Effective Date: 21 January, 2019
This version: 1-2
Previous version: 1-1
Lendly Pty Ltd (ABN 57 108 502 745) and its wholly owned subsidiaries (“we”, “our”, “us”, “Lendly”) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information.
This document is our combined Privacy and Credit Reporting Policy (Policy) and describes how we will comply with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) in relation to the handling of your personal information, including in accordance with the Australian Privacy Principles (APPs), as well as how we comply with the credit reporting obligations contained in the Privacy Act and the Credit Reporting Code as registered under section 26S(1) of the Privacy Act.
Personal Information - is information or an opinion about you that allows Lendly and others to identify you. Throughout this policy, where we talk about ‘personal information’ this generally includes your credit related personal information.
Credit Related Personal Information - covers credit information, credit reporting information and credit eligibility information.
Credit information - is the basic category of personal information in the credit reporting system and can include information about an individual that is obtained from a credit reporting body such as:
- Identification information (such as name and address).
- Beneficial owner information for non-individual entities such as companies or trusts.
- Consumer credit liability information about credit accounts including information such as the date an account was opened, the amount of credit provided and the date the account was finalised.
- Repayment history information for last 2 years on current and finalised accounts.
- Information about previous consumer or commercial credit applications, such as the type and amount of credit sought in those previous applications.
- Default information about consumer credit payments that were overdue for at least 60 days.
- Payment information that was previously notified to a credit reporting body as overdue and is no longer overdue.
- New arrangement information made with a credit provider, in relation to consumer credit that may have been in default or listed as a serious credit infringement.
- Court proceedings information.
- Personal and business insolvency information.
- Publicly available information about credit worthiness and business activity.
- Information lodged by another credit provider that an individual may have committed a serious credit infringement (e.g. fraud).
Credit reporting information - consists of two categories of personal information:
- Credit information about an individual’s credit dealings with other credit providers that has been disclosed to credit reporting bodies by those credit providers.
- Credit reporting bodies’ derived information such as a ‘credit score’ or a ‘credit risk assessment’. This information is derived from the credit information held about an individual by a credit reporting body.
Credit eligibility information - consists of the credit reporting information about an individual that is provided to Lendly by credit reporting body, as well as any Lendly derived information related to that individual.
Why do we collect and hold personal information?
Personal information is primarily collected and held by Lendly so that we can offer you our products and services. We collect personal information for the following specific purposes:
- to assess your loan application;
- to verify your identity;
- to manage and administer your loan and lease;
- to restructure or vary your loan and lease;
- to resolve disputes and complaints;
- to monitor compliance; and
- to satisfy any legal requirements.
We may also collect your personal information for the purposes of direct marketing as outlined in section 7 of this document (Direct Marketing).
We may collect personal and financial information about the seller, to establish legitimate ownership of the goods, if we are providing a loan for the purchase of those goods.
Lendly will also collect personal information from individuals who are not our customers but are associated with you if they are making payments on your behalf or selling you a vehicle for which Lendly is providing you with finance.
What personal information do we collect and how do we collect it?
If you apply for one of our products we may collect and hold personal information such as your name, address, telephone numbers, date of birth, drivers licence details, employment details, salary and income sources, financial details including assets and liabilities.
We also collect Tax File Numbers, credit references and personal credit rating information. If you buy goods privately for which Lendly is providing finance, we may collect personal information about the seller such as name, address, telephone numbers and whether or not there is finance on the goods.
We are required by law to collect some of this information without which we will not be able to consider your application or otherwise deal with you or provide you with a product or service.
We will not collect, use or disclose sensitive information (i.e. health, racial or ethnic origin, etc.) unless:
- we need the information as part of our product offerings and we have your consent; or
- we are legally required to do so.
An example of when we may need to collect sensitive information is when Lendly offers Consumer Credit Insurance through an insurer. If you have this product, you and your medical practitioner could be required to disclose health information for the insurer to accept, administer and assess any claim under that policy.
What sort of personal information is required by law to be collected?
