1. The information we collect
For most products and services that we provide, it is necessary for us to collect ‘Personal Information’ such as your name, date of birth, photos, contact details, occupation and other information requested and/or transaction information that you provide to us when you utilise our services. We may also need to collect other personal details (such as gender, marital status and financial information) and other information from which you can be identified.
We also may collect the following information from you in order for us to provide our services to you:
- personal information about you to record a security interest on the Personal Property Securities Register pursuant to the Personal Property Securities Act
- information relevant to the provision of products or services to you, including information about your financial position.
- information that may be relevant to our relationship with you, including name and contact details of your professional advisers or representatives such as your solicitor or accountant; your referees or guarantors; and information contained in identity documents that you may provide to us (such as the names of your family members).
- Records of our communications with you.
We may also be required to collect information so that we can easily identify you pursuant to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (“AML/CTF Act”), which may include details or copies of your driver licence or passport.
2. Employment Applications
We collect personal information from you if you apply for a job with Us, this may include your name, email address, telephone number, address, financial details, date of birth, citizenship, education, membership of any professional body or association, employment referees, criminal records, drivers licence information or health information.
3. Sensitive Information
Generally, we do not collect sensitive information about you unless required or permitted by law or where you consent for us to do so. Sensitive information will only be collected if it is relevant to your product or the service or function you are engaging us to provide. If applicable, this will be communicated to you. For example, some forms of biometric data are collected, stored and used to support access and verification procedures.
We will not collect sensitive information about you where this is expressly prohibited by local law.
Sensitive information may include information relating to:
- Political or religious beliefs
- Sexual orientation and sexual life
- Criminal convictions
- Membership of professional or trade associations or unions
- Biometric and health information
- Information about your affiliation with certain organisations, such as professional associations.
4. Why we collect personal information
We collect personal information about you which is reasonably necessary to:
- Provide you with quality products, services or transaction opportunities.
- Consider applications and approaches you make to us (including for hardship)
- Conduct marketing and social functions
- Maintain your contact details
- Fulfil our legal obligations, such as those relating to taxation and anti-money laundering and counter-terrorism financing or as otherwise authorised by you.
Without such information, we may not be able to process your application or provide you with an appropriate level of service. In such circumstances, we will process your application and provide you with the most appropriate level of service that we can.
5. Credit Information and Credit Reporting Bodies
We may collect the following information from you or about you, and hold that information for the purposes of providing our services to you:
- Details of your financial position including loans, mortgages, debt balances and the term of any loans you may have entered into.
- Information as to repayments of loans and debts including compliance with payments.
- Information as to your credit score and whether you have defaulted on repayments of loans or debts.
- Any payment arrangements as a result of defaults and /or serious infringements of such arrangements.
- Information obtained from Credit Reporting Bodies (“CRB”) in relation to your credit.
- Information from organisations that assist us in our business such as our lenders, mortgage insurers, registered trade insurer, valuers, surveyors, auctioneers, real estate agents and debtor collectors.
- Information disclosed to us by you or any related third party.
- Information available publicly.
- Information held by Government authorities.
- Information held by any related body corporate to us.
If we are required to obtain and hold credit information from a CRB for the purposes of providing you with our services that information may include Information contained in your credit report including your credit score to form a view of your credit worthiness.
We may collect information about you and disclose that information to one or more CRB. This information may include:
- Identification information;
- Personal information relating to commercial credit;
- Publicly available information;
- Personal insolvency information;
- Serious credit infringements;
- Court proceedings information (other than criminal proceedings) that relate to any credit that has been provided to, or applied for by, the individual;
- Payment arrangement and default information.
We also may disclose your credit information to a CRB for the purposes of:
- Assisting us in assessing your credit worthiness when considering your application;
- Recovering overdue amounts owed by you to us;
- If you have committed a serious credit infringement or to report defaults in accordance with the Privacy Act.
6. Identification Verification
We may be required to disclose your name, telephone number, residential address and date of birth to a third party including a CRB in order to verify your identity pursuant to the AML/CTF Act. This may be done electronically. If you are an individual, we will obtain your consent before we disclose this information to any third party including a CRB. If you do not consent to have your identity verified, you will be required to provide us with certified copies of your identification documents to us.
If verification of your identify is unable to be carried out, we will be unable to provide our services to you.
7. How we collect your information
We collect personal information about you directly from you — this can be in person, in documents you give us, from telephone calls, emails, competitions you enter, your access to our website or from transactions you make. We take reasonable steps to be transparent about how and why we collect personal data.
