Overview of the Impact of the Privacy Reforms on Credit Reporting

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Overview of the Impact of the Privacy Reforms on Credit Reporting"

Transcription

1 Overview of the Impact of the Privacy Reforms on Credit Reporting June 2012 Andrew Galvin, Partner

2 1 OVERVIEW 1.1 Credit Reporting Reform - Background When initially passed, the Privacy Act 1988 essentially applied to the federal government sector. Shortly after its commencement, Part IIIA of the Privacy Act was introduced and commenced in Part IIIA has operated as a negative credit reporting regime. This means that credit reporting agencies are restricted in the information they can record about a person s consumer credit history. Generally the information is limited to identify information, current debts and a history of defaults and dishonoured cheques. The Credit Reference Association of Australia (CRAA), being Australia s first consumer credit reporting agency (now known as Veda Advantage), described the arrangements as the most restrictive credit reference laws in the Western World. Credit providers and the credit reporting agencies have argued strongly for Australia to adopt positive credit reporting under which credit balances and detailed repayment histories could be checked. The ALRC ultimately recommended that Part IIIA be repealed in its entirety and that credit reporting be regulated under the general provisions of the Act and the general purpose privacy principles. The ALRC has also recommended that there be new Privacy (Credit Reporting ) Regulations which would impose obligations on credit reporting agencies and credit providers with respect to the handling of credit reporting information. Through various recommendations, the ALRC proposed that these regulations carry over many of the features of the existing Part IIIA. Critically, the ALRC recommended: that there be some expansion of the categories of personal information that could be included in a credit information file so as to include the type of each current credit account, the date each account was opened, the credit limit of each account and the date of closure of each account; that the inclusion of repayment histories (going back 2 years) be permitted in credit information files but only after the federal government had established an adequate framework imposing responsible lending obligations on credit providers (such a framework has been included in the National Consumer Credit Protection Act 2009 which commenced in 2010); that the new Privacy Reporting Regulations should prohibit the use or disclosure of credit reporting information for the purposes of direct marketing, including the prescreening of direct marketing lists; that use of credit reports be permitted as a means of electronically verifying the identity of customers be authorised expressly under the AML/CTF Act; as a protection against the effects of identity theft, that the new Privacy Reporting Regulations provide individuals with a right to prohibit for a specified period the disclosure by a credit reporting agency of credit reporting information about them without their express authorisation. Presumably where an individual exercises this right to freeze their credit information file, a prudent credit provider will decline further credit; and /5 page 2

3 that the significant criminal penalties which have applied under Part IIIA be replaced with civil penalties. The new credit reporting framework Under the Privacy Amendment (Enhancing Privacy Protection) Bill, the existing Part IIIA (formerly 19 section being sections 18C-18V) is to be repealed and replaced with a new Part IIIA comprised of 64 sections. The new Part IIIA is dependent upon many more definitions. A summary of the divisions and subdivisions of Part IIIA and a comparison with the current law is set out in the table below. There are four key features of Part IIIA to note: 1 The ALRC recommendation to remove Part IIIA has not been adopted; 2 While part IIIA has been redrafted in its entirety, the substance is largely unchanged, except that consumer credit liability information and repayment history information may be part of a consumer s credit information file and credit information files may be used for pre-screening for marketing purposes subject to consumer opt-out rights; 3 Unlike the current position under which Part IIIA and the National Privacy Principles (NPPs) apply to the credit industry, in many cases, (and in all cases in relation to credit reporting bodies), Part IIIA provisions displace the new Australian Privacy Principles (APPs); and 4 A new dedicated division has been inserted for recipients of credit information other than credit reporting bodies and credit providers (e.g. related bodies corporate, mortgage insurers, trade insurers, credit managers and advisors) /5 page 3

4 Part IIIA This part deals with privacy information relating to credit reporting. Division 2 relates to credit reporting bodies and Division 3 relates to credit providers. Division 4 relates to affected information recipients. Division 1 Introduction Division 2 Credit Reporting Bodies Subdivision A Introduction and application of division Subdivision B Consideration of privacy Subdivision C Collection of Credit This Division, but not the APPs, applies to credit reporting bodies in relation to credit reporting information, CP derived information, and a pre-screening assessment. This Division also applies to credit reporting information that is de-identified. Reasonable steps should be taken to comply with this Division and the CR Code and which enable dealing with enquiries and complaints. A clear and up-to-date policy for management of credit reporting information is required. The policy contents are set out in s. 20B and include information about the kinds of credit reporting information collected and held, and the kind of information derived from that. Access, correction and complaint rights must be explained. It must be available free in appropriate form and a copy is to be given if reasonable. The default rule in s. 20C is that a credit reporting body must not collect credit information. Various exceptions are specified as follows: - collection required or authorised by law or court order; - collection from a credit provider as permitted under the credit provider provisions; - collection from another source if the individual is reasonably believed to be > 18yrs old. If relating to a credit application, it must be an Australian credit application. If it is repayment history, it may only be collected from a credit reporting body with an Australian link. In each case, identity information cannot be collected without other credit information. Credit information may only be collected by lawful and fair means. S. 20D imposes rules for receipt of unsolicited credit information. If the information could not have been collected under s 20C, it must be destroyed unless a law or court order requires its retention. Credit reporting agencies are subject to both Part IIIA and the NPPs. NPP 5 requires organisations to have clearly expressed policies on information management. Policy contents are suggested in PC Guidance. It must be available on request. about the sorts of information held, how and why it is collected and how it is used and disclosed should also be available on request. NPP 1 regulates collection of personal information by organisations including by requiring lawful and fair means to be adopted and various disclosures to be made. Section 18E restricts what can be collected by a credit reporting agency /54 page 4

5 Subdivision D Dealing with Credit Reporting Direct Marketing and prescreening The default rule in s. 20E is that a credit reporting body must not use or disclose credit information. Various exceptions are specified as follows: - use is permitted in carrying on a credit reporting business, where required or authorised by law or court order and where prescribed by regulations; - disclosure is permitted if it is: (a) a permitted CRB disclosure (defined in s. 20F) in relation to an individual; (b) to another credit reporting body with an Australian link; (c) for the purposes of the credit reporting body s or credit provider s EDR scheme; (d) to an enforcement body on a reasonable belief of a serious credit infringement; (e) required or authorised by an Australian law or court order; or (f) prescribed by regulation. Disclosures of repayment history to credit providers may only be made to licensed credit providers. A written note of any disclosure must be made. Permitted CRB disclosures about an individual are defined in s. 20F to include: to credit providers - requested for consumer credit related purposes - requested for commercial credit related purposes with express consent (which must be written unless the loan application is not written) - requested for credit guarantee purposes with express written consent - where satisfied the provider or another credit provider reasonably believes the individual committed a serious credit infringement - consumer credit liability information is held relating to outstanding consumer credit provided to the individual by the credit provider - requested for a securitisation purpose (under s. 6J) to mortgage insurers requested for mortgage insurance purposes to trade insurers requested for trade insurance purposes with written consent. The default rule in s. 20G is that a credit reporting body must not use or disclose credit information for the purposes of direct marketing. A pre-screening exception allows use and disclosure for direct marketing by, or on behalf of, a licensed credit provider with an Australian link in relation to consumer credit it provides in Australia if consumer credit liability information and repayment history information is excluded. Individuals Sections 18K and 18L impose limits on disclosure and use by credit reporting agencies of credit information files. These are largely similar and also require consent in certain circumstances. NPP 2 restricts the use and disclosure of personal information for a purpose other than its primary purpose of collection subject to exceptions in NPP2. No direct marketing exception (or pre-screening exception) has been available to credit reporting agencies under Part IIIA /5 page 5

