The purpose of this policy (Policy) is to outline how AllightSykes and its related entities (Our, us, we) manage credit related personal information (which means credit information, credit reporting information, credit eligibility information and/or regulated information) (Credit Information) including the collection, holding, use and disclosure of such information.
This Policy is intended to enhance the transparency of our operations, notify you of your rights and our obligations and provide information regarding:
1. the kinds of Credit Information which we will collect and hold;
2. how we will collect, hold, use and disclose Credit Information;
3. the purposes for which we collect, hold, use and disclose Credit Information;
4. how an individual may access Credit Information about the individual that is held by us and seek correction of such information;
5. how an individual may complain about a breach of the Credit Reporting Privacy Code (CRC) and how we intend to deal with any such a complaint;
6. whether we are likely to disclose Credit Information to an overseas recipient; and
7. if we are likely to disclose Credit Information to overseas recipients, the countries in which such recipients are likely to be located (if it is practical to do so).
This Policy sets out how we comply with our obligations under the Privacy Act 1988 (as amended by the Privacy Amendment (Enhancing Privacy Protection) Act (2012) (the Act) and the CRC. All terms defined in the Act have the same meaning when used in this Policy. This Policy is effective from 12 March 2014.
3. The kind of Credit Information we will collect and hold
We collect and hold the following types of Credit Information:
1. Identification information such as current and prior names and addresses, age and occupation, (including employer details) and driver’s licence number.
2. Details regarding applications for commercial credit including the type and amount of credit requested and the fact that we have assessed an application.
3. Details regarding the provision of credit, the amount and whether any other credit was previously provided.
4. The date that any agreement in relation to credit was entered into and the date that it ceased or was terminated and the surrounding circumstances.
5. Repayment history.
6. Details regarding payment owed to us or any other credit provider, in connection with credit provided to you or in relation to which you are a guarantor, overdue for more than 60 days.
7. Whether in our opinion, or another credit provider’s opinion, you have committed a serious credit infringement.
8. Whether you have entered into arrangements with us or other creditors in connection with the credit provided to you.
9. Court proceedings information, personal insolvency information and credit related publically available information.
10. Any information regarding your credit worthiness.
11. Any administrative information about credit accounts of yourself and your related bodies corporate.
4. How we will collect, use and disclose your Credit Information
Our usual practice will be to collect Credit Information from you (or your authorised representative) directly and with your written consent.
In some circumstances, we may collect Credit Information that is publicly available or from a third party. This may include the collection of Credit Information from a Credit Reporting Body (CRB).
As indicated above, we will endeavour to obtain your written consent regarding the collection and further disclosure of Credit Information from and to a CRB.
It may be necessary for us to collect your Credit Information for a specific purpose such as an investigation of a complaint.
We may be required to in some circumstances, if you fail to meet payment obligations or commit a serious credit infringement, to disclose your Credit Information to a CRB.
We will attempt to use the Credit Information we collect and hold for the primary purpose(s) in respect of which it is collected.
5. How we will hold the Credit Information we collect, use and disclose
We will hold the Credit Information in a manner which is secure and protected from unauthorised access.
Your information may be held in either a physical hard copy form or in electronic form on our IT system.
We take steps to protect the information against the modification, disclosure or misuse by including such things as password protection for accessing electronic IT systems and physical restrictions. We will also take steps to ensure our service providers have protection for electronic IT systems and other necessary restrictions.
We will endeavour to ensure that our relevant staff are trained about the security of the Credit Information we hold and we will restrict any access where necessary.
Once information is no longer required, we will take reasonable steps to either destroy or de-identify the Credit Information in a secure manner.
In the event we hold Credit Information that is unsolicited and we were not permitted to collect it, the Credit Information will be destroyed as soon as practicable.
6. The purpose for which we collect, hold, use and disclose your Credit Information
We may collect, hold, use and disclose your Credit Information as reasonably necessary so that it may be used directly for the functions or activities of our company and as permitted by law to:
- consider whether to provide you or a related entity with credit, or accept you as a guarantor;
- consider your credit worthiness when making decisions with respect to your application;
- provide information to CRB’s and to participate in the the credit reporting system recognised by the CRC;
- assist you or a related entity to avoid defaulting on credit-related obligations to us or other credit providers;
- take debt recovery action and enforcement where necessary to recover amounts against guarantors or where infringements have occurred; and/or
- consider and address any complaints and comply with our statutory requirements.
6.1 Disclosure to CRB’s
As indicated above, we may disclose Credit Information to a CRB in accordance with the permitted disclosures as defined under the Act, including instances where you fail to meet your payment requirements and you commit a serious credit infringement.
We may disclose your Credit Information to one or more of the following CRB’s listed below.
Level 15, 100 Arthur Street
NORTH SYDNEY NSW 2060
Tel: 1300 921 621
Level 2, 165 Grenfell St
ADELAIDE SA 5000
Tel: 1800 882 820
Dun & Bradstreet
143 Coronation Drive
MILTON QLD 4064
Tel: 07 3360 0600
Level 13, 109 Pitt Street
SYDNEY NSW 2000
Tel: 1300 501 312
Level 6, 549 St Kilda Road
MELBOURNE VIC 3004
Tel: 03 9699 0100
A copy of the Credit Reporting Policy for the CRB’s listed above will be available on their website or will be provided in hard copy upon request.
A CRB may use your Credit Information to assist with our marketing by “pre-screening” for direct marketing.
In accordance with recent changes within the Act we are unable to use your Credit Information for direct marketing, however a CRB may be able to “pre-screen” you and provide you with an opportunity to opt out of direct marketing.
You can tell the CRB that you do not want your Credit Information used for this purpose.
