This policy applies to residents of the European Union (‘EU’) and the United Kingdom (‘UK’). In addition to your privacy rights arising under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (‘Australian Privacy Law’), and our Australian Privacy Policy, individuals who are located in the EU/UK also have privacy rights arising under the General Data Protection Regulation (‘GDPR’). To the extent of any inconsistency between our Australian Privacy Policy and this Policy, the standard which provides the greater privacy protection applies to residents of the EU/UK.
References in this policy to ‘Personal Information’ shares the definition given to ‘Personal Data’ under the GDPR, being any information relating to an identified or identifiable natural person (‘Data Subject’).
Under both the GDPR and the Australian Privacy Law, all Personal Information must be collected and processed in a manner which is lawful, fair and transparent.
If you are located in the EU/UK, we are required to provide you with more information about how we collect, use, share and store your Personal Information, and to advise you, the ‘Data Subject’ of your privacy rights.
We care about your privacy and welcome your feedback or enquiries. If you are located in the EU/UK and wish to provide feedback or make an enquiry in relation to your rights under the GDPR or the Australian Privacy Law, you may contact our Customer Care team in Australia on 1300 768 621, by email to customercare@creditcorp.com.au or by writing to us at the following address:
What personal information do we collect?
The types of personal information that Credit Corp collects typically includes your:
- name;
- contact details (such as address, telephone and email);
- date of birth;
- account details;
- gender;
- marital status and other household information such as number and age of dependents;
- occupation and employment information;
- financial information such as assets, liabilities, income and expenditure;
- complaint details; and
- involvement as a party in pending and completed legal proceedings.
Other types of personal information that Credit Corp collects relates to credit information. This typically includes:
- identification information;
- credit liability information;
- credit history;
- type and amount of credit;
- details of amounts payable and when such amounts are payable;
- repayment history, including when payments were made and whether payments were made when due; and
- default information.
Credit Corp does not access credit information from credit reporting bureaus based in the EU/UK.
Credit Corp may collect personal information from you directly. In certain circumstances, we may also collect Personal Information about you from other sources. We may collect this information about you from public registers, social media or information made available by third parties. For example, this may include, amongst other things, where:
- we cannot contact you and need to update your contact details;
- at your request we exchange your information with your legal or financial advisors or representatives;
- you have consented to a third party sharing with us;
Special Categories of Personal Information
In certain circumstances, we may collect Personal Information about you which constitutes ‘Special Category Data’. ‘Special Category Data’ has a particular meaning under the GDPR and includes information such as:
- race and ethnic origin;
- religious or philosophical belief;
- political opinions;
- trade union memberships;
- biometric data used to identify an individual;
- genetic data;
- health data;
- data related to sexual preferences, sex life, and/or sexual orientation.
We only collect and use Special Category Data with your consent or where we are legally authorised to do so.
Cookies
Credit Corp’s websites use cookies. For more information, please visit our Australian Privacy Policy and refer to the section titled “Websites”.
How we use your Personal Information:
Credit Corp only collects Personal Information where there is a valid and lawful basis to do so. We only collect Personal Information that is reasonably necessary for one or more of our functions or activities. For example, we collect Personal Information about you so that we can:
- identify you;
- contact you;
- respond to your enquiries;
- provide you with products and services;
- enter into payment arrangements with you; and
- comply with relevant laws and regulations.
In collecting your Personal Information, our lawful basis may include:
- where you have given your consent, and where such consent is informed, unambiguous and remains current;
- where there is a contractual necessity. e. for the performance of, or entry into a contract;
- to comply with our legal obligations;
- For the performance of a task carried out in the public interest;
- Where there is a legitimate interest, except where such an interest is overridden by the interests, rights or freedom of a Data Subject.
For example, we may use your Personal Information for the purposes outlined in the below table:
|
How we use your Personal Information |
Our Grounds for Processing your Personal Information |
Examples of our Legitimate interests |
|
To confirm your identity |
|
|
|
To contact you, for example by phone, email, sms, letter, web portal, chat, or other channels |
|
|
|
To Respond to Enquiries |
|
|
|
To Provide you with products and services |
|
|
|
To enter into repayment arrangements with you |
|
|
|
To Comply with Relevant Laws and regulations |
|
|
We may use your information for direct marketing purposes. We will only do this with your consent, which can be revoked at any time by contacting our Privacy Officer on the details above.
How long will we retain your Personal Information?
Credit Corp will keep your Personal Information while you are a customer of Credit Corp Group. We aim to keep your Personal Information for only as long as we need it.
We will generally keep your Personal Information for up to 7 years after you stop being a customer of Credit Corp Group, however we may keep your Personal Information for longer.
- To meet any legal or regulatory obligations;
- To respond to questions or complaints;
- For internal research and analytics.
