek
from you. If not, we’ll ensure we do the right thing and destroy or de-identify
it.
When will we
notify you that we have received your information?
When we receive personal information from you directly,
we’ll take reasonable steps to notify you how and why we collected your
information, who we may disclose it to and outline how you can access it, seek
correction of it or make a complaint.
Sometimes we
collect your personal information from third parties. You may not be aware that
we have done so. If we collect information that can be used to identify you, we
will take reasonable steps to notify you of that collection.
How do we take care of your personal information?
We store
information in different ways, including in paper and electronic form. The
security of your personal information is important to us and we take reasonable
steps to protect it from misuse, interference and loss, and from unauthorised
access, modification or disclosure. Some of the ways we do this are:
- document storage security policies;
- security measures for access to our systems;
and
- only giving access to personal information to
a person who is verified to be able to receive that information
We may store
personal information physically or electronically with third party data storage
providers. Where we do this, we use contractual arrangements to ensure those
providers take appropriate measures to protect that information and restrict
the uses to which they can put that information.
What happens
when we no longer need your information?
We’ll only keep your information for as long as we require it for our
purposes. We may be required to keep
some of your information for certain periods of time under law. When we no longer require your information,
we’ll ensure that your information is destroyed or de-identified.
How we use your personal information
What are the
main reasons we collect, hold and use your information?
Collecting your personal information allows
us to provide you with the products and services you’ve asked for. This means we can use your information to:
- give
you credit assistance;
- give
you information about loan products or related services including help,
guidance and advice;
- consider
whether you are eligible for a loan or lease or any related service you
requested including identifying or verifying you or your authority to act
on behalf of a customer;
- assist
you to prepare an application for a lease or a loan;
- administer
services we provide, for example, to answer requests or deal with
complaints; and
- administer
payments we receive, or any payments we make, relating to your loan or
lease.
Can we use your information for marketing our products and services?
We may use or
disclose your personal information to let you know about other products or services we or a third party make available and that
may be of interest to you.
We will always let you know that you can
opt out from receiving marketing offers.
With your consent, we may disclose your
personal information to third parties for the purpose of connecting you with
other businesses or customers. You can
ask us not to do this at any time. We won’t sell your personal information to
any organisation.
Yes,
You Can Opt-Out
You can let us know at any time if you no
longer wish to receive direct marketing offers from us. We will process your
request as soon as practicable.
What are the
other ways we use your information?
We’ve just told you some of the main
reasons why we collect your information, so here’s some more insight into the ways
we use your personal information
including:
·
telling you about other products or services we
make available and that may be of interest to you, unless you tell us not to;
·
identifying opportunities to improve our service
to you and improving our service to you;
·
allowing us to run our business efficiently and
perform general administrative tasks;
·
preventing any fraud or crime or any suspected
fraud or crime;
·
as required by law, regulation or codes binding
us; and
·
any purpose to which you have consented.
What
are the grounds which we will deal with your personal information under the
GDPR?
Under the GDPR, we must have a legal ground
in order to process your personal information. The legal grounds that we may
rely on are:
- Performance of
our contract with you;
- Compliance
with a legal obligation;
- Where you have
provided your consent; and
- For our
legitimate interests: our main
legitimate interests for processing your personal information are: fraud, security,
due diligence, business operations and direct marketing.
How long do you keep your
information?
We are required to keep some of your information for certain periods of
time under law, such as the Corporations Act, the Anti-Money Laundering &
Counter-Terrorism Financing Act, and the Financial Transaction Reports Act for
example.
We are required to keep your information for 7 years from the closure of
accounts, or otherwise as required for our business operations or by applicable
laws.
We may need to retain certain personal information after we cease
providing you with products or services to enforce our terms, for fraud
prevention, to identify, issue or resolve legal claims and/or for proper record
keeping.
Who do we share your
personal information with?
To make sure we can
meet your specific needs and for the purposes described in ‘How we use your
personal information’, we sometimes need to share your personal information
with others. We may share your
information with other organisations for any purposes for which we use your
information.
Sharing Your Information
We may use and share your information with other organisations for any
purpose described above.
