Privacy and Credit Reporting Policy
This is the privacy and credit reporting policy of Household Capital Pty Limited ACN 618 068 214, Household Capital Services Pty Limited ACN 625 860 764, and our related businesses (we, us, our and HCC). It sets out how we collect, use and disclose personal information (including credit-related information) we hold about you.
Our commitment to protect your privacy
We understand how important it is to protect your personal information. This document sets out our commitment in respect of the personal information (including credit-related information) we hold about you and what we do with that information.
We recognise that any personal information we collect about you will only be used for the purposes we have collected it for or as allowed under the law. It is important to us that you are confident that any personal information we hold about you will be treated in a way which ensures protection of your personal information.
Our commitment in respect of personal information is to abide by the Australian Privacy Principles (APPs) and Part IIIA of the Privacy Act 1988 (Cth) (Privacy Act), the Privacy (Credit Reporting) Code 2014 (CR Code) and any other relevant law.
When we refer to ‘personal information’, we mean information from which your identity is reasonably apparent. This information may include information or an opinion about you. The personal information we hold about you may include the following:
1. Personal identifiers and contact details (including socio-demographic information)
The kinds of personal information we may collect about you include your name, date of birth, address, account details, passport details, driver licence details and any other information we may need to identify you.
2. Technical and usage data
When you visit our websites or use our mobile apps, we may collection information about your location or activity, including your IP address, telephone number, whether you have accessed third party sites, the date and time of visits, the pages that you viewed, information about the device used, and other user location information.
3. Product profile
We may hold details of products and services (including their status) you have, such as any home loan, car finance or superannuation provider.
‘Sensitive information’ is personal information that includes information relating to your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record or health. We generally do not collect sensitive information about you except as outlined below and unless required by applicable laws or rules. We will only collect sensitive information about you with your consent.
‘Credit-related information’ is a sub-set of personal information, and means:
● Credit information, which is information such as your identity; the type, terms and maximum amount of credit provided to you, including when that credit was provided and when it was repaid; repayment history information; default information (including overdue payments); payment information; new arrangement information; details of any serious credit infringements; court proceedings information; personal insolvency information; and publicly available information; and
● Credit eligibility information, which is credit reporting information supplied to us by a credit reporting body (CRB), and any information that we derive from it.
Credit-related information that we hold about you may include your financial position and transaction data.
We use your credit-related information to assess your eligibility to be provided with finance. Usually, credit-related information is exchanged between credit and finance providers and CRBs.
If you are applying for finance or provide a guarantee, we may also collect the ages and number of your dependants and cohabitants, the length of time you have resided at your current address, your employment details, and proof of your earnings and expenses.
Why we collect your personal information
We collect personal information for the purposes of assessing your application for finance and managing that finance, establishing your identity, contacting you, managing our risk and to comply with our legal obligations. For example, we are required or authorised to collect certain identification information about your under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth), certain information about your financial position under the National Consumer Credit Protection Act 2009 (Cth) (for applying for credit), and certain identification information under property laws in some states and territories (for providing a mortgage as security).
We exchange credit-related information for the purposes of assessing your application for finance and managing that finance. If you propose to be a guarantor, one of our checks may involve obtaining a credit report about you.
We may also collect your personal information for the purposes of direct marketing (see below under ‘Direct marketing’) and managing our relationship with you. Improvements in technology also enable organisations like ours to collect and use information to get a more integrated view of our customers. From time to time we may offer you other products and services.
How we collect and store your personal information
We collect personal information (including credit-related information) in a number of ways, including:
- directly from you, for example, when you provide information by phone, in application forms or other agreements, or when you submit your personal details using our website;
- from third parties or your representatives. If we obtained your information through any of these methods and you would like a list of these entities or websites, or if you feel you have not given us consent to use your details, please contact us;
- from publicly available sources of information. For example, when we obtain credit eligibility information from a CRB about you; we may also seek publicly available information and information about any serious credit infringement that you may have committed.
- from our own records; and
- when you visit our website.
This personal information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store the personal information we hold about you. The cloud storage and the IT servers may be located outside Australia.
