This document sets out our policy on the management of personal information which we have about individuals. Those individuals include clients to whom we may provide or may have provided a facility; guarantors of both individual and company clients and individuals who may provide a guarantee; individuals who may sell goods or services to a client; and individuals who are or become customers of a client.
We collect and hold credit information about individuals who are clients, guarantors, a seller of goods or services to clients, a customer of clients and associates. This information includes:
We obtain credit reporting information about individuals who are clients, guarantors, a seller of goods or services to clients, a customer of clients and associates from credit reporting bodies. Credit reporting information includes:
We only obtain credit reporting information from credit reporting bodies to the extent we are entitled to obtain it under the Privacy Act 1988. We might, for example, need to obtain the individual’s prior authorisation.
We may disclose credit information (such as identification information) about an individual to a credit reporting body. The credit reporting body may include that information in the reports it provides to other credit providers.
We disclose credit information to the following credit reporting bodies:
Name : Illion Australia Pty Ltd
Website : www.checkyourcredit.com.au
Mail : PO Box 7405 St Kilda Road MELBOURNE VIC 3004
Name : Equifax Pty Ltd
Website : www.equifax.com.au
Mail : PO Box 964 NORTH SYDNEY NSW 2059
Those credit reporting bodies are required to have a policy which explains how they will manage credit- related personal information. If an individual would like to read the policy of the credit reporting body he or she should visit the credit reporting body’s website and follow the “Privacy” links, or the individual can contact the credit reporting body direct for further information.
An individual has the right to request that the credit reporting body exclude his or her credit reporting information from any permissible direct marketing activities we may ask it to perform.
The individual also has the right to request that the credit reporting body not use or disclose his or her credit reporting information if the individual believes that he or she has been, or is likely to be, the victim of fraud (for example, the individual suspects someone is using his or her identity details to apply for credit). The individual must contact the credit reporting body direct should this be the case.
The personal information, other than credit information and credit reporting information, we collect and hold varies depending on the person we are dealing with and the reason why we are dealing with them. We collect this general personal information from individuals who are clients, guarantors, sellers of goods or services to clients, customer of clients, associates, prospective employees, contractors, suppliers, brokers, introducers, merchants, agents, professional advisers, mercantile agents, mailing houses, call centre operators, archivers and service providers. This information will generally include the individual’s name and contact details. We will only collect sensitive information about an individual with the individual’s consent or when permissible under Australian law.
Under various laws we will be (or may be) authorised or required to collect personal information about an individual. These laws include the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, Personal Property Securities Act 2009, Corporations Act 2001, Autonomous Sanctions Act 2011, Income Tax Assessment Act 1997, Income Tax Assessment Act 1936, Income Tax Regulations 1936, Tax Administration Act 1953, Tax Administration Regulations 1976, A New Tax System (Goods and Services Tax) Act 1999 and the Australian Securities and Investments Commission Act 2001 as those laws are amended and includes any associated regulations.
We collect personal information, other than credit eligibility information, about individuals in a variety of ways. For example, we may obtain the information from the individual or from persons acting on the individual’s behalf. When it is possible and practical we will collect the information direct from the individual. When it is not practical or reasonable to do so we will collect the information from a third party. The third party could be an authorised representative (such as a broker, agent, accountant or lawyer), another financial institution, a referee, an employer or a government body. When the individual sells goods or services to a client, is a customer of a client or is an associate we may obtain the information from the client.
The credit eligibility information is obtained from a credit reporting body.
We take all reasonable steps to ensure that an individual’s personal information which we hold is protected from misuse, interference or loss and from authorised access, modification or disclosure.
We do this by having physical, electronic and procedural safeguards which protect the personal information we hold. For example, the personal information is stored in secure office premises or in secure archiving facilities and logins and passwords are required to access electronic databases. Our staff are required to maintain the confidentiality of personal information and access to personal information is restricted to persons who require access to perform their duties.
We collect, hold, use and disclose credit information and credit eligibility information on individuals for purposes permitted by law which are reasonably necessary for our business activities. Those purposes include:
We do not hold any CP derived information.
