1.Your privacy is important to us
This Policy outlines how Super Finance Markets Pty Ltd (“Superfinance“) and its related companies (“we / us / our / the Group“) collect, disclose, use, store, or otherwise handles personal and credit information.
It is important to us that we manage your personal and credit information securely and consistently with respect to the Privacy Act 1988 (Cth)(“Privacy Act“), the Australian Privacy Principles, and the Privacy (Credit Reporting) Code 2014 (as amended) (“CR Code“).
This Privacy and Credit Reporting Policy (“Policy“) explains:
- The kinds of personal information (including credit information) we collect;
- The purposes for which we collect this information;
- How we manage the personal information that we collect about you;
- How you can seek access to and correct that information; and
- If you wish, how you can make a complaint relating to our handling of that information.
This Policy is not limited to current customers or guarantors of customers (where applicable) – it also relates to any other individuals who deal with us, whether in relation to the provision of credit or otherwise. By using our services or otherwise dealing with us, you agree to the terms of this Policy.
2.1 What is personal information?
Personal information is information or an opinion about an identified individual or about an individual who is reasonably identifiable from that information.
2.2 What is credit information?
Credit information is defined in the Privacy Act and relates to an individual’s credit-related dealings with Superfinance.
Credit eligibility information is defined in the Privacy Act and is related to an individual’s credit-related dealings with other credit providers. This includes:
- credit reporting information, as defined in the Privacy Act, provided by credit reporting bodies; and
- credit worthiness information, which we may derive from credit reporting information.
3.Personal and credit information we collect
3.1 When do we collect personal and credit information about you?
We collect information about you and your interactions with us, including:
- from you directly, when you provide information to us, including via phone, email, in person, or via our website;
- if you access our social media pages;
- if you participate in other activities, such as competitions or request to receive marketing material from us;
- in credit application forms submitted to us;
- from credit reporting bodies;
- from third parties such as credit reporting agencies or our service providers;
- from publicly available sources, for example, from public registers or social media, or made available by third parties;
- when you request or use our products or services;
- when you make a card payment or transfer money; or
- when you use our website or mobile application.
We may also collect information about your location or activity including your IP address, telephone number, and whether you’ve accessed third-party sites. This may include information collected directly from you and information that you authorise us to collect from third parties.
It is not mandatory for you to provide us with the personal information or credit information that we request – however, if you do not do so it may affect the products and services that we can provide to you.
3.2 What types of personal and credit information do we collect and hold?
We will collect certain personal and credit information about you depending on the circumstances in which the product or service is being provided.
The types of personal and credit information we may collect from you may include (but is not limited to):
- Key personal information such as your name, date of birth, residential and business addresses, telephone numbers, email, and other electronic addresses;
- Financial and related information, such as your occupation, accounts, bank account information (from prior to the loan being granted and ongoing for the term of the loan), assets, expenses, income, revenue, dependents, and regarding your employment, financial and business dealings and other relevant events;
- Your transaction history (with us and our associates or relevant third parties). This information includes products you may have used with us in the past, your payment history, and the capacity in which you have dealt or deal with us;
- Other relevant information – depending on the circumstances this may also include your gender, marital status and health and medical information, membership of professional bodies, tax file number information, and other government identifiers (e.g. if relevant for insurance purposes or to comply with our legal obligations);
- Details of other credit providers to you, including the nature and maximum amount of credit to be provided, and dates of those arrangements;
- Information about any defaults by you, or a person for whom you are guarantor, on other credit facilities;
- Details about court proceedings and personal insolvency information relating to you; and
- Whether, in the opinion of another credit provider, you have committed a serious credit infringement.
3.3 What types of personal and credit information do we collect and hold from others?
We collect information about you from others such as service providers, agents, your bank, advisers, brokers, employers, or family members. For example, if you apply for credit, we may need to obtain a credit report from a credit reporting body. We will also obtain bank account information from your bank throughout the term of the loan.
If you elect to use bank statements and third party account aggregation service providers in connection with our assessment of your application, you permit such third party services to access your banking transaction data linked to the online banking credentials you provide. The third party service provider will access your personal information for the purpose of providing this personal and business bank account data to us.
