View: Personal and Electronic Consents
Privacy policy
Thank you for trusting us with your information. We value that trust, and that's why protecting your
information, and being clear about how we collect, use, exchange and protect your information, is of huge
importance and a vital part of our relationship with you.
1. Your privacy is important to us
This Policy outlines how Prospa (Prospa Advance Pty Ltd, Prospa Pty Ltd and our related companies from time
to
time) (“we / us / the Group”) collect, disclose, use, store or otherwise handle personal information. It is
important to us that we manage your personal information securely and consistently with relevant
legislation,
including the Australian Privacy Act 1988 (Commonwealth), the New Zealand Privacy Act 1993 and the Credit
Reporting Privacy Codes for Australia and New Zealand (as applicable), as amended or replaced from time to
time
(Privacy Laws).
This Policy explains:
- The kinds of personal information (including credit-related information) we collect;
- The purposes for which we collect this information;
- How we manage the personal information that we collect about you;
- How you can seek access to and correction of that information; and
- If necessary, how you can make a complaint relating to our handling of that information.
This policy does not limit our rights and obligations under Privacy Laws.
This policy is not limited to current customers or guarantors of customers (where applicable) - it relates
to
all other individuals who deal with us, whether in relation to the provision of credit or otherwise.
2. Information we collect from you
2.1 When we collect Personal information
We collect information about you and your interactions with us, for example, when you request or use our
products or services, make a card purchase or transfer money, phone us or visit any of our websites. When
you
use our website or mobile applications, we may collect information about your location or activity
including
your IP address, telephone number and whether you've accessed third-party sites. Some of this website
information we collect using cookies.
This may include information collected directly from you and information that you authorise us to collect
from
third parties. It is not mandatory for you to provide us with the personal information that we request -
however if you do not do so it may affect the products and services that we can provide to you.
2.2 The Personal Information we collect
We will collect certain personal information about you depending on the circumstances in which the product
or
service is being provided. This information can include:
-
Key personal information such as your name, residential and business addresses, telephone numbers,
email
and other electronic addresses;
-
Financial and related information, such as your occupation, accounts, bank account information (from
prior
to the loan being granted and ongoing for the term of the loan), assets, expenses, income, revenue,
dependents, and regarding your employment, financial and business dealings and other relevant events;
-
Your transaction history (with us and our associates or relevant third parties). This information
includes
products you may have used with us in the past, your payment history, and the capacity in which you
have
dealt or deal with us; and
-
Other relevant information - depending on the circumstances this may also include your gender, marital
status and health and medical information, membership of professional bodies, tax file number
information
and other government identifiers (e.g. if relevant for insurance purposes or to identifying you).
2.3 Information we collect from others
We collect information about you from others such as service providers, agents, your bank, advisers,
brokers,
employers or family members. For example, if you apply for credit, we may need to obtain a credit report
from a
credit reporting body. We will also obtain bank account information from your bank throughout the term of
the
loan. We may collect information about you that is publicly available, for example, from public registers
or
social media, or made available by third parties.
We may use a bank statements and third party account aggregation service provider. By obtaining from you
access
to your internet banking, our third party service provider will access your personal information for the
purpose of providing your personal and business bank account information to us. We will obtain the last six
months bank transactions from the relevant bank account on the date you apply for a loan, in addition to
further ongoing bank transactions for the term of the loan, for the purpose of assessing any future loan
application. We note that your bank's terms may prohibit you from sharing your login, so you agree to
appoint
our third party service provider as your agent to access your internet banking on your behalf solely for
this
purposes and you consent to our ongoing access to this information for the term of the loan and the
purposes
outlined above.
2.4 Sensitive information
The New Zealand and Australian Privacy Acts both protect your sensitive information, such as health
information
that's collected on insurance or hardship applications. If we need to obtain this type of information, we
will
ask for your consent, except where otherwise permitted by law.
2.5 Information about other people
If you provide any personal information to us about another person, you confirm that you have the authority
of
that person to share their information with us and to permit us to hold, use and disclose their information
in
accordance with this Privacy Policy. You must inform them of their rights to access and request correction
of
their information set out below.
3. How do we use your information?
In many circumstances, we will collect the above information primarily from you (or from someone who is
representing or assisting you). However, there are certain instances in which we will collect information
about
you from third parties where it is unreasonable or impracticable to collect it directly from you. For
example,
even where your application is for credit, we may collect information about you from a business which
provides
information about commercial credit worthiness for the purpose of assessing your application.
We use your information to:
- Establish your identity and assess applications for products and services.
