Privacy policy

Last Updated: 20 March 2020

1. Privacy Statement

Credfin Australia Pty Ltd ACN 632 551 770 and its related bodies corporate (“Credfin”, "we", "our", "us") understand that you are concerned about your privacy, along with the confidentiality and security of personal information that you provide to us. When we refer to “personal information” we mean information that is associated with a specific person and can be used to reasonably identify that person. Personal information does not include information that has been made anonymous and cannot reasonably identify a specific person.

We consider your privacy to be important and take our responsibility to protect it seriously. This privacy policy sets out our commitment in respect of personal information, specifically how we collect, hold, use and it.

We treat all personal information collected by us in accordance with the Privacy Act 1988 (Cth) (as amended and supplemented) (Privacy Act), the Australian Privacy Principles contained within the Privacy Act, this policy and all other applicable laws.

2. Our partners

We interact with and receive personal information from third party commercial partners. Our partners are independent of Credfin and are likely to have their own separate and distinct privacy policies regulating how they deal with personal information. If you are dealing with one of our commercial partners, we recommend you review the terms of their privacy policy before providing them with any of your personal information.

Where we receive your personal information from a third party, we seek confirmation from that third party that you have authorised them to provide us with your personal information and that they have notified you of your rights with respect to that information as set out in this privacy policy.

3. Anonymity and Pseudonyms

Due to the nature of our business and the services that we provide, in most circumstances it is necessary for us to identify you. Where the circumstances allow, we will offer you the opportunity of interacting with us anonymously or using a pseudonym. Such situations will be limited and are only likely to arise where you have made a general enquiry with us, that does not require us to provide you with specific advice or services. For example, a generally query about our current services.

4. Collecting personal information

4.1 When we collect information

We receive and store certain types of information from you when you interact with us, or when we interact with our commercial partners. Examples of such interactions include:

  1. when you visit our website www.credfin.io or any other website that we control from time to time;
  2. when you access and use our software applications and platforms;
  3. from advisers such as accountants or lawyers, or other organisations authorised by you to provide your personal information to us;
  4. if you apply for employment with us either directly or through a recruitment or employment agency;
  5. through contact with our customer support team, suppliers or service providers, regardless of the communication medium;
  6. if you attend an event that we host or enter a competition or promotion we run, either directly or through our commercial partners (if any);
  7. where our commercial partners provide us with your personal information (whether you are a staff member or customer of that commercial partner);
  8. interactions with credit reporting bodies and identity verification services;
  9. through us accessing publicly or commercially available sources that contain your personal information;
  10. where you contact us or otherwise provide us with your personal information voluntarily, whether such information is provided in hardcopy, by telephone, email, ordinary mail or any other electronic or online means; and
  11. any of our other business activities or events.

4.2 Nature of information that we collect

We usually only collect personal information about an individual from that individual directly or from our commercial partners. Personal information collected by us typically includes an individual’s:

  1. detailed personal information, including date of birth, address, age, gender, driver’s licence number or other identification information or documents;
  2. contact details such as mobile number, telephone number and email address;
  3. credit information including information about your income, assets, liabilities and repayment history information (where you are a customer);
  4. information about any court proceedings that you have been involved in, as well as your personal solvency;
  5. financial information including bank account details and credit and debit card numbers;
  6. qualifications, education and training records;
  7. occupation and employer;
  8. all logs, which may include information such as your internet protocol (IP) address, browser type, browser version, clickstream data, referring URLs, the pages of our websites that you visit, the time spent on any pages of our websites and other log related information relating to your use of any of our websites.

5. Use of personal information

In general we use personal information for providing our services to you and responding to your enquiries, as well as evaluating, improving, personalising and developing our business. More specifically we use personal information:

  1. to verify your identity;
  2. to assess, process and manage your application for one of our products or services, including to verify your details and assess risk;
  3. to assess, process and manage your application for employment;
  4. for complaints handling or data analytics purposes;
  5. process transactions and send notices about your transactions;
  6. to resolve disputes, collect fees, and troubleshoot problems;
  7. for providing customer support and to obtain your feedback on our products and services;
  8. to investigate and prevent potentially prohibited, fraudulent or illegal activities;
  9. to enforce our rights or your obligations in agreements we have with you;
  10. to promote and market our products and services or those of our commercial partners that we believe will be of interest or benefit to you;
  11. to provide to our commercial partners so that they may promote and market their products and services that we believe will be of interest or benefit to you;
  12. for verifying that the information you have provided us is correct through interacting with our commercial partners and other third party verification services;
  13. to maintain our relationships with our commercial partners;
  14. to include in databases that can be provided to our commercial partners and customers as part of a service they have requested;
  15. to create and sell risk analysis and other information products; and
  16. to assist our customers and commercial partners to identify products and services that might be of interest to individuals and businesses;
  17. for any other purposes to which you have consented; and
  18. as required or permitted by relevant laws and regulations.

