Privacy and Credit Reporting Policy



Credit24 is a registered trademark and business name of IPF Digital Australia Pty Ltd (ACN 130 894 405) (Australian Credit Licence 422839) (‘we’ or ‘us’).

We are bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) in Schedule 1 of the Privacy Act. This policy is to inform you of how we protect your personal information in compliance with the Privacy Act and the APPs.  The APPs can be viewed on the website of the Office of the Australian Information Commissioner at this link:

1. Personal information that we collect

For these purposes, “personal information” is information or an opinion about an individual who is identified or their identity can be reasonably ascertained from that information or opinion. We collect personal information that includes, but is not limited to:

  • full name
  • date of birth
  • gender
  • Driver’s licence, Medicare & Passport details
  • current and previous addresses (including postal address)
  • contact details including telephone numbers
  • e-mail addresses
  • occupation and employer name
  • cost of living, fixed and financial expenses and commitments
  • bank account details
  • consumer credit and identity verification reports; and
  • name and contact details of applicant referees.
  • credit-related information including the type, term and amount of credit we provide to you and your repayment history; late payments and defaults in payment; credit eligibility information including information provided to us by a credit reporting body and our own assessment data.

2. Collection of your personal information

Wherever possible, we will collect personal information directly from you either through the internet, mail, telephone, electronic direct mail or in person. This information will generally come from what you have provided in your loan application and supporting documentation, for example, your financial or employment details. However, if necessary, we may collect personal information about you from third parties, such as any referees provided by you and third party service providers including credit reporting bodies. We hold your personal information in computer systems, electronic form, digital records, telephone recordings and/or paper files.

3. Why we collect personal information

To Communicate with you

It is important that we can contact you if we need to. We may use telephone, direct mail, electronic direct mail or sms text messaging or other electronic messaging services so we can obtain information needed for your loan application and processing, assessing and administering your loan.

We may also need to contact you through telephone, direct mail or through electronic communications to give you documents, notices and to notify you about details of your loan contract.

To verify your identity and prevent fraud

Verifying the legitimacy of your identify by disclosing your name, residential address and date of birth and other personal information about you to a credit reporting body and your  government issued document details verified with the issuer or official record holder.  Government issued document details you provide are verified with the issuer or official record through the Document Verification Service (DVS) administered by the Commonwealth Attorney-General’s Department.

To process and assess your loan application and manage a subsequent loan account

The primary reason we collect and use your personal information is to properly process and assess your loan application in accordance with legal requirements. We also use your personal information to administer your loan application account. This can include:

  • making enquiries and verifications about you financial circumstances
  • obtaining a credit report about you from a credit reporting body
  • making inquiries about the purpose and objectives for the loan you are seeking
  • making credit inquiries with credit reporting agencies
  • determining whether a product is not suitable for your circumstances and objectives
  • contacting your employer about your employment and related matters
  • processing your loan application
  • establishing and providing administrative facilities for your loan account
  • charging and billing
  • complying with legal requirements and regulation; for example Anti-Money Laundering and Counter-Terrorism Act 2006 (Cth), Privacy Act and the National Consumer Credit Protection Act 2009 (Cth) and ASIC Regulatory Guide 209 – Credit Licensing: Responsible lending conduct.
  • preventing fraud and other criminal activity
  • managing our rights and obligations including but not limited to external payment systems or our business systems and infrastructure

4. Notifiable Matters and Credit Reporting

We are required by law to advise you of ‘notifiable matters’ in relation to how we may use your credit information.

We exchange your credit information with credit reporting bodies. We use the credit information that we exchange with the credit reporting body in validating your identity; in assessing your  application for finance; and in managing your loan account.

When creating a customer account we will share information with a credit reporting body for the purpose of verifying your identity.

In the course of applying for a loan, we will obtain a credit report on you from a credit reporting body and this may occur at any time after you commence the on-line application process. The enquiry will be listed in your credit file maintained by a credit reporting body.

If you fail to meet your payment obligations in relation to any finance that we have provided or arranged or you have committed a serious credit infringement then we may disclose this information to a credit reporting body. If we do so, the default will be listed in your credit file maintained by a credit reporting body.

