CREDIT INFORMATION (PRIVACY) POLICY
Including Statement of Notifiable Matters and More Information
Please read this document BEFORE you provide Us with ANY personal information in connection with applying for a loan from Us. If you provide Us with this personal information, We will assume that you have followed this instruction and that you have read and understood this Policy.
This policy has been developed to appropriately acknowledge the importance of, and assist in providing a framework for, the appropriate level of protection for consumer identification and credit information protection. The policy represents Rapid Loans’ commitment to compliance with the privacy laws and privacy code obligations.
Concerning the collection, holding, use and disclosure of credit related personal information
We provide this policy in accordance with the Privacy Act 1988, hereafter referred to as the Privacy Act, detailing the lawful approach We take in the collection of information in Our role as credit providers and in regard to the management and use of all information collected from Our potential customers and actual customers, and all subsequent dealings with customer/consumer representatives, credit reporting bodies, and other entities listed in this policy.
In the course of Our business, We provide consumer credit, as defined in Section 6(1) of the Privacy Act. This credit being provided wholly or primarily for personal, family, or household purposes and, as a matter of business policy – no other use.
In the course of Our business We seek to establish your credit worthiness. That means:
- your eligibility to be provided with consumer credit;
- your history in relation to consumer credit; and
- your capacity to repay an amount of consumer credit.
The kinds of credit information We collect and hold
In accordance with the industry’s mandatory Credit Reporting Privacy Code, Obligation 5.1, We collect and hold credit reporting information, credit identification information, credit capacity information and personal information collected and held under Section 18 of the Privacy Act prior to 12 March 2014 and, thereafter, under Part IIIA of the Privacy Act.
Where personal information concerning an overdue payment is held and, where information concerning this overdue payment is presented to a credit reporting body, the amount overdue will be a minimum of $150.
In accordance with Section 6 of the Privacy Act, We may collect and hold the following personal information:
- identification information;
- consumer credit liability information, including current bank statement information at the time of the application and assessment of your loan and, if approved, during the term of the loan;
- repayment history information;
- a statement that an information request has been made to a credit reporting body, by a credit provider, in relation to your application for credit;
- the type of consumer credit or commercial credit, and the amount of credit sought in an application that you have made to a credit provider, in connection with which that credit provider has made an information request concerning you;
- overdue and default information concerning your current and/or previous loans;
- payment information about you, including information concerning late payments;
- information about new arrangements you may have made involving an existing credit contract;
- court proceedings (civil) information about you;
- personal insolvency information about you, as included on the National Personal Insolvency Index, which relates to bankruptcy, debt agreements, personal insolvency agreements and Sections 50 and/or 188 Bankruptcy Act directions and/or authorities;
- publicly available information concerning your activities in Australia and your credit worthiness, including information recorded on the National Personal Insolvency Index;
- any opinion that We might reach that you have committed a serious credit infringement in relation to consumer credit We have provided to you, with the circumstances specified on the file; and
- unsolicited information that We may deem relevant to keep on file.
Explanation of some of the key elements listed above is as follows.
Identification information about you
During the credit suitability process, required under Sections 128-131 of the National Consumer Credit Protection Act, to assist in protecting you against identity theft and to assist in reducing the opportunity for fraud, We may ask you for some or all of the following identification information:
- your full name;
- any alias or previous name/s;
- date of birth;
- current address;
- 2 previous addresses (if any);
- name of current employer; or
- name of last known employer; and
- driver’s licence number.
Consumer credit liability information
We collect and hold consumer credit liability information, including:
- the name of the credit provider;
- whether or not the credit provider holds an Australian Credit Licence;
- the type of consumer credit;
- the day on which the consumer credit was entered into;
- the terms or conditions of the consumer credit which relate to the repayment of that credit and anything that may be prescribed by regulation;
- the maximum amount available under the consumer credit; and
- the day on which the consumer credit is terminated, or otherwise ceases to be in force.
Repayment history information
If and when We provide consumer credit to you, the following information about you as a consumer may be collected and held:
- whether or not you have met monthly repayment obligations;
- the date on which the monthly payment is due and payable; and
- if you make payments after the due and payable day, the day on which you actually made the payment.
Thereafter, this information may be provided to a credit reporting or reference body.
