1. Introduction
Protecting your privacy is fundamental to the way we do business. This Privacy Policy outlines how we manage personal information and credit related personal information. It applies to any personal information or credit related personal information you provide to us directly or that we collect, use, disclose or handle about individuals from other sources.
This document will also provide you with information about what you can do to access the personal information we have about you, the way you can have it corrected, if necessary, and what steps you can take to complain about any action taken by us in relation to the information.
Cashify (referred to as Cashify, we, our, us) is bound by the Privacy Act 1988 (Privacy Act), including the Australian Privacy Principles (APPs) and recognises the importance of ensuring the confidentiality and security of your personal information.
All third parties (including clients, suppliers, sub-contractors, or agents) that have access to or use personal information collected and held by Cashify must abide by this Policy and Collection Statement. Cashify makes this Policy and Collection Statement available free of charge and can be downloaded from its website www.cashifyloans.com
Since 1991, under Part IIIA of the Privacy Act, credit providers have only been allowed to disclose information about personal credit dealings to certain classes of persons for certain very limited purposes.
In this Policy and Collection Statement:
- Credit Information is personal information (other than sensitive information) that relates to an individual’s credit history or credit worthiness, and is further defined in the Privacy Act. Credit information includes information that we have obtained from third parties, including individuals, other lessors, credit providers, and credit reporting bodies (‘CRBs’);
- Disclosure of Information means providing information to persons outside of Cashify;
- Personal Information means information or an opinion relating to an individual, which can be used to identify that individual;
- Privacy Officer means the contact person within Cashify for questions or complaints regarding Cashify’s handling of personal information;
- Sensitive Information is personal information that includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, and also includes health information; and
- Use of Information means use of information within Cashify.
By giving us your personal information or credit related personal information, you are consenting to our use of that information in accordance with this Privacy Policy.
We may amend this Privacy Policy from time to time but will remain bound by any legislative requirements. We will notify you about changes to this Privacy Policy by posting an updated version on our website.
2. Collection of Personal Information
The types of personal information generally collected and held by Cashify include:
- name;
- address;
- phone numbers;
- email addresses;
- occupation;
- bank account details;
- drivers’ licence details;
- financial and credit information, including:
-
- details of assets, liabilities, income, expenses;
- information about your consumer credit liabilities, such as the name of an entity that has provided you with credit, the date of the credit was provided and the maximum amount of credit made available;
- information about your repayment history, such as whether you were late in making a monthly repayment and when repayments were due;
- the type and amount of credit you sought in an application;
- whether you are 60 days or more overdue in making a repayment of $150 or more;
- whether you have repaid overdue payments;
- information about new credit arrangements you have entered into as a result of defaulting in repayments;
- information about court judgements against you in relation to credit that has been provided to you;
- publicly available information that relates to your credit worthiness;
- information recorded in the National Personal Insolvency Index about you;
- our opinion as to whether you have committed a serious credit infringement in relation to consumer credit provided by us;
- any other personal information that may impact our assessment of your credit worthiness; and
- any other information that is relevant to the services that we provide.
If you are applying for credit, we may also collect the number and ages of your dependants, the length of time at your current address, your employer’s name and contact details, the length of your employment, proof of earnings and, if you have changed employer in the last few years, details of your previous employment.
We use this information to assist in making responsible credit decisions. In addition, as required by Part IIIA of the Privacy Act 1988, we will obtain your consent to collect, use and disclose credit information about you.
3. Purposes for Collection of Information
Cashify collects, holds, uses and discloses personal information and credit related personal information to enable us to:
- market or promote our services (or services of an associated organisation) directly to individuals;
- arrange and provide credit;
- verify a customer’s identity;
- assess an applicant’s eligibility for credit;
- establish a customer loyalty program;
- resolve a complaint;
- provide further information about a service;
- develop and identify products and services that may interest customers;
- promote, administer and use our respective products and services; and
- any other purpose related to any of the above.
Your personal information may also be used in market research and statistical studies, and improvement of our products and services. We will use de-identified information in these circumstances wherever possible.
We may also use your personal information to notify you of new products and services, send surveys to you and keep you informed of any other changes at Cashify which may affect you. If you respond to a survey or questionnaire, your responses will only be used in internal marketing and the improvement of services and products offered to our customers.
If you do not provide your personal information and credit related personal information to us, we may not be able to provide these services to you.
