Thank you for trusting us with your information. We value that trust, and that’s why protecting your information, and being clear about how we collect, use, exchange and protect your information, is of huge importance and a vital part of our relationship with you.
1. Your privacy is important to us This Policy outlines how Australian Short Term Business Lenders Association Pty Ltd(ACN 158 199 707) and its related companies, (“we / us / the Group”) collect, disclose, use, store or otherwise handle personal information. It is important to us that we manage your personal information securely and consistently with relevant legislation, including the Privacy Act 1988 (Commonwealth) (“Privacy Act”) as well as the Credit Reporting Privacy Code (where applicable).
This Policy explains:
The kinds of personal information (including credit-related information) we collect;
The purposes for which we collect this information;
How we manage the personal information that we collect about you;
How you can seek access to and correction of that information;
If necessary, how you can make a complaint relating to our handling of that information.
This policy is not limited to current customers or guarantors of customers (where applicable) – it relates to all other individuals who deal with us, whether in relation to the provision of credit or otherwise.
2. Information we collect from you We collect information about you and your interactions with us, for example, when you request or use our products or services, make a card purchase or transfer money, phone us or visit any of our websites. When you use our website or mobile applications, we may collect information about your location or activity including IP address, telephone number and whether you’ve accessed third-party sites. Some of this website information we collect using cookies.
The information we collect from you may include your identity and contact details, other personal details such as gender and marital status and financial information. Where applicable, we also collect health information, for example, for insurance purposes.
2.1 Personal Information We will collect certain information about you depending on the circumstances in which the product or service is being provided. This information can include:
Key personal information such as your name, residential and business addresses, telephone numbers, email and other electronic addresses; Financial and related information, such as your occupation, accounts, bank account information (from prior to the loan being granted and ongoing for the term of the loan), assets, expenses, income, revenue, dependents, and regarding your employment, financial and business dealings and other relevant events; Your transaction history (with us and our associates or relevant third parties). This information includes products you may have used with us in the past, your payment history, and the capacity in which you have dealt or deal with us; Other relevant information – depending on the circumstances this may also include health and medical information, membership of professional bodies, tax file number information and other government identifiers (e.g. if relevant to identifying you).
2.2 Information we collect from others We collect information about you from others such as service providers, agents, your bank, advisers, brokers, employers or family members. For example, if you apply for credit, we may need to obtain a credit report from a credit reporting body. We will also obtain bank account information from your bank throughout the term of the loan. We may collect information about you that is publicly available, for example, from public registers or social media, or made available by third parties.
2.3 Sensitive information The Privacy Act also protects your sensitive information, such as health information that’s collected on insurance or hardship applications. If we need to obtain this type of information, we will ask for your consent, except where otherwise permitted by law.
3. How do we use your information? In many circumstances, we will collect the above information primarily from you (or from someone who is representing or assisting you). However, there are certain instances in which we will collect information about you from third parties where it is unreasonable or impracticable to collect it directly from you. For example, even where your application is for credit, we may collect information about you from a business which provides information about commercial credit worthiness for the purpose of assessing your application. We use this information to:
Establish your identity and assess applications for products and services
Price and design our products and services
Administer our products and services
Manage our relationship with you
Conduct and improve our businesses and improve the customer experience
Manage our risks and help identify and investigate illegal activity, such as fraud
Contact you, for example if we suspect fraud on your account or need to tell you something important
Comply with our legal obligations and assist government and law enforcement agencies or regulators
Identify and tell you about other products or services from our various brands that we think may be of interest to you.
We may also collect, use and exchange your information in other ways where permitted by law.
3.1 Direct marketing If you don’t want to receive direct marketing, you can tell us by using any of the methods set out in section 9.
3.2 Gathering and combining data to get insights Improvements in technology enable organisations to collect and use information to get a more integrated view of customers and provide better products and services. We may combine customer information with information available from a wide variety of external sources (for example census or Australian Bureau of Statistics data). We are able to analyse the data in order to gain useful insights which can be used for any of the purposes mentioned earlier in this policy. In addition, Group members may provide data insights or related reports to others, for example to help them understand their customers better. These are based on aggregated information and do not contain any information that identifies you.
4. Who do we exchange your information with? We exchange your information with other members of the Group, so that the Group may adopt an integrated approach to its customers. Group members may use this information for any of the purposes mentioned in this section.