6 Temporary disclosure bans for fraud victims Government identifiers De-identified information Subdivision E Integrity of Credit Reporting may, without charge, opt out of such use or disclosure by a request to the credit reporting body. Having regard to eligibility requirements nominated by a credit provider, the credit reporting body may use this exception to assess whether an individual is eligible to receive a direct marketing communication. Requirements of the CR Code must also be satisfied and a note of any such use must be made. The default rule under s. 20H is that a credit reporting body must not use or disclose a prescreening assessment. It may disclose such information to a credit provider for direct marketing by or on behalf of the credit provider if the recipient is an entity with an Australian link. A note of any such disclosure must be made. The recipient may only use or disclose the assessment for direct marketing by or on behalf of the credit provider for whom the assessment was undertaken and it must make a note of such use. APPs 6, 7 and 8 do not apply to the recipient in relation to the pre-screening assessment it receives. Under s. 20J, assessments must be destroyed if no longer needed for their permitted purpose assuming a law or court order does not require retention. APP 11.2 (destruction/de-identification) does not apply. Under s. 20K a ban period applies in relation to credit reporting bodies if an individual reasonably believes he or she has been a victim of fraud and requests his or her information not to be disclosed during a ban period of 21 days unless extended. A request for a ban or extension of a ban must be free of charge. Under s. 20L, a government identifier must not be adopted as a credit reporting body s own identifier unless authorised or required by or under a law or court order. Under s. 20M, the default rule is that credit reporting body must not use de-identified information. However, it may be used for research in relation to the assessment of credit worthiness if the Commissioner s rules are complied with. Under s. 20N, reasonable steps must be taken to ensure credit information collected, used or disclosed is accurate, up-to-date and complete. Agreements with credit providers must require the credit providers to ensure the information they provide is accurate, up-to-date and complete. The credit reporting body must ensure credit providers are subject to regular independent audits to determine compliance and must identify and deal with breaches of the agreements. Under s. 20P, a credit reporting body commits an offence and civil penalty contravention if it uses credit reporting information in breach of this Division. Under s. 20Q, a credit reporting body must take reasonable steps to protect credit reporting NPP 7 imposes a similar prohibition on organisations. NPP 4.2 imposes obligations on organisations to de-identify personal information no longer needed. De-identified data ceases to be personal information as defined. NPP 3 requires an organisation to take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to-date. S. 18J applies similar requirements specifically for credit reporting agencies. S. 18F also requires deletion of certain information after specified periods. NPP 4 imposes similar data security obligations on organisations /5 page 6

7 Subdivision F Access to, and correction of, Subdivision G Dealing with Credit Reporting after retention period ends information from misuse, interference and loss and from unauthorised access, modification and disclosure. Agreements with credit providers must impose an equivalent obligation. The credit reporting body must ensure credit providers are subject to regular independent audits to determine compliance and must identify and deal with breaches of the agreements. Under s. 20R, a credit reporting body must give an access seeker access to personal information it holds concerning an individual. An access seeker is the individual or a person assisting the individual in dealing with a credit reporting body authorised in writing to make the request under s.20r (or s.21t in the case of request to credit providers). Exceptions to access apply including where access would be unlawful, denying access is required or authorised by law or court order and where access would prejudice enforcement activities of an enforcement body. A response to access requests is required within 10 days and access must be given in accordance with the CR Code. No charge can be imposed unless a request has been made in the previous 12 months. Otherwise a reasonable charge may be imposed for giving access (but not requesting it). Written reasons must be given for refusing access unless it would be unreasonable to do so. The response must advise of the right to complain to an EDR scheme and complain to the Commissioner. Under s. 20S, a credit reporting body must take reasonable steps to keep personal information accurate, up-to-date, complete, relevant and not misleading. If a correction is made, recipients of the deficient information must be notified within a reasonable period unless impracticable or inconsistent with a requirement under a law or court order. Under s. 20T, an individual can request correction without charge, which must be done within 30 days or such longer period as agreed if the information is inaccurate. If necessary to satisfy itself of the need for correction, the credit reporting body may consult another credit reporting body or credit provider. Under s. 20U, where a correction is made on request, notice must be given to the individual, any party consulted on the change and any recipient of the inaccurate information. If the change is refused, notice must be given to the individual including reasons and, unless impracticable, details of the right to refer to EDR or the Commissioner. This subdivision establishes the concept of a retention period applicable to most information but not identity information or most publicly available information. Retention periods are set out in s. 20W and 20X and range from 2 7 years Credit information must be destroyed or de-identified within 1 month of expiry of the retention Section 18H(3) requires a credit reporting agency to give individuals access to their credit information files including through a person authorised in writing to do so but only in connection with a loan application or advice sought by the individual in relation to a loan. This is more restrictive. NPP 6 also imposes qualified access obligations on organisations. S. 18G requires a credit reporting agency to take reasonable steps to ensure credit information files and credit reports are accurate, up-to-date, complete and not misleading. NPP 3 requires organisations to ensure personal information it collects, uses or discloses is accurate complete and up-to-date. S. 18J requires credit reporting agencies to make corrections, deletions and additions to ensure personal information is accurate, up-to-date, complete and not misleading. If such changes are not made on an individual s request, the individual may request that a statement be included on the file. NPP 6 gives individuals qualified correction rights in relation to personal information held by organisations. S. 18F imposes maximum permissible periods for keeping personal information which range from 5 7 years depending on the circumstances /5 page 7

8 Division 3 Credit Providers period. Destruction or de-identification must not occur if there is a pending correction request or dispute relating to the information or if destruction would be contrary to law or a court order. Equivalent requirements apply to CRB derived information (i.e. derived from credit information files). Additional destruction obligations apply under s. 20Y where an individual has been a victim of fraud. S. 20Z imposes requirements to notify the Commissioner in writing as soon as practicable if credit information or CRB derived information is not destroyed or de-identified due to a pending correction request or dispute relating to the information. That information must only be used for the purposes of the pending correction request or dispute or a use required by law or a court order. A written note must be taken of such use or disclosure. The Commissioner may also direct the credit reporting body to destroy or de-identify the information by a specified date. Where credit information or CRB derived information is not destroyed or de-identified due to a law or court order, under s.20za, the credit reporting body must not use or disclose that information unless that use or disclosure is required by or under that law or court order. A written note must be taken of such use or disclosure. Subdivisions E (other than s. 20Q which requires the information to be adequately protected) and F of Division 2 do not apply to such information. Subdivision A Introduction and application of division Subdivision B Consideration of privacy This Division applies to credit providers in relation to credit information, credit eligibility information and CRB derived information. If a credit provider is an APP entity, this Division may apply in addition to, or instead of, relevant APPs. Reasonable steps should be taken to comply with this Division and the CR Code and which enable dealing with enquiries and complaints. A clear and up-to-date policy for management of credit information and credit eligibility information is required. The policy contents are set out in s. 21B and include information about the kinds of credit information and credit eligibility information collected and held, and the kind of CP derived information derived from credit reporting information. Access, correction and complaint rights must be explained. It must be available free in appropriate form and a copy is to be given if reasonable. If a credit provider is an APP entity, APP 1.3 and 1.4 do not apply to the credit provider in relation NPP 5 requires organisations to have clearly expressed policies on information management. Policy contents are suggested in PC Guidance. It must be available on request. about the sorts of information held, how and why it is collected and how it is used and disclosed should also be available on request /5 page 8

9 Subdivision C Dealing with Credit Subdivision D Dealing with Credit Eligibility to credit information or credit eligibility information. S. 21C imposes requirements to notify an individual where that individual s personal information may be disclosed to a credit reporting body. The name and contact details of the body and any other matter specified in the CR Code must be provided. If a credit provider is an APP entity, this requirement is additional to APP 5 and the provider must also notify the individual that its policy for management of credit information and credit eligibility information contains information on access, correction and complaint rights as part of its requirements under APP 5.1 (notification of the collection of personal information). The default rule in s. 21D is that a credit provider must not disclose information about an individual to a credit reporting body, however, disclosure is permitted if: - the credit provider is a member of a recognised external dispute resolution scheme and knows, or reasonably believes, that the individual is > 18yrs old; and - the credit reporting body is an agency or an organisation that has an Australian link; and - the requirements of s. 21D(3) are met. A written note of any disclosure must be made. If a credit provider is an APP entity, APP 6 and 8 do not apply to the disclosure by the provider of credit information to a credit reporting body. If a credit provider has disclosed default information about an individual to a credit reporting body but the amount overdue has been paid, the provider must disclose the payment information to the body within a reasonable time. Unless the identify of an individual has been reasonably verified, if a credit provider holds credit information about an individual that relates to consumer credit provided to the individual during a ban period (that has been put in place due to fraud), then notwithstanding the above, the provider must not disclose the credit information to a credit reporting body. The default rule in s. 21G is that a credit provider must not use or disclose an individual s credit eligibility information. Various exceptions are specified as follows: - the use of the credit eligibility information is: (a) for a consumer credit related purpose of the credit provider relating to the individual; (b) a permitted CP use (defined in s. 21H) relating to the individual; (c) in connection with a serious credit infringement that the credit provider This is a new concept that is part of a more positive credit reporting concept. NPP 2 restricts the use and disclosure of personal information for a purpose other than its primary purpose of collection subject to their various exceptions, including consent. S.18F(3) imposes a similar requirement in relation to an individual s payment of an overdue amount that was previously reported. NPP3 requires personal information to be kept accurate, completed and upto-date. Section 18L imposes limits on the use by credit providers of personal information contained in credit reports. These are largely similar and also require consent in certain circumstances /5 page 9