Overdue and Default information
We collect and hold information about any payment that is overdue and, under Section 88 of the National Credit Code, Regulation 86 of the National Consumer Credit Protection Regulations 2010 and Section 6Q of the Privacy Act, that:
- you are overdue in making the payment;
- you have received a written notice from Us advising you of the overdue amount and requesting payment of the amount;
- the Statute of Limitations does not prevent Us from recovering the amount; and
- where the amount overdue is $150 or more, it is sufficient to list on your file with a credit reporting body. Any amount will be listed on the file We maintain concerning your identification and credit information.
We may collect and hold information that is given or made against you in civil court proceedings that relate to any credit that has been provided to you, or for which you have applied.
How We collect credit information
We collect credit information from 6 possible sources:
- from you;
- from the documentation We request and you provide;
- from credit reporting bodies;
- from people or organisations you permit Us to contact, to verify your credit relevant details;
- from other credit providers; and
- from information about you publicly available, including court and tribunal reports and decisions.
Please note, depending on circumstances, We may choose not to seek information from all these sources to assess your credit application.
How We hold credit information securely
In all circumstances, We take reasonable steps to protect your information from misuse, loss, interference, unauthorised access, modification or unauthorised disclosure. We choose not to provide further detail, for security reasons. Further protection detail can be provided to you verbally, on request.
The kinds of credit eligibility information that We hold
This is credit reporting information and CP derived information about you that may be disclosed to Us by a credit reporting body, under Division 2 of Part IIIA of the Privacy Act.
How We hold credit eligibility information
Hard copies are held in a locked environment, with other security protection after business hours and electronic copies are held in a secure environment, with the application of appropriate passwords and other computer and software security techniques.
The credit reporting bodies
We may provide information to and request information from Equifax, a credit reporting body and from Illion (formerly Dun & Bradstreet), a credit reporting body. If you have a need to contact those bodies, the contact details are:
Equifax (formerly Veda)
Telephone: 138 332
Illion (formerly Dun & Bradstreet)
Telephone: D&B Public Access Centre on 1300 734 806
PO Box 7405 St Kilda Road, Melbourne Vic 3004
You may contact the body if:
- you believe that the information they have on their file about you needs amendment or correction; and/or
- you want the body to hold off disclosing any information from their file about you because, on reasonable grounds, you believe that you have been, or are likely to be, a victim of fraud; and/or
- you do not want the body to use their credit reporting information for the purposes of pre-screening for direct marketing by a credit provider; and/or
Process when collecting information from a credit reporting body
To obtain a credit report of some kind about you, We are required to provide certain information which the credit reporting body will note on your credit file, along with the fact that We made an enquiry.
In accordance with the credit reporting body’s policies, this information will probably appear on your credit report and will be accessible by credit providers who are customers of the credit reporting body, when you are applying for a loan at some time in the future.
This identity and credit information and these listings could adversely impact on your future applications for credit, if the relevant future credit provider’s application approval policies and processes include consideration of the number of past inquiries as being indicative of something adverse or negative about you as a borrower.
We have no control over or input into the credit reporting body’s policies with regard to the content of their credit reports. If you proceed to applying for a loan with Us, you will be provided with a Privacy Consent Agreement which includes further detail from the company concerning privacy for borrowers. When you indicate your consent or acceptance of that agreement, you will be agreeing to the possibility that the current or future information on your credit report may prevent you from obtaining the loan you are currently seeking, or some future loan.
Information provided by credit reporting or reference bodies
Subject to conditions, Part 111A of the Privacy Act permits credit reporting bodies to collect from Us, other credit providers and from elsewhere, the following information about you which may be included on your credit file held by the credit reporting body. This information will be available to Us and to any other client of the credit reporting body who makes a credit inquiry, seeking a credit report of some sort from that body.
This information is limited to personal credit information, credit reporting information, credit ID information and credit capacity information, and includes:
- identification information;
- consumer credit liability information;
- repayment history information;
- a statement that an information request has been made by Us, another credit provider, broker, mortgage insurer or trade insurer, or other client of the credit reporting body;
- the type of consumer credit or commercial credit;
- default information;
- serious credit infringement information;
- payment information;
- new arrangement information, including changes in the terms and conditions of your credit contract;
- court proceeding information;
- personal insolvency information;
- publicly available information as to your credit worthiness (subject to some exceptions); and/or
- a credit provider’s opinion that you have committed a serious credit infringement in relation to the consumer credit which credit provider has provided to you; and/or
- the total indebtedness and any accumulation of such due to defaults in payment and associated fees and interest charges before, during and after the issuing of the Privacy Act’s Section 6Q and Section 21D Notices.
Some of this information may be collected from Us, some from other clients of the credit reporting body and some from other sources, as specifically indicated, or by implication indicated above.