4.1 Third parties We may exchange your information with third parties where this is permitted by law or for any of the purposes mentioned in section 4. Third parties include:
Your co-applicant(s) (if any)
Related entities based in Australia or overseas
Entities that provide services to us such as mailing houses or call centre operators
Service providers, for example law firms, market research / data providers, and loyalty program redemption partners
Those to whom we outsource certain functions, for example, direct marketing, statement production, debt recovery and information technology support
Brokers, agents and advisers and persons acting on your behalf, for example guardians or persons holding power of attorney
References that you provide to us, for example landlord details or trade references
The supplier of any goods or services financed with credit we provide
Persons involved in arrangements that provide funding to us, including persons who may acquire rights to our assets (for example loans), investors, advisers, trustees and rating agencies
Claims-related providers, such as assessors and investigators, who help us with claims
Other financial institutions such as banks and credit providers
Auditors, insurers and re-insurers• employers or former employers
Government and law enforcement agencies or regulators
Credit reporting bodies and credit providers
Entities established to help identify illegal activities and prevent fraud
Overseas entities that provide products and services to us.
4.2 Sending information overseas Generally, we use customer service teams located within Australia. However we may send your information overseas, including to overseas Group members and to service providers or other third parties who operate or hold data outside Australia. Where we do this, we make sure that appropriate data handling and security arrangements are in place. Please note that Australian law may not apply to some of these entities. We may also send information overseas to complete a particular transaction or where this is required by laws and regulations of Australia or another country.
Where we send your information overseas, it is likely to be one of the following countries:
Where we send your information to overseas Group members or service providers, we make sure that appropriate data handling and security arrangements are in place.
5. Credit checks and credit reporting When you apply to us for credit or propose to be a guarantor, we need to know if you’re able to meet repayments under your agreement with us. We also want to avoid giving you further credit if this would put you in financial difficulty. One of our checks involves obtaining a credit report about you.
5.1 Credit reports A credit report contains information about your credit history that helps credit providers assess your credit applications, verify your identity and manage accounts you hold with them. Credit reporting bodies collect and exchange this information with credit providers like us and other service providers such as phone companies. The Privacy Act limits the information that credit providers can disclose about you to credit reporting bodies, as well as the ways in which credit providers can use credit reports.
5.2 What information can we exchange with credit reporting bodies? The information we can exchange includes:
Your identification details
What type of loans you have
How much you’ve borrowed
Whether or not you’ve met your loan payment obligations
If you have committed a serious credit infringement (such as fraud).
We also ask the credit reporting body to provide us with an overall assessment score of your creditworthiness.
The credit reporting bodies we use are Equifax Inc, and Dun & Bradstreet (Australia) Pty Ltd. You can access a copy of their respective privacy policies at:
Equifax Website: www.equifax.com.au Phone: 138 332 Address: Attention: Equifax Customer Resolutions Team, PO Box 964, North Sydney NSW 2059.
Dun & Bradstreet Website: www.checkyourcredit.com.au Phone: 13 23 33 Address: Attention: D&B Public Access Centre, PO Box 7405, St Kilda, VIC 3004
5.3 What do we do with credit-related information? We use information from credit reporting bodies to confirm your identity, assess applications for credit, manage our relationship with you and collect overdue payments. We also use this information as part of arriving at our own internal assessment of your creditworthiness.
We store credit-related information with your other information. You can access credit-related information we hold about you, request us to correct the information and make a complaint to us about your credit-related information. See sections 8 and 9.
5.4 Other rights you have Credit providers may ask credit-reporting bodies to use their credit-related information to pre-screen you for direct marketing. You can ask a credit reporting body not to do this. Also, if you’ve been, or have reason to believe that you’re likely to become, a victim of fraud (including identity fraud), you can ask the credit reporting body not to use or disclose the credit-related information it holds about you.
6. Keeping your information secure We keep your hard-copy or electronic records on our premises and systems or offsite using trusted third parties. Our security safeguards include:
6.1 Staff education We train and remind our staff of their obligations with regard to your information.
6.2 Taking precautions with overseas transfers and third parties When we send information overseas or use third parties that handle or store data, we ensure that appropriate data handling and security arrangements are in place.
6.3 System security When you transact with us on the internet via our website or mobile apps we encrypt data sent from your computer to our systems. We have firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses accessing our systems. When we send your electronic data outside the Group we use dedicated secure networks or encryption. We limit access by requiring use of passwords and/or smartcards.