10 reasonably believes the individual has committed; (d) required or authorised by a law or court order; or (e) prescribed by regulation; or - the disclosure of the credit eligibility information is: (a) a permitted CP disclosure (defined in ss. 21J to 21N) relating to the individual; (b) to a related body corporate of the credit provider that has an Australian link; (c) to a person that has an Australian link who manages credit provided by the credit provider for use in managing that credit and the person is not acting as an agent of the provider; (d) to another credit provider with an Australian link or to an enforcement body on reasonable belief that the individual has committed a serious credit infringement; (e) for the purposes of a recognised external dispute resolution scheme of which the credit provider or credit reporting body is a member; (f) required or authorised by a law or court order; or (g) prescribed by regulation. Notwithstanding the above, disclosure of an individual s credit eligibility information that was derived from repayment history information is not permitted unless: - the recipient is another credit provider who is a licensee; or - the disclosure is to a mortgage insurer that has an Australian link for mortgage insurance purposes of the insurer in relation to the individual or any purpose arising under a contract for mortgage insurance between the provider and the insurer; - the disclosure is to an enforcement body on reasonable belief that the individual has committed a serious credit infringement; or - the disclosure is for the purposes of a recognised external dispute resolution scheme of which the credit provider or credit reporting body is a member or is required or authorised by a law or court order. A written note of any use or disclosure must be made. If a credit provider is an APP entity, APP 6, 7 and 8 do not apply to the provider in relation to credit eligibility information. If the credit eligibility information is also a government related identifier of the individual, APP 9.2 does not apply in relation to the information. Section 18N restricts disclosure of reports being information derived from credit reporting agencies and other credit sensitive information subject to a multitude of exceptions, some of which require consent. These are largely similar and also require consent in certain circumstances. NPP2 imposes a general prohibition on the disclosure of personal information for a purpose other than for its primary purpose of collection subject to a range of exceptions including where consent is held and for direct marketing /5 page 10

11 Permitted CP uses Permitted CP uses about an individual are defined in s. 21H and include: - in respect of disclosure for a consumer credit related purpose using the information for securitisation related purposes relating to the individual or internal management purposes directly related to providing or managing consumer credit; - in respect of disclosure for a commercial credit related purpose using the information for that purpose; - in respect of disclosure to assess an application for commercial credit using the information for internal management purposes directly related to providing or managing commercial credit; - in respect of disclosure for a credit guarantee purpose using the information for that purpose or the internal management purposes directly related to providing or managing any credit; - in respect of disclosure to the credit provider on condition that consumer credit liability information is held relating to consumer credit provided to the individual using the information for the purpose of assisting the individual to avoid defaulting on his or her consumer credit obligations to the credit provider; and - for a securitisation purpose using the information for that purpose. Permitted CP disclosures Permitted CP disclosures about an individual are defined in ss. 21J to 21N and include disclosure: - between credit providers: (a) for a particular purpose where the recipient has an Australian link and the individual has provided written consent to the disclosure (unless the information is disclosed to assess an application for credit that was not made in writing); (b) where one provider is acting as agent (by providing credit processing and management services) to another credit provider that has an Australian link; (c) by a securitisation entity in relation to credit provided by, or an application to, a non-securitisation credit provider where disclosure is to that original credit provider or another securitisation entity credit provider with an Australian link where disclosure is necessary for purchasing, funding, or managing, or processing an application for, credit under a securitisation arrangement or to undertake credit enhancement; /5 page 11

12 (d) disclosure between credit providers that have an Australian link and which have provided mortgage credit where the same real property forms all or part of the security but payment is at least 60 days overdue and the information is disclosed for the purposes of determining the course of action to be pursued to recover the overdue payment. - relating to guarantees etc: (a) (b) to a person with an Australian link considering acting as guarantor or providing security for credit that has been provided by, or has been sought from, the provider and the individual has provided written consent to the disclosure (unless the application was not, or has not been, made in writing); and to a person with an Australian link who is a guarantor or has provided security for credit and either the individual has provided written consent to the disclosure (unless the application was not made in writing) or where the person is a guarantor, the information is disclosed for the enforcement or proposed enforcement of the guarantee. - to mortgage insurers: that have an Australian link for mortgage insurance purposes of the insurer or any purpose arising under a contract of mortgage insurance between the provider and the insurer. - to debt collectors: that have an Australian link for the purpose of collecting overdue payments relating to consumer credit or commercial credit provided by the provider and the information is identification information, court proceeds information, personal insolvency information or (in the case of default of consumer credit) default information relating to the overdue payment. - to others who are either: (a) (b) State or Territory authorities responsible for assisting the facilitation of the provision of mortgage credit or for the management or supervision of arrangements under which such assistance is given and where the information is disclosed to enable the authority to determine the extent of assistance to give or to manage or supervise such an arrangement; or entities that have an Australian link and their legal and financial advisors and where the entity proposes to use the information to consider whether to accept an assignment of a debt, accept a debt as security for credit or purchase an interest in the provider or a related body corporate of the provider or in connection with exercising rights arising from the acceptance of such an assignment or debt or the purchase of such an interest. Section 18M imposes requirements to provide written notice to an individual /5 page 12

13 Subdivision E Integrity of Credit and Credit Eligibility Subdivision F Access to, and correction of, Where a credit provider refuses an application for consumer credit made in Australia based wholly or partly on credit eligibility information, the requirements for written notice as set out in s. 21P are similar to those currently existing but for the following additional requirements that the notice must: - be provided within a reasonable period after refusing the application; and - set out the name and contact details of the credit reporting body that disclosed the relevant credit reporting information and any other matter required by the CR Code. Under s. 21Q, reasonable steps must be taken to ensure credit information collected, used or disclosed is accurate, up-to-date and complete. If a credit provider is an APP entity, APP 10 does not apply to the provider in relation to credit eligibility information. Under s. 21R, a credit provider commits an offence and civil penalty contravention if it uses or discloses credit information in breach of this Division. Under s. 21S, a credit provider must take reasonable steps to protect credit eligibility information from misuse, interference and loss and from unauthorised access, modification and disclosure. If a credit provider no longer needs the credit eligibility information for any purpose permitted under this Division and the provider is not required by law or court order to retain the information, the provider must take reasonable steps to destroy or de-identify the information. If a credit provider is an APP entity, APP 11 does not apply in relation to credit eligibility information Under s. 21T, a credit provider must give an access seeker access to credit eligibility information it holds concerning an individual. An access seeker is the individual or a person assisting the individual in dealing with a credit reporting body authorised in writing to make the request. Exceptions to access apply including where access would be unlawful, denying access is required or authorised by law or court order and where access would prejudice enforcement activities of an enforcement body. A response to access requests is required within a reasonable period and access must be given in accordance with the CR Code. No charge can be imposed if the credit provider is an agency. Otherwise, if credit provider is an organisation or small business operator, a reasonable charge may be imposed for giving access (but not requesting it). Written reasons must be given for refusing access unless it would be unreasonable to do so. The if the individual s credit application is refused on the basis (wholly or partly) of information derived from credit reporting agencies and other credit sensitive information. NPP 3 requires an organisation to take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to-date. Section 18J requires credit providers to make corrections, deletions and additions to ensure personal information is accurate, up-todate, complete and not misleading. If such changes are not made on an individual s request, the individual may request that a statement be included on the file within 30 days of the individual s request for amendment. NPP 4 imposes similar data security obligations on organisations. Section 18H requires a credit provider to give individuals access to any credit report (but not any report) including through a person authorised in writing to do so but only in connection with a loan application or advice sought by the individual in relation to a loan. This is more restrictive. NPP 6 also imposes qualified access obligations on organisation /5 page 13