Please note that the credit reporting body has discretion as to what it will include in a credit report about you and there is no opportunity under the Privacy Act, or Credit Reporting Privacy Code, to complain if the body chooses not to list certain information it holds about you, including information We have provided.
Should you have any issues with the information that the credit reporting body holds and uses in their reports about you, the complaint should be made direct to the credit reporting body, because that body is the only authorised or recognised entity that can make and implement the decision to change the information it holds. Please note that you will be required to fully, accurately and honestly explain the reasons you seek a change to the information on your credit file or credit report (whatever called).
You are invited to visit Equifax (www.equifax.com.au) and/or Illion’s (www.illion.com.au) websites to view the following information:
- How you can obtain their privacy policies.
- Your right to access and correct information they hold about you.
- How you may complain if you think they have breached privacy and credit reporting laws that apply to you.
- Your right to request that they not use any information held about you for purposes of pre-screening, for any company to undertake direct marketing that involves you.
- Your right to request that they not use or provide to their clients any information about you if you believe that you are a victim of fraud.
This document contains all the notifiable matters, as specified in the Credit Reference Privacy Code, together with all matters specified in the Privacy Act that We are required to communicate to you. As such, it constitutes a Notifiable Matters Statement and a Credit Information (Privacy) Policy.
In this document and in the Privacy Consent Agreement, which you may receive later, We have chosen the option available by the wording in Code Obligations 4.2 of the Credit Reporting Privacy Code to present the information required in Code Obligations 4.1, as well as the information required for presentation under the Privacy Act in this document. This Credit Information (Privacy) Policy and the Privacy Consent Agreement, including the Notifiable Matters Statement, are provided with clear instructions to you to read both, before you make any attempt to provide Us with personal information in conjunction with applying for a personal loan from Us.
Transfer of information between Us and Equifax and/or Illion, the credit reporting bodies
This information transfer is permitted under Division 2 of Part IIIA of the Privacy Act 1988. The information involved is the credit-related personal information that a credit reporting body may provide about you, to assist Us to assess your credit worthiness. This information is relevant for use in establishing your eligibility for consumer credit.
Please note that the company may contract with Equifax and/or Illion to have part or all of this information provided, from time to time, in accordance with company policy. This information has been provided to Equifax and/or Illion by credit providers with whom you have had contact, and includes:
- information about you after you turned 18, except identification information;
- credit applied for and/or supplied in Australia;
- your repayment history; and
- any default information.
If We provide a loan to you and you fail to meet your repayment obligations, or commit a serious credit infringement, We may be entitled to disclose this to the credit reporting body and it will be included on the file they hold about you.
Regardless of any request from anywhere, including “credit repair” companies, We will not remove, or attempt to facilitate the removal of this default information from either Our files or from the credit reporting body’s files and credit reports, unless We are presented with clear and convincing evidence that either the information is factually incorrect, the default has been repaired with full payment of the amount owing, or unless We have agreed to a payment arrangement with you that is the subject of an agreement between both parties.
The purposes for which We collect, hold, use and disclose credit information and credit eligibility information
The consumer credit-related purposes for which We collect, hold, use and disclose information are:
- to assess your application to Us for consumer credit; and
- to collect payments that are overdue in relation to consumer credit We may have provided you; and
- to collect payments that are overdue in relation to consumer credit provided by another credit provider, under a credit contract that has been assigned to Us by that other credit provider [in accordance with Sub-sections 6K(2) and (3)]; and
- to include the permitted information in communication with other Australian Credit Licensees, being credit providers with whom We have a referred relationship.
In accordance with section 21M, We will disclose relevant and permitted information to debt collectors.
Use of credit eligibility information
In accordance with Section 21G, We use credit eligibility information for the following purposes:
- credit related purposes involving you; or
- permitted reporting of information to a credit reporting body; or
- in connection with what We reasonably believe is a serious credit infringement that you may have committed; or
- for a use prescribed by a court, or tribunal, or regulations.
We will disclose this information to:
- credit bodies;
- a company related to Us;
- a person responsible for processing your credit application; or
- a person who manages Our credit contracts; or
- another credit provider, if We reasonably believe that you have committed a serious credit infringement; or
- the external dispute resolution scheme We subscribe to; or
- as authorised under Australian law, regulation, court or tribunal.
In accordance with Section 21N of the Privacy Act, We may disclose information to an approved entity seeking participation in an assignment of your debt, or purchase of Our business. Should the transaction proceed, you will be informed in writing, in accordance with Obligation 13 in the Credit Reporting Privacy Code and all Our rights will be transferred to the acquirer, in accordance with Section 6K of the Privacy Act.