Your Rights as a Data Subject
Whilst not exhaustive, the below table provides a summary of your rights under the GDPR.
|
Your Rights |
More Information |
|
You have the right to be informed how your Personal Information is processed |
You have the right to be informed how your personal information is being collected, stored, used and disclosed. If we require your consent to process your personal information you can withdraw consent at any time. If you withdraw consent, we may not be able to provide certain products or services to you. The right to withdraw only applies when the lawful basis of processing is consent. |
|
You have the right of access your Personal Information |
You can access your Personal Information that we hold contacting us on 1300 768 621, by sending an email to customercare@creditcorp.com.au titled “request for Personal Information”, or by writing to us at the following address: Privacy Officer,
Credit Corp Group.
GPO Box 4475,
SYDNEY NSW 2001.
Australia
|
|
You have the right to rectification where Personal Information held by us is inaccurate. |
You have the right to question any Personal Information that we hold about you where you consider that it is inaccurate, incomplete, out of date, or irrelevant for the purpose for which it is held. If you do, we will take reasonable steps to check the accuracy, completeness or relevance and take steps to correct it. |
|
You have the right to erasure |
You have the right to ask us to delete your Personal Information in circumstances where there is no legitimate need for us to keep it. Similar rights arise under APP 11.2 of the Australian Privacy Law, which requires us to take reasonable steps to destroy or de-identify Personal Information that is no longer needed for a permitted purpose. Your request may be made verbally or in writing. It will not always be possible to delete Personal Information that we hold. For example, there may be certain legal or other reasons that we need to retain your Personal Information. Where this is the case we will tell you and inform you for the relevant reasons. |
|
You have the right to restrict processing |
You may at any time request that we restrict our use of your Personal Information in some circumstances. In such a situation we would not use or disclose your Personal Information whilst it is restricted. This right applies only in certain circumstances. |
|
You have the right to data portability |
In some circumstances you have the right to request we provide you with a copy of the Personal Information you have provided to us in a structured, commonly used, machine-readable format that can easily be reused and to transmit the data to another data controller, where the data is processed electronically. This right only applies to Personal Information that you have provided us, where the processing is based on your consent or for the performance of a contract and where processing is carried out by automated means. |
|
You have the right to object |
In some circumstances you have the right to object to us processing your Personal Information. If an objection is made, we must generally stop the data processing. There are some exceptions that permit organisations to continue processing despite an objection. These exceptions do not apply to processing for direct marketing. Where an exception applies, we will tell you of our intentions to continue processing, the reasons and the exception that applies. |
|
You have rights in relation to automated decision making and profiling |
In certain instances, we may use systems to make automated decisions (including profiling) based on the Personal Information that we hold, including information collected from applicable Australian credit reporting bodies. These automated decisions can affect how we interact with you, or manage your account. You can request for us not use automated decisions making alone or object to an automated decision and ask for the matter to be reviewed by a person. |
|
You have the right to lodge a complaint with an ombudsman scheme or supervisory authority |
You have the right to complain in relation to Privacy. If you are not happy with the outcome of a complaint made through our internal dispute resolution process, you may complain to an ombudsman scheme, or the regulator. For more information see the section below, titled “Making a Complaint. |
When correcting/updating your Personal Information, all changes will be reflected in our active collections system instantly or within a reasonable period of time. Please note that we may retain all information you submit for backups, archiving, prevention of fraud, analytics, compliance with legal obligations, or where another legitimate reason to do so exists.
Privacy of Minors
Where Credit Corp collects information in relation to a person below the age of 18 years, Credit Corp will seek the consent of the parent or guardian prior to collection of that Personal Information.
Making a complaint
If you have a compliant in relation to Privacy, please contact us on the below details:
Telephone 1300 768 621
Email: customercare@creditcorp.com.au
We will endeavour to deal with your complaint as soon as is reasonably practicable. If we are unable to satisfactorily resolve your complaint, there are a number of options available to you:
- If the privacy complaint is related to an Australian Consumer Credit Contract, it may be referred to a recognised external dispute resolution scheme of which Credit Corp is a member. Credit Corp is a member the Australian Financial Complaints Authority (AFCA) which is approved by the Office of the Australian Information Commissioner and the Australian Securities and Investments Commission. AFCA provides an impartial dispute resolution service which is free to consumers and can be contacted at www.afca.org.au or on 1800 931 678.
- If the complaint relates to a breach of the Australian Privacy Law, you may contact the Office of the Australian Information Commissioner by visiting the following website and following the steps listed on the website: www.oaic.gov.au/privacy/privacy-complaints.
- If the matter is a complaint under the GDPR, you may complain to the UK data protection authority. Their contact details are:
Information Commissioner’s Office
Wycliffe House
Wilmslow
Cheshire SK9 5AF
UK
www.ico.org.uk
For other European jurisdictions please refer to the European Commission website for details of the relevant data protection authorities.
Changes:
Our business and the environment in which we operate changes regularly and our Privacy Policy and this annexure to it may change from time to time. We reserve the right to change our policy at any time.
Any revised version of this policy will be published on our website. You should check our website frequently to see any recent changes.
Credit Corp takes its privacy obligations seriously. We will not materially change our policies and practices to make them less protective of Personal Information collected in the past without the consent of the affected customers.
Effective July 2023