Your privacy is very important to us. We take reasonable steps to implement practices, procedures and systems to collect, use and disclose your personal information in accordance with the Privacy Act 1988, (“the Privacy Act”), the Australian Privacy Principles (“APPs”), the Credit Reporting Privacy Code (“the CR Code”), the Anti-Money Laundering Counter-Terrorism Financing Act 2006 (“the AML/CTF Act”) and the EU General Data Protection Regulation ("GDPR").
Who we are
What we collect
If you are applying for credit
The Group operates in commercial and consumer markets to provide credit to its customers. This means that we will collect and use relevant Personal Information and Credit Information about you that is reasonably necessary for or directly related to assessing your application for credit or your intention to guarantee an application for credit.
If you agree, we will use your Personal Information to verify your identity electronically for the purposes of the AML/CTF Act.
We may also use your Personal Information and Credit Information for a related or reasonably anticipated secondary purpose.
Personal Information is information that identifies or can reasonably identify who you are. In terms of Credit Information, the kinds of Credit Information that we collect are:
- identification information
- consumer credit liability information
- repayment history information
- a statement that an information request has been made by us
- the type and amount of credit sought in your application
- default information
- payment information
- new arrangement information
- court proceedings information
- personal insolvency information
- publicly available information ( where not included in new arrangement and personal insolvency)
- our opinion that you have committed a serious credit infringement in relation to consumer credit provided by us
The Credit Information may be made available to other companies in the Group, for example where credit is required from more than one of our companies.
The Group collects sensitive information but only if it is necessary. This includes assessing your situation under the hardship provisions of the National Credit Code.
Credit Information is also collected from credit reporting bodies (‘CRBs’). The information obtained from CRBs is known as credit reporting information. We use credit reporting information to derive information about you that affects your credit worthiness and can be used to establish your eligibility for credit (‘CP derived information’). The kinds of CP derived information that we usually store includes credit information, previous applications for credit made by you with other CPs and any adverse listings against you.
If you are applying for employment
We will collect and hold Personal Information that is reasonably necessary for or directed related to assessing your application for employment. We will collect and hold your Personal Information until the conclusion of our assessment process. If you are applying for employment, we will not collect Credit Information so that the parts of this Policy that relate solely to Credit Information will not apply to you.
The Personal Information collected may be disclosed to any of the companies within the Group.
During the assessment process, your Personal Information will be handled and dealt with by our Human Resource department in strict confidence. We will not disclose your Personal Information to persons outside the Group unless your consent is obtained. This includes the referees’ reports and background checks (ie police checks) that we may collect and hold.
If you are not a successful applicant and would like to have access to the Personal Information that we hold about you, we require that you do so within 28 days of the date of your application.
To protect your privacy, we will destroy or de-identify the Personal Information that we have about you after that date, as it is no longer needed. The only rare exception is where we are required to retain your Personal Information by law or under a court order.
How we collect and store
Personal Information and Credit Information is collected electronically through our website and in hard copy. The information is generally collected by us or by our authorised agent, from you or from someone authorised by you. The information may also be collected from publicly available sources. We may collect additional Credit Information during the course of our dealings with you, as required from time to time.
The Personal Information and Credit Information that we collect is generally stored electronically although hard copies of certain documents are sometimes retained. We have processes in place to ensure the security of your personal information and to protect it against loss, unauthorised access, use, modification and disclosure. We apply data encryption to electronically stored information.
Any Personal Information, Credit Information or sensitive information that is no longer required is destroyed or deleted in accordance with the prescribed procedures set out in the Privacy Act, the APPs, the CR Code and the AML/CTF Act.
We may disclose your personal information to third parties we engage to provide us services in connection with our activities. Those third parties may be located in Australia or overseas. If overseas, those third parties will generally be located in either New Zealand, the Philippines, India, Canada, the United States and China.
If we are not able to collect some of the requested information, we may not be able to process your application for credit and it may be refused.
How we use and disclose
We collect, store and use your Credit Information for the primary purpose of assessing your application for credit. We obtain your consent to exchange your Credit Information with other CPs, CRBs and entities that may be connected with your dealings with us. We only contact trade creditors and references nominated by you.
We obtain your consent to disclose certain credit information to CRBs. This includes Credit Information, the type of commercial credit sought, the amount of credit in the application, default information, payment information, serious credit infringements and consumer credit liability information.
Consumer credit liability information is information about:
- Who we are
- Whether we hold any licenses under the National Consumer Protection Act 2009
- The type of consumer credit to which your application relates
- The day consumer credit is entered into
- The terms or conditions of the consumer credit relating to repayment
- The maximum amount of available credit
- The day on which the consumer credit is terminated or ceases
Where necessary, we may also disclose repayment history information (‘RHI’) to CRBs. RHI is information about:
- Whether or not you have met an obligation to make a monthly payment that is due and payable in relation to consumer credit
- The day the monthly payment is due and payable
- If late payment is made, the day on which you make that payment
Overdue payments in relation to consumer credit will not be disclosed to CRBs as default information if you have made a hardship request that is being considered or in the case of a refusal of that request, less than 14 days have passed.
Your Credit Information will be disclosed if we are required to do so by law, including 'permitted general situations' and 'permitted health situations' as defined by the Privacy Act.
Verifying your identity electronically
Under the AML/CTF Act, we may disclose your name, residential address and date of birth (“Verification Information”) to a CRB to verify your identity electronically. The CRB we use is Equifax. If you are an individual, we will obtain your consent before we disclose your Verification Information to the CRB. When requested by us, the CRB may provide an assessment of whether your Verification Information matches the information held by them. When preparing the assessment, the CRB may use Verification Information about you as well as Verification Information that they already have about other individuals.