How you may access credit eligibility information that We hold about you
First contact the Privacy Compliance Manager, telephone: 1300 727 431, or email firstname.lastname@example.org, or PO Box 429 Miami Qld 4220.
In accordance with Section 21T and Code Obligation 19, at your request, We will:
- give you access to any credit information We hold about you;
- respond to your request within a reasonable period and provide the access within 30 days of your request;
- provide the information in a clear manner and provide reasonable explanations and summaries of the information, to assist you to understand the impact of the information; and
- deny access, only if such would be unlawful, required under Australian law, or by a court or tribunal, or would prejudice an official enforcement body investigation.
Following your successful request, access will be provided by the Privacy Compliance Manager, who will facilitate the provision of a printout of your information stored in the company’s Specialist Lending System. This printout will be emailed or posted to you, as you may request. Any denial of access will be in writing, with the reason/s explained and details of the company’s internal disputes resolution process, relevant external resolution scheme and the Office of the Australian Information Commission, to which you may lodge a complaint if not satisfied with the company’s explanation.
How you may seek the correction of credit information and credit eligibility information that We hold
Once you have inspected the personal credit information We hold on file about you, you may inform Our Privacy Compliance Manager if you have discovered any information that is inaccurate, out-of-date, incomplete, irrelevant or misleading.
The Privacy Compliance Manager will be pleased to amend the file within 30 days but, in most cases, will require appropriate evidence from you to support your request. Please note that, in the exercise of this correction duty, the Privacy Compliance Manager is lawfully entitled to consult with a credit reporting body and/or another credit provider. You, and any entity consulted in the process, will be informed in writing of any correction.
How you may complain about Our failure to comply with this Division, or the relevant registered CR code
There are 3 ways you may complain:
- Verbally, or in writing, to Our Privacy Manager – email@example.com.
- If you are not satisfied with the Privacy Manager’s response, you can complain verbally or in writing to Our Internal Disputes Resolution Manager – IDR@rapidloans.com.au (there is no charge for lodging a complaint).
- If you are not satisfied with the Internal Disputes Manager’s response you can lodge a complaint either with the Privacy Commissioner, at the Office of the Australian Information Commission, contact details –
Office of the Australian Information Commission
GPO Box 5218
Sydney NSW 2001
Phone: 02 9284 9753
Enquiries: 1300 363 992
With the external disputes resolution scheme of which We are a member, contact details:
Australian Financial Complaints Authority
GPO Box 3
Melbourne Vic 3001
Phone: 1800 931 678
There is no charge for lodging a complaint.
How We will deal with such a complaint
We will write to you acknowledging receipt of the complaint. After appropriate investigation, the Privacy Manager will write to you as soon as practicable after a decision has been reached, outlining the decision and the reasons for reaching it.
We do not disclose credit information, or credit eligibility information, to entities that do not have an Australian link and your information is not held in any way by an overseas body.
Notifiable Data Breaches
An eligible data breach is unauthorised access to or unauthorised disclosure of personal information, or a loss of information that We hold, that a reasonable person would conclude is likely to result in serious harm to any individuals to whom the information relates and We have not been able to prevent the likely risk of serious harm with remedial action.
If there are reasonable grounds for Us to suspect there has been a data breach, where possible We will take all reasonable steps to contain the possible data breach and will, as soon as possible and within 30 days after We become aware of the suspected breach, assess whether the breach is likely to result in serious harm to any individuals to whom the information relates and whether it is an eligible data breach.
If We have reasonable grounds to believe there is an eligible data breach, and no exception under the Privacy Act applies, We will notify those individuals affected and the Australian Information Commissioner. This notification will contain Our contact details, a description of the eligible data breach, the kind/s of information concerned and recommended steps for individuals to avoid, reduce or control any adverse impact from the breach.
If it is not practical to contact the affected individual directly, We will publish a statement on Our website.
There are some exceptions under the Privacy Act which may not require Us to notify individual/s of an eligible data breach. For example, if We have taken remedial action before any serious harm occurs or before any unauthorised access or disclosure occurs, or where there has been a declaration by the Australian Information Commissioner that We are not required to give a notification.
Further information from Rapid Loans
From time to time, Rapid Loans may send you information concerning its and any future related company’s credit products and services. Every time such information is sent, you will be given an opportunity to indicate whether or not you want to receive any further similar messages.