The third party service provider may access transactional data from any account that is associated with the login credentials that you submit. This may include personal accounts as well as business accounts. Your provision of banking login credentials to utilise such third party service providers does not provide us with your login credentials or passwords or the ability to access your internet banking (other than as stated above).
Through the use of such third party service providers, we will obtain up to the last twelve (12) months of bank transactions on the date you apply for a loan, in addition to further ongoing bank transactions for the term of the loan, for the purpose of assessing any future loan application or making a future offer to you. We note that your bank’s terms may prohibit you from sharing your login, so you agree to appoint our third party service provider as your agent to access your internet banking on your behalf solely for this purpose and you consent to our ongoing access to this information for the term of the loan and the purposes outlined above.
3.4 Sensitive information
The Privacy Act protects your sensitive information, such as health information that’s collected on insurance or hardship applications. If we need to obtain sensitive information, we will ask for your consent, except where otherwise permitted by law.
3.5 Information about other people
4.How do we use your personal and credit information?
We collect and use your personal and credit information in a number of ways, including to:
- Establish your identity and assess applications for products and services;
- Provide you with our services;
- Determine your eligibility for, and comply with our obligations under, the Australian Government’s Coronavirus SME Guarantee Scheme (if applicable);
- Price and design our products and services;
- Operate, maintain, develop, test, and upgrade our systems;
- Contact you in any way (including mail, email, phone, visit, text, or multimedia messages) about products and services offered by us;
- Inform you of ways the services provided to you could be improved;
- Research and develop our services;
- Respond to enquiries or requests;
- Administer our products and services, including assessing whether to make any future offer to you and generally carry out our business functions and activities;
- Manage our relationship with you, including fulfilling our obligations and exercising our rights under any agreement with you;
- Conduct and improve our businesses and improve our customers’ experience;
- Manage our risks and help identify and investigate illegal activity, such as fraud;
- Contact you, for example, if we suspect fraud on your account or need to tell you something important;
- Comply with our legal obligations and assist government and law enforcement agencies or regulators; and
- For identification and provision of products or services offered by us, any of our Group members, or any third parties that may reasonably be of interest to you.
We may also collect, use and disclose your information in other ways where you have authorised us to do so or where permitted by law.
4.1 Direct marketing
From time to time, we may use your personal information for direct marketing purposes (for an indefinite period, including after you cease using our services). This includes sending you updates about new products and services we are offering. When we contact you, it may be by mail, telephone, email, SMS, or through any other means. We also may engage third party service providers to market to you on our behalf. When we use or disclose your personal information for the purpose of direct marketing, we will:
- allow you to ‘opt out’ or in other words, allow you to request not to receive further direct marketing communications of the relevant type; and
- comply with a request by you to ‘opt-out’ of receiving further communications of that type within a reasonable timeframe.
You may ask to be removed from our marketing lists for any or all types of direct marketing at any time by contacting us using the details set out below.
4.2 Gathering and combining data to get insights
Improvements in technology enable organisations to collect and use information to get a more integrated view of customers and provide better products and services. We may combine our customer information with information available from a wide variety of external sources (for example census or Bureau of Statistics data). We are able to analyse the data in order to gain useful insights which can be used for any of the purposes mentioned earlier in this policy. In addition, Group members may provide data insights or related reports to others, for example, to help them understand their customers better. These insights and reports are based on aggregated information and do not contain any information that identifies you.
5.Disclosure of personal information and credit information
5.1 Disclosure of personal information
In order to perform the functions and/or activities described above, we may disclose your personal information, including to:
- our related entities (if any) to facilitate our and their internal business processes and other organisations with whom we have affiliations so that those organisations may provide you with information about our services and various promotions;
- your co-applicant(s);
- debt collectors;
- our financial advisers, legal advisers, marketing agencies, or auditors;
- persons involved in arrangements that provide funding to us, including persons who may acquire rights to our assets (for example loans), investors, advisers, trustees, and rating agencies;
- organisations involved in a corporate re-organisation or involved in a transfer of all or part of the assets or business of our organisation;
- overseas entities that provide products and services to us;
- organisations involved in the payments systems including financial institutions, merchants, and payment organisations; and
- as required or authorised by law and/or where you have given your consent.