We may also collect your personal information from joint account holder(s) or third parties including public sources, your adviser(s), employer (or its affiliates), agents, introducers, referrers, brokers, our related companies and service providers (including credit reporting bodies, fraud and financial crime information exchanges and other information service providers).
8. How we store your information
We keep personal information in physical and electronic records, at our premises and the premises of our service providers, which may include processing or storage in the cloud, which may mean in practice that this information is stored outside Australia. No information transmitted over the internet can be guaranteed to be secure and we cannot guarantee any information you provide us with or we receive from you is secure. However, where transmission of information or storage of information occurs by way of the internet, we take steps to protect the security and integrity of personal information. We also keep records of our interactions with you (including by telephone, email and online) and of your transaction history.
9. How we use your information
We collect, hold, use and disclose personal information about you for the purpose for which it was provided to us, including for the purposes of:
- Assessing and processing your applications in respect of the services we provide to you.
- If you are a guarantor or prospective guarantor and assessing whether to accept you as a guarantor for services requested by a third party.
- Administering and managing our products and services (including monitoring, auditing, and evaluating those products and services).
- Model and test data (in a controlled environment).
- Developing scores, risk assessments and related analytical tools.
- Communicating with you and deal with or investigate any complaints or enquiries.
- Verifying your identity and complying with our legal and regulatory obligations.
- For facilitating internal business operations such as auditing, securitisations and assisting us improving our products and services.
- Undertaking fraud prevention measures.
- Informing you of our products and services provided by us.
- Providing credit reporting bodies with information about you.
- Contracting out some of our functions to external service providers and suppliers including printing, IT services, advertising and marketing.
We may also:
- Anonymise your data for our own purposes including market research and new product development
- Use personal information about you for the prevention and mitigation of fraud and other financial crimes
- Use or permit our affiliates to use your personal information for related purposes to the extent that it is lawful to do so without your express permission. For example, we may from time to time use your personal information to inform you or your employer of investment opportunities or to provide information about products and services which we expect may be of interest to you. However, if you don’t want to receive such communications you can tell us by using any of the methods listed below.
While we may sometimes – where it is lawful and with your permission if necessary – share personal information with companies we do business with (e.g. in product development, joint venture arrangements or distribution arrangements), we do not sell personal information for marketing purposes to other organisations or allow such companies to do this.
10. When your information is disclosed
Subject in all cases to local law, we may share personal information within Vestone Capital, and may disclose personal information outside Vestone Capital:
- To our service providers, who provide services in connection with our products and services (including archival, auditing, accounting, customer contact, legal, business consulting, banking, payment, delivery, data processing, data analysis, information broking, mailing, marketing, research, investigation, insurance, identity verification, brokerage, maintenance, trustee, securitisation, website and technology services).
- To comply with any legal or regulatory obligation, such as those imposed by regulators, arising under anti-money laundering or anti-terrorism financing laws, or reasonably arising in connection with legal proceedings.
- To our affiliates.
- To your nominated financial adviser with your permission.
- For the prevention and mitigation of fraud and other financial crimes.
- As contained in the terms and conditions of any specific product or service.
We may also disclose your personal information (on a confidential basis) in connection with the undertaking of our principal investment activities including, but not limited to, acquisitions, mergers, and the management of any parts of our business or assets (including divestments), and the provision of any debt to another party.
We may also disclose your personal information to CRB’s in accordance with clause 5 above.
In some circumstances the parties to whom we disclose personal information may operate outside of Australia. Where this occurs, we take steps to protect personal information against misuse or loss and to comply with local law in respect of the transfer of your data from one jurisdiction to another. Those parties, in turn, may make such information available to the governments of such other countries in accordance with local law requirements.
11. Privacy Consent
Pursuant to our Privacy Consent which can be accessed on request by emailing email@example.com we may also collect, hold and disclose your personal information provided to us upon your agreement to our Privacy Consent.
We may send you web links to third party websites, or our website may contain web links to third party websites where we may require you to provide your personal information for the purposes of providing our products and services to you. Such third-party web links might be provided to you in order for us to verify your identity online. We do not have any control over those third-party websites or the third-party content you access or provide to that third party. We are not responsible for handling, use, disclosure, protection or privacy of any personal information you provide or has been collected when visiting third party websites. By providing us with the Privacy Consent you consent to providing your personal information to a third party for the purposes of verifying your identity.
12. Data Breaches
We are aware of our responsibilities to notify you in the event of a potential data breach that may cause serious harm to you pursuant to our legal requirements under the APP.
We take all reasonable endeavours to secure your data. However, there may be a possibility of unauthorised access to, unauthorised disclosure of, or loss or modification of your personal information (including credit information) that we hold (data breach).
