CREDIT INFORMATION (PRIVACY) POLICY
This policy has been developed to appropriately acknowledge the importance of, and assist in providing a framework for, the appropriate level of protection for consumer identification and credit information protection. The policy represents Rapid Loans Pty Ltd’s commitment to compliance with the privacy laws and privacy code obligations.
Concerning the collection, holding, use and disclosure of credit related personal information
We provide this policy in accordance with the Privacy Amendment (Enhancing Privacy Protection) Act 2012, hereafter referred to as the Privacy Act, detailing the lawful approach we take in the collection of information in our role as credit providers and in regard to the management and use of all information collected from our potential customers and actual customers, and all subsequent dealings with customer/consumer representatives, credit reporting bodies, and other entities listed in this policy.
In the course of our business, we provide consumer credit, as defined in Section 6(1) of the Privacy Act. This credit being provided wholly or primarily for personal, family, or household purposes and, as a matter of business policy – no other use.
In the course of our business we seek to establish your credit worthiness. That means:
- your eligibility to be provided with consumer credit;
- your history in relation to consumer credit; and
- your capacity to repay an amount of consumer credit.
The kinds of credit information we collect and hold
In accordance with the industry’s mandatory Credit Reporting Privacy Code, Obligation 5.1, we collect and hold credit reporting information, credit identification information, credit capacity information and personal information collected and held under Section 18 of the Privacy Act prior to 12 March 2014 and, thereafter, under Part IIIA of the Privacy Act.
Where personal information concerning an overdue payment is held and, where information concerning this overdue payment is presented to a credit reporting body, the amount overdue will be a minimum of $150.
In accordance with Section 6 of the Privacy Act, we may collect and hold the following personal information:
- identification information;
- consumer credit liability information;
- repayment history information;
- a statement that an information request has been made to a credit reporting body, by a credit provider, in relation to your application for credit;
- the type of consumer credit or commercial credit, and the amount of credit sought in an application that you have made to a credit provider, in connection with which that credit provider has made an information request concerning you;
- overdue and default information concerning your current and/or previous loans;
- payment information about you, including information concerning late payments;
- information about new arrangements you may have made involving an existing credit contract;
- court proceedings (civil) information about you;
- personal insolvency information about you, as included on the National Personal Insolvency Index, which relates to bankruptcy, debt agreements, personal insolvency agreements and Sections 50 and/or 188 Bankruptcy Act directions and/or authorities;
- publicly available information concerning your activities in Australia and your credit worthiness, including information recorded on the National Personal Insolvency Index;
- any opinion that we might reach that you have committed a serious credit infringement in relation to consumer credit we have provided to you, with the circumstances specified on the file; and
- unsolicited information that we may deem relevant to keep on file.
Explanation of some of the key elements listed above is as follows.
Identification information about you
To assist in protecting you against identity theft and to assist in reducing the opportunity for fraud, we may ask you for some or all of the following identification information:
- your full name;
- any alias or previous name/s;
- date of birth;
- current address;
- 2 previous addresses (if any);
- name of current employer; or
- name of last known employer; and
- driver’s licence number.
Consumer credit liability information
We collect and hold consumer credit liability information, including:
- the name of the credit provider;
- whether or not the credit provider holds an Australian Credit Licence;
- the type of consumer credit;
- the day on which the consumer credit was entered into;
- the terms or conditions of the consumer credit which relate to the repayment of that credit and anything that may be prescribed by regulation;
- the maximum amount available under the consumer credit; and
- the day on which the consumer credit is terminated, or otherwise ceases to be in force.
Repayment history information
If and when we provide consumer credit to you, the following information about you as a consumer may be collected and held:
- whether or not you have met monthly repayment obligations;
- the date on which the monthly payment is due and payable; and
- if you make payments after the due and payable day, the day on which you actually made the payment.
Overdue and Default information
We collect and hold information about any payment that is overdue and, under Section 88 of the National Credit Code, Regulation 86 of the National Consumer Credit Protection Regulations 2010 and Section 6Q of the Privacy Act, that:
- you are overdue in making the payment;
- you have received a written notice from us advising you of the overdue amount and requesting payment of the amount;
- the Statute of Limitations does not prevent us from recovering the amount; and
- where the amount overdue is $150 or more, it is sufficient to list on your file with a credit reporting body. Any amount will be listed on the file we maintain concerning your identification and credit information.