You are entitled to also place a 21 day ban on the sharing of your Credit Information, if you believe you have become a victim of credit fraud.
6.2 Disclosure of your Credit Information to other recipients
We may choose to, if permitted by law, share and/or disclose your credit information with third parties including:
1. other credit providers;
2. our related companies;
3. debt collection organisations;
4. guarantors or security providers in relation to the credit we provide you;
5. debt assignment organisations; and
6. credit insurers.
7. How can you access your Credit Information
You are entitled to access your Credit Information held in our possession.
We will endeavour to respond to your request for Credit Information within a reasonable time period and as soon as practicable in a manner as requested by you. We will normally respond within 30 days.
You can make a request for access by sending an email or letter and addressed to our Privacy Compliance Officer, details specified below.
The Privacy Compliance Officer
c/- Legal Department
AllightSykes Pty Ltd
12 Hoskins Road, Landsdale WA 6065
By Email: firstname.lastname@example.org
By telephone: +61 8 9302 7000
With any request that is made we will need to authenticate your identity to ensure the correct person is requesting the information.
We will not charge you for making an access request, however if reasonable, we may charge you with the costs associated with your access request.
You will only be granted access to your Credit Information where we are permitted or required by law. We are unable to provide you with access if:
1. Giving access would be unlawful; or
2. denying access is required or authorised by or under an Australian law or a court/tribunal order;
3. giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
In the event your access request is refused we will provide you with written notice that:
1. sets out the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
2. states that, if you are not satisfied with the response to the request, you may make a complaint to the Office of the Australian Information Commissioner (OAIC) under Part V of the Act using the details below.
Should we hold Credit Information that is incorrect, you have the right to make us aware of this fact and request that the incorrect information be corrected. If you would like to make a request to correct your information please contact our Privacy Compliance Officer on the details provided above.
In assessing your request we will need to be satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading. We will then take all reasonable steps necessary to ensure that it is accurate, up to date, complete, relevant and not misleading.
It is our normal practice to try and resolve any correction requests within 30 days. If we are to require further time we will notify you in writing and seek your consent. If it is the case we do not agree to correct your Credit Information as per your request we will notify you in writing and provide you with a written notice that:
1. states that the correction has not been made;
2. sets out our reasons for not correcting the information (including evidence substantiating the correctness of the information); and
3. states that, if you are not satisfied with the response to the request, you may make a complaint to the Commissioner under Part V of the Act using the details below.
9. Record keeping
We will endeavour to keep a record of where all Credit Information is used or disclosed.
The types of matters recorded by us include the following.
1. Where we have received Credit Information from another credit provider:
a. the date in which it was disclosed;
b. a brief description of the information disclosed; and
c. to whom the disclosure was made.
2. Records of any consent provided by an individual for purposes of disclosure.
3. Records of any correspondence and actions taken in relation to notifications or corrections, complaints, pre-screening, monitoring and auditing.
We will maintain our records for a minimum period of 5 years.
In the event that you wish to make a complaint about a failure of us to comply with our obligations in relation to the CRC or the Act, (other than where those complaints relate to an access request to credit eligibility information or a correction request with respect to credit information or credit eligibility information) you are entitled to make a complaint by using the procedure outlined below.
The complaint process relating to access requests to credit eligibility information or a correction request with respect to credit information or credit eligibility information are set out in Parts 7 and 8 respectively of this Policy.
The procedure for making a complaint is as follows:
2. All complaints should initially be in writing and directed to the Privacy Compliance Officer.
3. The complaint must specify the nature of the complaint.
4. The complaint may relate to personal information that has been destroyed or de-identified.
5. We will, within 7 days after the complaint is made, give you a written notice that acknowledges the making of the complaint and sets out how we will deal with the complaint.
6. After giving you the above written notice, we will investigate the complaint.
7. In dealing with your complaint we may consider it necessary to consult a CRB, or another credit provider, or a third party.
8. After investigating the complaint, we will, within 30 days of your complaint (or any longer period you agree to in writing) make a decision about the complaint and give you a written notice that:
a. sets out the decision;
(a) states that, if you are not satisfied with the decision, you may make a complaint to the OAIC under Part V of the Act using the details below.
If we fail to deal with your complaint in a manner that you feel is appropriate you may choose to report your complaint to an external dispute resolution scheme (EDR Scheme).
We note that we are currently not a member of any EDR Scheme and we are exempt from having to be a member of any EDR Scheme until March 2015.
If you are not satisfied with the process of making a complaint to our Privacy Compliance Officer you may make a complaint to the Information Commissioner. Details of which are below.
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992
Facsimile: 02 9284 9666
The Information Commissioner can decline to investigate a complaint on a number of grounds including:
1.where the complaint wasn’t made at first to us;
2. if the Information Commissioner considers the complaint has already been dealt with by a recognised EDR scheme; or
3. if the complaint would be more effectively or appropriately dealt with by a recognised EDR scheme of which we are a member.
11. Disclosure to overseas recipients
We utilise overseas service providers for some of our activities and so may need to disclose Credit Information to those service providers. We may also disclose such information to other overseas recipients, including our related companies, for the purposes listed above when permitted to do so by the Act.
These countries other than Australia in which such service providers and other recipients are likely to be located may include New Zealand, United States of America, Canada, South Africa, UAE, Russia and Indonesia.
If you have any queries regarding this Policy or wish to find out more regarding any of our privacy policies, please contact our Privacy Compliance Officer on the details listed above.
- Amendment Record
We may, without notice, change this Credit Policy from time to time for any reason and will update the Policy accordingly. We ask that you visit our website periodically in order to remain up to date with such changes
Brief Description of Change
Revision to comply with privacy reforms introduced by the Privacy Amendment (Enhancing Privacy Protection) Act that commenced in March 2014.