14 Division 4 Affected Recipients Subdivision A Consideration of information privacy response must advise of right to complain to an EDR scheme and complain to the Commissioner. Under s. 21U, a credit provider must take reasonable steps to keep credit information or credit eligibility information accurate, up-to-date, complete, relevant and not misleading. If a correction is made, recipients of the deficient information must be notified within a reasonable period unless impracticable or inconsistent with a requirement under a law or court order. If a credit provider is an APP entity, APP 13 applies in relation to credit information or credit eligibility information that is identification information but does not apply to any other kind of such information. Under s. 21V, an individual can request correction without charge, which must be done within 30 days or such longer period as agreed if the information is inaccurate. If necessary to satisfy itself of the need for correction, the credit provider may consult a credit reporting body or another credit provider. Under s. 21W, where a correction is made on request, notice must be given to the individual, any party consulted on the change and any recipient of the inaccurate information. If the change is refused, notice must be given to the individual including reasons and, unless impracticable, details of the right to refer to EDR or the Commissioner. This Division sets out rules that apply to affected information recipients in relation to their handling of their regulated information. An affected information recipient means (a) a mortgage insurer, (b) a trade insurer, (c) a body corporate that has an Australian link and is a related body corporate of a credit provider, (d) a credit manager that has an Australian link and is not an agent of a credit provider or (e) an entity or adviser of an entity that has an Australian link. If a credit provider is an APP entity, this Division may apply in addition to, or instead of, the APP. Reasonable steps should be taken to comply with this Division and the CR Code and which enable dealing with enquiries and complaints. A clear and up-to-date policy for management of the regulated information is required. The policy contents are set out in s. 22A and include information about the kinds of regulated information collected and held and the purpose for which such information is collected and held. Access, correction and complaint rights must be explained. It must be available free in appropriate form and a copy to be given if reasonable. If a credit provider is an APP entity, APP 1.3 and 1.4 do not apply to the credit provider in relation Section 18G requires a credit provider to take reasonable steps to ensure credit information files and credit reports are accurate, up-to-date, complete and not misleading. NPP 3 requires organisations to ensure personal information it collects, uses or discloses is accurate complete and up-to-date. Section 18J requires credit providers to make corrections, deletions and additions to ensure personal information is accurate, up-to-date, complete and not misleading. If such changes are not made on an individual s request, the individual may request that a statement be included on the file within 30 days of the individual s request for amendment. NPP 6 gives individuals qualified correction rights in relation to personal information held by organisations. NPP 5 requires organisations to have clearly expressed policies on information management. Policy contents are suggested in PC Guidance. It must be available on request. about the sorts of information held, how and why it is collected and how it is used and disclosed should also be available on request /5 page 14

15 Subdivision B Dealing with Regulated Mortgage insurers or trade insurers Related body corporate Credit managers to credit information or credit eligibility information. S. 22B provides that if an affected information recipient is an APP entity, the recipient must also notify the individual that its policy for management of regulated information contains information on access, correction and complaint rights as part of its requirements under APP 5.1 (notification of the collection of personal information). The default rule in s. 22C is that a mortgage insurer or trade insurer must not use or disclose an individual s personal information and other information disclosed to the insurer by a credit reporting body or credit provider under Divisions 2 and 3. Various exceptions, which are similar to those currently existing but expressed in broader terms, are specified as follows: - in respect of a mortgage insurer, the use is for a mortgage insurance purpose or any purpose arising under a contract for mortgage insurance between the credit provider and insurer; - in respect of a trade insurer, the use is for a trade insurance purpose; or - the use or disclosure is required or authorised by a law or court order. If the insurer is an APP entity, APP 6, 7 and 8 do not apply to the insurer in relation to the information. Also, if the insurer is an APP entity and the information is a government related identifier, then APP 9.2 does not apply to the insurer. The default rule in s. 22D is that a body corporate that has an Australian link and is a related body corporate of a credit provider must not use or disclose an individual s credit eligibility information disclosed to the body corporate by the credit provider. However, the body corporate may use or disclose that information in the manner permitted for the related credit provider under Division 3 as if the body corporate was the credit provider. If the insurer is an APP entity, APP 6,7 and 8 do not apply to the insurer in relation to the information. Also, if the insurer is an APP entity and the information is a government related identifier, then APP 9.2 does not apply to the insurer. The default rule in s. 22E is that a credit manager that has an Australian link must not use or disclose an individual s credit eligibility information disclosed to the credit manager by a credit provider for whom the credit manager is managing credit. However, the credit manager may use that information in managing credit provided by the credit provider or if the use is required or authorised by a law or a court order. If the credit manager is an APP entity, APP 6,7 and 8 do not apply to the credit manager in relation to the information. Also, if the credit manager is an APP entity and the information is a S. 18P imposes limits on the use by mortgage insurers and trade insurers of personal information contained in credit reports. These are largely similar but expressed in narrower terms. S. 18Q(1) imposes limits on the use and disclosure by related body corporate of credit providers of reports or information. These are similar. Sections 18Q(4) imposes limits on the use and disclosure by a credit manager of reports or information received from a credit provider for whom the credit manager is managing credit. These are similar /5 page 15

16 Advisors Division 5 Complaints government related identifier, then APP 9.2 does not apply to the credit manager. The default rule in s. 22F is that an entity that has an Australian link or its legal and financial advisors must not use or disclose an individual s credit eligibility information received from a credit provider in relation to an assignment of debt, an acceptance of debt as security or a purchase of an interest in the provider or a related body corporate of the provider. Various exceptions, which are similar to those currently existing, are specified as follows: - in respect of an entity, the information is used to consider whether to accept an assignment of a debt, accept a debt as security for credit or purchase an interest in the provider or a related body corporate of the provider or in connection with exercising rights arising from the acceptance of such an assignment or debt or the purchase of such an interest; - in respect of a legal or financial advisor, the use is in connection with advising the entity in respect of the above; or - the use or disclosure is required or authorised by a law or court order. If the recipient is an APP entity, APP 6,7 and 8 do not apply to the recipient in relation to the information. Also, if the recipient is an APP entity and the information is a government related identifier, then APP 9.2 does not apply to the recipient. This Division establishes mandatory complaints processes for credit reporting bodies and credit providers about acts or practices that may be a breach Part IIIA or the CR Code. S. 23A provides that individuals may make a complaint (which must specify the nature of the complaint) to a credit reporting body or a credit provider about an act or practice engaged in by the body or provider that may be a breach Part IIIA or the CR Code. The complaint may relate to personal information that has been destroyed or de-identified. No charge can be imposed for the making of the complaint or for dealing with the complaint. S. 23B requires the credit reporting body or credit provider to respond to complaints within 7 days after the complaint is made with a written notice acknowledging the complaint and setting out how it will deal with the complaint. The body or provider must also investigate the complaint. If the body or provider considers it necessary to consult another credit reporting body or credit provider, it must do so. The body or provider must, within 30 days from the day on which the complaint was made (or such longer period agreed to by the individual), give the individual written notice setting out its decision following the investigation and details of the right to refer to EDR or the Commissioner if the individual is not satisfied with the decision. In respect of complaints relating to the correction of personal information by credit reporting Sections 18Q(2) and 18Q(3) impose limits on the use and disclosure by an entity or its legal or financial advisors of reports or information received in relation to an assignment of debt, an acceptance of debt as security or a purchase of an interest in the provider or a related body corporate of the provider. These are similar. Where an NPP has been breached (s.6a) resulting in an interference with the privacy of an individual (s.13a) the affected individual may make a complaint to the Commissioner. The Commissioner s powers to investigate and make determinations in respect of such complaints are set out in Part V. However, there are no prescribed requirements for credit reporting bodies or credit providers in relation to the handling of complaints /5 page 16