- Price and design our products and services.
- Administer our products and services and generally carry out our business functions and activities.
-
Manage our relationship with you, including fulfilling our obligations and exercising our rights under
any
agreement with you.
- Conduct and improve our businesses and improve our customers' experience.
- Manage our risks and help identify and investigate illegal activity, such as fraud.
- Contact you, for example if we suspect fraud on your account or need to tell you something important.
- Comply with our legal obligations and assist government and law enforcement agencies or regulators.
-
Identify and tell you about products or services offered by us, any of our Group members or any third
parties that we think may be of interest to you (refer to section 3.1 below).
We may also collect, use and exchange your information in other ways where you have authorised us to do so
or
where permitted by law.
3.1 Direct marketing
We may use your information for direct marketing, including by email or other electronic means. If you no
longer
want to receive direct marketing, you can tell us by using any of the methods set out in section 9.
3.2 Gathering and combining data to get insights
Improvements in technology enable organisations to collect and use information to get a more integrated view
of
customers and provide better products and services. We may combine our customer information with
information
available from a wide variety of external sources (for example census or Australian or New Zealand Bureau
of
Statistics data). We are able to analyse the data in order to gain useful insights which can be used for
any of
the purposes mentioned earlier in this policy. In addition, Group members may provide data insights or
related
reports to others, for example, to help them understand their customers better. These insights and reports
are
based on aggregated information and do not contain any information that identifies you.
4. Who do we exchange your information with?
We exchange your information with other members of the Group, so that the Group may adopt an integrated
approach
to its customers. Group members may use this information for any of the purposes mentioned in this section.
4.1 Third parties
We may exchange your information with third parties where this is permitted or required by law, or for any
of
the purposes mentioned in section 3.
Third parties include:
- Your co-applicant(s) (if any)
- Group members based in Australia, New Zealand or overseas
-
Entities that provide services to us such as, identity verification, mailing houses or call centre
operators
-
Service providers, for example law firms, market research / data providers, and loyalty program
redemption
partners
-
Service providers to whom we outsource certain functions, for example, direct marketing, statement
production, debt recovery and information technology support
-
Brokers, agents and advisers and persons acting on your behalf, for example guardians or persons
holding
power of attorney
- References that you provide to us, for example landlord details or trade references
- The supplier of any goods or services financed with credit we provide
- Guarantors or any person providing security for any service
-
Persons involved in arrangements that provide funding to us, including persons who may acquire rights
to
our assets (for example loans), investors, advisers, trustees and rating agencies
- Claims-related providers, such as assessors and investigators, who help us with claims
- Other financial institutions such as banks and credit providers
- Auditors, insurers and re-insurers
- Employers or former employers
- Government and law enforcement agencies or regulators
-
Credit reporting bodies - credit reporting bodies may collect the information we provide to them
(including
default information) and use it to provide their credit reporting services (see section 5 below)
- Entities established to help identify illegal activities and prevent fraud
- Overseas entities that provide products and services to us.
-
Any other parties that you authorise or that we are required or permitted by law to share information
with.
4.2 Sending information overseas
Generally, we use customer service teams located within Australia or New Zealand. However we may send your
information overseas, including to overseas Group members and to service providers or other third parties
who
operate or hold data outside Australia and New Zealand. Where we do this, we take reasonable steps to
ensure
that appropriate data handling and security arrangements are in place. Please note that Australian and New
Zealand law may not apply to some of these entities.
We may also send information overseas to complete a particular transaction or where this is required by laws
and
regulations of Australia, New Zealand or another country.
Where we send your information overseas, it is likely to be one of the following countries:
- Canada
- Hong Kong
- India
- New Zealand or Australia (as applicable)
- Philippines
- South Africa
- United Kingdom
- United States
Where we send your information to overseas Group members or service providers, we take reasonable steps to
ensure that appropriate data handling and security arrangements are in place.
5. Credit checks and credit reporting
When you apply to us for credit or propose to be a guarantor, we need to know if you're able to meet
repayments
under your agreement with us. We also want to avoid giving you further credit if this would put you in
financial difficulty. One of our checks involves obtaining a credit report about you.
5.1 Credit reports
A credit report contains information about your credit history that helps credit providers assess your
credit
applications, verify your identity and manage accounts you hold with them. Credit reporting bodies collect
and
exchange this information with credit providers like us and other service providers such as phone
companies.
The Australian Privacy Act and the New Zealand Credit Reporting Privacy Code (as applicable) limit the
information that credit providers can disclose about you to credit reporting bodies, as well as the ways in
which credit providers can use credit reports.