If we have reasonable grounds to believe that there has been a data breach, pursuant to the NDB, and that it is likely to cause serious harm to you or more individuals we will:
- notify the Office of Australian Information Commissioner (OAIC) by way of a formal statement; and
- notify all individuals whose personal information was part of the eligible data breach; or
- notify only individuals at risk of serious harm from the eligible data breach; or
- if neither option in (1) or (2) above is practicable, we will publish a copy of the statement our website and will take reasonable steps to publicise the contents of the statement.
Where we suspect a data breach has occurred, we will carry out an investigation and if a data breach has occurred, we will follow the aforementioned procedure.
For more information on the NBD scheme, please see: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme.
13. Keeping information accurate and up to date
We take reasonable steps to ensure that all information we hold is as accurate as possible. You are able to contact us at any time and ask for its correction if you feel the information, we have about you is inaccurate or incomplete. To update your information with us, please email us at: firstname.lastname@example.org.
14. Keeping information secure
We use security procedures and technology to protect the information we hold. Access to and use of personal information within Vestone Capital seeks to prevent misuse or unlawful disclosure of the information — this includes internal policies, auditing, training and monitoring of staff.
If other organisations provide support services, we require them to take appropriate technical and organisational measures to secure the privacy of the information provided to them.
15. How you can access or correct your information
You can contact us to request access to or correction of your personal information by emailing us at: email@example.com. In normal circumstances we will give you full access or make the requested corrections to your information. We may ask you to verify your identity before we provide you with access or make the requested changes to your information. However, there may be some legal or administrative reasons to deny these requests. If your request is denied, we will provide you with the reason why (if we can). Where we decide not to make a requested correction to your personal information and you disagree, you may ask us to make a note of your requested correction with the information.
16. Dealing with Vestone Capital online
When you visit Vestone Capital’s website, you will generally browse anonymously unless you have logged into a client portal or accessed the website from a personalised communication from Vestone Capital.
Once you have logged into a Vestone Capital portal, accessed our website from an e-mail or other personalised communication sent to you, or provided us with personal information by completing a form online, we may be able to identify you and we may combine that with other information in order to provide you with a better online experience. If you would prefer not to be identified, you can delete the cookies and reconfigure the cookie preferences on your internet browser (see below).
A ‘cookie’ is a packet of information placed on a user’s computer by a website for record keeping purposes. Cookies are generally used on Vestone Capital sites to:
- Manage advertising – when you see one of our ads on a third-party website, cookies are sometimes used to collect anonymous information about the page you visit and the type of software you are using
- Monitor traffic – we use anonymous information to track how people are using the Vestone Capital site. This may include time of visit, pages visited and some system information about the type of computer you are using
You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent (each browser is different so check the Help menu of your browser to learn how to change your cookie preferences).
If you believe we have not complied with our obligations under the APP or under the Privacy Act you are entitled to make a complaint to us directly at : firstname.lastname@example.org. If you make a credit related complaint, we may consider it necessary to speak with the relevant CRB in relation to your complaint.
After investigating your complaint, within 30 days or a longer period agreed upon between the parties, we will make a decision regarding the complaint and respond to you in writing. If your complaint is credit related our response will provide you with an option to access a recognised external dispute resolution scheme of which are a member. We are a member of Australian Financial Complaints Authority (AFCA). AFCA independently assists consumers and participating members in resolving any disputes as to privacy. We may engage AFCA should there be a requirement to engage in external dispute resolution. AFCA can be contacted at: email@example.com or on 1800 931 678.
We may utilise and disclose your personal information for the purposes of informing you about our products or services and for the purpose of providing that information to our related entities to inform you about their products and services. If you do not want us to utilise your personal information for marketing, please email us at : firstname.lastname@example.org.
Unless we are required to do so by law or by way of your permission, we will not provide your personal information to any third parties.
20. Contact us
If you have any questions or complaints regarding privacy or information handling, please write to email@example.com or contact us by phone. Please mark communications to the attention of our Privacy Officer. We will respond to let you know who will be handling your matter and when you can expect a further response.
If your concerns are not resolved to your satisfaction, you may be able to escalate your complaint to an external dispute resolution scheme or to a regulatory authority. We can also provide details of the appropriate scheme/regulator for you, as these may vary by jurisdiction or product.
The CRB we use contain their own credit reporting policy which outlines how they deal with the privacy of your information. This policy is on their website and the details are as follows:
Equifax Australia Information Services and Solutions Pty Limited
Mail: GPO Box 964, NORTH SYDNEY NSW 2059
Phone: 138 332 (free call)
A copy of Equifax’s credit information management policy may be obtained by contacting them at https://www.equifax.com.au/contact.
Policy updated September 2021