17 Division 6 Unauthorised obtaining of credit reporting information Division 7 Court orders bodies, s.23c provides that written notice must be given by: - a credit reporting body to a credit provider that holds credit information or credit eligibility information; and - a credit provider to a credit reporting body (that holds credit reporting information) or another credit provider (that holds credit information or credit eligibility information), in relation to the complaint as soon as practicable after it is made and the body or provider s decision as soon practicable after it is made. If a credit reporting body or a credit provider discloses information to which the complaint relates pursuant to Part IIIA or the APP, the body or provider must give written notice to the recipient about the complaint if a decision on the complaint is still pending. However, the obligations to provide written notice are not required where it is impracticable to do so or the body or provider is required by a law or a court order not to do so. This Division provides for offences and civil penalties for entities that have obtained credit reporting information in an unauthorised manner. It is an offence where an entity has obtained credit reporting information from a credit reporting body or credit eligibility information from a credit provider, and it is a civil penalty if the entity seeks to obtain such information, in a manner that is unauthorised, such as where: - the entity is not one which the information is permitted to be disclosed under Divisions 2 or 3; - the entity is not an access seeker; or - the information is obtained by false pretence. This Division provides for orders that may be made by the Federal Court or the Federal Magistrates Court. S.25 provides that those courts may make orders to award compensation for a person s loss or damage resulting from an entity either being found guilty of committing an offence under Part IIIA or a civil penalty order being made against the entity. S. 25A provides that courts may make other orders to prevent or reduce the loss or damage suffered, or likely to be suffered, by the person. There is a statutory limitation period of 6 years for applications for the above orders. S.18S prohibits unauthorised access to credit information files in possession of a credit reporting agencies and to credit reports in the possession of credit providers or credit reporting agencies. S.18T establishes offences for using false pretences to obtain credit information files and credit reports. Section 55A(2) provides that the Federal Court or the Federal Magistrates Court may make such orders as it thinks fit if the court is satisfied that the respondent has engaged in conduct that constitutes an interference with the privacy of the complainant /5 page 17

Privacy business resource 3

Privacy business resource 3 Privacy business resource 3 June 2013 Credit reporting what has changed As part of the reforms to the Privacy Act 1988 (Privacy Act), credit reporting in Australia is regulated by a new Part IIIA. 1 The

More information

1.4 For information about our management of your other personal information, please see our Privacy Policy available at www.iba.gov.au.

1.4 For information about our management of your other personal information, please see our Privacy Policy available at www.iba.gov.au. Indigenous Business Australia Credit Information Policy 1 Purpose and application of this policy 1.1 This credit reporting policy (Credit Information Policy) describes and establishes how Indigenous Business

More information

Credit Reporting and Credit Related Personal Information Policy. Corporate Legal Procedure

Credit Reporting and Credit Related Personal Information Policy. Corporate Legal Procedure Credit Reporting and Credit Related Personal Information Policy Corporate Legal Procedure TABLE OF CONTENTS 1. Purpose... 3 2. Acknowledgment... 3 3. The kind of Credit Information we will collect and

More information

CREDIT REPORTING AND CREDIT RELATED PERSONAL INFORMATION POLICY

CREDIT REPORTING AND CREDIT RELATED PERSONAL INFORMATION POLICY Purpose CREDIT REPORTING AND CREDIT RELATED PERSONAL INFORMATION POLICY This is the privacy policy of Southern Steel Group Pty Limited ACN 003 067 838, Southern Steel Supplies Pty Limited ACN 000 060 131,

More information

AMP Bank. Credit Reporting Policy AMP Bank Limited

AMP Bank. Credit Reporting Policy AMP Bank Limited AMP Bank Credit Reporting Policy AMP Bank Limited Effective Date: 12 March 2014 Contents 1. Purpose of this Policy 1 2. Definitions 1 3. Collecting Credit Information 2 4. Disclosing and using Credit-Related

More information

Privacy Policy. Preparation date: 12 March 2014. toyotafinance.com.au

Privacy Policy. Preparation date: 12 March 2014. toyotafinance.com.au Privacy Policy Preparation date: 12 March 2014 toyotafinance.com.au Contents Introduction 3 Who are we? 3 About this Privacy Policy 3 Personal information 3 What is personal information? 3 What kinds of

More information

Credit Reporting Privacy Policy of Baybrick Pty Ltd

Credit Reporting Privacy Policy of Baybrick Pty Ltd Credit Reporting Privacy Policy of Baybrick Pty Ltd Introduction 1. This Credit Reporting Privacy Policy is the official privacy policy of Baybrick Pty Ltd and its subsidiaries which includes JBS Australia

More information

Credit Reporting Data Management Policy

Credit Reporting Data Management Policy Credit Reporting Data Management Policy TDJ Australia Pty Ltd ACN 006 385 191(collectively, TDJ, we, our or us ) is committed to the protection of personal privacy within the scope of applicable law. This

More information

Credit Reporting Policy

Credit Reporting Policy Credit Reporting Policy Version 1 7 March 2014 1. INTRODUCTION ERM Power Limited and its related companies (referred to in this document as we, us or our) recognise that your privacy is very important

More information

Police Financial Services Limited Copyright exists in this document Privacy Policy 1

Police Financial Services Limited Copyright exists in this document Privacy Policy 1 Privacy January 2015 Policy Police Financial Services Limited ABN 33 087 651 661 ('we', 'us', 'our', BankVic ) is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act).

More information

Daltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual

Daltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual Daltrak Building Services Pty Ltd ABN: 44 069 781 933 Privacy Policy Manual Table Of Contents 1. Introduction Page 2 2. Australian Privacy Principles (APP s) Page 3 3. Kinds Of Personal Information That

More information

Hume Bank Limited Privacy Policy

Hume Bank Limited Privacy Policy Hume Bank Limited Privacy Policy Hume Bank Limited (ACN 051 868 556) ('we', 'us', 'our') is subject to the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles and Part IIIA

More information

Credit reporting code of conduct

Credit reporting code of conduct Credit reporting code of conduct Issued by the Privacy Commissioner under section 18A of the Privacy Act, September 1991 and including all amendments as at March 1996 Privacy Commissioner, March 1996 Human

More information

CREDIT REPORTING POLICY

CREDIT REPORTING POLICY CREDIT REPORTING POLICY GENERAL We respect your privacy and are committed to protecting it. We are bound by the Privacy Act 1988 and the Privacy (Credit Reporting) Code 2014 (Version 1.2) (the CR Code).

More information

2.1 Certain words have special meanings when used in this Privacy Policy. These are shown below.

2.1 Certain words have special meanings when used in this Privacy Policy. These are shown below. 1. OUR COMMITTMENT 1.1 In handling your personal information, Maleny Credit Union (ABN 52 087 650 995) and its controlled entities ( MCU / credit union / we / us ) are committed to complying with the Australian

More information

3 What Personal Information do we collect and why do we need it?

3 What Personal Information do we collect and why do we need it? Privacy Policy 1 Protecting your privacy The worldwide rental system operated as Europcar is owned by Europcar International, a French Corporation. A number of independently owned licensees also trade

More information

Privacy Policy Statement

Privacy Policy Statement Privacy Policy Statement Our Commitment While information is the foundation for providing you with superior service, protecting the privacy of your personal information is of the highest importance to

More information

Important information about your credit card account ( Account )

Important information about your credit card account ( Account ) Important information about your credit card account ( Account ) This notice is provided to you with your December 2013 statement of Account and details changes to the terms and conditions of your account

More information

Crampton Credit Reporting Policy

Crampton Credit Reporting Policy Crampton Credit Reporting Policy Crampton Automotive Pty Ltd (ACN 057 283 253), trading as Toowoomba Holden and its related bodies corporate (Crampton) is committed to protecting the privacy of individuals

More information

PRIVACY AND CREDIT REPORTING POLICY

PRIVACY AND CREDIT REPORTING POLICY PRIVACY AND CREDIT REPORTING POLICY 12 March 2014 CONTENTS What is personal information?...3 Information we may collect, use and disclose about you...4 Collection of sensitive information...6 How personal

More information

PRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;

PRIVACY POLICY. comply with the Australian Privacy Principles (APPs); ensure that we manage your personal information openly and transparently; PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal

More information

How does Barnes collect and hold personal information?