6.4 Building security We have protection in our buildings against unauthorised access such as alarms, cameras and guards (as required).
6.5 Destroying data when no longer required Where practical, we keep information only for as long as required (for example, to meet legal requirements or our internal needs).
6.6 Your log-in details You are advised to keep your log-in details private and confidential. Your log-in details are your responsibility and we advise you not to share those details with any party. You hereby acknowledge that any party that accesses your account does so as your agent and accordingly you agree to be bound by any transactions effected through their use of your account.
7. Accessing, updating and correcting your information 7.1 Can I get access to my information? You can ask for access to your basic information (for example what transactions you’ve made) by going online or calling us. To obtain a copy of current credit-related information we hold about you, you can call or email us.
7.2 Is there a fee? There is no fee for making the initial request, but in some cases there may be an access charge to cover the time we spend locating, compiling and explaining the information you ask for. If there is an access charge, we’ll give you an estimate up front and confirm that you’d like us to proceed. Generally, the access charge is based on an hourly rate plus any photocopying costs or other out-of-pocket expenses. You’ll need to make the payment before we start, unless you’ve authorised us to debit your account.
7.3 How long does it take to gain access to my information? We try to make your information available within 30 days of your request. Before we give you the information, we’ll need to confirm your identity.
7.4 Can you deny or limit my request for access? In certain circumstances we’re allowed to deny your request, or limit the access we provide. For example, we might not provide you access to commercially sensitive information. Whatever the outcome, we’ll write to you explaining our decision. Updating your basic information It’s important that we have your correct details, such as your current address and telephone number. You can check or update your information at by going online, emailing or phoning us.
7.5 Can I correct my information? You can ask us to correct any inaccurate information we hold or have provided to others (including credit-related information) by contacting us. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests. If your request relates to credit-related information provided by others, we may need to consult with credit reporting bodies or other credit providers. We’ll try to correct information within 30 days. If we can’t complete the request within 30 days, we’ll let you know the reason for the delay and try to agree a timeframe with you to extend the period. If we’re able to correct your information, we’ll inform you when the process is complete.
7.6 What if we disagree that the information should be corrected? If we disagree with you that information should be corrected, we’ll let you know in writing our reasons. You can ask us to include a statement with the relevant information, indicating your view that the information is inaccurate, misleading, incomplete, irrelevant or out-of-date. We will take reasonable steps to comply with such a request.
8. Making a privacy complaint 8.1 We’re here to help We accept that sometimes we can get things wrong. If you have a concern about your privacy (including credit-related matters), you have a right to make a complaint and we’ll do everything we can to put matters right.
8.2 How do I make a complaint? To lodge a complaint, please get in touch with us using your point of contact or one of the customer service teams set out in section 9. We’ll review your situation and try to resolve it straight away. If you’ve raised the matter through your point of contact or our customer service teams and it hasn’t been resolved to your satisfaction, please contact our Customer Relations team using the details in section 9.
8.3 How do we handle a complaint? We acknowledge every complaint we receive and provide our name, a reference number and contact details of the investigating officer. We keep you updated on the progress we’re making towards fixing the problem. Usually, it takes only a few days to resolve a complaint. However, if we’re unable to provide a final response within 45 days we’ll contact you to explain why and discuss a timeframe to resolve the complaint.
8.4 Credit-related information complaints If your complaint is about our practices relating to credit-related information, then we may need to consult with other organisations, including credit reporting bodies or credit providers.
We will acknowledge receipt of the complaint within seven days. If we can’t resolve the matter within 30 days, we’ll contact you and explain the reason for the delay, the expected timeframe to resolve the complaint and seek your agreement to extend the period.
8.5 External review If you’re not satisfied with our handling of your matter, you can refer your complaint to external dispute resolution. We suggest you do this only once you’ve first followed our internal complaint processes set out above.
9. How to contact us or find out more For privacy related queries, access or correction requests, or complaints, or to request a printed version of this policy, please contact us on 03 9017 6611 or email info @ astla.com.au. Our call centre is open Monday to Friday, 9am-5pm AEST. We aim to resolve your query or complaint at your first point of contact with us. You can use your usual point of contact or call our customer service team.
9.1 To update your direct marketing preferences or request not to receive direct marketing You can call us using the number above or emailing us.
For more information about the Australian Privacy Principles and credit reporting rules visit:
Office of the Australian Information Commissioner (privacy generally) Australian Retail Credit Association (credit reporting rules)