This Policy also includes our credit reporting policy, that is, it covers additional information on how we manage your personal information collected in connection with a credit application, or a credit facility. We refer to this credit-related information below as credit information.
If you are in a country that is a member of the European Economic Area (EEA), the EU General Data ProtectionRegulation 2016/679 (‘GDPR’) governs the way we collect, use, hold, process and disclose your personal information.Under the GDPR, we are a data controller. We make decisions on how and why your personal information is processed.
What personal information do we collect and hold?
The types of information that we collect and hold about you couldinclude:
· ID information such as your name, postal or email address, telephonenumbers, and date of birth;
· other contact details such as social media handles;
· financial details such as your tax file number; and
· other information we think is necessary.
When the law authorises or requires us to collectinformation
We may collect informationabout you because we are required or authorised by law to collect it. There arelaws which require us to collect personal information. For example, we requirepersonal information to verify your identity under Australian Anti-MoneyLaundering law.
What do we collect via your website activity?
If you’re an internet customer of ours, we monitor your use of internetservices to ensure we can verify you and can receive information from us, andto identify ways we can improve our services for you.
If you start but don’t submit an on-lineapplication, we can contact you using any of the contact details you’vesupplied to offer help completing it. The information in applications will bekept temporarily then destroyed if the application is not completed.
We also know that some customers like to engagewith us through social media channels. We may collect information about youwhen you interact with us through these channels. However, for all confidentialmatters, we’ll ensure we interact with you via a secure forum.
To improve our services and products, we sometimescollect de-identified information from web users. That information couldinclude IP addresses or geographical information to ensure your use of our web applicationsis secure.
How we collect andhold your information
Unless it’s unreasonable or impracticable, we willtry to collect personal information directly from you (referred to as ‘solicited information’). For this reason, it’s important that you helpus to do this and keep your contact details up-to-date.
There are a number of ways in which we may seekinformation from you. We might collect your information when you fill out aform with us, when you’ve given us a call or used our website. We also find using electronic means, such as email or SMS,a convenient way to communicate with you and to verify your details.
How we collect your information from other sources
Sometimes, we will collect information about you from other sources asthe Privacy Act 1988 permits. We will dothis only if it’s reasonably necessary to do so, for example, where:
· we collect information from third parties about theloan or lease made available to you arising out of the services we provide you;
· we can’t get hold of you and we rely on publicinformation (for example, from public registers or social media) or madeavailable by third parties) to update your contact details; or
· we exchange information with your legal or financialadvisers or other representatives.
What if you don’t want to provide us with your personal information?
Ifyou don’t provide your information to us, it may not be possible:
· for us to give youthe credit assistance you seek from us;
· toassist in finding a loan or lease relevant to your circumstances;
· verify your identityor protect against fraud; or
· to let you know aboutother products or services that might be suitable for your financial needs.
How we collect and hold your credit information
We will collect your credit information in thecourse of you answering the enquiries we make of you relating to the creditassistance you seek from us. In addition to what we say above about collectinginformation from other sources, other main sources for collecting creditinformation are:
· your co-loan applicants or co-borrowers;
· your guarantors/proposed guarantors;
· your employer, accountant, real estate agent orother referees;
· your agents and other representatives like theperson who referred your business to us, your solicitors, conveyancers andsettlement agents;
· organisations that help us to process creditapplications;
· organisations that check the security you areoffering such as valuers;
· bodies that issue identification documents to helpus check your identity; and
· our service providers involved in helping us toprocess any application you make for credit through us.
What do we do when we get information we didn’t ask for?
Sometimes, people share information with us we haven’t sought out (referred to as ‘unsolicited information’). Where we receive unsolicited personal information about you, we will check whether that information is reasonably necessary for our functions or activities. If it is, we’ll handle this information the same way we do with other information we seek from you. If not, we’ll ensure we do the right thing and destroy or de-identify it.
When will we notify you that we have received your information?
When we receive personal information from you directly, we’ll take reasonable steps to notify you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint.
Sometimes we collect your personal information fromthird parties. You may not be aware that we have done so. If we collect informationthat can be used to identify you, we will take reasonable steps to notify youof that collection.
How do we take care of your personal information?
We store information in different ways, includingin paper and electronic form. The security of your personal information isimportant to us and we take reasonable steps to protect it from misuse,interference and loss, and from unauthorised access, modification ordisclosure. Some of the ways we do this are:
We may store personal information physically orelectronically with third party data storage providers. Where we do this, we usecontractual arrangements to ensure those providers take appropriate measures toprotect that information and restrict the uses to which they can put thatinformation.
What happens when we no longer need yourinformation?
