Credit24 is a registered trademark and business name of IPF Digital Australia Pty Ltd (ACN 130 894 405) (Australian Credit Licence 422839) (‘we’ or ‘us’).
We are bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) in Schedule 1 of the Privacy Act. This policy is to inform you of how we protect your personal information in compliance with the Privacy Act and the APPs. The APPs can be viewed on the website of the Office of the Australian Information Commissioner at this link: https://www.oaic.gov.au/individuals/privacy-fact-sheets/general/privacy-fact-sheet-17-australian-privacy-principles
To create an account with Credit24, you will need to agree to the terms of this Privacy and Credit Reporting Policy.
1. Personal information that we collect
For these purposes, “personal information” is information or an opinion about an individual who is identified or their identity can be reasonably ascertained from that information or opinion. We collect personal information that includes, but is not limited to:
- full name
- date of birth
- Driver’s licence, Medicare & Passport details
- personal information to verify Visa details (where applicable)
- current and previous addresses (including postal address)
- contact details including telephone numbers
- e-mail addresses
- occupation and employer name
- cost of living, fixed and financial expenses and commitments
- bank account details
- consumer credit and identity verification reports; and
- name and contact details of applicant referees.
- a credit report provided to us by a credit reporting body (details of the credit reporting bodies with whom we share information are listed in 4. Notifiable Matters and Credit Reporting)
2. Collection of your personal information
Wherever possible, we will collect personal information directly from you either through the internet, mail, telephone, electronic direct mail or in person. This information will generally come from what you have provided in your loan application and supporting documentation, for example, your financial or employment details. However, if necessary, we may collect personal information about you from third parties, such as any referees provided by you and third party service providers including credit reporting bodies. We hold your personal information in computer systems, electronic form, digital records, telephone recordings and/or paper files.
3. Why we collect personal information
To Communicate with you
It is important that we can contact you if we need to. We may use telephone, direct mail, electronic direct mail or sms text messaging or other electronic messaging services so we can obtain information needed for your loan application and processing, assessing and administering your loan.
We may also need to contact you through telephone, direct mail or through electronic communications to give you documents, notices and to notify you about details of your loan contract.
To verify your identity and prevent fraud
Verifying the legitimacy of your identify by disclosing your name, residential address and date of birth and other personal information about you to a credit reporting body and your government issued document details verified with the issuer or official record holder. Government issued document details you provide are verified with the issuer or official record through the Document Verification Service (DVS) administered by the Commonwealth Attorney-General’s Department.
To process and assess your loan application and manage a subsequent loan account
The primary reason we collect and use your personal information is to properly process and assess your loan application in accordance with legal requirements. We also use your personal information to administer your loan application account. This can include:
- making enquiries and verifications about you financial circumstances
- obtaining a credit report about you from a credit reporting body
- making inquiries about the purpose and objectives for the loan you are seeking
- making credit inquiries with credit reporting agencies
- determining whether a product is not suitable for your circumstances and objectives
- contacting your employer about your employment and related matters
- processing your loan application
- establishing and providing administrative facilities for your loan account
- charging and billing
- complying with legal requirements and regulation; for example Anti-Money Laundering and Counter-Terrorism Act 2006 (Cth), Privacy Act and the National Consumer Credit Protection Act 2009 (Cth) and ASIC Regulatory Guide 209 – Credit Licensing: Responsible lending conduct.
- preventing fraud and other criminal activity
- managing our rights and obligations including but not limited to external payment systems or our business systems and infrastructure
4. Notifiable Matters and Credit Reporting
We are required by law to advise you of ‘notifiable matters’ in relation to how we may use your credit information.
We exchange your credit information with credit reporting bodies. We use the credit information that we exchange with the credit reporting body in validating your identity; in assessing your application for finance; and in managing your loan account.
When creating a customer account we will share information with a credit reporting body for the purpose of verifying your identity.
In the course of applying for a loan, we will obtain a credit report on you from a credit reporting body and this may occur at any time after you commence the on-line application process. The enquiry will be listed in your credit file maintained by a credit reporting body.
