Privacy Policy – Australian Credit Data

Privacy Policy

Last Updated: July 1st 2017

[THIS POLICY IS PUBLISHED AT WWW.AUSTRALIANCREDITDATA.COM.AU]

Introduction
This Privacy Policy describes the personal information that may be collected by us, the choices you can make about your personal information and how we protect your information.
If you would like a printed version of this policy, you can print this page using your browser.
To meet your expectations about privacy and confidentiality, Australian Credit Data has operational processes and procedures to comply with:
• Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (External link)
• Australian Direct Marketing Association (ADMA) Code of Practice (External link) in relation to how we market to our customers

If you have any questions not addressed in this policy, please feel free to contact us using the methods at the bottom of this policy under the heading “How to contact Us”.

Your Acknowledgement Of Our Privacy Policy

By using this website, you acknowledge that you’ve read and understood this privacy policy. Please note that this policy does not extend your rights or Australian Credit Data’s obligations beyond those defined in the legislation listed above.
Should there be any inconsistency between this policy, the Privacy Act and other Acts mentioned above, this policy shall be interpreted to give effect to and comply with the legislation.
This policy includes examples but is not intended to be restricted in its application to such examples. Where the word ‘including’ is used, it shall mean ‘including without limitation’.
Our websites may contain links to external websites. ACD is not responsible for the privacy policies of those other websites. We recommend you review the privacy policies of each site you visit.

About Australian Credit Data Company

Australian Credit Data is a company whose primary services are related to the correction of credit information that is held by credit bureaus on an individual’s credit file. This information represents that persons credit history, and may be used to have direct bearing on their ability to obtain a loan or other forms of finance.
Australian Credit Data is not a credit bureau. We are a technology company that assists credit providers communicate securely with each other about credit information. We may issue communications on the behalf of our customers, such as emails, letters or SMS, which may represent information contained in a credit file. Such communication is not our communication to any individual, as we are acting as an agent of the issuer to deliver that communication on their behalf. Further to this, Australian Credit Data makes no determination on any matter of a correction to credit information. This is left to the stakeholders who are parties to the data held by the credit bureaus, typically being the credit provider and the credit bureau themselves.

Our Customers

Australian Credit Data deals with credit information that is held by credit bureaus. Typically, this information may be held on any resident Australian, and may also include those residing in Australia from overseas.

As such, our customers represent a broad cross section of the Australian population, and we may acquire data from these sources.

Other customers of Australian Credit Data represent credit providers and credit bureaus that own or manage credit information and/or consume it to make credit decisions upon. These organisations may pass personal information to Australian Credit Data.

Collection of Personal Information

‘Personal information’ means information we hold about you from which your identity is either clear or can be reasonably determined. When you give us your personal information, it imposes a serious responsibility on us. Protecting your privacy when handling your personal information is very important to us and is fundamental to the way we operate and how we serve our customers.
Generally, we will collect personal information when it is passed to us from a third party. We collect information that is necessary to provide the product or service (including our agency functions) that you requested from the 3rd party or directly from us. An ‘agency function’ means a service that we provide to you on behalf of another organisation, such those related to our credit data corrections handling processes.
We may collect personal information from you when:
• You initiate a request for a correction to your credit file either through us or a 3rd party who uses our products and services.
• You fill in an application form
• Deal with us over the telephone
• Purchase a product or service in one of our retail outlets
• e-mail us
• Create an account with us
• Ask us to contact you after visiting our web site.
We will collect personal information from you by lawful and fair means and not in an unreasonably intrusive way.
If you choose to not provide your personal information when requested, we may not be able to deliver the product or service that you have requested. We will endeavour to make this as clear as possible for each service. This may mean that we elect not to serve you.
Information collected
As noted above, we will only collect personal information from you that’s necessary to provide the product or service or to carry out internal administrative functions. We collect different personal information depending on the product or service that you have requested. Some examples include:
• Credit Information – information contained on your credit file that you may elect to disclose to us or to another agent who may pass this data to us. This may include information related to credit relationships you maintain with banks, telecommunications business, utilities and other credit providers. It may include per
• Identity and Document Information – Given the breadth of usage of credit information and that ACD will supply data directly into credit bureaus that may result in corrections to credit files, we may collect a range of identity and documents that allow you to validate your identity. This may include proof of identification documentation such as government papers (births, deaths, marriage certificates), passports, and drivers licence, utility bills, telecommunications bills and other forms of identification. We typically pass this information to another organization who may require it in line with their own policies, and they may elect to retain a copy for their records.