We’ll only keep your information for as long as werequire it for our purposes. We may be requiredto keep some of your information for certain periods of time under law. When we no longer require your information,we’ll ensure that your information is destroyed or de-identified.
How we use your personal information
What are the main reasons we collect, hold and use yourinformation?
Collecting your personal informationallows us to provide you with the products and services you’ve asked for. This means we can use your information to:
Can we use yourinformation for marketing our products and services?
We may use or disclose your personal information to let youknow about otherproducts or services we or a third party make available and that may be ofinterest to you.
We will always let you know that youcan opt out from receiving marketing offers.
With your consent, we may disclose yourpersonal information to third parties for the purpose of connecting you withother businesses or customers. You canask us not to do this at any time. We won’t sell your personal information toany organisation.
You can let us know at any time if youno longer wish to receive direct marketing offers from us. We will process yourrequest as soon as practicable.
What are the other ways we use your information?
We’ve just told you some of the mainreasons why we collect your information, so here’s some more insight into the wayswe use your personal information including:
· telling you about otherproducts or services we make available and that may be of interest to you,unless you tell us not to;
· identifyingopportunities to improve our service to you and improving our service to you;
· allowing us to runour business efficiently and perform general administrative tasks;
· preventing any fraudor crime or any suspected fraud or crime;
· as required by law,regulation or codes binding us; and
· any purpose to whichyou have consented.
What are the grounds which we will deal with your personalinformation under the GDPR?
Under the GDPR, we must have a legalground in order to process your personal information. The legal grounds that wemay rely on are:
How long do you keep your information?
We are required to keep some of your information for certain periods oftime under law, such as the Corporations Act, the Anti-Money Laundering &Counter-Terrorism Financing Act, and the Financial Transaction Reports Act forexample.
We are required to keep your information for 7 years from the closure ofaccounts, or otherwise as required for our business operations or by applicablelaws.
We may need to retain certain personal information after we ceaseproviding you with products or services to enforce our terms, for fraudprevention, to identify, issue or resolve legal claims and/or for proper recordkeeping.
Who do we share your personal informationwith?
To make sure we can meet your specific needs and for thepurposes described in ‘How we use your personal information’, we sometimes needto share your personal information with others. We may share yourinformation with other organisations for any purposes for which we use yourinformation.
Sharing Your Information
We may use and share yourinformation with other organisations for any purpose described above.
Sharingwith your representatives and referees
We may share yourinformation with:
· your representative or anyperson acting on your behalf (for example, lawyers, settlement agents,accountants or real estate agents); and
· your referees, likeyour employer, to confirm details about you.
Sharing with thirdparties
We may share your information with third parties inrelation to services we provide to you. Those third parties may include:
· themortgage aggregator through whom we may submit loan or lease applications tolenders or lessors on the mortgage aggregator’s panel;
· theAustralian Credit Licence holder that authorises us to engage in creditactivities;
· referrersthat referred your business to us;
· lenders,lessors, lender’s mortgage insurers and other loan or lease intermediaries;
· organisations,like fraud reporting agencies, that may identify, investigate and/or preventfraud, suspected fraud, crimes, suspected crimes, or other misconduct;
· governmentor regulatory bodies (including ASIC and the Australian Taxation Office) asrequired or authorised by law. In someinstances, these bodies may share the information with relevant foreignauthorities;
· guarantorsand prospective guarantors of your loan or lease;
· serviceproviders, agents, contractors and advisers that assist us to conduct ourbusiness for purposes including, without limitation, storing or analysinginformation;
· anyorganisation that wishes to take an interest in our business or assets; and
· anythird party to which you consent to us sharing your information.
Sharing outside ofAustralia
We may use overseas organisations to help conduct our business. As aresult, we may need to share some of your information (including credit information)with such organisations outside Australia. The countries in which thoseorganisations are located are:
We may store your informationin cloud or other types of networked or electronic storage. As electronicor networked storage can be accessed from various countries via an internetconnection, it’s not always practicable to know in which country yourinformation may be held. If your information is stored in this way, disclosuresmay occur in countries other than those listed.
Overseas organisationsmay be required to disclose information we share with them under a foreign law.In those instances, we will not be responsible for that disclosure.
Where we transfer yourinformation from the EEA’ to a recipient outside the EEA we will ensure that anadequate level of protection is in place to protect your personal informationsuch as putting in place contractual protections to ensure the security of yourinformation.
We‘ll always give you accessto your personal information unless there are certain legal reasons why wecan’t. You can ask us in writing to access your personal information that wehold. In some cases we may be able to deal with your request over thephone.