The National Consumer Credit Protection Act 2010 requires credit assistance providers like Lendly to determine your financial situation, needs and objectives when assessing an application for a consumer loan. This is to ensure that we comply with our responsible lending obligations under the law. What this means is that we must collect financial information such as, financial commitments, liabilities, income and expenditure so we can make an informed decision as to the suitability and affordability of the credit you are applying for.
Under the Anti-Money Laundering and Counter Terrorism Financing Act, Lendly is required to collect your personal information to verify your identity. This will mean we need to see documents such as your driver’s licence or passport.
Personal Information collected from you directly
Lendly collects most personal information directly from you by asking you for that information. This is always our preferred way of getting the information that we need.
Information will be collected from you directly in person and electronically specifically for the purpose of assessing your loan application and to ensure we have all the information required for us to comply with the relevant lending laws.
The types of personal information we endeavour to collect from you directly are:
Identification information - this is usually your full name, alias or previous name, current and previous addresses, date of birth, drivers licence, and gender.
Financial information (to help us assess your financial capabilities) - this information will usually include: occupation, employment details, number of dependents, income and income sources, assets and liabilities including monthly repayments on any liabilities, contact phone numbers and bank account details.
In limited circumstances, we receive personal information where we have not specifically asked you for it. It may be that someone else has provided your information (for example, in the process of verifying your employment information) or you may have disclosed information without us asking (for example, where you have contacted us with feedback).
If unsolicited information is provided by or about you it will be assessed to see if it is relevant to your loan assessment and loan suitability under our responsible lending obligations, if not, it will not be used.
We will not collect unsolicited information that is not relevant or required by Lendly; however, this is balanced against Lendly’s responsible lending obligations to fully investigate and assess loan suitability and ensure that you are not placed in hardship.
Personal Information collected from third parties
Although we try to collect personal information directly from you, we sometimes need to collect personal information about you from a third party. For example, we may collect personal information from:
- brokers and other parties whom you have authorised to act on your behalf;
- credit reporting bodies if we request a report on your credit history;
- other credit providers from whom we request information about credit they have provided you;
- Individuals who are not our customers but are associated with a non-individual entity such as a company or trust where personal information is reasonably required; and
- beneficial ownership information from reliable and independent sources such as Government registers including ABN Look up, ASIC’s Registers and all publically available sources including internet search engines such as Google, Yahoo, Bing etc. for non-individual entities and PEPs.
If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking further steps required by privacy laws, we may collect, use and disclose such information for the purposes described in this privacy and credit reporting policy.
Lendly will also conduct Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) verification from Department of Foreign Affairs & Trade (DFAT) and the Office of Foreign Assets Contract (OFAC) counter terrorism lists to support RACVF AML compliance standards in relation to the Anti-Money Laundering and Counter Terrorism & Finance Act 2006. Lendly will also collect personal information from individuals who are not our customers but are associated with you if they are making payments on your behalf or selling you a vehicle for which Lendly is providing you with finance
We tell you how we will use your personal information at the time we collect it. This is done through the privacy consent and acknowledgement statement that you are shown at the time of collection or through a recorded privacy message played to you if you contact us by phone. We also will provide additional explanation if you request it.
We use and disclose your personal information for the purpose for which it has been provided, for reasonably related secondary purposes and for any other purpose you have consented to or that is otherwise permitted under the Act. This may include:
- to verify your identity;
- to assess, process and manage your loan application or enquiry;
- to assist our business partners, where we have an arrangement to jointly offer products to you or where we share information for marketing purposes;
- to provide access and correct upon request;
- to resolve disputes and complaints as required by relevant laws, regulations and codes of practice; and
- to comply with our legal obligations.
In addition, Lendly will use your credit information for the purposes outlined in section 7 of this policy (Direct Marketing).
