From time to time Infinitas Finance (“the Company”) is required to collect, hold, use and/or disclose personal information relating to individuals (including, but not limited to its clients, contractors, suppliers and employees) in the performance of its business activities.
The information collected by the Company will, from time to time, be accessible to certain individuals employed or engaged by the Company who may be required to use the information in the course of their duties.
This document sets out the Company’s policy in relation to the protection of personal information, as defined under the Privacy Act 1998 (Cth) the (“Act”), which includes the Australian Privacy Principles (“APP”). The APP’s regulate the handling of personal information.
The obligations imposed on the Company under this policy are also imposed on any individual employed or engaged by the Company (“employees”).
This policy outlines the Company’s requirements and expectations in relation to the handling of personal information.
The Policy applies to all employees, independent contractors, consultants and other workers engaged by the Company and who have access to personal information in the course of performing their duties.
WHAT IS PERSONAL INFORMATION?
Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
WHAT IS NOT PERSONAL INFORMATION?
This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record as they are exempt from the APPs.
An employee record is a record of personal information relating to the employment of an employee. Examples of personal information relating to the employment of the employee include, but are not limited to, health information and information about the engagement, training, disciplining, resignation, termination, terms and conditions of employment of the employee.
Employees (such as those engaged in a supervisory, operations or human resources capacity) will have access to employee records. Employees who have access to employee records must ensure that the information is handled confidentially and for a proper purpose only. Employee records are only permitted to be collected, used and disclosed where the act of doing so is directly related to a current or former employment relationship.
Employees who have access to employee records and who may have a question about the use or disclosure of employee records, should contact the Privacy Officer.
KINDS OF INFORMATION THAT THE COMPANY COLLECTS AND HOLDS
The Company collects personal information that is reasonably necessary for one or more of its functions or activities or if the Company has received consent to collect the information. If the Company collects sensitive information (as defined below), the Company must also have obtained consent in addition to the collection being reasonably necessary.
The type of information that the Company collects and holds may depend on an individual’s relationship with the Company, for example:
- Candidate: If a person is a candidate seeking employment with the Company, the Company may collect and hold information about that candidate including the candidates name, address, email address, contact telephone number, gender, age, employment history, references, resume, medical history, emergency contact, taxation details, qualifications and payment details.
- Client:If a person is a client of the Company, the Company may collect and hold information including the client’s name, address, email address, contact telephone number, gender and age and other sensitive information.
- Supplier:If a person or business is a supplier of the Company, the Company may collect and hold information about the supplier including the supplier’s name, address, email address, contact telephone number, business records, billing information and information about goods and services supplied by the Supplier.
- Referee:If a person is a referee of a candidate being considered for employment by the Company, the Company may collect and hold information including the referee’s name, contact details, current employment information and professional opinion of candidate.
- Sensitive information:The Company will only collect sensitive information where an individual consents to the collection of the information and the information is reasonably necessary for one or more of the Company’s functions or activities. Sensitive information includes, but is not limited to, information or an opinion about racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preferences, criminal record, health information or genetic information.
HOW THE COMPANY COLLECTS AND HOLDS PERSONAL INFORMATION
The Company may collect personal information in a number of ways, including without limitation:
- Through application forms (e.g. job applications)
- By email or other written mechanisms
- Over a telephone call
- In person
- Through transactions
- Through the Company website
- By technology that is used to support communications between individuals and the Company
- Through publicly available information sources (which may include telephone directories, the internet and social media sites); and
- Direct marketing database providers.
How information is collected from you
We will collect your information from you directly whenever we can, like from enquiries we make of you when you seek credit assistance from us. We may verify that information from sources referred to in the responses to those enquiries or in this privacy statement.
When the Company collects personal information about an individual through publicly available information sources, it will manage such information in accordance with the APPs.
- we collect information from third parties about a loan or lease in relation to which you seek our services;
- we can’t get hold of you and we rely on public information to update your contact details; or
- we exchange information with your legal or financial advisers or other representatives.
At or before the time or, if it is not reasonably practicable, as soon as practicable after, the Company collects personal information, the Company must take such steps as are reasonable in the circumstances to either notify the individual or otherwise ensure that the individual is made aware of the following:
- The identity and contact details of the Company
- That the Company has collected personal information from someone other than the individual or if the individual is unaware that such information has been collected
- That collection of personal information is required by Australian law, if it is the purpose for which the Company collects the personal information
- The consequences if the Company does not collect some or all of the personal information
- Any other third party to which the Company may disclose the personal information collected by the Company
- Whether the Company is likely to disclose personal information to overseas recipients, and the countries in which those recipients are likely to be located.
Unsolicited personal information is personal information that the Company receives which it did not solicit. Unless the Company determines that it could have collected the personal information in line with the APPs or the information is contained within a Commonwealth record, it must destroy the information to ensure it is de-identified unless the Company determines that it is acceptable for the Company to have collected the personal information.
USE AND DISCLOSURE OF PERSONAL INFORMATION
The main purposes for which the Company may use and/or disclose personal information may include but are not limited to:
- giving you credit assistance;
- giving you information about loan products or related services;
- considering whether you are eligible for a loan or lease or any related service you requested;
- assisting you to prepare an application for a lease or a loan;
- administering services we provide, for example, to answer requests or deal with complaints;
- administering payments we receive, or any payments we make, relating to your loan or lease;
- identifying you;
- telling you about other products or services we make available and that may be of interest to you, unless you tell us not to;
- telling you about other suppliers, with whom we have arrangements, that supply goods or services that may be of interest to you;
- allowing us to run our business efficiently and perform general administrative tasks;
- preventing or investigating any fraud or crime or any suspected fraud or crime;
- as required by law, regulation or codes binding us; and
- any purpose to which you have consented.