Collecting third parties’ personal information
If you provide to us personal information about other individuals (for example, the name and contact details of your authorised representatives), you should inform them that you are doing so and advise them they can contact us for further information.
Information collected when using our website or third party websites
1. IP address
Your internet protocol address (or ‘IP address’) is the numerical identifier for your device when you are using the internet. It may be necessary for us to collect your IP address for your interaction with some parts of our website.
2. Cookies (and targeting and remarketing)
Rejecting cookies may have the effect of limiting access to or functionality of parts of our website.
3. Web beacons
A web beacon is typically a transparent graphic image invisible to the user that is placed on a website. The use of a web beacon allows the website to record the simple actions of the user (such as opening the page that contains the beacon) through a tracking pixel.
We may use web beacons (and cookies) for purposes such as site usage analytics, advertising auditing and reporting, as well as content and ‘advertising/ marketing personalisation’. We may share any data collected from web beacon (and cookies) with third parties to provide you with relevant advertising when browsing Third Party Websites.
4. Links to third party websites
Our website contain links to third party websites (for example, third party providers of goods and services). For example, see “Our Strategic Partnerships” which connects you with our Industry Partners and Financial Partners (our Partners). If you accessed third party websites through our website and if those third parties collect information about you, we may also collect or have access to that information as part of our arrangements with those third parties.
Where you access a third party website from our website, cookie and web beacon information, information about your preferences or other information you have provided about yourself may be shared between us and the third party.
5. Advertising and tracking
When you access our website after viewing one of our advertisements on a third party website, the advertising company may collect information on how you utilise our website (for example, which pages you viewed) and whether you commenced or completed an online application or other online forms.
When you send a completed online application to us, we retain the information contained in that application. We can use that information to provide any products and services that you require.
You may also be able to suspend and save online applications, so you can complete and send the applications at a later time. If you suspend or save your application, the information that you have entered will be retained in our systems so that you may recover the information when you resume your application.
Online applications that have been suspended or saved may be viewed by us. In particular,
if you start but do not submit an online application, we can contact you using any of the contact details you have supplied to offer help completing it.
Sometimes people share information (including sensitive information) with us we have not sought out. This could be through using our website or, for example, requesting us to assess or assist in a credit hardship application.
If we receive unsolicited personal information (including credit-related information) about you, we will determine whether we would have been permitted to collect that information. If yes, then we will handle this information the same way we do with other information that we seek from you or in the manner described in this policy. If no and the information is not contained in a Commonwealth record, then we will destroy or de-identify it as soon as practicable, but only if it is lawful and reasonable to do so.
Often, it is not possible for us to neatly unbundle this information then destroy or de-identify only certain sections or parts of it, and we may need to store this information for future use, such as to help resolve disputes between us or assess future applications by you. We have many security safeguards in place to protect the information from interference, misuse, loss, unauthorised access, modification or disclosure.
How we disclose your personal information
We will not sell or trade your personal information to any party outside of HHC. We may disclose your personal information to third parties for the purpose of delivering the products or services you require. Your personal information is disclosed to these organisations only in relation to us conducting our business or providing our products and services to you.
We may disclose your personal information to:
- our Partners or organisations we form a strategic partnership or a similar business relationship with;
- to prospective funders or other intermediaries in relation to your finance requirements;
- to other organisations that are involved in managing or administering your finance such as third party suppliers, printing and postal services, call centres, lenders, mortgage insurers, trade insurers, and CRBs;
- to associated businesses that may want to market products to you;
- to companies that provide information and infrastructure systems to us;
- to our agents, contractors, external service providers to outsource certain functions, for example, statement production, debt recovery, and information technology support, including any servicers, or sub/backup servicers of your loan;
- to anybody who represents you, such as finance brokers, lawyers, mortgage brokers, guardians, persons holding power of attorney, and accountants;
- to anyone, where you have provided us consent;
- to other guarantors or borrowers (if more than one);
- to borrowers or prospective borrowers, including in relation to any credit you guarantee or propose to guarantee;
- to our auditors, insurers and re-insurers;
- to claims related providers, such as assessors and investigators who help us with claims;
- where we are authorised to do so by law, such as under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth), or by government and law enforcement agencies or regulators;
- to investors, agents or advisers, trustees, rating agencies, or any entity that has an interest in your finance or our business;
- to other financial institutions, for example, to process a claim for mistaken payment; or
- organisations that provide products or services used or marketed by us.
Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that:
- the person or organisation has a commitment to protecting your personal information at least equal to our commitment, or
- you have consented to us making the disclosure.
Some of the third parties may be located outside of Australia.
Transfer of information overseas
We run our business in Australia but may from time to time need to share your personal information (including credit-related information) with organisations outside of Australia. This may include entities operating overseas with whom we have a financial relationship with which are likely to be located in the UK. Where we do this, we will take reasonable steps to ensure appropriate data handling and security arrangements are in place. By providing us with your details, you consent to your personal information being disclosed in this manner. You should note that while overseas entities will often be subject to confidentiality or privacy obligations that apply in the relevant jurisdiction, they may not always follow the particular requirements of the Privacy Act. In the event that a disclosure is made in an overseas country, the information will not be protected by the APPs, and you will not be able to hold us accountable or seek redress under the Privacy Act if the overseas entity breaches the APPs. Overseas entities may be required to disclose information we share with them under a foreign law. In those instances, we are not responsible for that disclosure.
We may store your information in cloud or other types of networked or electronic storage. You should note that, as electronic or networked storage can be accessed from various countries via an internet connection, it is not always practicable to know in which country your information may be held.
We will not share any of your credit information with a CRB, unless it has a business operation in Australia.
We are not likely to share with overseas entity credit information we obtain about you from a CRB or that we derive from that information.
Disclosure to CRBs
We may disclose information about you to a CRB in Australia when you are applying for credit, you have obtained credit from us, or if you guarantee or are considering guaranteeing the obligations of another person to us. When we give your information to a CRB, it may be included in reports that the CRB gives other organisations (such as other lenders) to help them assess your credit worthiness.
Some of that information may reflect adversely on your credit worthiness, for example, if you fail to make payments or if you commit a serious credit infringement (like obtaining credit by fraud). That sort of information may affect your ability to get credit from other lenders.
The law requires us to advise you of ‘notifiable matters’ in relation to how we may use your credit-related information. You may request to have these notifiable matters (and this policy) provided to you in an alternative form.
We exchange your credit-related information with CRBs. We use the credit-related information that we exchange with the CRB to confirm your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor, and manage your finance.
The information we can exchange includes your identification details, what type of loans you have, how much you have borrowed, whether or not you have met your loan payment obligations and if you have committed a serious credit infringement (such as fraud).
If you fail to meet your payment obligations in relation to any finance that we have provided or arranged or you have committed a serious credit infringement, we may disclose this information to a CRB.
You have the right to request access to the credit-related information that we hold about you and make a request for us to correct that credit-related information if needed. Please see the heading ‘Access and correction to your personal and credit-related information’, below.
Sometimes your credit information will be used by CRBs for the purposes of ‘pre-screening’ credit offers on the request of other credit providers. You can contact the CRB at any time to request that your credit information is not used in this way.
You may contact the CRB to advise them that you believe that you may have been a victim of fraud. For a period of 21 days after the CRB receives your notification, the CRB must not use or disclose that credit information. You can contact any of the following CRBs for more information:
We may use or disclose your personal information to let you know about products and services from us and our agents, business partners and affiliates that might serve your financial, lifestyle and other needs (such as by way of updates or newsletters), to run competitions or promotions and to communicate other offers or opportunities in which you may be interested.
We may conduct these marketing activities via mail, email, telephone, messaging such as SMS and MMS, or any other means, including electronic means. We may also market our products and services to you through third party channels (such as social networking sites). We will always let you know that you can opt out from receiving marketing offers.
With your consent, we may disclose your personal information to third parties such as brokers or agents, or for the purpose of connecting you with other businesses or customers. You can ask us not to do this at any time.
Third party marketing service providers may combine the personal information we disclose to them with information they already hold about you, in order to provide you with more relevant advertising about our or their products and services.
We will not use or disclose sensitive information about you for direct marketing purposes unless you have consented to that kind of use or disclosure.