Unsolicited Information

“Unsolicited” personal information is personal information about an individual that an organisation has unintentionally received. This is an uncommon occurrence for Australian Credit Data, but when it does happen, we will protect your personal information with the same rigour as we treat personal information that we intended to collect. If we could not have collected this information through our normal processes, we will de-identify that information as soon as we can.

Uses And Sharing

We use the personal information you provide only for purposes consistent with the reason you provided it, or for a directly related purpose. We may also use your personal information where required or permitted by law. We may also use your information where you have provided us with your express or implied consent.
We do not share your personal information with other organisations unless:
• You provide your express consent either to us or to a 3rd party who you deal directly with, who may then pass this consent to us, or
• Sharing is otherwise required or permitted by law, or
• This is necessary on a temporary basis to enable our contractors to perform specific functions.
When we provide personal information to companies who perform services for us, such as specialist information technology companies, mail houses or other contractors to Australian Credit Data we require those companies to protect your personal information as diligently as we do. Contractual and other quality assurance measures are used to ensure your personal information is protected.
We have a strict duty to maintain the privacy of all personal information we hold about you. However, certain exceptions do apply. For example, where disclosure of your personal information is:
• Authorised or required by law (e.g. disclosure to various government departments and agencies such as the Office of the Australian Information Commissioner, Australian Taxation Office, various State Police services, Centrelink or disclosure to courts under subpoena)
• In the public interest (e.g. where a crime, fraud or misdemeanour is committed or suspected and disclosure against the customer’s rights to confidentiality is justified)
• With your consent – your consent may be implied or express and it may also be verbal or written.
Overseas use and disclosure
Australian Credit Data may transfer personal information to countries outside Australia, if we pass your information to an Australian organization that may then elect to process it offshore. An example may be that Australian Credit Data May pass your information to an Australian bank who may have operational processing facilities located in another country. We will only do so in compliance with all applicable Australian data protection and privacy laws. Australian Credit Data will take reasonable steps to protect personal information no matter what country it is stored in or transferred to. We have procedures and data transfer contracts as appropriate to help ensure this.

Direct Marketing

From time to time we may use the personal information we collect from you to identify particular products and services which we believe may be of interest to you. We may then contact you to let you know about these products and services and how they may benefit you. We will only do this with your prior consent and we will always give you a choice to opt out of receiving such information in future.
Direct Marketing generally takes the form of Direct Mail or Electronic Marketing (email). In rare cases, we may use Telemarketing. Each of these channels is handled as follows:
• Direct mail – Where we use your personal information to send you marketing information via the post we may do so with your implied consent or, if this is impracticable, we will ensure that you are provided with an opportunity to opt out of receiving future such communications. By not ticking a clearly displayed “opt out” box, we will assume we have your implied consent to receive similar marketing communications in the future. We will always ensure that our opt out notices are clear, conspicuous and easy to take up.
• Electronic marketing – Where we use your personal information to send you marketing information by e-mail, SMS, MMS or other electronic means we may do so with your express or implied consent. You may give us your express consent by, for example, ticking a box on an electronic or paper form where we seek your permission to send you electronic or other marketing information. Consent may be implied from our existing business relationship or where you have a reasonable expectation of receiving an electronic marketing communication.
• Telemarketing – Australian Credit Data does not usually engage in telemarketing activities to our consumer customers. Generally, such marketing is only used in relation to our business customers. Should any consumer telemarketing be undertaken or authorised by Australian Credit Data, we will, to the extent that it applies, comply with the relevant legislation (see above).
Every directly addressed marketing contact sent or made by Australian Credit Data will include a means by which customers may unsubscribe (or opt out) of receiving further marketing information.

Accessing Your Personal Information

You have the right to request access to the personal information we hold about you. This right is subject to certain exceptions (see below) allowed by law.
Australian Credit Data will, upon your request, and subject to applicable privacy laws, provide you with access to your personal information that is held by us. However, we ask that you identify, as clearly as possible, the type (or types) of information requested. Australian Credit Data will deal with your request in a reasonable time – usually within 30 days.
Depending on the breadth of your request, we may recover from you our reasonable costs incurred in supplying you with access to this information, unless law does not permit this.
Exceptions
Your right to access your personal information is not absolute. In some circumstances, the law permits us to refuse your request to provide you with access to your personal information, such as circumstances where:
• Access would pose a serious threat to the life or health of any individual
• Access would have an unreasonable impact on the privacy of others
• The request is frivolous
• The information relates to a commercially-sensitive decision-making process
• Access would be unlawful
• Access may prejudice enforcement activities, a security function or commercial negotiations.
Freedom of information laws
In addition to privacy laws, you may have rights to access your personal information contained in certain Australian Credit Data documents. Details on how to apply for access to these documents are contained in the Freedom of Information Act 1982 (FOI Act) (External link).
More information is available at the Office of the Australian Information Commissioner’s freedom of information (External link) pages.