If you fail to meet your payment obligations in relation to any finance that we have provided or arranged or you have committed a serious credit infringement then we may disclose this information to a credit reporting body. If we do so, the default will be listed in your credit file maintained by a credit reporting body.
Your credit information may sometimes be used by credit reporting bodies for the purposes of ‘pre- screening’ credit offers on the request of other credit providers. You can contact the credit reporting body at any time to request that your credit information is not used in this way.
The Privacy Act does not require us to obtain consent from you prior to listing an enquiry on your credit file. The requirement is for us to make available to you of the name and contact details of a credit reporting body where we are likely to disclose information collected about you.
You can also contact the credit reporting body to advise them that you believe that you may have been a victim of fraud. For a period of 21 days after the credit reporting body receives your notification the credit reporting body must not use or disclose that credit information.
The following are the credit reporting bodies with whom we may exchange information about you:
- Equifax Limited – www.equifax.com.au
- Illion – www.illion.com.au
- Experian – www.experian.com.au/consumer-information-portal
You have the right to request access to the credit information that we hold about you and make a request for us to correct that credit information if needed. Please refer to section 10. Access for further details.
5. When we disclose (share) personal information
We may need to disclose your information, including information we receive through the credit reporting system, to organisations located overseas. For the most part, these service providers are related entities of IPF Digital Australia Pty Limited being other entities in the International Personal Finance plc (“IPF“) group of companies which perform a range of technology, operational and customer service functions for IPF Digital Australia.
IPF utilises cloud based data centres located in the United Kingdom,Ireland and Germany.
IPF Digital Australia also utilises a service provider that is located in Canada to assist us with customer enquiries via the webchat. The data that is collected through this tool may be transferred to, and or stored in Canada and the United States of America for the purpose of servicing the customer.
We may need to disclose your information, including information we receive through the credit reporting system to external service providers to us, such as:
- Credit reporting bodies and their third party service providers, that we use to verify your identity and to obtain a credit report about you.
- Identification services including DnB Green ID and Veda ID Matrix that aggregate identification sources including but not limited to:
- Australian Electoral Roll
- Credit Bureaus
- Electronic White Pages
- Insurance Reference Service
- National Tenancy Database
- Driver Licence Registries (ACT/NSW/NT/QLD/SA/TAS/VIC/WA)
- Australian Passport
- Accuity sanction screening service
- Velocity screening service
- Document verification service
- Visa verification service
- Biometric ID verification service
- payment systems operators
- mailing houses
- telephone contact centres
- debt collection organisations
- research consultants and professional advisors such as accountants, lawyers, auditors and if required by law, to government and regulatory authorities, for example, the Australian Tax Office.
We may also be required or permitted by law, to disclose personal information that we hold, including The Anti-Money Laundering and Counter-Terrorism Funding Act 2006 and the National Consumer Credit Protection Act 2009 and the Privacy (Credit Reporting) Code.
5.3 Privacy of Disclosed Information
We will take reasonable steps to ensure that these organisations are bound by sufficient confidentiality and privacy obligations with respect to the protection of your personal information.
IPF Digital Australia reasonably believes that any of the related companies in the IPF group located outside of Australia that may have access to your personal information and the cloud based data centres that the IPF group utilizes located in the UK, Germany and Ireland, are subject to a law, that has the effect of protecting the information in a way that is substantially similar to the way the APPs protect the information and that mechanisms can be accessed by the consumer to enforce that protection of the law
In the event that your personal information is disclosed to a related company or service provider located in a jurisdiction that is not subject to privacy obligations equivalent to those that apply to us in Australia, if the overseas recipient handles the personal information in breach of the APPs:
- we will not be accountable under the Privacy Act; and
- the individual will not be able to seek redress under the Privacy Act.
If you are a politically exposed person we may validate your status by disclosing your personal information to service providers in Australia and the United States of America.
6. Sensitive information
Where it is necessary to do so, for instance, if you experience financial hardship, we may collect personal information about you that is sensitive. This includes information about your health, your religious beliefs, your political affiliations or your criminal history. If you or third parties provide us with sensitive information, we will only use and disclose the information for the purpose for which it was provided or another directly related purpose, unless you agree otherwise, or where required by law. Where practical and reasonable, we will only collect sensitive information with your consent. However, if the information relates directly to your ability to meet financial obligations that you owe to us, you are treated as having consented to its collection.