You agree that we may use your personal information for the purposes for which we collect it and for related purposes which would be reasonably expected by you.

Other than for purposes referred to above, unless we are legally required or compelled by a law enforcement or government agency, we will not disclose your personal information to any third party without your consent.

6. Disclosure of personal information

You acknowledge that we may share personal information that we have collected with:

  1. our related companies, commercial partners and customers;
  2. suppliers and service providers that assist with things such as fraud prevention, identity verification, payment collection, marketing, customer service, and technology services;
  3. financial institutions, credit reporting bodies and banking partners;
  4. companies that we plan to merge with or be acquired by or who may invest in us;
  5. government, supervisory or law enforcement bodies as required by law, regulation or court order; and
  6. other individuals or companies authorised by you.

Before we disclose your personal information, we will take reasonable steps to satisfy ourselves that:

  1. only personal information that is necessary for the recipient to properly perform the function they notified us of will be shared; and
  2. the recipient has a commitment to protecting your personal information from use outside the function that they have notified us of.

By providing us with your personal information, you consent to us disclosing your information to such entities without obtaining your consent on a case by case basis.

6.2 Notifiable Matters

We may provide your credit information to a credit reporting body. The credit reporting body may provide the information that we report about you to other credit providers to assist them with assessing your credit worthiness. We may also obtain information that other credit providers have provided to the credit reporting body to use in our assessments of your credit-worthiness.

The information that we provide to a credit reporting body may sometimes be used for ‘pre-screening’ of direct marketing offers to be made by another credit provider. You may contact the credit reporting body to request that your credit information is not used in this way.

You may also contact the credit reporting body to request that they not use or disclose the credit-reporting information they hold about you if you consider that you may have been a victim of fraud or if you believe on reasonable grounds that the information they hold about you is incorrect. The credit reporting body must not use or disclose your credit information for a period of 21 days after receiving your notice.

7. Direct marketing

From time to time we may use your personal information to provide you with current information about special offers you may find of interest, changes to our organisation, or new products or services being offered by us or any company we are associated with. By providing us with your personal information, you consent to us using your information to contact you on an ongoing basis for this purpose, including by mail, email, SMS, social media and telephone.

If you do not wish to receive marketing information, you may at any time decline to receive such information using the contact details below. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.

Please be aware that even after you have opted-out of receiving promotional and marketing communications, we may still contact you for transactional or informational purposes.

8. Sensitive information

Sensitive information is personal information regarding:

  1. (a) racial or ethnic origin;
  2. (b) political opinions;
  3. (c) membership of a political association;
  4. (d) religious beliefs or affiliations
  5. (e) philosophical beliefs;
  6. (f) membership of a professional or trade association;
  7. (g) membership of a trade union;
  8. (h) sexual orientation or practices; or
  9. (i) criminal record.

We will not generally collect or hold sensitive information, where we do, such information will not be disclosed to any third party without your express consent.

9. Protecting your personal information

9.1 Steps we take

We take reasonable steps to protect personal information we hold from:

  1. misuse, interference and loss; and
  2. unauthorised access, modification or disclosure.

The precautionary steps we take to protect personal information include:

  1. adopting measures to protect our computer systems and networks for storing, processing and transmitting personal information;
  2. limiting physical and digital access to our premises and computer networks to those that require such access;
  3. our employees undertake training in the collection, use, storage and protection of personal information;
  4. adoption of procedural and personnel measures for limiting access to personal information by our personnel (employees and contractors);
  5. reviewing our information collection, storage and processing practices; and
  6. such other security measures we consider reasonable and appropriate from time to time.

Notwithstanding that we use our best endeavours to protect all personal information we collect and hold, please be aware that we unfortunately cannot guarantee its complete security and will not be responsible where it is obtained by illegal third-party actions.

9.2 Deleting your personal information

When personal information is no longer required to be kept by us, we will take reasonable steps to destroy or delete that personal information in a confidential manner.