How does Barnes collect and hold personal information? Barnes Mortgage Management Pty Ltd ACN 061 590 341 Australian Credit Licence 384 156 Ground Floor, 132 Lutwyche Road (Corner Nicholas Street), Windsor, QLD, 4030 Tel: 07 3622 2400 Fax: 07 3357 9436 Privacy

More information

CUA Group APP Privacy & Credit information Policy

CUA Group APP Privacy & Credit information Policy For more information: Call 133 282 Visit www.cua.com.au Drop into your local branch CUA Group APP Privacy & Credit information Policy 1 August 2015 Credit Union Australia Limited ABN 44 087 650 959 AFSL

More information

PRIVACY AND CREDIT REPORTING POLICY

PRIVACY AND CREDIT REPORTING POLICY R.A.C.V. Finance Limited PRIVACY AND CREDIT REPORTING POLICY Page 1 Contents 1. Introduction to RACV Finance Privacy and Credit Reporting Policy (the Policy ). 3 2. The Legislative Framework... 3 3. Types

More information

Why does Smart Business Telecom Pty. Ltd. collect personal information?

Why does Smart Business Telecom Pty. Ltd. collect personal information? Privacy Policy Smart Business Telecom Pty. Ltd. ABN: 31 155 359 541, Privacy Policy 1 st March 2015 Smart Business Telecom Pty. Ltd. provides broadband internet, mobile voice & data, and PSTN fixed landline

More information

Credit Information Management Policy Australia

Credit Information Management Policy Australia Credit Information Management Policy Australia 1. About this policy We respect your privacy. We are committed to protecting the personal information we collect from you in accordance with Australian law.

More information

PART 1 PERSONAL AND CREDIT INFORMATION PRIVACY POLICY Document Purpose

PART 1 PERSONAL AND CREDIT INFORMATION PRIVACY POLICY Document Purpose Tyro Payments Privacy Policy Version 2.0 PART 1 PERSONAL AND CREDIT INFORMATION PRIVACY POLICY Document Purpose The purpose of this Privacy Policy is to provide a summary of how, why and when personal

More information

CREDIT REPORTING PRIVACY CODE (CR Code) Draft v.3.1

CREDIT REPORTING PRIVACY CODE (CR Code) Draft v.3.1 CREDIT REPORTING PRIVACY CODE () Draft v.3.1 This is intended to replace the Credit Reporting Code of Conduct issued under Section 18A of the Privacy Act 1988 (this section is repealed with effect from

More information

Privacy Policy. Effective Date 1 October 2015

Privacy Policy. Effective Date 1 October 2015 Privacy Policy Effective Date 1 October 2015 The Rock - A division of MyState Bank Limited (MyState) ABN 89 067 729 195 AFSL 240896 Australian Credit Licence Number 240896 A wholly owned subsidiary of

More information

CREDIT REPORTING POLICY

CREDIT REPORTING POLICY CREDIT REPORTING POLICY The Clean Energy Finance Corporation ("CEFC", we, us, our in this Credit Reporting Policy) respect the privacy of personal information and credit information you may provide to

More information

Privacy fact sheet 17

Privacy fact sheet 17 Privacy fact sheet 17 Australian Privacy Principles January 2014 From 12 March 2014, the Australian Privacy Principles (APPs) will replace the National Privacy Principles Information Privacy Principles

More information

Mercedes-Benz Financial Services. Privacy Statement

Mercedes-Benz Financial Services. Privacy Statement Mercedes-Benz Financial Services Privacy Statement Privacy Statement Mercedes-Benz Financial Services Australia Pty Ltd A Daimler Company We, Mercedes-Benz Financial Services Australia Pty Ltd ( MBFS )

More information

Credit Reporting Privacy Code 2004

Credit Reporting Privacy Code 2004 Credit Reporting Privacy Code 2004 Incorporating: Amendment No. 3 and Commentary Privacy Commissioner Te Mana Matapono Matatapu NEW ZEALAND CREDIT REPORTING PRIVACY CODE 2004 PART 1: PRELIMINARY 1. Title

More information

Guidance note 11/ Background. Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Guidance note 11/ Background. Anti-Money Laundering and Counter-Terrorism Financing Act 2006 Guidance note 11/02 Verification of identity: The use and disclosure of personal information by reporting entities and credit reporting agencies for the purposes of verifying an individual s identity natural

More information

Application for Overdraft, Personal or Car loan

Application for Overdraft, Personal or Car loan Application for Overdraft, Personal or Car loan How to lodge your application: bankvic.com.au loans@bankvic.com.au 13 63 73 option 4 Reply Paid 669, BankVic PO Box 669, Carlton Sth Vic 3053 Visit a branch

More information

American Express. Business Credit Card Conditions

American Express. Business Credit Card Conditions American Express Business Credit Card Conditions Effective 1st June 2006 Postal Address American Express Australia Limited Cardmember Services GPO Box 1582 Sydney NSW 2001 Lost or Stolen Cards In Australia

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

BANK OF CHINA AUSTRALIAN OPERATIONS PRIVACY POLICY

BANK OF CHINA AUSTRALIAN OPERATIONS PRIVACY POLICY BANK OF CHINA AUSTRALIAN OPERATIONS PRIVACY POLICY We, Bank of China Limited, Sydney Branch ABN 29 002 979 955 AFSL No. 230547 and Bank of China (Australia) Limited ABN 28 110 077 622 AFSL and Australian

More information

Table of Contents. Introduction 3 What is Title Insurance? What are mortgage processing and loan servicing services? 3 This Privacy Policy 3

Table of Contents. Introduction 3 What is Title Insurance? What are mortgage processing and loan servicing services? 3 This Privacy Policy 3 Privacy Policy First American Title Insurance Company of Australia Pty Ltd First Mortgage Services Pty Ltd First Mortgage Services Australia Pty Ltd 1 P a g e Table of Contents Page Introduction 3 What

More information

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that

More information

Loan / overdraft application

Loan / overdraft application Loan / overdraft application Loan details Loan 1 Type q Personal q Home q Mortgage Line of Credit Loan purpose This loan is predominantly for Amount required $ for a term of yrs at a rate of % p.a. Home

More information

SIMPLY FINANCE PRIVACY AND CREDIT REPORTING POLICY

SIMPLY FINANCE PRIVACY AND CREDIT REPORTING POLICY SIMPLY FINANCE PRIVACY AND CREDIT REPORTING POLICY 1. Our privacy commitment Lane Financial Solutions Pty Ltd (ACN 146 182 256) (Australian Credit Licence No: 390275) trading as Simply Finance (Simply

More information

Zinc Recruitment Pty Ltd Privacy Policy

Zinc Recruitment Pty Ltd Privacy Policy 1. Introduction Zinc Recruitment Pty Ltd Privacy Policy We manage personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles. This policy applies to information collected

More information

Postcode: Postcode: Australia Business Number (ABN):

Postcode: Postcode: Australia Business Number (ABN): New client form Name of your AJ Park contact: Account name: Trading name: Full name of contact person: Mobile: Street address: Postcode: Postal address (if different from street address): Postcode: Phone:

More information

ASPEN AUSTRALIA BRANCH PRIVACY POLICY

ASPEN AUSTRALIA BRANCH PRIVACY POLICY ASPEN AUSTRALIA BRANCH PRIVACY POLICY INTRODUCTION This policy applies to the operations of Aspen s Australia branch. Aspen is committed to complying with the principles of the Privacy Act 1988 and accordingly

More information

PRIVACY POLICY Personal information and sensitive information Information we request from you

PRIVACY POLICY Personal information and sensitive information Information we request from you PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage

More information

Community Telco Credit Management Policy

Community Telco Credit Management Policy Community Telco Australia Pty Ltd PO Box 1187 Bendigo VIC 3552 Telephone 1300 743 303 Facsimile 1300 224 569 email address: service@communitytelco.com.au web address: www.communitytelco.com.au Community

More information

Direct Recruitment Privacy Policy

Direct Recruitment Privacy Policy Direct Recruitment Privacy Policy Direct Recruitment manages personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP). This policy applies to information collected

More information

Privacy Policy. Ignite your local marketing

Privacy Policy. Ignite your local marketing Privacy Policy Ignite your local marketing Contents 1) Introduction... 3 2) What is your personal information?... 3 3) What personal information do we collect and hold?... 3 4) How do we collect your personal

More information

2015 No. 0000 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Businesses (Credit Information) Regulations 2015

2015 No. 0000 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Businesses (Credit Information) Regulations 2015 Draft Regulations to illustrate the Treasury s current intention as to the exercise of powers under clause 4 of the the Small Business, Enterprise and Employment Bill. D R A F T S T A T U T O R Y I N S

More information

Visa Credit Card Application

Visa Credit Card Application Visa Credit Card Application How did you hear about our Credit Card product? Primary Member No. (if applicable) Joint Member No. (if applicable) Your Credit Card Details Is this application to increase

More information

AC&E Insurance Services Pty Ltd Privacy Statement Effective: 1 August, 2010

AC&E Insurance Services Pty Ltd Privacy Statement Effective: 1 August, 2010 AC&E Insurance Services Pty Ltd Privacy Statement Effective: 1 August, 2010 AC&E means AC&E Insurance Services Pty Ltd (ABN 69 137 720 757). AC&E has always valued the privacy of personal information.

More information

Pacific Smiles Group Privacy Policy

Pacific Smiles Group Privacy Policy Pacific Smiles Group Privacy Policy Pacific Smiles Group Limited and its related bodies corporate (PSG, we, our, us) recognise the importance of protecting the privacy and the rights of individuals in

More information

Guarantor Application Form

Guarantor Application Form 12/10 12455 Guarantor Application Form Prior to assessing a loan for an applicant and to meet the conditions of our Australian Credit Licence and the National Credit Code, Big Sky staff will aim to meet

More information

Number 45 of 2013. Credit Reporting Act 2013

Number 45 of 2013. Credit Reporting Act 2013 Number 45 of 2013 Credit Reporting Act 2013 Number 45 of 2013 CREDIT REPORTING ACT 2013 CONTENTS PART 1 PRELIMINARY AND GENERAL Section 1. Short title and commencement 2. Interpretation 3. Regulations

More information

2. Open and transparent management of personal information

2. Open and transparent management of personal information Privacy Policy - Talison Lithium Pty Ltd 1. Overview Talison Lithium Pty Ltd (Talison) believes privacy is an important right of individuals. Talison takes steps to protect your personal information from

More information

Financial Services Act 2010

Financial Services Act 2010 Financial Services Act 2010 CHAPTER 28 CONTENTS Objectives of FSA etc 1 Financial stability objective 2 Enhancing public understanding of financial matters etc 3 Meeting FSA s regulatory objectives Remuneration

More information

WEBSITE PRIVACY POLICY

WEBSITE PRIVACY POLICY WEBSITE PRIVACY POLICY The Roman Catholic Archbishop of Perth Centacare Skills Training Centre trading as Centacare Employment and Training (A.B.N.14 678 096 405) ( we, us, our or Centacare Employment

More information

THE OFFICIAL GAZETTE 10 TH JUNE, 2010 LEGAL SUPPLEMENT A

THE OFFICIAL GAZETTE 10 TH JUNE, 2010 LEGAL SUPPLEMENT A THE OFFICIAL GAZETTE 10 TH JUNE, 2010 LEGAL SUPPLEMENT A GUYANA ACT No. 9 of 2010 CREDIT REPORTING ACT 2010 ARRANGEMENT OF SECTIONS SECTION PART I PRELIMINARY 1. Short title and commencement. 2. Interpretation.

More information

privacy and credit reporting policy.

privacy and credit reporting policy. privacy and credit reporting policy. ME, we, us or our refers to Members Equity Bank Ltd and its subsidiary ME Portfolio Management Ltd. about ME Every Australian deserves to get the most out of their

More information

Application for Visa Credit card

Application for Visa Credit card Application for Visa Credit card How to lodge your application: bankvic.com.au loans@bankvic.com.au 13 63 73 option 4 Reply Paid 669, BankVic PO Box 669, Carlton Sth Vic 3053 Visit a branch Information

More information

Ausgrid Privacy Policy

Ausgrid Privacy Policy Ausgrid Privacy Policy Ausgrid is responsible for the safe and reliable supply of electricity to homes and businesses throughout Sydney, the Hunter and the Central Coast. Its network is made up of more

More information

AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES

AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES http://www.lawcouncil.asn.au The Privacy Commissioner has welcomed the Law Council s initiative in producing this overview.

More information

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (PRIVACY AND ELECTRONIC COMMUNICATIONS) REGULATIONS 2011 (Prn. A11/1165) 2 [336] S.I.

More information

Respecting your privacy

Respecting your privacy Respecting your privacy We respect your personal information, and this Privacy Policy explains how we handle it. The policy covers National Australia Bank Ltd ABN 12 004 044 937 and all its related body

More information

Small Business Grants (Employment Incentive) Act 2015 No 14

Small Business Grants (Employment Incentive) Act 2015 No 14 New South Wales Small Business Grants (Employment Incentive) Act 2015 No 14 Contents Page Part 1 Part 2 Preliminary 1 Name of Act 2 2 Commencement 2 3 Object of Act 2 4 Definitions 2 Grant scheme 5 Grant

More information

Chapter 5: Australian Privacy Principle 5 Notification of the collection of personal information

Chapter 5: Australian Privacy Principle 5 Notification of the collection of personal information Chapter 5: Australian Privacy Principle 5 Notification of the collection of personal information Version 1.0, February 2014 Key points... 2 What does APP 5 say?... 2 Taking reasonable steps to notify or

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

QPCU Credit Card Application

QPCU Credit Card Application QPCU Credit Card Application Level 1, 231 North Quay, Brisbane Qld 4000. PO Box 13003, George Street Qld 4003. : 13 77 28 Fax: (07) 3211 3683 Email: info@qpcu.com.au Website: www.qpcu.com.au Australian

More information

Casino Control Act 2006

Casino Control Act 2006 Australian Capital Territory A2006-2 Republication No 13 Effective: 14 October 2015 Republication date: 14 October 2015 Last amendment made by A2015-33 Authorised by the ACT Parliamentary Counsel About

More information

Credit Reporting Privacy Code 2004

Credit Reporting Privacy Code 2004 Credit Reporting Privacy Code 2004 Incorporating Amendments No. 2 and No. 3 Privacy Commissioner Te Mana Matapono Matatapu NEW ZEALAND Credit Reporting Privacy Code 2004 1. Title 2. Commencement 3. Review

More information

ZEN Telecom Pty. Ltd. Privacy Policy

ZEN Telecom Pty. Ltd. Privacy Policy ZEN Telecom Pty. Ltd. Privacy Policy ZEN Telecom provides broadband internet, mobile voice & data, and PSTN fixed landline telephone, products and services, to residential and small to medium business

More information

Privacy Policy and Disclosure Statement

Privacy Policy and Disclosure Statement Privacy Policy and Disclosure Statement 1. Introduction 1.1 From time to time Pinnacle People (ABN: 813 790 665 06) ("the Company") is required to collect, hold, use and/or disclose personal information

More information

Home Loan Application

Home Loan Application Home Loan Application How did you hear about our home loan product? Primary Member No. (if applicable) Your Loan Details Joint Member No. (if applicable) On approval of this loan please provide me with

More information

FISHER & PAYKEL PRIVACY POLICY

FISHER & PAYKEL PRIVACY POLICY FISHER & PAYKEL PRIVACY POLICY 1. About this Policy Fisher & Paykel Australia Pty Limited (ABN 71 000 042 080) and its related companies ('we', 'us', 'our') understands the importance of, and is committed

More information

Full name of business. ABN Years in business. Business structure (eg. Company/Trust/Partnership/Incorporation etc.)