7. Government identifiers
IPF Digital may use Government related identifiers of an individual (for example: Passport, Driver’s Licence, Medicare Card, etc) where it is reasonably necessary for the Company to verify the identify the individual
We do not use Government related identifiers of individuals as our identifier of you or of your loan or loan account.
8. Security of personal information
We take all reasonable steps to ensure that your personal information is protected from:
- unauthorised access, disclosure or modification
- misuse, and
When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we ensure that it is destroyed or de-identified.
10. Your Access to the Personal Information we hold about You
You are generally entitled to access the personal information that we hold about you. You may contact our Privacy Officer on FREECALL 1800 091 967 or firstname.lastname@example.org .We will deal with your request for such access within a reasonable time. If we refuse access, we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. We may recover reasonable costs in relation to a request for access to personal information.
We will take all reasonable steps to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date. However, if your information is incorrect, incomplete or not current, you can request that we update this information by contacting our Privacy Officer on FREECALL 1800 091 967 or email@example.com. If you establish that the personal information we hold about you is not accurate, complete and up to date, we will take reasonable steps to correct the information. If we cannot take reasonable steps to correct the information, because such correction is not technically possible or would be impracticable for us to perform, we may be unable to continue to provide our services to you. In these cases, we will provide reasons for denial of correction.
12. Direct marketing
By accepting the terms of this Privacy and Credit Reporting Policy, you consent to the following unless you opt out.
- From time to time, we may use your personal information other than sensitive information and your location, to provide you with information about our products and services, and those of third parties, that we consider may be of interest to you. We may contact you through telephone, direct mail, electronic direct mail, sms text messaging or other electronic services.
- We may also provide your details to other organisations for specific marketing purposes.
- If your application is unsuccessful IPF Digital may assist you to obtain finance by offering your application to other credit providers.
- We may use information that we hold about you for the purpose of preventing Small Amount Credit Contract (SACC) communications being sent to you in breach of Section 133CF of the Consumer Credit Protection Act 2009.
You can opt out of receiving direct marketing at any time if you no longer wish to receive marketing information. You can make this request to opt out by contacting us at FREECALL 1800 091 967 or by ‘unsubscribing’ from the mail, email marketing or sms text messages or other electronic messaging services you received from us.
13. Questions and Complaints
If you have any questions, concerns or complaints about this Privacy and Credit Reporting Policy, or our use of your personal information, you can contact our Privacy Officer on: FREECALL 1800 091 967 or firstname.lastname@example.org. You can also contact our Privacy Officer if you believe that the privacy of your personal information has been compromised or is not adequately protected. Once a complaint has been lodged, the Privacy Officer will respond to you as soon as possible. If your concerns have not been addressed by the Privacy Officer, you can appeal to the Credit24 Internal Dispute Resolution Team. Further information is available from the Office of the Australian Information Commissioner’s website at www.oaic.gov.au or contact the Information Commissioner’s hotline on 1300 363 992.
This Privacy and Credit Reporting Policy (V19.7.2023) is effective from 19 July 2023.
15. Your Consents
Confirm that you are authorised to provide to us the personal information you will provide and confirm that you are the person making the application. This consent is required for us to verify your government issued document details with the issuer or official record holder.
Consent to us disclosing my personal information to a credit reporting body and my government issued document details verified with the issuer or official record holder for identity checking requirements. This consent is to protect against identity fraud and without this consent we may not be able to consider or approve your application.
Consent to us collecting, using and disclosing personal information about you to enable IPF Digital to assess your application and to manage your loan account, including consent to disclose information to related companies and to third party service providers, both in Australia and Outside of Australia. Without this consent we may not be able to consider or approve your application. See section 11 about how you can update and correct information we hold about you.
Consent to use your personal information for direct marketing as described in section 12. See section 12 for how you can opt out.
Consent to us disclosing whatever of my personal information we consider is necessary, for the purpose of credit reporting to a credit reporting organisation. This disclosure of information is necessary for the integrity of the credit reporting system. See section 4 for how you can obtain access to the information held by a credit reference organisation and how to correct this.