Privacy and Credit Reporting Policy
1 Purpose of this policy
- Clearly communicate our personal information handling practices;
- Enhance the transparency of our operations; and
- Give individuals a better and more complete understanding of the kinds of personal information that we collect and hold, the method of its collection and the purposes for which it is collected.
2 Outline of this policy
- Information about what personal information we collect from you and how and why we collect, use, disclose and store your personal information;
- Explanation of our personal information handling practices in relation to specific Company functions or activities such as complaint handling and policy advice. Here you will find what sort of records we keep and why; and
- Further information as to the process of accessing and correcting your personal information.
3 Our obligations under the privacy act
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
4 Types of personal information we collect
4.1 The types of personal information that we may collect about you includes:
- mailing or street address;
- email address;
- telephone number;
- age or birth date;
- profession, occupation or job title;
- details of the products and services that you (or your related company or other entity) have acquired from us or which you have enquired about, together with any additional information necessary to deliver those products services and to respond to your enquiries;
- any additional information relating to you that you provide to us through our website, through our representatives or otherwise; and
- information you provide to us through our service centre, customer surveys or visits by our representatives from time to time.
4.2 At or before the time we collect personal information from you, we will take reasonable steps to ensure that you are aware of:
- Our Company’s identity and how to contact us;
- The fact that you are able to gain access to and correct your personal information;
- The purpose for which your personal information is collected;
- The organisations (including overseas recipients) to which our Company usually discloses your personal information.
4.3 If we collect personal information about you from someone else or from a customer database, market listings or in-bound website contact, we take reasonable steps to ensure that you are made aware of the matters listed in paragraph 4.2.
4.4 We will not generally collect sensitive information about you unless permitted to do so by law (for example, if a “permitted health situation” as defined in the Privacy Act exists) in relation to the collection of the information or you consent to the collection of your sensitive information. Sensitive information includes:
- Information about an individual’s racial or ethnic origins, political opinions, membership of political associations, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, sexual preferences or practices, criminal record, that is also personal information;
- Health information about an individual; and
- Genetic information about an individual.
4.5 If you do not provide us with the personal information described above, any of the following may happen:
- We may not be able to provide our products or services to you, either to the same standard or at all;
- We may not be able to provide you with information about products or services that you may want, including information about special promotions; or
- We may be unable to tailor the content of our website to your preferences and your experience of our website may not be as enjoyable.
5 Collection of personal information
5.1 It is our usual practice to collect personal information directly from you or your representatives where it is reasonable and practicable to do so.
5.2 Sometimes we collect personal information from third parties such as our network of dealers and resellers or a publicly available source, but only if you have consented to such collection or would reasonably expect us to collect your personal information in this way, or if it is necessary for a specific purpose such as provision of equipment financing or leasing.
5.3 In limited circumstances we may receive personal information about you from individuals who contact us and supply us with the personal information of others in the documents they provide to us.
- Through your access and use of our website;
- When you email or telephone our representatives;
- When you complete an application or purchase order; or
- When you hand us your business card.
6 Use and disclosure
6.1 We only collect personal information for purposes which are directly related to our business activities and operations and only when it is necessary for or directly related to such purposes. We also collect personal information related to employment services, human resource management and other corporate functions. Some of the purposes for collecting personal information are listed below. Our primary purposes for collecting personal information are:
- facilitating the promotion and sales of our products and services including sending out personal invitations to customers to our workshops and corporate events;
- contacting our customers for the provision of after-sales services such as equipment maintenance, valet services, meter readings, spare parts and consumables;
- processing customer credit applications and for the provision of equipment financing and leasing products;
- contacting our suppliers to order goods and services.
6.2 More generally, we may also use and disclose your personal information:
- to answer enquiries and provide information about existing and new services;
- to assess the performance and improve the operation of our website;
- to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
- for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of us and our related bodies corporate, contractors or service providers;
- to provide your updated personal information to our related bodies corporate, contractors or service providers;
- to update our records and keep your contact details up to date;
- to process and respond to any complaint made by you; and
- to comply with any law, rule, regulation, decision or direction of a regulator, or in co-operation with any governmental authority.
6.3 We may disclose your personal information to:
- our employees, related bodies corporate, our network of authorised dealers and resellers, contractors or service providers for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide services to you. The service providers that we may disclose your information to include, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors and consultants;
- suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes; and
- any organisation for any authorised purpose with your express consent.