Sharing with your representatives and referees
We may share your information with:
·
your representative or any
person acting on your behalf (for example, lawyers, settlement agents,
accountants or real estate agents); and
·
your referees, like your employer, to confirm
details about you.
Sharing with third parties
We may share your
information with third parties in relation to services we provide to you. Those third parties may include:
·
the mortgage aggregator through whom we may
submit loan or lease applications to lenders or lessors on the mortgage
aggregator’s panel;
·
the Australian Credit Licence holder that
authorises us to engage in credit activities;
·
referrers that referred your business to us;
·
valuers;
·
lenders, lessors, lender’s mortgage insurers and
other loan or lease intermediaries;
·
organisations, like fraud reporting agencies,
that may identify, investigate and/or prevent fraud, suspected fraud, crimes,
suspected crimes, or other misconduct;
·
government or regulatory bodies (including ASIC
and the Australian Taxation Office) as required or authorised by law. In some instances, these bodies may share the
information with relevant foreign authorities;
·
guarantors and prospective guarantors of your
loan or lease;
·
service providers, agents, contractors and
advisers that assist us to conduct our business for purposes including, without
limitation, storing or analysing information;
·
any organisation that wishes to take an interest
in our business or assets; and
·
any third party to which you consent to us
sharing your information.
Sharing outside of Australia
We may use overseas organisations to help conduct our business. As a
result, we may need to share some of your information (including credit information)
with such organisations outside Australia. The countries in which those
organisations are located are:
·
Australia
We
may store your information in cloud or other types of networked or electronic
storage. As electronic or networked storage can be accessed from various
countries via an internet connection, it’s not always practicable to know in
which country your information may be held. If your information is stored in
this way, disclosures may occur in countries other than those listed.
Overseas organisations may be required to disclose information we
share with them under a foreign law. In those instances, we will not be
responsible for that disclosure.
Where we transfer your information from the EEA’ to a recipient
outside the EEA we will ensure that an adequate level of protection is in place
to protect your personal information such as putting in place contractual
protections to ensure the security of your information.
How do you access
your personal information?
How you can generally access your information
We‘ll always give you access to your personal information unless there
are certain legal reasons why we can’t. You can ask us in writing to access
your personal information that we hold. In some cases we may be able to deal
with your request over the phone.
We will give you access to your information in the form you want it where
it’s reasonable and practical. We may charge you a small fee to cover our costs when giving you access,
but we’ll always check with you first.
We’re not always required to give you access to your personal
information. Some of the situations where we don’t have to give you access
include when:
- we believe there
is a threat to life or public safety;
- there is an unreasonable impact on
other individuals;
- the request is frivolous;
- the information wouldn’t be ordinarily
accessible because of legal proceedings;
- it would prejudice negotiations with
you;
- it would be unlawful;
- it would jeopardise taking action
against serious misconduct by you;
- it would be likely to harm the
activities of an enforcement body (e.g. the police); or
- it would harm the confidentiality of our commercial information.
If we can’t provide your information in the way you’ve requested, we
will tell you why in writing. If you have concerns, you can complain. See
‘Contact Us’.
How do you correct
your personal information?
How we correct your information
Contact us if you think there is something wrong with the information we
hold about you and we’ll try to correct it if it’s:
- inaccurate;
- out‑of‑date;
- incomplete;
- irrelevant;
or
- misleading.
If you are worried that we have given incorrect information to others,
you can ask us to tell them about the correction. We’ll try and help where we
can - if we can’t, then we’ll let you know in writing.
What additional things do we have to do to correct
your credit information?
If you ask us to correct credit information, we will help you with this
in the following way.
Helping you manage corrections
Whether we made the mistake or someone else made it, we are required to
help you ask for the information to be corrected. So we can do this, we might need to talk to others.
However, the most efficient way for you to make a correction request is to send
it to the organisation which made the mistake.
Where we correct information
If we’re able to correct the information, we’ll let you know within five
business days of deciding to do this. We’ll also let the relevant third parties
know as well as any others you tell us about. If there are any instances where
we can’t do this, then we’ll let you know in writing.
Where we can’t correct information
If we’re unable to correct your information, we’ll explain why in
writing within five business days of making this decision. If you have any
concerns, you can access our external dispute resolution scheme or make a complaint to the Office of the Australian
Information Commissioner.