We collect, hold, use and disclose personal information which is not credit information or credit eligibility information so that we can manage and administer the facilities which we provide.
To provide our facilities in the most cost effective and efficient way we may decide to utilise the services of others. For example, we may use a mailing house to send monthly statements. If this requires that we disclose personal information we will require those persons to respect your right of privacy.
Personal information may also be used or disclosed to tell an individual about products or services that may be of interest to that individual. If the individual does not want his or her personal information used for these direct marketing purposes the individual should tell us. He or she can “opt-out” of direct marketing by sending an e-mail to email@example.com or by writing to us at:
Privacy Contact Officer
Octet Finance Pty Ltd
10-14 Waterloo Street
SURRY HILLS NSW 2010
An individual may access personal information (including credit eligibility information) about the individual which we hold. The individual can obtain that access by contacting our privacy contact officer as follows:
Telephone : +61 2 9356 6300
E-mail : firstname.lastname@example.org
Privacy Contact Officer
Octet Finance Pty Ltd
10-14 Waterloo Street
SURRY HILLS NSW 2010
We will need to verify the individual’s identity before giving access. We will usually provide the requested personal information within 30 days of receiving the request. There is no charge to make a request but we may levy an administration fee for providing access.
If there is a reason why we do not make the requested personal information available we will provide our reason in writing.
If an individual considers that any personal information which we hold about the individual is incorrect in any way the individual may ask us to correct that personal information. To seek the correction please contact our Privacy Contact Officer on the telephone number or at the e-mail or postal address above.
In certain situations we may decide not to agree to a request to correct personal information. We will tell you in writing why we have not agreed to the correction request.
We have an internal dispute resolution system that covers complaints. That system complies with ISO 10002-2006 Customer Satisfaction – Guidelines for Complaints Handling in Organisations: sections 4, 5.1, 6.4, 8.1 and 8.2. If an individual considers that we have failed to comply with Division 3 of Part IIIA of the Privacy Act 1988, the Credit Reporting Privacy Code or the Australian Privacy Principles he or she should contact our Privacy Contact Officer on the telephone number or at the email or postal address above. We will then follow our internal dispute resolution system. We will acknowledge the complaint within 7 days. A decision will be made and advised within 30 days or a longer period as may be agreed with the individual.
If the individual is not satisfied with the decision he or she may make a complaint to the Office of the Australian Information Commissioner (the “OAIC”). The contact details for the OAIC are:
Telephone : 1300 363 992
Facsimile : (02) 9284 9666
Website : www.oaic.gov.au
Mail : The Office of the Australian Information Commissioner GPO Box 2999 CANBERRA ACT 2601
We will only disclose personal information to overseas recipients or to persons that do not have an Australian link when this is necessary for the purpose for which the information was collected or a purpose connected with the purpose for which the information was collected which the individual would reasonably expect us to use or disclose the information. For example, if the seller of goods or services to the client or the Octet financial institution which has an agreement with the seller is located overseas we may need to send the client’s information overseas so that we can confirm that a bona fide contract has been entered into between the client and the seller or to make a payment to the Octet financial institution. If there is a dispute between the client and the seller we may need to provide information to a person located overseas to assist in the resolution of that dispute.
We may use service providers located overseas.
It is not practicable to specify the countries other than Australia in which the recipient could be located as this will largely depend on the sellers with whom the client decides to contract.
We recognise the obligation to notify affected individuals, as well as the Australian Information Commissioner, of “eligible data breaches” as defined for the purpose of Part IIIC of the Privacy Act 1988. We will provide the notification when we are required to do so by that Act.
“associate” means a person who is or may become an officer or employee of the client, the guarantor, a seller of goods or services to the client or a customer of the client;
“client” means a person (such as a company, sole trader or partnership) to whom we have provided a facility including the provision of commercial credit and includes a person who has applied for, or may apply for, a facility of that type;
“guarantor” means a person who has guaranteed, or may guarantee, the obligations which a buyer has or may have to us; and
“we”, “us” and “our” means Octet Finance Pty Ltd (ACN 124 477 916).