We may collect and hold information that is given or made against you in civil court proceedings that relate to any credit that has been provided to you, or for which you have applied.
How we collect credit information
We collect credit information from 6 possible sources:
- from you;
- from the documentation we request and you provide;
- from credit reporting bodies;
- from people or organisations you permit us to contact, to verify your credit relevant details;
- from other credit providers; and
- from information about you publicly available, including court and tribunal reports and decisions.
Please note, depending on circumstances, we may choose not to seek information from all these sources to assess your credit application.
How we hold credit information securely
In all circumstances, we take reasonable steps to protect your information from misuse, loss, interference, unauthorised access, modification or unauthorised disclosure. We choose not to provide further detail, for security reasons. Further protection detail can be provided to you verbally, on request.
The kinds of credit eligibility information that we hold
This is credit reporting information and CP derived information about you that may be disclosed to us by a credit reporting body, under Division 2 of Part IIIA of the Privacy Act.
How we hold credit eligibility information
Hard copies are held in a locked environment, with other security protection after business hours and electronic copies are held in a secure environment, with the application of appropriate passwords and other computer and software security techniques.
The credit reporting bodies
We may provide information to and request information from Equifax, a credit reporting body and from Illion (formerly Dun & Bradstreet), a credit reporting body. If you have a need to contact those bodies, the contact details are:
Equifax (formerly Veda)
Telephone: 138 332
Illion (formerly Dun & Bradstreet)
Telephone: D&B Public Access Centre on 1300 734 806
PO Box 7405 St Kilda Road, Melbourne Vic 3004
You may contact the body if:
- you believe that the information they have on their file about you needs amendment or correction; and/or
- you want the body to hold off disclosing any information from their file about you because, on reasonable grounds, you believe that you have been, or are likely to be, a victim of fraud; and/or
- you do not want the body to use their credit reporting information for the purposes of pre-screening for direct marketing by a credit provider.
From time to time we may have notifiable matters we wish to communicate to you. A brief description of these notifiable matters, if any, and information on our credit reporting, is included on our website. At any time you may request a hard copy, or emailed copy, of the notifiable matters from time to time included on our website.
Transfer of information between us and Equifax and/or Dun & Bradstreet, the credit reporting bodies
This information transfer is permitted under Division 2 of Part IIIA of the Privacy Act 2012. The information involved is the credit-related personal information that a credit reporting body may provide about you, to assist us to assess your credit worthiness. This information is relevant for use in establishing your eligibility for consumer credit.
Please note that the company may contract with Equifax and/or Dun & Bradstreet to have part or all of this information provided, from time to time, in accordance with company policy. This information has been provided to Equifax and/or Dun & Bradstreet by credit providers with whom you have had contact, and includes:
- information about you after you turned 18, except identification information;
- credit applied for and/or supplied in Australia;
- your repayment history; and
- any default information.
If we provide a loan to you and you fail to meet your repayment obligations, or commit a serious credit infringement, we may be entitled to disclose this to the credit reporting body and it will be included on the file they hold about you.
The purposes for which we collect, hold, use and disclose credit information and credit eligibility information
The consumer credit-related purposes for which we collect, hold, use and disclose information are:
- to assess your application to us for consumer credit; and
- to collect payments that are overdue in relation to consumer credit we may have provided you; and
- to collect payments that are overdue in relation to consumer credit provided by another credit provider, under a credit contract that has been assigned to us by that other credit provider [in accordance with Sub-sections 6K(2) and (3)].
In accordance with section 21M, we will disclose relevant and permitted information to debt collectors.
Use of credit eligibility information
In accordance with Section 21G, we use credit eligibility information for the following purposes:
- credit related purposes involving you; or
- permitted reporting of information to a credit reporting body; or
- in connection with what we reasonably believe is a serious credit infringement that you may have committed; or
- for a use prescribed by a court, or tribunal, or regulations.
We will disclose this information to:
- credit bodies;
- a company related to us;
- a person responsible for processing your credit application; or
- a person who manages our credit contracts; or
- another credit provider, if we reasonably believe that you have committed a serious credit infringement; or
- the external dispute resolution scheme we subscribe to; or
- as authorised under Australian law, regulation, court or tribunal.