Time frame for correcting information
If we agree to correct your information, we’ll do so within 30 days from
when you asked us, or a longer period that’s been agreed by you.
If we can’t make corrections within a 30 day time frame or the agreed
time frame, we must:
- let you know about the delay, the reasons for
it and when we expect to resolve the matter;
- ask you to agree in writing to give us more
time; and
- let you know you can complain to our external
dispute resolution scheme or the Office of the
Australian Information Commissioner.
How do you make a complaint?
How do you generally make a complaint?
If you have a complaint about how we handle your personal information, we
want to hear from you. You are always welcome to contact us.
You can contact us by using the details below
Matthew Stack 0423 237 242
We are committed to resolving your complaint and doing the right thing
by our customers. Most complaints are resolved quickly, and you should hear
from us within five business days.
Need more help?
If you still feel
your issue hasn't been resolved to your satisfaction, then you can raise your
concern with the Office of the Australian Information Commissioner:
·
Online: www.oaic.gov.au/privacy
·
Phone: 1300 363 992
·
Email: enquiries@oaic.gov.au
·
Fax: +61 2 9284 9666
·
Mail: GPO Box 5218
Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601
If you are located
in the EEA, you can contact the relevant data protection authority (for example
in the place you reside or where you believe we breached your rights). For
example, the Office of the UK Information Commissioner:
Office of the UK Information Commissioner
• Online: www.ico.gov.uk
• Phone: 0303 123 1113
• Live chat: https://ico.org.uk/global/contact-us/live-chat
What additional things do we have to do to manage
your complaints about credit information?
If your complaint relates to how we handled your access and correction
requests
You may take your complaint directly to our external dispute resolution
scheme or the Office of the Australian Information Commissioner. You are not required to let us try to fix it
first.
For all other complaints relating to credit information
If you make a complaint about things (other than an access request or
correction request) in relation to your credit information, we will let you
know how we will deal with it within seven days.
Ask for more time if we can’t fix things in 30 days
If we can’t fix things within 30 days, we’ll let you know why and how
long we think it will take. We will also ask you for an extension of time to
fix the matter. If you have any concerns, you may complain to our external
dispute resolution scheme or the Office of the Australian Information
Commissioner.
Letting you know about our decision
We’ll let you know about our decision within 30 days or any longer agreed
time frame. If you have any concerns, you may complain to our external dispute
resolution scheme or the Office of the Australian Information Commissioner.
Your Rights under GDPR
If you reside in the EEA, you can also:
- object to the processing or your personal
information or ask us to delete, or restrict or stop using your personal
information. There may be
circumstances where we are required to, or entitled to retain or continue
using your information.
- withdraw your consent to our processing of
your information. We may continue
to process our information if we have another legitimate ground to do so.
- ask us to send an electronic copy of your
personal information, including to another organisation.
You can contact us if you wish to exercise these rights. See ‘Contact Us’ for more information If we refuse any request you make in relation
to these rights, we will write to you to explain why and how you can make a
complaint about our decision.
Contact Us
We care about your privacy. Please contact us if you have any questions
or comments about our privacy policies and procedures. We welcome your
feedback.
You can contact us by using the details below:
Matthew Stack 0423 237 242
What if you want to interact with us anonymously or use a pseudonym?
If you have general enquiry type questions, you can choose
to do this anonymously or use a pseudonym. We might not always be able to
interact with you this way, however, as we are often governed by regulations
that require us to know who we’re dealing with. In general, we won’t be able to
deal with you anonymously or where you are using a pseudonym when:
·
it is impracticable; or
·
we are required or authorised by law or a court/tribunal
order to deal with you personally.
What do we do with government-related identifiers?
In certain circumstances we may be required to
collect government-related identifiers such as your tax file number. We will
not use or disclose this information unless we are authorised by law.
Changes to this Privacy Policy
This Policy may change. We will
let you know of any changes to this Policy by [posting a notification on our website, correspondence
via post or e-mail or you may contact us for a copy of the most up to date
policy at any time/ or specify other method].
[1] However we’ll never ask you for your security details in this way – if you are ever unsure, just contact us
Comments
Post a Comment