7 Direct marketing
7.1 We may send you direct marketing communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). You consent to us sending you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.
7.2 We follow special rules for the purpose of direct marketing:
- We may use your personal information for the purpose of direct marketing, but if you subsequently request not to receive direct marketing material, we will stop sending you direct marketing materials within the timeframe required by law.
- In each direct marketing communication with you, we will draw your attention to the fact that you may express a wish not to receive any further direct marketing material. This is called an “opt-out” request. If you do not wish to receive marketing communications, you can opt out at any time by using the unsubscribe link in an email or by contacting our Privacy Officer using the contact details specified below in section 15.
- In each direct marketing communication with an individual and in any media, the opt-out request will be set out in a prominent statement which makes it clear that you can make a request not to receive direct marketing communications from our organisation.
- We will not use or disclose any sensitive information for the purpose of direct marketing.
8 Our website
8.3 As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
8.4 Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
9 Credit reporting policy
- This section 9 is our credit reporting policy. We may provide consumer credit and/or commercial credit to individuals, and this policy will apply in such circumstances. We may conduct a credit check on you, any joint account holders (or for corporate customers, any directors, partners or other authorised representatives) before credit is provided to you.
- The Privacy Act and this policy do not apply to commercial credit provided to companies or other entities. However, this policy will apply where an individual applies for commercial credit or we or our financiers request that a director or other authorised individual guarantees the commercial credit to be provided by us to a company or other entity. This policy will only apply in respect of any use of individuals’ credit-related information as part of any assessment of the creditworthiness of that individual that we or our financiers undertake and any consideration that we or our financiers undertake in relation to an individual’s suitability as a guarantor.
9.2 Credit-related information
In this section 9, the term “credit-related information” means credit information, credit eligibility information and CRB derived information as those terms are defined in the Privacy Act. Generally speaking, credit-related information will include your name and address, your contact details, your date of birth and gender, details of your credit history (including any repayments missed or late repayments that you have made), information about any credit provided to you by credit providers (such as financial institutions, utilities or telecommunications providers), any credit rating or credit assessment score that we have derived or that is provided to us by a credit reporting body and details of any credit-related court proceedings or insolvency applications that relate to you.
9.3 Collection of credit-related information
In addition to collecting personal information about you, we may collect the following particular types of credit-related information about you:
- Your name and address (including previous addresses);
- Your contact details (including telephone and email addresses);
- Your date of birth and gender;
- Your credit history (including any repayments missed or late repayments that you have made);
- Details of any credit provided to you by other credit providers (such as other financial institutions, utilities or telecommunications providers);
- Any credit rating or credit assessment score that we have derived or that is provided to us by a credit reporting body; and
- Details of any credit-related court proceedings or insolvency applications that relate to you.
We may obtain this information from you or from third parties, including from credit reporting bodies and other credit providers in order to assist us in determining whether we or our financiers will provide any credit to you (or to your related company or other entity).
9.4 Our use and disclosure of your credit-related information
- We may use the credit-related information that is collected and held by us to help us decide whether or not to provide credit to you (or to your related company or other entity).
- The credit-related information that we hold about you may be used by us in accordance with Part IIIA of the Privacy Act and the Credit Reporting Code. The purposes for which we use your credit-related information may include:
- Using your credit-related information to assess any application that you make to us for credit (or which is made by your related company or other entity);
- Using your credit-related information to collect payments that are owed to us in respect of any credit that we have previously provided to you (or to your related company or other entity);
- Disclosing your credit-related information to any of our related companies that are also considering whether to provide credit to you (or to your related company or other entity);
- Where you have offered to guarantee credit that we have offered to provide to your related company or entity, to assess your suitability as a guarantor of that credit;
- Disclosing your credit-related information to a third party that you or we ask to act as a guarantor of any credit provided to you;
- Disclosing your credit-related information to the credit reporting bodies that we typically deal with, including for example Creditor Watch/Dun & Bradstreet / Equifax (previously known as Veda). Credit reporting bodies collect different types of credit-related information about individuals and use that information to provide a credit-related service to their customers (including to us);
- Disclosing your credit-related information to our financiers in connection with any credit that you seek;
- Disclosing your credit-related information to other third parties that provide services to us (or to you on our behalf). These might include debt collectors, credit management agencies and other third parties that process applications for credit made to us;
- Disclosing your credit-related information to other credit providers which provide, or are considering providing, credit to you (or to your related company or other entity);
- Using and disclosing credit-related information that we hold about you to assess and respond to any access or correction requests that you make to us;
- Where we are consulted by a credit reporting body or another credit provider about an access or correction request that you have made to those entities, to respond to that consultation request;
- Where you complain to the Office of the Australian Information Commissioner or any provider of a recognised external dispute resolution scheme about our treatment of your credit-related information, to respond to that complaint and to seek legal or other professional advice in relation to your complaint;
- Using and disclosing credit-related information that we hold about you as required by law or the order of a court or tribunal; and
- Where you otherwise expressly consent to the use or disclosure.