In accordance with Section 21N of the Privacy Act, we may disclose information to an approved entity seeking participation in an assignment of your debt, or purchase of our business. Should the transaction proceed, you will be informed in writing, in accordance with Obligation 13 in the Credit Reporting Privacy Code and all our rights will be transferred to the acquirer, in accordance with Section 6K of the Privacy Act.
How you may access credit eligibility information that we hold about you
First contact the Privacy Compliance Manager, telephone: 1300 727 431, or email firstname.lastname@example.org, or PO Box 429 Miami Qld 4220, or fax no. 1300 765 608.
In accordance with Section 21T and Code Obligation 19, at your request, we will:
- give you access to any credit information we hold about you;
- respond to your request within a reasonable period and provide the access within 30 days of your request;
- provide the information in a clear manner and provide reasonable explanations and summaries of the information, to assist you to understand the impact of the information; and
- deny access, only if such would be unlawful, required under Australian law, or by a court or tribunal, or would prejudice an official enforcement body investigation.
Following your successful request, access will be provided by the Privacy Compliance Manager, who will facilitate the provision of a printout of your information stored in the company’s Specialist Lending System. This printout will be emailed or posted to you, as you may request. Any denial of access will be in writing, with the reason/s explained and details of the company’s internal disputes resolution process, relevant external resolution scheme and the Office of the Australian Information Commission, to which you may lodge a complaint if not satisfied with the company’s explanation.
How you may seek the correction of credit information and credit eligibility information that we hold
Once you have inspected the personal credit information we hold on file about you, you may inform our Privacy Compliance Manager if you have discovered any information that is inaccurate, out-of-date, incomplete, irrelevant or misleading.
The Privacy Compliance Manager will be pleased to amend the file within 30 days but, in most cases, will require appropriate evidence from you to support your request. Please note that, in the exercise of this correction duty, the Privacy Compliance Manager is lawfully entitled to consult with a credit reporting body and/or another credit provider. You, and any entity consulted in the process, will be informed in writing of any correction.
How you may complain about our failure to comply with this Division, or the relevant registered CR code
There are 3 ways you may complain:
- Verbally, or in writing, to our Privacy Manager.
- If you are not satisfied with the Privacy Manager’s response, you can complain verbally or in writing to our Internal Disputes Resolution Manager.
- If you are not satisfied with the Internal Disputes Manager’s response you can lodge a complaint either with the Privacy Commissioner, at the Office of the Australian Information Commission, contact details –
Office of the Australian Information Commission
GPO Box 5218
Sydney NSW 2001
Phone: 02 9284 9753
Enquiries: 1300 363 992
With the external disputes resolution scheme of which we are a member, contact details:
Australian Financial Complaints Authority
GPO Box 3
Melbourne Vic 3001
Phone: 1800 931 678
There is no charge for lodging a complaint.
How we will deal with such a complaint
We will write to you acknowledging receipt of the complaint. After appropriate investigation, the Privacy Manager will write to you as soon as practicable after a decision has been reached, outlining the decision and the reasons for reaching it.
We do not disclose credit information, or credit eligibility information, to entities that do not have an Australian link and your information is not held in any way by an overseas body.
Notifiable Data Breaches
An eligible data breach is unauthorised access to or unauthorised disclosure of personal information, or a loss of information that we hold, that a reasonable person would conclude is likely to result in serious harm to any individuals to whom the information relates and we have not been able to prevent the likely risk of serious harm with remedial action.
If there are reasonable grounds for us to suspect there has been a data breach, where possible we will take all reasonable steps to contain the possible data breach and will, as soon as possible and within 30 days after we become aware of the suspected breach, assess whether the breach is likely to result in serious harm to any individuals to whom the information relates and whether it is an eligible data breach.
If we have reasonable grounds to believe there is an eligible data breach, and no exception under the Privacy Act applies, we will notify those individuals affected and the Australian Information Commissioner. This notification will contain our contact details, a description of the eligible data breach, the kind/s of information concerned and recommended steps for individuals to avoid, reduce or control any adverse impact from the breach.
If it is not practical to contact the affected individual directly, we will publish a statement on our website.
There are some exceptions under the Privacy Act which may not require us to notify individual/s of an eligible data breach. For example, if we have taken remedial action before any serious harm occurs or before any unauthorised access or disclosure occurs, or where there has been a declaration by the Australian Information Commissioner that we are not required to give a notification.