Your credit information may sometimes be used by credit reporting bodies for the purposes of ‘pre- screening’ credit offers on the request of other credit providers. You can contact the credit reporting body at any time to request that your credit information is not used in this way.

The Privacy Act does not require us to obtain consent from you prior to listing an enquiry on your credit file.  The requirement is for us to make available to you of the name and contact details of a credit reporting body where we are likely to disclose information collected about you.

You can also contact the credit reporting body to advise them that you believe that you may have been a victim of fraud. For a period of 21 days after the credit reporting body receives your notification the credit reporting body must not use or disclose that credit information.

The following are the credit reporting bodies with whom we may exchange information about you:

You have the right to request access to the credit information that we hold about you and make a request for us to correct that credit information if needed. Please refer to section 10. Access for further details.

5. When we disclose (share) personal information

5.1 Overseas

We may need to disclose your information, including information we receive through the credit reporting system, to organisations located overseas.  For the most part, these service providers are related entities of IPF Digital Australia Pty Limited being other entities in the International Personal Finance plc (“IPF“) group of companies  which perform a range of technology, operational and customer service functions for IPF Digital Australia.

IPF utilizes cloud based data centres located in the United Kingdom,Ireland and Germany.

IPF Digital Australia Pty Limited also utilizes a service provider located in New Zealand to assist with performing a range of operational and customer service support functions.

5.2 Australia

We may need to disclose your information, including information we receive through the credit reporting system to external service providers to us, such as:

  • Credit reporting bodies and their third party service providers, that we use to verify your identity and to obtain a credit report about you.
  • Identification services including DnB Green ID and Veda ID Matrix that aggregate identification sources including but not limited to:
    • Australian Electoral Roll
    • Credit Bureaus
    • Electronic White Pages
    • Insurance Reference Service
    • National Tenancy Database
    • Driver Licence Registries (ACT/NSW/NT/QLD/SA/TAS/VIC/WA)
    • Australian Passport
    • Accuity sanction screening service
    • Velocity screening service
    • Document verification service
  • payment systems operators
  • mailing houses
  • telephone contact centres
  • research consultants and professional advisors such as accountants, lawyers, auditors and if required by law, to government and regulatory authorities, for example, the Australian Tax Office.

We may also be required or permitted by law, to disclose personal information that we hold, including The Anti-Money Laundering and Counter-Terrorism Funding Act 2006 and the National Consumer Credit Protection Act 2009 and the Privacy (Credit Reporting) Code.

5.3 Privacy of Disclosed Information

We will take reasonable steps to ensure that these organisations are bound by sufficient confidentiality and privacy obligations with respect to the protection of your personal information.

IPF Digital Australia reasonably believes that any of the related companies in the IPF group located outside of Australia that may have access to your personal information and the cloud based data centres that the IPF group utilizes located in the UK, Germany and Ireland, are subject to a law, that has the effect of protecting the information in a way that is substantially similar to the way the APPs protect the information and that mechanisms can be accessed by the consumer to enforce that protection of the law

In the event that your personal information is disclosed to a related company or service provider located in a jurisdiction that is not subject to privacy obligations equivalent to those that apply to us in Australia, if the overseas recipient handles the personal information in breach of the APPs:

  • we will not be accountable under the Privacy Act; and
  • the individual will not be able to seek redress under the Privacy Act.

If you are a politically exposed person we may validate your status by disclosing your personal information to service providers in Australia and the United States of America.


6. Sensitive information

Where it is necessary to do so, for instance, if you experience financial hardship, we may collect personal information about you that is sensitive. This includes information about your health, your religious beliefs, your political affiliations or your criminal history. If you or third parties provide us with sensitive information, we will only use and disclose the information for the purpose for which it was provided or another directly related purpose, unless you agree otherwise, or where required by law. Where practical and reasonable, we will only collect sensitive information with your consent. However, if the information relates directly to your ability to meet financial obligations that you owe to us, you are treated as having consented to its collection.

7. Government identifiers

IPF Digital may use Government related identifiers of an individual (for example: Passport, Driver’s Licence, Medicare Card, etc) where it is reasonably necessary for the Company to verify the identify the individual

We do not use Government related identifiers of individuals as our identifier of you or of your loan or loan account.