Where we market to prospective customers, we are happy to let them know how we obtained their information and will provide easy to follow opt-outs.
If you do not wish to receive marketing information, you may at any time decline to receive such information by telephoning us on 1300 622 100 or by writing to us at [email protected]. If the direct marketing is by email, you may also use the unsubscribe function. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.
Updating your personal information
It is important to us that the personal information we hold about you is accurate and up-to-date. During the course of our relationship with you, we may ask you to inform us if any of your personal information has changed.
If you wish to make any changes to your personal information, you may contact us. We will generally rely on you to ensure the information we hold about you is accurate or complete.
Access and correction to your personal and credit information
We will provide you with access to the personal and credit-related information we hold about you. You may request access to any of the personal information we hold about you at any time. We may charge a fee for our costs of retrieving and supplying the information to you.
Depending on the type of request that you make, we may respond to your request immediately. Otherwise we usually respond to you within seven days of receiving your request. We may need to contact other entities to properly investigate your request.
There may be situations where we are not required to provide you with access to your personal or credit-related information – for example, if the information relates to existing or anticipated legal proceedings, if your request is vexatious, or if the information is commercially sensitive.
An explanation will be provided to you if we deny you access to the personal or credit-related information we hold about you.
If any of the personal or credit-related information we hold about you is incorrect, inaccurate or out-of-date, you may request that we correct the information by telephoning us on 1300 622 100 or by writing to us at [email protected]
If appropriate, we will correct the personal information at the time of the request. Otherwise, we will provide an initial response to you within seven days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal or credit-related information within 30 days.
We may need to consult with other finance providers or CRBs or entities as part of our investigation.
If we refuse to correct personal or credit-related information, we will provide you with our reasons for not correcting the information.
Security of your personal information
The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:
- confidentiality requirements of our employees;
- document storage security policies, such as our IT Security Policy;
- security measures for access to our systems;
- only giving access to personal information to a person who is verified to be able to receive that information;
- control of access to our buildings; and
- electronic security systems, such as firewalls and data encryption on our website.
We have a data breach response plan in place to enable us to contain, assess and respond to suspected data breaches in a timely fashion to help mitigate potential harm to affected individuals. In the event of a serious data breach, affected individuals and the Office of the Australian Information Commissioner will be notified.
We also regularly review developments in security and encryption technologies. However, it is important to remember that the use of email and the internet may not always be secure, even with these safeguards in place.
If we transfer personal information to another organisation, for example, as described in ‘Transfer of information overseas’ above, or store personal information physically or electronically with third party data storage providers, we will take reasonable steps such as by way of the use of contractual arrangements to ensure those organisations and providers take appropriate measures to protect that information and restrict the uses of that information in accordance with the APPs.
When we no longer require your personal information, and we are legally permitted to, we take reasonable steps to destroy or de-identify the information. However, sometimes it is impossible or impractical to completely isolate the information then completely remove all traces of the information, and we may store the information for future use, such as to help resolve disputes between us or assess future applications by you. The same security safeguards will be in place to protect the information, as detailed in this policy.
Business without identifying you
In most circumstances, it will be necessary for us to identify you in order to successfully do business with you. However, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information – for example, if you make general inquiries about interest rates or current promotional offers.
If you choose not to provide certain personal information (for example, your date of birth), we may not be able to provide you with the products and services you require, or the level of service we aim to offer.
Complaints and further information
If you want to know more about the way we manage your personal or credit-related information, or you have a complaint about our compliance with the Privacy Act and the CR Code, you may contact us on 1300 622 100.
We will acknowledge your complaint within seven days and aim to resolve the complaint as quickly as possible. We will provide you with a decision on your complaint within 30 days.
If you are dissatisfied with the response of our Data Protection Officer, you may make a complaint to the Australian Financial Complaints Authority scheme, which can be contacted on 1800 931 678, or the Privacy Commissioner who can be contacted on either www.oaic.gov.au or 1300 363 992.
Change to this privacy and credit reporting policy
We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. Technology is constantly changing, as is the law and marketplace practices.
As a consequence, we may change this policy from time to time or as the need arises. We will post any changes to this policy on our website.
This policy was last reviewed in February 2022.