Depending on the product or service you hold with Lendly we may share personal information (including in some instances, your credit information) with:
- credit reporting bodies;
- credit providers who are Members of the Australian Finance Conference for credit references; brokers and agents who refer your business to us;
- collection agents acting on behalf of Lendly;
- suppliers who you may order goods from (such as car dealers) so that the goods may be provided to you;
- regulatory bodies and government agencies, as required by law;
- any person authorised by you to act on your behalf;
- Lendly business partners, so that they can offer you products (e.g. CCI insurance) or share marketing information with you (where you have consented to this);
- our professional advisors, such as external auditors or lawyers;
- medical practitioners to verify or clarify (if necessary) any health information you may be required to provide; and
- your employers, to verify income and employment status.
Prior to disclosing your personal information to another person or organisation, we will take reasonable steps to satisfy ourselves that:
- the person or organisation has a commitment to protecting your personal information at least equal to our commitment; or
- you have consented to us making the disclosure.
Disclosure of personal information overseas
We may from time-to-time disclose your personal information to an entity located in another country where we are permitted to do so under the Privacy Act.
For example, we may disclose personal information and credit-related information to our financiers, our related bodies corporate and our third party suppliers and service providers to entities located outside of Australia:
- including our data hosting providers and to other IT service providers, some of whom are located in the United States of America (such as Salesforce); and
- to data hosting providers and to other IT service providers, some of whom are located in the United States of America, Canada and Singapore.
Unless we reasonably believe the overseas recipient is subject to a law or binding scheme substantially similar to the APPs, we will take reasonable steps where practicable in the circumstances to ensure that the overseas recipient does not breach the relevant APPs in relation to your personal information.
However, this may not always be achievable and therefore you expressly consent to the collection, processing, use, disclosure, transfer and storage of your personal information outside of Australia where we are not able to ensure the recipient’s compliance with the APPs when acquiring our products or services or providing us with your personal information,. We are required to inform you in relation to this consent that if an overseas recipient handles your personal information in breach of the APPs, the entity will not be accountable under the Privacy Act and you will not be able to seek redress under the Privacy Act. If you do not wish to provide this consent, please contact our Compliance Officer using the contact details set out in section 16.
Lendly will seek your consent for the purpose for which Lendly intends to use and disclose your personal and credit information. This will usually be before you provide us with your information and lodge a credit application. If you have an agent or broker acting on your behalf to source credit with Lendly, you will be required to provide consent to your agent (for the use of your information) at the time of your application with them.
Lendly needs your consent before we can obtain credit information about you from a credit reporting body or if we need to disclose information to other credit providers and third parties to assess your credit application. Depending on the channel you use (phone, internet, and outlet) to lodge your credit application, your consent will be expressed either in writing (e.g. ticking a box, signing a consent acknowledgement), or verbally (agreeing when lodging a credit application over the phone).
What is the purpose of our direct marketing?
We may use or disclose your personal information for the purpose of direct marketing including:
- to share your information within Lendly (including with our related body corporates) and other select companies, so that our other divisions and businesses may also contact you or offer you complimentary or other products and services including in the manner described in section 9 of this Policy including more relevant advertising content;
- for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of us and our related bodies corporate, contractors or service providers; and
- to assist the performance of, and to improve, any marketing and advertising campaigns that we conduct (including on behalf of our financiers or other business partners) as well as assessing the performance of our website;
We undertake this direct marketing in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth), and APP 7 which relates to direct marketing.
Typically we may send you direct marketing communications and information about our products and services (or those of our financiers) that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email or in the form of targeted content and offerings as described in section 9.
How do I opt out of direct marketing communications?
If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. If we do commence sending any direct marketing to you, you may amend or opt-out of receiving marketing communications from us by:
- using the unsubscribe process available within email communications;
- Changing your communication preferences within the preference centre accessible via email communications; or
- Calling our customer service number (03) 8609 6440
Lendly is committed to keeping your personal information secure. We take all reasonable precautions to protect the information we hold about you from misuse, loss and from unauthorised access, modification or disclosure. Your information can only be accessed by authorised Lendly employees.
Your personal and credit information will be stored either in hardcopy documents or electronically on our systems. Our security measures include but are not limited to:
- Physical security such as locks, security systems, guards and alarms to protect against unauthorised access to buildings.
- System authority levels, user id and passwords to access our systems.
- Computer and network security including firewalls, intrusion detection systems and virus scanning.