10. Cookies

Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer's hard drive.

We use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some features of our website or receive all our products and services.

11. Web beacons

Web beacons (also known as clear gifs, pixel tags or web bugs) are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users or to access cookies.

Unlike cookies which are stored on the user’s computer hard drive, web beacons are embedded invisibly on web pages (or in e-mail).

Web beacons may be used to deliver or communicate with cookies, to count users who have visited certain pages and to understand usage patterns.

Like many sites, we use web beacons to collect information, which is done in accordance with this policy.

12. Overseas disclosure

We may from time to time transfer personal information outside Australia in accordance with the Privacy Act to countries whose privacy laws do not provide the same level of protection as Australia’s privacy laws. For example, we may transfer your personal information to the Asia-Pacific, European Union or the United States of America. We may also use cloud storage and IT servers that are located offshore.

Furthermore, while our customers and commercial partners are generally based within Australia, they may also have operations internationally. As a result, we are unfortunately unable to monitor what information our customers and commercial partners may disclose overseas. We are also unable to identify the specific countries where our customers and commercial partners may allow their information to be disclosed to, or accessed from.

We may use Google Analytics to track your usage of our websites. Google Analytics is a web analysis service provided by Google. Google utilises the data collected to track and examine the use of our website, to prepare reports on our website’s activities and share them with other Google services.

Google may use the data collected to contextualise and personalise the ads of its own advertising network. Personal data collected by Google includes cookie and usage data, which is processed in the USA. You can find Google's privacy policy here: http://www.google.com.au/policies/privacy/.

By providing us with your personal information, you consent to us disclosing your information to entities located outside Australia and, when permitted by law to do so, on the basis that we are not required to take steps to ensure that any overseas recipient complies with Australian privacy laws in relation to your personal information.

13. Liability

Our websites and any other products or services we provide may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party sites, products or services whatsoever. You should be aware that your ability to opt-out of a third party tool or platform will depend on the conditions governing your agreement with that third party.

You may choose to provide us with access to certain personal information that is stored by third parties, for example, social media websites. By providing us with access to or otherwise linking our products or services with any third party site or account, you agree that we may collect, store and use the information available from that third party account in accordance with this Privacy Policy.

14. Accessing and updating your personal information

14.1 Access to Personal Information

We will provide you with access to your personal information held by us unless:

  1. giving access would be unlawful; or
  2. denying access is required under the Privacy Act or any other applicable law.

14.2 Request for Access

If you would like access to your personal information aside from your account information, you must contact us in writing making such a request. You may contact us via email at hello@credfin.io. Following receipt of your request, we will contact you and either provide you with the information you have sought or return to you with an explanation detailing why we will not provide you with the information.

14.3 Amending your personal information

If you wish to amend personal information that we hold other than via your account, please contact us to request the amendment. You may contact us by emailing hello@credfin.io. If we elect not to correct your information, we will notify you, within a reasonable time, of the reason for our refusal, the mechanisms available for you to complain about our refusal and such other matters required by the Privacy Act.

If you wish to have your personal information deleted, please let us know and we will take all reasonable steps to delete it, unless we are required to keep it for legal reasons.

15. International users

If you are located outside of Australia and choose to provide your personal information to us, your personal information will be transferred to Australia and processed in accordance with this Policy.

16. Complaints

We strive to ensure our compliance with this Policy and to regularly review our practices against it.

If at any time you have a complaint against us regarding our Policy, including a breach of the Privacy Act, we invite you to make a complaint by emailing hello@credfin.io.

All complaints made will be dealt with in confidence. We endeavour to respond within 30 days of receipt of a complaint with a resolution or proposed resolution to the issue raised.

If you are dissatisfied with our response to your compliant you may make a further complaint to the Office of the Australian Information Commissioner about the handling of your personal information. Information on making a privacy complaint can be found on their website at http://www.oaic.gov.au/privacy/making-a-privacy-complaint.

17. Variations

We reserve the right to vary this policy from time to time to ensure that we remain up to date with market expectations, the law and technological advances. Any variations made will be updated on our websites. It is your responsibility to check our policy periodically to ensure you are aware of any changes made to it.

18. Further information

For any further information about this policy please contact us be emailing hello@credfin.io.

If you would prefer to receive a copy of our Privacy Policy in an alternative form (such as in hard copy or via email) please contact us using hello@credfin.io. We will be pleased to comply with your request.