9.5 Disclosure of personal information to credit reporting bodies
We may disclose your credit-related information to a credit reporting body and you should be aware that:
- the credit reporting body may include the information in reports provided to other credit providers to assist them to assess your credit worthiness;
- if you fail to meet your payment obligations in relation to consumer credit or if you commit a serious credit infringement, we may be entitled to disclose this to a credit reporting body;
- you may obtain the credit reporting body’s policy about the management of credit-related personal information by accessing their websites:
- Dun & Bradstreet: www.dnb.com/utility-pages/privacy-policy.html
- Equifax: https://www.equifax.com.au/privacy
- Creditor Watch: https://creditorwatch.com.au/privacy
- you have the right to request credit reporting bodies to not use their credit reporting information for the purposes of pre-screening of direct marketing by a credit provider; and
- you have the right to request credit reporting bodies to not use or disclose credit reporting information about you, if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.
9.6 Other matters relating to your credit-related information
- Where required by law, we will make a written note (which may be kept in electronic form) of any use or disclosure that we make relating to your credit-related information.
- You (or your related company or other entity) make an application for credit to us; or
- You offer to guarantee credit that we propose to provide to your related company or other entity,
and we subsequently refuse your application or offer based on information provided to us by a credit reporting body about you, we will inform you of this and provide you with the name and contact details of that body and any other information required by law to be provided to you.
9.7 Access and correction
You have a right to request access to, or the correction of, any credit-related information that we hold about you. You may request access to any credit-related information that we hold about you in accordance with section 13 of this policy.
- You may complain about any failure by us to comply with Part IIIA of the Privacy Act or the Credit Reporting Code. If your complaint relates to our failure to provide access to or to correct any credit-related information that we hold about you, you may lodge a complaint directly with the Office of the Australian Information Commissioner (for more information, please see http://www.oaic.gov.au). If we are required by law to be a member of an external dispute resolution scheme, you can also lodge a complaint relating to access to or correction of your credit-related information with that organisation. If this applies, we notify you of this and the identity of the external dispute resolution provider at the time that you make a credit-related complaint. If your complaint does not relate to these matters, you must first lodge a complaint with us in accordance with the procedure set out in section 14 of this Policy, which sets out how we will deal with such complaints.
- If you make a complaint in relation to correction of your credit-related information, we will notify each other credit provider and credit reporting body to which we have previously disclosed that information that you have made a correction complaint in relation to that information and the outcome of that complaint, unless it is impracticable or illegal for us to do so.
10 Cross-border disclosure of personal information
10.1 We may disclose personal and credit-related information to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above.
10.2 We take reasonable steps to ensure that the overseas recipients of your information do not breach the privacy obligations relating to your personal or
your credit-related information.
10.3 We may disclose your information to entities located outside of Australia, including the following:
- our related bodies corporate, located in the United Kingdom, Japan, Singapore, New Zealand, and the United States of America;
- our data hosting and other IT service providers, located in Singapore, New Zealand, United Kingdom and the United States. Some cloud service providers may store data in several countries; and
- other third parties located in Singapore, New Zealand, United Kingdom and the United States of America.
10.4 We will abide by Australian Privacy Principle 8 in relation to the disclosure of your personal and credit-related information to an overseas recipient.
10.5 We will take reasonable steps in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles or ensure that it is subject to privacy protections that are substantially similar to the privacy laws in Australia.
10.6 Where appropriate, we will enter into a binding written contract with the overseas recipients of personal information to ensure we can enforce protection of that information.
11 Data quality
11.1 We undertake to take steps to ensure that the personal and credit-related information that we collect, use or disclose is accurate, complete and up-to-date. These steps include maintaining and updating personal information databases when we are advised by you that your information has changed or is incorrect.