- Training all staff on their obligations with regards to the security, confidentiality and privacy of your personal information.
- Practicing a clean desk policy in all premises and providing secure storage of all physical records within those premises.
- Using accredited archiving suppliers for the storage of hardcopy documents.
- Engaging with accredited suppliers for the safe destruction of all documents.
The Lendly website uses a standard web browser feature called "cookies" or web beacons to help us improve your experience.
A cookie is a small text file that many online sites place on to your computer or device through your browser when you visit them. A site can only read the cookie it has placed, so Lendly cannot "see where you've been" based on any other cookies in your browser.
You may choose to disable cookies in your browser or use security software to prevent the storage of cookies. However if you disable cookies, we may not be able to fulfill your request or provide you with an appropriate level of service in some areas.
If you choose to send us an e-mail message, we may retain the content of the e-mail, your email address, and our response in order to service your needs.
We may provide consumer credit and/or commercial credit to individuals (including as agent for our financiers), and this policy will apply in such circumstances. We may conduct (or our financiers may conduct) a credit check on you and any joint account holders (or for corporate customers, any directors, partners or other authorised representatives) before credit is provided to you.
The Privacy Act and this policy do not apply to commercial credit provided to companies or other entities. However, this policy will apply where an individual applies for commercial credit or we or our financiers request that a director or other authorised individual guarantees the commercial credit to be provided by us to a company or other entity. This policy will only apply in respect of any uses of individuals' credit-related information as part of any assessment of the creditworthiness of that individual that we or our financiers undertake and any consideration that we or our financiers undertake in relation to an individual's suitability as a guarantor.
Collection of credit-related information
In addition to collecting personal information about you, we may collect the following particular types of credit-related information about you:
- your name and address (including previous addresses);
- your contact details (including telephone and email addresses);
- your date of birth and gender;
- your credit history, credit rating or credit assessment score provided by a credit reporting body (including account conduct both positive and negative such as any repayments missed or late repayments that you have made);
- details of any credit provided to you by other credit providers (such as other financial institutions, utilities or telecommunications providers);
- details of any credit-related court proceedings or insolvency applications that relate to you; and
- any other personal information or credit-related information reasonably required for the purpose of determining whether we or our financiers will provide any credit to you (or to your related company or other entity).
We may obtain this information from you or from third parties, including from credit reporting bodies and other credit providers, in order to assist us in determining whether we or our financiers will provide any credit to you (or to your related company or other entity).
Our use and disclosure of your credit-related information
We may use the credit-related information that is collected and held by us to help us and our financiers decide whether or not to provide credit to you (or to your related company or other entity).
The credit-related information that we hold about you may be used by us in accordance with Part IIIA of the Privacy Act and the Credit Reporting Code. The purposes for which we use your credit-related information may include:
- using your credit-related information to assess any application that you make to us or our financiers for credit (or which is made by your related company or other entity);
- using your credit-related information to collect payments that are owed to us or our financiers in respect of any credit that we or our financiers have previously provided to you (or to your related company or other entity);
- disclosing your credit-related information to any of our related companies (or to your related company or other entity);
- where you have offered to guarantee credit that we or our financiers have offered to provide to your related company or entity, to assess your suitability as a guarantor of that credit;
- disclosing your credit-related information to a third party that you or we ask to act as a guarantor of any credit provided to you;
- disclosing your credit-related information to the credit reporting bodies that we deal with, including but not limited to Equifax Pty Ltd and Dun & Bradstreet Inc. Credit reporting bodies collect different types of credit-related information about individuals and use that information to provide a credit-related service to their customers (including to us);
- disclosing your credit-related information to our financiers in connection with any credit that you seek;
- disclosing your credit-related information to other third parties that provide services to us (or to you on our behalf). These might include debt collectors, credit management agencies and other third parties that process applications for credit made to us or which provide identity verification services to us;
- disclosing your credit-related information to other credit providers which provide, or are considering providing, credit to you (or to your related company or other entity);
- using and disclosing credit-related information that we hold about you to assess and respond to any access or correction requests that you make to us;
- where we are consulted by a credit reporting body or another credit provider about an access or correction request that you have made to those entities, to respond to that consultation request;
- where you complain to the Office of the Australian Information Commissioner or any provider of a recognised external dispute resolution scheme about our treatment of your credit-related information, to respond to that complaint and to seek legal or other professional advice in relation to your complaint;
- using and disclosing credit-related information that we hold about you as required by law or the order of a court or tribunal; and
- where you otherwise expressly consent to the use or disclosure.