8. Security of personal information

We take all reasonable steps to ensure that your personal information is protected from:

  • unauthorised access, disclosure or modification
  • misuse, and
  • loss.

When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we ensure that it is destroyed or de-identified.

9. Website

Any time that you enter our website, we may record the date and time that you have done so, as well as any information that you have downloaded. Please refer to the Website Terms of Use to see how and why we record this information. We do not guarantee that the information that you send over the internet is secure. Please see the Website Terms of Use for more information.

10. Your Access to the Personal Information we hold about You

You are generally entitled to access the personal information that we hold about you. You may contact our Privacy Officer on FREECALL 1800 091 967 or .We will deal with your request for such access within a reasonable time. If we refuse access, we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. We may recover reasonable costs in relation to a request for access to personal information.

11. Accuracy

We will take all reasonable steps to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date. However, if your information is incorrect, incomplete or not current, you can request that we update this information by contacting our Privacy Officer on FREECALL 1800 091 967 or If you establish that the personal information we hold about you is not accurate, complete and up to date, we will take reasonable steps to correct the information. If we cannot take reasonable steps to correct the information, because such correction is not technically possible or would be impracticable for us to perform, we may be unable to continue to provide our services to you. In these cases, we will provide reasons for denial of correction.

12. Direct marketing

(a) From time to time, we may use your personal information other than sensitive information, including your contact details, to provide you with information about our products and services, including those of third parties, that we consider may be of interest to you. We may contact you through telephone, direct mail, electronic direct mail, sms text messaging or other electronic messaging services. We are permitted to do this if you have created or hold an account with us, even if you are on the Do Not Call register. We may also provide your details to other organisations for specific marketing purposes.

(b) if your application is unsuccessful IPF Digital may assist you to obtain finance by offering your application to other credit providers.

We will consider that you consent to the above, unless you opt out. You can opt out of wither or both of (a) or (b) at any time if you no longer wish to receive marketing information. To do so, you will need to request that we no longer send marketing materials to you or disclose your information to other organisations for marketing purposes. You can make this request to opt out by contacting us at: FREECALL 1800 091 967 or or by ‘unsubscribing’ from our mail, email marketing or sms text messages or other electronic messaging services.

13. Questions and Complaints

If you have any questions, concerns or complaints about this Privacy policy, or our use of your personal information, you can contact our Privacy Officer on: FREECALL 1800 091 967 or You can also contact our Privacy Officer if you believe that the privacy of your personal information has been compromised or is not adequately protected. Once a complaint has been lodged, the Privacy Officer will respond to you as soon as possible. You can also visit the Office of the Australian Information Commissioner’s website at or contact the Information Commissioner’s hotline on 1300 363 992.

14. Changes to the Privacy Policy.

We may make changes to this Privacy Policy from time to time (without notice to you) that are necessary for our business requirements or the law. We encourage you to visit our website – from time to time to ensure that you have read our most current Privacy Policy.

This Privacy Policy (V8.8.2019) is effective from 8 August 2019.

15. Your Consents

By agreeing to this Privacy Policy you consent to the following:

Confirm that you are authorised to provide to us the personal information you will provide and confirm that you are the person making the application. This consent is required for us to verify your government issued document details with the issuer or official record holder.

Consent to us disclosing my personal information to a credit reporting body and my government issued document details verified with the issuer or official record holder for identity checking requirements. This consent is to protect against identity fraud and without this consent we may not be able to consider or approve your application.

Consent to us collecting, using and disclosing personal information about you to enable IPF Digital to assess your application and to manage your loan account, including consent to disclose information to related companies and to third party service providers, both in Australia and Outside of Australia. Without this consent we may not be able to consider or approve your application. See section 11 about how you can update and correct information we hold about you.

Consent to use your personal information for direct marketing as described in section 12. See section 12 for how you can opt out.

Consent to us disclosing whatever of my personal information we consider is necessary, for the purpose of credit reporting to a credit reporting organisation. This disclosure of information is necessary for the integrity of the credit reporting system. See section 4 for how you can obtain access to the information held by a credit reference organisation and how to correct this.