We will give you access toyour information in the form you want it where it’s reasonable and practical. We may charge you a small feeto cover our costs when giving you access, but we’ll always check with youfirst.
We’re not always required togive you access to your personal information. Some of the situations where wedon’t have to give you access include when:
If we can’t provide yourinformation in the way you’ve requested, we will tell you why in writing. Ifyou have concerns, you can complain. See ‘Contact Us’.
Contact us if you think there is something wrongwith the information we hold about you and we’ll try to correct it if it’s:
If you are worried that we have given incorrectinformation to others, you can ask us to tell them about the correction. We’lltry and help where we can - if we can’t, then we’ll let you know in writing.
If you ask us to correct credit information, wewill help you with this in the following way.
Helping you manage corrections
Whether we made the mistake or someone else madeit, we are required to help you ask for the information to be corrected. So we can do this, we might need to talk to others.However, the most efficient way for you to make a correction request is to sendit to the organisation which made the mistake.
Where we correct information
If we’re able to correct the information, we’ll letyou know within five business days of deciding to do this. We’ll also let therelevant third parties know as well as any others you tell us about. If thereare any instances where we can’t do this, then we’ll let you know in writing.
Where we can’t correct information
If we’re unable to correct your information, we’llexplain why in writing within five business days of making this decision. Ifyou have any concerns, you can access our external dispute resolution scheme or make a complaint to the Officeof the Australian Information Commissioner.
Time frame forcorrecting information
If we agree to correct your information, we’ll doso within 30 days from when you asked us, or a longer period that’s been agreedby you.
If we can’t make corrections within a 30 day timeframe or the agreed time frame, we must:
How do you make a complaint?
If you have a complaint about how we handle yourpersonal information, we want to hear from you. You are always welcome tocontact us.
You can contact us by using the details below
HillsFinance, Email: firstname.lastname@example.org, Telephone: 1300 697 063
We are committed to resolving your complaint anddoing the right thing by our customers. Most complaints are resolved quickly,and you should hear from us within five business days.
Need more help?
If you still feel your issue hasn'tbeen resolved to your satisfaction, then you can raise your concern with theOffice of the Australian Information Commissioner:
· Online: www.oaic.gov.au/privacy
· Phone: 1300 363 992
· Email: email@example.com
· Fax: +61 2 9284 9666
· Mail: GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT2601
If you are located in the EEA, you cancontact the relevant data protection authority (for example in the place youreside or where you believe we breached your rights). Forexample, the Office of the UK Information Commissioner:
Office of the UK InformationCommissioner
• Online: www.ico.gov.uk
• Phone: 0303 123 1113
• Live chat: https://ico.org.uk/global/contact-us/live-chat
If your complaint relates to how we handled your accessand correction requests
You may take your complaint directly to ourexternal dispute resolution scheme or the Office of the Australian InformationCommissioner. You are not required tolet us try to fix it first.
For all other complaints relating to credit information
If you make a complaint about things (other than anaccess request or correction request) in relation to your credit information,we will let you know how we will deal with it within seven days.
Ask for more time if we can’t fix things in 30 days
If we can’t fix things within 30 days, we’ll letyou know why and how long we think it will take. We will also ask you for anextension of time to fix the matter. If you have any concerns, you may complainto our external dispute resolution scheme or the Office of the AustralianInformation Commissioner.
Letting you know about our decision
We’ll let you know about our decision within 30 daysor any longer agreed time frame. If you have any concerns, you may complain toour external dispute resolution scheme or the Office of the AustralianInformation Commissioner.
Your Rights under GDPR
If you reside inthe EEA, you can also:
You can contact usif you wish to exercise these rights. See‘Contact Us’ for more information If werefuse any request you make in relation to these rights, we will write to youto explain why and how you can make a complaint about our decision.
We care about your privacy. Please contact us ifyou have any questions or comments about our privacy policies and procedures.We welcome your feedback.
You can contact us by using the details below:
HillsFinance: Email: firstname.lastname@example.org, Telephone: 1300 697 063
What if you want to interactwith us anonymously or use a pseudonym?
If you have general enquirytype questions, you can choose to do this anonymously or use a pseudonym. Wemight not always be able to interact with you this way, however, as we areoften governed by regulations that require us to know who we’re dealing with.In general, we won’t be able to deal with you anonymously or where you areusing a pseudonym when:
· it is impracticable; or
· we are required or authorised by law or a court/tribunal order to dealwith you personally.
This Policy may change. We will let you know of anychanges to this Policy by postinga notification on our website, correspondence via post or e-mail or you may contactus for a copy of the most up to date policy at any time/ or call 1300 697 063.
 Howeverwe’ll never ask you for your security details in this way – if you are everunsure, just contact us