5.2 Disclosure of credit information
We collect, use and disclose credit information for the primary purpose of conducting our business, which includes:
- assessing applications for credit arrangements including checking your credit-worthiness;
- establishing and maintaining customer accounts and managing such relationships;
- dealing with the management, recovery, securitisation, and assignment of debts;
- assisting you to avoid defaulting on your credit obligations;
- providing information to debt collection agencies for the purpose of recovering debts;
- notifying other credit providers of a default by you;
- assessing credit defaults reported by credit reporting bodies or debt collection agencies; and
- for internal management purposes.
To enable us to assess an application by you for a credit arrangement we may:
- obtain from a credit reporting body a credit report containing credit information and personal information about you; and
- obtain a report from a credit reporting body and other information in relation to the commercial credit activities of all individuals listed in the application for credit.
We may, where you have given consent, give to, and obtain from, any credit provider named in your application for a credit arrangement and any credit provider that may be named in a credit report issued by a credit reporting body, information about your credit arrangements.
We may also disclose your credit information and personal information to credit reporting bodies in relation to credit-related dealings, for example where you have failed to meet payment obligations or commit a serious credit infringement. We may disclose your credit information to the following credit reporting bodies:
The above credit reporting bodies are required to have a policy about how they manage credit-related personal information. This policy can be accessed on each credit reporting body’s website or by contacting them directly.
You have the right to request that the above credit reporting bodies do not use your credit reporting information for the purposes of pre-screening of direct marketing. You also have the right to request that the above credit reporting bodies do not use or disclose your credit reporting information if you believe on reasonable grounds that you have been, or are likely to be, the victim of fraud (i.e. if you suspect someone may use your identity to apply for credit). You must contact the above credit reporting bodies directly if this is the case.
5.3 What do we do with credit-related information?
We use information from credit reporting bodies to confirm your identity, assess applications for credit, manage our relationship with you and collect overdue payments. We also use this information as part of arriving at our own internal assessment of your creditworthiness.
Generally, we use customer service teams located within Australia. However, we may send your information overseas, including to overseas Group members and to service providers or other third parties who operate or hold data outside Australia. Prior to disclosing your personal and credit information to an overseas recipient, we will take all reasonable steps to ensure that:
- The overseas recipient does not breach the Australian Privacy Principles; or
- The overseas recipient is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way the Australian Privacy Principles protect the information; or
- You have consented to us making the disclosure. Acceptance of any of our services via an application in writing, orally or by electronic means, will be deemed as giving consent to the disclosures detailed in this document.
We may also send information overseas to complete a particular transaction or where this is required by laws and regulations of Australia (as applicable) or another country.
Where we send your information overseas, it is likely to be one of the following countries:
- Hong Kong;
- South Africa;
- United Kingdom; and/or
- United States.
7.Storage and security of personal and credit information
Where we hold your personal information or credit information, we will take reasonable steps to ensure that the information is secure and that it may only be accessed by authorised persons or as otherwise set out in this Policy.
Although we take reasonable measures, we cannot guarantee that no third party will circumvent the security measures on our electronic databases or at any of our premises.
Please note that third party recipients of personal information may have their own privacy policies and we are not responsible for their actions, including their handling of personal information.
If any personal information that we hold is no longer required for the purpose for which it was collected and no applicable law requires us to retain that information, we will take reasonable steps to de-identify or destroy the information.
8.Accessing, updating, and correcting your information
We will use reasonable steps to ensure the personal information we hold is complete, up-to-date, and accurate, so far as it is practicable for us to do so. If your personal information changes, please contact us and let us know.
8.1 Can I get access to my information?
You have a right to seek access to your personal and credit information held by Superfinance and that right extends to correction of the information if it is inaccurate, out-of-date, or incomplete. If you wish to query the accuracy of personal information held about you or update that information, you may contact us as set out below. Additionally, Part IIIA of the Privacy Act allows individuals to obtain confirmation of whether or not we hold credit eligibility information about them, as well as gain access to, or correct, the credit information we hold in certain circumstances.
To protect your privacy and security, we will take reasonable steps to verify your identity before allowing you to access or make changes to the personal information we hold about you.
8.2 Is there a fee?
There is no fee for making the initial request. However, in some cases, where permitted by law, there may be an access charge to cover the time we spend locating, compiling, and explaining the information you ask for. If there is an access charge, we’ll give you an estimate upfront and confirm that you’d like us to proceed. Generally, the access charge is based on an hourly rate plus any photocopying costs or other out-of-pocket expenses. You’ll need to make the payment before we start unless you’ve authorised us to debit your account.