The Company may also collect, hold use and/or disclose personal information if an individual consents or if required or authorised under law.
DISCLOSURE OF PERSONAL INFORMATION
The Company may disclose personal information for any of the purposes for which it is collected, as indicated previously in this policy, or where it is under a legal duty to do so.
Disclosure will usually be internally and to related entities or to third parties such as contracted service suppliers.
If an employee discloses personal information to a third party in accordance with this policy, the employee must take steps as are reasonable in the circumstances to ensure that the third party does not breach the APPs in relation to the information.
We may use and share your information with other organisations for any purpose described above.
Sharing with your representatives and referees
We may share your information with:
- your representative or any person acting on your behalf (for example, lawyers, settlement agents, accountants or real estate agents); and
- your referees, like your employer, to confirm details about you.
Sharing with third parties
We may share your information with third parties in relation to services we provide to you or goods or services in which we reasonably consider you may be interested. Those third parties may include:
- the mortgage aggregator through whom we may submit loan or lease applications to lenders or lessors on the mortgage aggregator’s panel;
- the Australian Credit Licence holder that authorises us to engage in credit activities;
- referrers that referred your business to us;
- financial services suppliers with whom we have arrangements;
- lenders, lessors, lender’s mortgage insurers and other loan or lease intermediaries;
- organisations, like fraud reporting agencies, that may identify, investigate and/or prevent fraud, suspected fraud, crimes, suspected crimes, or other misconduct;
- Government or regulatory bodies as required or authorised by law. In some instances, these bodies may share the information with relevant foreign authorities;
- guarantors and prospective guarantors of your loan or lease;
- service providers, agents, contractors and advisers that assist us to conduct our business;
- any organisation that wishes to take an interest in our business or assets; and
- any third party to which you consent to us sharing your information.
Sharing outside of Australia
We are not likely to disclose your information to organisations overseas. However, we may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held.
ACCESS TO PERSONAL INFORMATION
If the Company holds personal information about an individual, the individual may request access to that information by putting the request in writing and sending it to the Privacy Officer. The Company will respond to any request within a reasonable period, and a charge may apply for giving access to the personal information where the Company incurs any unreasonable costs in providing the personal information.
There are certain circumstances in which the Company may refuse to grant an individual access to personal information. In such situations the Company will provide the individual with written notice that sets out the reasons for the refusal and the mechanisms available to you to make a complaint. If you receive such a request, please contact the Privacy Officer.
CORRECTION OF PERSONAL INFORMATION
If the Company holds personal information that is inaccurate, out of date, incomplete, irrelevant or misleading, it must take steps as are reasonable to correct the information.
If the Company holds personal information and an individual makes a request in writing addressed to the Privacy Officer to correct the information, the Company must take steps as are reasonable to correct the information and the Company will respond to any request within a reasonable period.
There are certain circumstances in which the Company may refuse to correct the personal information. In such situations the Company will give the individual written notice that sets out:
- The reasons for the refusal; and
- The mechanisms available to the individual to make a complaint.
If the Company corrects personal information that it has previously supplied to a third party and an individual requests the Company to notify the third party of the correction, the Company will take such steps as are reasonable to give that notification unless impracticable or unlawful to do so. If you receive such a request, please contact the Privacy Officer.
INTEGRITY AND SECURITY OF PERSONAL INFORMATION
The Company will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that it collects is accurate, up to date and complete.
Employees must take steps as are reasonable in the circumstances to protect the personal information from misuse, interference, loss and from unauthorised access, modifications or disclosure.
If the Company holds personal information and it no longer needs the information for any purpose for which the information may be used or disclosed and the information is not contained in any Commonwealth record and the Company is not required by law to retain the information, it will take such steps as are reasonable in the circumstances to destroy the information or to ensure it is de-identified.
If you are unsure whether to retain personal information, please contact the Privacy Officer to discuss.
ANONYMITY AND PSEUDONYMITY
Individuals have the option of not identifying them self, or using a pseudonym, when dealing with the Company in relation to a particular matter. This does not apply:
- Where the Company is required or authorised by or under an Australian law, or a court/ tribunal order, to deal with individuals who have identified themselves; or
- Where it is impracticable for the Company to deal with individuals who have not identified themselves or who have used a pseudonym.
However, in some cases if an individual does not provide the Company with the personal information when requested, the Company may not be able to respond to the request or provide you with the goods or services that you are requesting.
Individuals have a right to complain about the Company’s handling of personal information if the individual believes the Company has breached the APPs.
If an employee becomes aware of an individual wanting to make such a complaint to the Company, the employee should direct the individual to first contact the Privacy Officer in writing. Complaints will be dealt with in accordance with the Company’s complaints procedure and the Company will provide a response within a reasonable period.
Individuals who are dissatisfied with the Company’s response to a complaint, may refer the complaint to the Office of the Australian Information Commissioner.
BREACH OF THIS POLICY
An employee directed by the Company to do an act under this Policy and which relates to personal information, must ensure that in doing the act they comply with the obligations imposed on the Company. An employee directed by the Company who fails to do an act in accordance with this Policy will be deemed to have breached this Policy and will be subject to formal counselling and disciplinary action, up to and including possible termination of the employee’s employment.
HOW LONG DO WE RETAIN YOUR PERSONAL INFORMATION?
We are required by law to retain certain records of information for varying lengths of time. Depending on the context surrounding the information, we may be required to retain records which include your personal information from 7 years to permanently. Where your information is not required to be retained under law, we will take reasonable steps to permanently destroy or de-identify your personal information when it is no longer required for the purpose for which it was collected.