Other matters relating to your credit-related information
Where required by law, we will make a written note (which may be kept in electronic form) of any use or disclosure that we make relating to your credit-related information. If:
- you (or your related company or other entity) make an application for credit to us; or
- you offer to guarantee credit that we propose to provide to your related company or other entity,
and we subsequently refuse your application or offer based on information provided to us by a credit reporting body about you, we will inform you of this and provide you with the name and contact details of that body and any other information required by law to be provided to you.
You may request access to any personal information or credit-related information we hold about you at any time by contacting us (see the details below).
We will need to verify your identity before we can give you access and generally simple requests are handled immediately (such as where the request relates to the address or telephone numbers we have for you).
Following receipt of your request, our customer relations area will provide you with an estimate of the access fee, where applicable (depending on the complexity, the time required to collate the information and form you need the information to be made available to you in). You can then confirm if you want to proceed. Access will be provided once payment is received. We can usually deal with your request within 14 to 30 days.
In certain circumstances, we may not be able to tell you all or any of the information we hold about you. In these circumstances, we will write to you to let you know why your request has been denied or limited.
If you believe that any personal information or credit-related information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.
We will consult with other credit providers and credit reporting bodies as required about the accuracy of your information. We will write to you and advise you of the outcome of our investigation. If we do not agree that your information is inaccurate, incomplete or out of date, we will advise you of the reason(s) why we disagree with you and what you can do if you are not satisfied with our response.
If you believe that your privacy has been breached, please contact us using the contact information below and provide written details of the incident so that we can investigate it.
If your complaint relates to our failure to provide access to or to correct any credit-related information that we hold about you, you may lodge a complaint directly with the Office of the Australian Information Commissioner (for more information, please see www.oaic.gov.au) or to Credit and Investments Ombudsman Limited, who is our independent external dispute resolution provider and can also deal with complaints relating to credit-related information.
Otherwise, if you have a complaint in relation to our handling of your credit-related information that is not mentioned above or if your complaint relates to your Personal Information, you must first lodge your complaint with us using the details in section 14 (Contacting us) below and provide us with details of the incident so that we can investigate it.
We have a detailed internal dispute resolution policy (Dispute Policy), which will apply to investigating and dealing with any privacy breaches. Please contact us (using the details below) to obtain a copy of this policy. However, if you make a complaint with us in accordance with this section 13 about privacy, we will acknowledge receipt of your complaint, and try to investigate and respond to you in accordance with our Dispute Policy within 30 days. If the matter is more complex or our investigation under our Dispute Policy may take longer, we will let you know.
We will treat your complaint confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
If you are not satisfied with our handling of your complaint or our proposed resolution, you have a right to lodge a further complaint with the Office of the Australian Information Commissioner (for more information, please see www.oaic.gov.au). The Office of the Australian Information Commissioner can provide you with further information about the next steps in its complaints process. If your complaint relates to credit-related information that we hold about you, you may instead lodge your further complaint with the Australian Financial Complaints Authority (for more information, please see www.afca.org.au).
Where your complaint relates to the correction of your credit-related information and the resolution of your complaint requires us to correct your information, we will inform each other credit provider and credit reporting body that we have previously disclosed your information to that you have made a correction complaint in relation to that information and that we have corrected your information as a result of the outcome of that complaint. However, if it is impracticable or illegal for us to do so we are not required by law to give this notification.
If you have any questions about this policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please use the contact link on our website or contact our Privacy Officer using the details set out below.
Attention: Privacy Officer
PO Box 115
Port Melbourne, VIC 3207