If your identity is unable to be verified electronically by the CRB, we will provide you with written notice of this and provide you with information about alternative ways we can verify your identity. If you do not consent to your identity being verified electronically, you will need to provide us with certified copies of your identification documents.
We may use your Personal Information to send you direct marketing communications about our products and services. These communications may be sent by any company in the Group or a third party we engage to send the communication on our behalf. The communications any be sent in various forms and media including mail, telephone, email, social media or SMS. At any time you may opt-out of receiving direct marketing communications from us.
Website, cookies and web analytics
Each time you visit our website or social media platforms, we or our internet service provider may monitor and make a record of your use of them. This may include:
- IP addresses
- Domain names
- Pages accessed
- Date and time
- Device used
- Web browser and operating system.
This information may be used to analyse the performance of our website and our social media platforms including how they are used and navigated, number of hits, frequency and duration of visits.
We may use technology called cookies which are small pieces of information stored in your device’s memory. Cookies record information about your use of our website or social media platforms. They can be used to enhance your use of our website and social media platforms as well as allowing us to monitor usage and traffic patterns.
Cookies do not contain any Personal Information. You can configure your browser to reject cookies however, this may limit your functionality of visiting our website and social media platforms.
We also use a third party web analytics service called Google Analytics to evaluate your use of our website. If you wish to prevent Google Analytics from using your information for analytics you may opt out by going to https://tools.google.com/dlpage/gaoptout.
EU General Data Protection Regulation
For the purposes of the GDPR we are a data controller. We use a customer review service called TrustPilot to collect feedback from our customers on our behalf. We may disclose your name and email contact details, to TrustPilot and you may receive an invitation from TrustPilot to write a review of your experience and dealings with us. You are under no obligation to accept the invitation or provide a review. You can also unsubscribe from receiving any further communications from TrustPilot. TrustPilot’s head office is located in Denmark. For the purposes of the GDPR, TrustPilot is a data processor. It is possible that your personal information may be processed by TrustPilot in Denmark or another European Union country.
- You have the right to access your Personal Information and Credit Information from us, to request that we correct the Personal Information or to make a complaint.
Access – we will provide access to your Personal Information and Credit Information when requested to do so, within 30 days of your request (unless an extension is agreed to in writing). However, access will not be provided unless we obtain such evidence as is reasonable in the circumstances to satisfy ourselves as to your identity. We may impose a reasonable charge for providing access.
Correction – where we are satisfied that the Personal Information and Credit Information held by us is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will take reasonable steps to correct the information within 30 days. You will be notified within 5 business days after a decision is made about the result of your correction request. Where necessary, we will consult the CRB prior to making the correction.
Complaint – you are entitled to complain to us about a breach. We will acknowledge the receipt of any complaint within 7 days and a decision in relation to your complaint will be made within 30 days (unless an extension is agreed to in writing).
In situations concerning consumer credit, if we are unable to resolve the issue to your satisfaction, you can lodge a complaint with the Australian Financial Complaints Authority (“AFCA”).
AFCA (Consumer credit only)
GPO Box 3
Melbourne VIC 3001
Tel: 1 800 931 678
In other situations, we will deal with your complaint in accordance with ISO 10002-2006 Guidelines for Complaints Handling in Organisations. If we are unable to resolve the issue to your satisfaction, you may complain to the Office of the Australian Information Commissioner (“OAIC”).
The relevant contact details are:
GPO Box 5218
Sydney NSW 2001
Tel: 1300 363 992
- You have the right to request CRBs not to use their credit reporting information for the purposes of pre-screening of direct marketing by us.
- You have the right to request the CRB not to use or disclose credit reporting information about you if you believe on reasonable grounds to be or have been a victim of fraud.
The Privacy Officer
Classic Funding Group
PO Box 6215
North Sydney NSW 2060
Tel: 1300 780 895
Obtaining a copy
- We disclose personal information and credit information about you to our credit reporting body (‘CRB’). The CRB is Equifax and can be contactable on www.equifax.com.au. Equifax may include personal information and credit information about you to us, to assist us in assessing your credit worthiness.
- If you fail to meet your payment obligations in relation to consumer credit or commit a serious credit infringement, we may be entitled to disclose this to the CRB.
Consumer credit is credit that you intend to use wholly or primarily for personal, family or household purposes. It includes credit intended to be used to acquire, maintain, renovate or improve residential property for investment purposes, or to refinance such credit.
A serious credit infringement refers to situations where a reasonable person would consider an individual’s act to indicate an intention not to comply with his/her obligations regarding credit AND the individual cannot be contacted AND at least six months have passed since credit was provided.
- You can obtain our policy about the management of credit-related personal information from our website: www.classicfg.com.au/service/privacy-policy. You can obtain our CRB’s policy about the management of credit-related personal information from Equifax’s website: www.equifax.com.au/privacy.
Credit-related personal information includes the type of consumer credit, the days on which it was entered into and terminated or ceased, the terms and conditions that relate to repayment, the maximum amount of credit available under the consumer credit and repayment history information.
- You have the right to request that our CRB withhold the use of your credit reporting information for the purposes of pre-screening of direct marketing by us. Pre-screening occurs where we provide our CRB with a specific list of individuals and request that our CRB pre-screen these individuals, using eligibility requirements that we nominate.
- You have the right to request that our CRB withhold the use or disclosure of your credit reporting information if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.