5.2 What information can we exchange with credit reporting bodies?
Australia
If you are in Australia, the information we can exchange includes:
- your identification details
- what type of loans you have
- how much you've borrowed
- whether or not you've met your loan payment obligations
- if you have committed a serious credit infringement (such as fraud).
We also ask the credit reporting body to provide us with an overall assessment score of your
creditworthiness.
The credit reporting body we use is Equifax Inc, which may change from time to time at our discretion. .
Your
personal information will be held by these agencies on their terms. You can access a copy of their
respective
privacy policies at:
Equifax
Website: www.equifax.com.au
Phone: 138 332
Address: Attention: Equifax Customer Resolutions Team, PO Box 964, North Sydney NSW 2059.
New Zealand
If you are in New Zealand, we may exchange credit information with credit reporters and we also ask the
credit
reporters to provide us with an overall assessment score of your creditworthiness.
The credit reporting body we use is Equifax Inc, which may change from time to time at our discretion. Your
personal information will be held by these agencies on their terms. You can access a copy of their
respective
privacy policies at:
Equifax
Website: www.equifax.co.nz
5.3 What do we do with credit-related information?
We use information from credit reporting bodies to confirm your identity, assess applications for credit,
manage
our relationship with you and collect overdue payments. We also use this information as part of arriving at
our
own internal assessment of your creditworthiness.
We store credit-related information with your other information. You can access credit-related information
we
hold about you, request us to correct the information and make a complaint to us about your credit-related
information. See sections 8 and 9.
5.4 Other rights you have
Credit providers may ask credit-reporting bodies to use their credit-related information to pre-screen you
for
direct marketing. You can ask a credit reporting body not to do this. Also, if you've been, or have reason
to
believe that you're likely to become, a victim of fraud (including identity fraud), you can ask the credit
reporting body not to use or disclose the credit-related information it holds about you.
6. Keeping your information secure
We store your hard-copy or electronic records on our premises and systems or offsite using trusted third
parties. We use reasonable endeavours to keep your personal information secure, however, this security
cannot
be guaranteed. Our security safeguards include:
6.1 Staff education
We train and remind our staff of their obligations with regard to your information.
6.2 Taking precautions with overseas transfers and third parties
When we send information overseas or use third parties that handle or store data, we take reasonable steps
to
ensure that appropriate data handling and security arrangements are in place.
6.3 System security
When you transact with us on the internet via our website or mobile apps we encrypt data sent from your
computer
to our systems. We have firewalls, intrusion detection systems and virus scanning tools to help to protect
against unauthorised persons and viruses accessing our systems. When we send your electronic data outside
the
Group we use dedicated secure networks or encryption. We limit access by requiring use of passwords and/or
smartcards.
6.4 Building security
We have protection in our buildings against unauthorised access such as alarms, cameras and guards (as
required).
6.5 Destroying data when no longer required
We keep information only for as long as required (for example, to meet legal requirements
or
our internal needs).
6.6 Your log-in details
You are advised to keep your log-in details private and confidential. Your log-in details are your
responsibility and we advise you not to share those details with any party. You hereby acknowledge that any
party that accesses your account does so as your agent and accordingly you agree to be bound by any
transactions effected through their use of your account. We are entitled to rely on any access to or use of
your account without making any further enquiries.
7. Accessing, updating and correcting your information
7.1 Can I get access to my information?
You can ask for access to your basic information (for example what transactions you've made) by going online
or
calling us. To obtain a copy of current credit-related information we hold about you, you can call or email
us.
7.2 Is there a fee?
There is no fee for making the initial request. However, in some cases, where permitted by law, there may be
an
access charge to cover the time we spend locating, compiling and explaining the information you ask for. If
there is an access charge, we'll give you an estimate up front and confirm that you'd like us to proceed.
Generally, the access charge is based on an hourly rate plus any photocopying costs or other out-of-pocket
expenses. You'll need to make the payment before we start, unless you've authorised us to debit your
account.
7.3 How long does it take to gain access to my information?
We try to make your information available within 30 days of your request (if you are in New Zealand, we will
respond to your request within 20 days). Before we give you the information, we'll need to confirm your
identity.
7.4 Can you deny or limit my request for access?
In certain circumstances we're allowed to deny your request, or limit the access we provide. For example, we
might not provide you access to commercially sensitive information. Whatever the outcome, we'll write to
you
explaining our decision.
7.5 Updating your basic information
It's important that we have your correct details, such as your current address and telephone number. You can
check or update your information by going online, emailing or phoning us.