Updating Your Information

It is inevitable that some personal information which we hold will become out of date. We will take reasonable steps to ensure that the personal information which we hold remains accurate and, if you advise us of a change of details, we will amend our records accordingly.
We are bound to hold information for lengths of time that are prescribed by the Privacy Act. This may mean that we hold your information for 7 years. During such lengths of time, your personal information may change. We will endeavor to record information accurately that is provided to us by you or our agents. We will also maintain records of your information that will be stored and may be reproduced to demonstrate your details at a point in time.
Where your information has been disclosed to a third party, Australian Credit Data will take reasonable steps to notify the third party of the correction.
Where we are unable to update your information, we will provide an explanation in writing as to why the information cannot be corrected.

Information Security

Australian Credit Data is committed to keeping your trust by protecting and securing your personal information.
We employ appropriate technical, administrative and physical procedures to protect personal information from unauthorised disclosure, loss, misuse or alteration.
We limit access to personal information to individuals with a business need consistent with the reason the information was provided. We keep personal information only for as long as it is required for business purposes or by the law.
Australian Credit Data protects your personal information by complying with Information Security Standards, Industry Schemes and Statutory obligations. From time to time we will conduct targeted internal and external audits on our security systems to validate the currency of our security practices, and those of the organizations who we engage to provide our products and services.

Website Security and Privacy

We understand that you may be concerned about the security of the personal information we collect from you online.
Accordingly, we have systems in place to ensure our online dealings with you are as secure as your dealings with us in person, or on the telephone.
In those instances where we secure your personal information in transit to us and upon receipt, we use the industry standard encryption software, Secured Socket Layer (SSL) 128 bit encryption. The URL in your browser will change to “HTTPS” instead of “HTTP” when this security feature is invoked. Your browser may also display a lock symbol on its bottom task bar line to indicate this secure transmission is in place.
For site security purposes and to ensure this service remains available to all users, we employ software programs to monitor network traffic in order to identify unauthorised attempts to upload or change information, or otherwise cause us damage. Except for authorised law enforcement investigations, no other attempts are made to identify individual users or their usage habits other than those uses identified in this policy. Unauthorised modification or misuse of information stored in this system will be investigated and may result in criminal prosecution.
Information collected on this website
We may collect non-personal information from you such as browser type, operating system, and web pages visited to help us manage our web site.
We may use cookies (see below) and other internet technologies to manage our website and certain online products and services. We do not use these technologies to collect or store personal information unless you have opted in to such a feature.
Our internet server logs the following information which is provided by your browser for statistical purposes only:
• the type of browser and operating system you are using
• your Internet Service Provider and top level domain name (for example – .com, .gov, .au, .uk etc)
• the address of any referring web site (for example – the previous web site you visited)
• your computer’s IP (Internet Protocol) address (a number which is unique to the machine through which you are connected to the internet).
All of this information is used by Australian Credit Data for aggregated statistical analyses or systems administration purposes only. No attempt will be made to identify users or their browsing activities, except where required by law.

Loss of Personal Information

Despite our every effort to protect your personal information, there remains the possibility that a breach of our security could occur. In the event of loss of personal information Australian Credit Data will:
• Seek to rapidly identify and secure the breach to prevent any further breaches
• Engage the appropriate authorities where criminal activity is suspected
• Assess the nature and severity of the breach including the type of personal information involved and the risk of harm to affected individuals
• Notify the affected individuals directly if appropriate and where possible
• If appropriate, put a notice on our website advising our customers of the breach
• Notify the Privacy Commissioner (at the OAIC) if the breach is significant.

How To Contact Us

Australian Credit Data is committed to working with its customers to obtain a fair resolution of any complaint or concern about privacy.
To contact us with a compliment or complaint or a privacy question, you can:
• write to us at:

Australian Credit Data 
Privacy Officer
Level 32, 101 Miller St
North Sydney 2060
• Email us at enquiries@austcdc.com.au

Changes To This Privacy Policy

From time to time, Australian Credit Data may vary its Privacy Policy. We will post changes when this policy is updated.

Further Information On Privacy

You can obtain further general information about your privacy rights and privacy law from the Office of the Australian Information Commissioner by:
• calling their Privacy Hotline on 1300 363 992
• visiting their web site at http://www.oaic.gov.au/ (External link)
writing to: 
The Australian Information Commissioner 
GPO Box 5218 
Sydney NSW 1042