Full name of business. ABN Years in business. Business structure (eg. Company/Trust/Partnership/Incorporation etc.) Application for Business Credit Card www.heritage.com.au Phone 13 14 22 Fax (07) 4694 9782 PO Box 190 Toowoomba Qld 4350 Use this form to apply for Business credit card only. Requests for cards to be linked

More information

Lombard Visa Card Account Conditions of Use

Lombard Visa Card Account Conditions of Use Lombard Finance Pty Limited Phone: 1300 132 302 PO Box 6227, Baulkham Hills NSW 2153 ABN 31 099 651 877 Australian Credit Licence 247 415 V0312 Lombard Visa Card Account Conditions of Use Your contract

More information

Mutual Banking Code of Practice

Mutual Banking Code of Practice Mutual Banking Code of Practice Credit Unions and Mutual Building Societies July 2009 The Mutual Banking Code of Practice is the code of practice for Australia s credit unions and mutual building societies.

More information

2015 No. 1945 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Credit Information) Regulations 2015

2015 No. 1945 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Credit Information) Regulations 2015 S T A T U T O R Y I N S T R U M E N T S 2015 No. 1945 FINANCIAL SERVICES AND MARKETS The Small and Medium Sized Business (Credit Information) Regulations 2015 Made - - - - 26th November 2015 Coming into

More information

Submission 027 Experian Australia Credit Services Pty Ltd ACN 150 305 838. Inquiry into the Privacy Amendment (Enhancing Privacy Protection) Bill 2012

Submission 027 Experian Australia Credit Services Pty Ltd ACN 150 305 838. Inquiry into the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 Experian Australia Credit Services Pty Ltd Experian Australia Credit Services Pty Ltd Lvl 6, 580 St Kilda Road Melbourne, VIC 3004 rd 3 August, 2012 Committee Secretary House of Representatives Standing

More information

American Express. Credit Card Conditions, Financial Services Guide and Credit Guide. December 2010 AU027108E

American Express. Credit Card Conditions, Financial Services Guide and Credit Guide. December 2010 AU027108E American Express Credit Card Conditions, Financial Services Guide and Credit Guide December 2010 AU027108E Postal Address American Express Australia Limited Cardmember Services GPO Box 1582 Sydney NSW

More information

Next Business Telecom is also subject to other laws relating to the protection of personal information.

Next Business Telecom is also subject to other laws relating to the protection of personal information. NEXT BUSINESS TELECOM PRIVACY POLICY The Next Business Telecom brand (Next Business Telecom, we, us, our) Next Business Telecom provides data and voice services to its customers with a focus on business

More information

David Jones Storecard and David Jones American Express Card Member Agreement, Financial Services Guide and Purchase Protection. Terms and Conditions

David Jones Storecard and David Jones American Express Card Member Agreement, Financial Services Guide and Purchase Protection. Terms and Conditions David Jones Storecard and David Jones American Express Card Member Agreement, Financial Services Guide and Purchase Protection Terms and Conditions Issued May 2016 DAVID JONES STORECARD AND DAVID JONES

More information

PRIVACY POLICY. Unless otherwise provided by law, we will not collect, hold, use or disclose sensitive information without your consent.

PRIVACY POLICY. Unless otherwise provided by law, we will not collect, hold, use or disclose sensitive information without your consent. Purpose Australian Institute of Professional Education P/L (AIPE/we/our) is committed to providing all stakeholders with the highest levels of professional service. The purpose of this Privacy Policy is

More information

American Express Credit Card Terms & Conditions

American Express Credit Card Terms & Conditions American Express Credit Card Terms & Conditions New Zealand July 2011 This booklet sets out the respective rights and obligations of you and American Express International (NZ), Inc. concerning the American

More information

American Express. January 2015

American Express. January 2015 American Express Credit Card Conditions, Privacy Statement, Credit Guide and Financial Services Guide January 2015 AU481693E American Express Australia Limited (ABN 92 108 952 085) Australian Credit License

More information

Loan Application ALL questions need to be answered. Incomplete applications may delay processing.

Loan Application ALL questions need to be answered. Incomplete applications may delay processing. Loan Application ALL questions need to be answered. Incomplete applications may delay processing. APPLICANT DETAILS Member Number Title e.g.: Mr/Mrs/Ms/Dr Family name Given name(s) Individual Applicant

More information

Beacon Financial Group - Privacy Policy

Beacon Financial Group - Privacy Policy Beacon Financial Group - Privacy Policy Including: Beacon Financial Group Pty Ltd ABN 33 162 734 152, The FinancialLink Group Pty Ltd ABN 12 055 622 967 and Interactive Mortgage and Finance Pty Ltd ABN

More information

ASSET FINANCE APPLICATION.

ASSET FINANCE APPLICATION. ASSET FINANCE APPLICATION. For all enquiries please contact us on 1300 658 108 Mon to Fri 9am-5pm (Melbourne time) or email us at business@mebank.com.au Visit mebank.com.au Please complete this form and

More information

COLLECTION AND DEBT REPAYMENT PRACTICES REGULATION

COLLECTION AND DEBT REPAYMENT PRACTICES REGULATION Province of Alberta FAIR TRADING ACT COLLECTION AND DEBT REPAYMENT PRACTICES REGULATION Alberta Regulation 194/1999 With amendments up to and including Alberta Regulation 57/2014 Office Consolidation Published

More information

BLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY

BLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY BLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY Version 1-1 1 July 2015 Blue Badge Insurance Australia Pty Ltd 2014 ABN 59 162 783 306 A.R. No. 438547 is an Authorised

More information

BUSINESS LOAN APPLICATION FORM.

BUSINESS LOAN APPLICATION FORM. BUSINESS LOAN APPLICATION FORM. For any enquiries contact us on 1300 658 108 Mon to Fri 9am-5pm (AEST/AEDT) Mail to New Accounts - Business Banking, ME Bank, Reply Paid 1345, Melbourne, Victoria 8060.

More information

T&Cs for GUARANTOR Instalment & Bond Loans

T&Cs for GUARANTOR Instalment & Bond Loans T&Cs for GUARANTOR Instalment & Bond Loans 1. INTERPRETATION TERMS AND CONDITIONS 1.1. In these Terms and Conditions, the words "you'" and "your" refer to the Debtors who have entered into this Loan Agreement.

More information

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY 1. About this Policy Corporate Travel Management Group Pty Ltd (ABN 52 005 000 895) (CTM) ('we', 'us', 'our') understands the importance of, and is committed

More information

PRIVACY NOTICE AND CONSENT

PRIVACY NOTICE AND CONSENT Australian Credit Licence Number 387406 PRIVACY NOTICE AND CONSENT This privacy notice and consent relates to an application (the application) you make to a mortgage manager for a loan (your loan) or in

More information

T s And C s. General terms. It s Ours. Effective April 2015

T s And C s. General terms. It s Ours. Effective April 2015 T s And C s. General terms and Effective conditions April 2012 Effective April 2015 It s Ours. a What s Inside Here. General provisions 1 1. What are these terms about? 1 2. When can our terms and product

More information

The Privacy Act 1988 contains 10 National Privacy Principles (the NPPs) which specify how organisations should handle personal information.

The Privacy Act 1988 contains 10 National Privacy Principles (the NPPs) which specify how organisations should handle personal information. Privacy policy Abstract Page 1 Preamble The Privacy Act 1988 contains 10 National s (the NPPs) which specify how organisations should handle personal information. The Anglican Church Diocese of Sydney

More information

COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A)

COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A) COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A) (Original Enactment: Act 19 of 1993) REVISED EDITION 2007 (31st July 2007) An Act to make provision for securing computer material against unauthorised

More information

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation

More information

Our standard terms and conditions for Your Advanced Personal Loan.

Our standard terms and conditions for Your Advanced Personal Loan. Our standard terms and conditions for Your Advanced Personal Loan. For loans approved on or after 6 June 2015 6 June 2015 Important Information The information set out below forms part of your disclosure

More information