7.6 Can I correct my information?
You can ask us to correct any inaccurate information we hold or have provided to others (including
credit-related information) by contacting us. If the information that is corrected is information we have
provided to others, you can ask us to notify them of the correction. We don't charge a fee for these
requests.
If your request relates to credit-related information provided by others, we may need to consult with credit
reporting bodies or other credit providers. We'll try to correct information within 30 days. If we can't
complete the request within 30 days, we'll let you know the reason for the delay and try to agree a
timeframe
with you to extend the period (if you are in New Zealand, we'll let you know the reason for the delay
within 20
days).
If we're able to correct your information, we'll inform you when the process is complete.
7.7 What if we disagree that the information should be corrected?
If we disagree with you that information should be corrected, we'll let you know in writing our reasons. You
can
ask us to include a statement with the relevant information, indicating your view that the information is
inaccurate, misleading, incomplete, irrelevant or out-of-date. We will take reasonable steps to comply with
such a request.
8. Making a privacy complaint
8.1 We're here to help
We accept that sometimes we can get things wrong. If you have a concern about your privacy (including
credit-related matters), you have a right to make a complaint and we'll do everything we can to put matters
right.
8.2 How do I make a complaint?
To lodge a complaint, please get in touch with us using your point of contact or one of the customer service
teams set out in section 9. We'll review your situation and try to resolve it straight away. If you've
raised
the matter through your point of contact or through our customer service teams and it hasn't been resolved
to
your satisfaction, please contact our Customer Relations team using the details in section 9.
8.3 How do we handle a complaint?
We acknowledge every complaint we receive and provide you with our name, a reference number and contact
details
of the investigating officer. We keep you updated on the progress we're making towards fixing the problem.
Usually, it takes only a few days to resolve a complaint. However, if we're unable to provide a final
response
within 45 days we'll contact you to explain why and discuss a timeframe to resolve the complaint.
8.4 Credit-related information complaints
If your complaint is about our practices relating to credit-related information, then we may need to consult
with other organisations, including credit reporting bodies or credit providers.
We will acknowledge receipt of the complaint within seven days. If we can't resolve the matter within 30
days
(or within 20 days if you are in New Zealand), we'll contact you and explain the reason for the delay, the
expected timeframe to resolve the complaint and seek your agreement to extend the period.
8.5 External review
If you're not satisfied with our handling of your matter, you can refer your complaint to external dispute
resolution. We suggest you do this only once you've first followed our internal complaint processes set out
above.
If you are in Australia, Prospa is a member of the Financial Ombudsman Service (FOS). FOS will consider
privacy
disputes if they're about the provision of credit, the collection of a debt, credit reporting or the
banker-customer relationship, or if the privacy issue is part of a broader dispute with us.
If your complaint is about the way we handle your personal information, you may also contact the Office of
the
Australian Information Commissioner by calling them at 1300 363 992, online at www.oaic.gov.au or writing
to
the Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001.
If you are in New Zealand and your complaint is about the way we handle your personal information, you may
contact the Office of the New Zealand Privacy Commissioner by sending them a complaint using the online complaint form, or by writing to the Office of the New Zealand Privacy
Commissioner, PO Box 10094, Wellington 6143, New Zealand, using the complaint form available here.
9. How to contact us or find out more
For privacy related queries, access or correction requests, or complaints, or to request a printed version
of
this policy, please contact us on 1300 882 867 (AU) or 0800 005 797 (NZ) or email privacy@prospa.com . Our call centre
is
open Monday to Friday, 9am-5pm AEST.
We aim to resolve your query or complaint at your first point of contact with us. You can use your usual
point
of contact or call our customer service team.
9.1 To update your direct marketing preferences or request not to receive direct marketing
You can call us using the number above or email us.
For more information about the Australian Privacy Principles and credit reporting rules visit:
- Office of the Australian Information Commissioner (privacy generally)
- Australian Retail Credit Association (credit reporting rules)
For more information about the New Zealand Privacy Principles and credit reporting rules visit:
- Office of the New Zealand Privacy Commissioner (privacy generally)
- Retail Credit Association of New Zealand (credit reporting rules)
10. Amendments to this Privacy Policy
We may change this Privacy Policy at any time by changing or removing existing terms or adding new ones.
Changes
may take the form of a completely new Privacy Policy. We will tell you about any changes by posting an
updated
Privacy Policy on our website. Any change we make applies from the date we post it on the website. By
continuing to use our services you will be deemed to agree to our updated Privacy Policy.