12 Data security
12.1 We undertake to protect the personal and credit-related information that we collect and hold against loss, use, unauthorised access, modification or disclosure and against other misuse. These steps include password protection for accessing our electronic IT systems, securing paper files in locked cabinets and other physical access restrictions such as CCTV monitoring systems.
12.2 When the personal and credit-related information that we collect is no longer required for the purpose for which it was collected (or when we are no longer required by law to retain it whichever is the later), it is destroyed in a secure manner or de-identified.
13 Access and correction
13.1 You may request access to any personal or credit-related information we hold about you at any time by contacting us (see the details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a reasonable fee (not exceeding A$50) to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
13.2 There may be instances where we cannot grant you access to the personal or credit-related information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
13.3 If you believe that any personal or credit-related information that we hold about you is incorrect, incomplete or inaccurate, then you may request that we amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then you may request that we add a note to the personal information stating that you disagree with it.
13.4 For any credit-related information that we hold about you, we will:
- respond to your request for the correction of your credit-related information within 30 days (or such longer period as you may agree or we may request). If we cannot respond to your correction request without consulting with other credit providers or credit reporting bodies in relation to your request, we may do so and these bodies are permitted by law to assist us in resolving your correction request;
- if we agree to your request, promptly correct any credit-related information that we hold about you that we are satisfied is inaccurate, out-of-date, incomplete, irrelevant or misleading. If we do correct your credit-related information at your request, we will inform you and each other credit provider and credit reporting body to which we have previously disclosed that information that we have corrected your information. Where we disclosed your credit-related information after you made a complaint but before it was resolved, we will tell the recipient that you have made such a complaint and we will subsequently inform that entity of the outcome of your correction request; and
- if we have any other reasons for suspecting that the credit-related information that we hold about you has become inaccurate, out-of-date, incomplete, irrelevant or misleading, independently correct this information without consulting you. If we do this, we will take reasonable steps to notify that correction to you and to any other entities to which we have previously disclosed that credit-related information (unless it is impracticable for us to do so).
14 What is the process for complaining about a breach of privacy?
14.1 If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we can investigate it.
14.2 If your complaint relates to our failure to provide access to or to correct any personal or credit-related information that we hold about you, you may lodge a complaint directly with the Office of the Australian Information Commissioner (for more information, please see http://www.oaic.gov.au). If we are required by law to be a member of an external dispute resolution scheme, you can also lodge a complaint relating to access to or correction of your credit-related information with that organisation. If this applies, we notify you of this and the identity of the external dispute resolution provider at the time that you make a credit-related complaint.
14.3 Otherwise, if you have a complaint in relation to our handling of your personal or credit-related information that is not mentioned above or if your complaint relates to your personal information, you must first lodge your complaint with us using the details below and provide us with details of the incident so that we can investigate it.
14.4 We will treat your complaint confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
14.5 If you are not satisfied with our handling of your complaint or our proposed resolution, you have a right to lodge a further complaint with the Office of the Australian Information Commissioner (for more information, please see http://www.oaic.gov.au). The Office of the Australian Information Commissioner can provide you with further information about the next steps in its complaints process. If your complaint relates to credit-related information that we hold about you and we notify you that we are required by law to be a member of an external dispute resolution scheme, you may instead lodge your complaint with that organisation. If this applies, we notify you of this and the identity of the external dispute resolution provider at the time that you make a credit-related complaint.
14.6 Where your complaint relates to the correction of your credit-related information and the resolution of your complaint requires us to correct your information, we will notify other credit providers and credit reporting bodies that we have previously disclosed your information to, that you have made a correction complaint in relation to that information and that we have corrected your information as a result of the outcome of that complaint. However, if it is impractical or illegal for us to do so we are not required by law to give this notification.
15 How to contact us
15.1 If you have any questions about this policy, any concerns or a complaint regarding the treatment of your personal or credit-related information or want to notify us of a possible breach of your privacy, please contact our Privacy Officer at the details given below:
CFI Capital Pty Ltd
Tower 3, Level 25, 300 Barangaroo Avenue, Sydney, NSW 2000
Telephone : (02) 8277 4619
Email : email@example.com
16 Changes to our policy
16.1 We may change this policy from time to time, including to comply with any changes to the Privacy Act. Any updated versions of this policy will be posted on our website and will be effective from the date of posting.
This policy was last updated on 23rd June 2021.