8.3 How long does it take to gain access to my information?
We try to make your information available within 30 days of your request and we will respond to your request within 20 days.
8.4 Can you deny or limit my request for access?
In certain circumstances, we’re allowed to deny your request or limit the access we provide. For example, we might not provide you access to commercially sensitive information. Whatever the outcome, we’ll write to you explaining our decision.
We may refuse to give you access to the personal information we hold about you if we reasonably believe that giving you access would:
pose a serious threat to the life, health, or safety of any individual;
- have an unreasonable impact on the privacy of other individuals; or
- we consider the request to be frivolous or vexatious.
8.5 Updating your basic information
It’s important that we have your correct details, such as your current address and telephone number. You can check or update your information by going online, emailing, or phoning us.
8.6 Can I correct my information?
You can ask us to correct any inaccurate information we hold or have provided to others (including credit-related information) by contacting us. If the information that is corrected is the information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests.
If your request relates to credit-related information provided by others, we may need to consult with credit reporting bodies or other credit providers. We’ll try to correct information within 30 days. If we can’t complete the request within 30 days, we’ll let you know the reason for the delay within 20 days and try to agree on a timeframe with you to extend the period.
If we’re able to correct your information, we’ll inform you when the process is complete.
8.7 What if we disagree that the information should be corrected?
If we disagree with you that information should be corrected, we’ll let you know in writing our reasons. You can ask us to include a statement with the relevant information, indicating your view that the information is inaccurate, misleading, incomplete, irrelevant, or out-of-date. We will take reasonable steps to comply with such a request.
8.8 Can I ask you not to provide my information to my broker?
If you were introduced or applied to us through a broker or other agent, we will provide them with information about each application you make with us and each loan that we provide to you. Your account will be linked to that broker and we will continue to provide them your information for each application you make with us whether that application is made through that broker or direct with us. If you do not wish us to provide your information to your broker or other agent, you must advise us by contacting firstname.lastname@example.org.
9.Making a privacy complaint
9.1 We’re here to help
If you have a concern about your privacy (including credit-related matters), you have a right to make a complaint and we’ll do everything we can to put matters right.
9.2 How do I make a privacy complaint?
To lodge a complaint, please get in touch with us using your point of contact or one of the customer service teams set out in section 10. We’ll review your situation and try to resolve it as soon as possible. If you’ve raised the matter through your point of contact or through our customer service teams and it hasn’t been resolved to your satisfaction, please contact our Customer Relations team using the details in section 10.
9.3 How do we handle a privacy complaint?
We acknowledge every complaint we receive and provide you with our name, a reference number, and contact details of the investigating officer. We keep you updated on the progress we’re making towards fixing the problem.
9.4 External review of privacy complaints
If you’re not satisfied with our handling of your matter, you can refer your complaint to external dispute resolution. We suggest you do this only once you’ve first followed our internal complaint processes set out above.
If your complaint is about the way we handle your personal information you may also contact the Office of the Australian Information Commissioner by calling them at 1300 363 992, online at www.oaic.gov.au, or writing to the Office of the Australian Information Commissioner (“OAIC”), GPO Box 5218 Sydney NSW 2001.
10.How to contact us or find out more
For privacy related queries, access or correction requests, or complaints, or to request a printed version of this policy, please contact us:
Phone 0061 2 8197 0057. Our call centre is open Monday to Friday, 8am-6pm AEDT.
We aim to resolve your query or complaint at your first point of contact with us. You can use your usual point of contact or call our customer service team.
10.1 To update your direct marketing preferences or request not to receive direct marketing
You can call us using the number above or email us.
For more information about the Australian Privacy Principles and credit reporting rules visit:
- Office of the Australian Information Commissioner (“OAIC”) (privacy generally); or
- Australian Retail Credit Association (“ARCA”) (credit reporting rules).
11.Amendments to this Policy
We may change this Policy at any time by changing or removing existing terms or adding new ones. Changes may take the form of a completely new Policy. We will tell you about any changes by posting an updated Policy on our website.
Any change we make applies from the date we post it on the website. By continuing to use our services you will be deemed to agree to our updated Policy.