We may use and disclose your personal information (excluding credit information) for any of these purposes. We may also use and disclose your personal information for secondary purposes which are related to the primary purposes set out above, or in other circumstances authorised by the Privacy Act.
4. Who Can Give or Obtain Information?
For the purpose of providing banking products and services and managing our business, we may give information to:
- our service providers, such as organisations which we use to verify your identity, payment systems operators, mailing houses and research consultants;
- insurers and re-insurers, where insurance is provided in connection with our services;
- superannuation funds, where superannuation services are provided to you;
- debt collecting agencies, if you have not repaid a loan as required our professional advisors, such as accountants, lawyers and auditors;
- state or territory authorities that give assistance to facilitate the provision of home loans to individuals;
- other credit providers and their professional advisors;
- your representative, e.g., lawyer, mortgage broker, financial advisor or attorney, as authorised by you;
- government and regulatory authorities, if required or authorised by law.
In addition, we and the Credit Providers (as defined below) may:
- obtain a commercial and consumer credit report containing information about you from a credit reporting body
- exchange credit information about you with each other
- exchange credit information about you with any credit reporting body and any other provider of credit to you named in your credit application or a credit report from a credit reporting body
‘Credit Provider’ can mean:
- us
- our related companies
- any introducer, dealer or broker referred to in a loan application
- any agent or contractor of ours assisting in processing a loan application
- other entities that may be involved in a securitisation arrangement which we use to fund your loan and any loan originator.
5. How We Collect Personal Information
We generally collect personal information directly from you. For example, personal information will be collected through our application processes, forms and other interactions with you in the course of providing you with our products and services, including when you visit our website, use a mobile app from us, call us or send us correspondence.
We may also collect personal information about you from a third party, such as electronic verification services, referrers, marketing agencies, credit providers or Credit Reporting Bodies (CRB). If so, we will take reasonable steps to ensure that you are made aware of this Policy and Collection Statement. We may also use third parties to analyse traffic at our website, which may involve the use of cookies. Information collected through such analysis is anonymous.
We will not collect sensitive information about you without your consent unless an exemption in the APPs applies. These exceptions include if the collection is required or authorised by law or necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.
If the personal information we request is not provided by you, we may not be able to provide you with the benefit of our services, or meet your needs appropriately.
We do not give you the option of dealing with them anonymously, or under a pseudonym. This is because it is impractical, and in some circumstances illegal, for Cashify to deal with individuals who are not identified.
6. Unsolicited Personal Information
We may receive unsolicited personal information about you. We destroy or de-identify all unsolicited personal information we receive, unless it is relevant to our purposes for collecting personal information. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other personal information.
7. Who Do We Collect Personal Information About?
The personal information we may collect and hold includes (but is not limited to) personal information about:
- clients;
- potential clients;
- service providers or suppliers;
- prospective employees, employees and contractors; and
- other third parties with whom we come into contact.
8. Important Information About Credit Reporting Bodies
If you apply for any kind of credit, we may disclose information to a credit reporting body. Specifically, we may disclose information to or collect information from Equifax, whose privacy policy is at https://www.equifax.com.au/privacy.
‘Credit pre-screening’ is a service for credit providers wishing to send direct marketing material about credit services.
A credit reporting body uses information it holds to screen out individuals who do not meet criteria set by the credit provider.
Credit reporting bodies must maintain a confidential list of individuals who have opted out of their information being used in pre-screening. To opt out of credit pre-screening, please contact the credit reporting body using the contact details on their websites.
You can also ask a credit reporting body not to use or disclose your personal information for a period if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.
9. When Can Information Be Obtained, Used or Disclosed?
Your personal information can be obtained, used or disclosed by the Credit Providers before, during or after the provision of our products and services to you, and for managing our business. When providing credit to you, this may include:
- assessing your application for consumer or commercial credit or to be a guarantor for the applicant, assessing your credit worthiness, managing your loan or the arrangements under which your loan is funded or collecting overdue payments
- allowing a credit reporting body to create credit information about you if you are in default under a credit agreement, notifying, and exchanging information with, other credit providers and collection agents.
10. How We Collect and Hold Information
Our intention is always to collect your personal information and credit related personal information directly from you, through application forms provided by us and completed by you. If for a valid reason we are unable to do so, we may involve another organisation.
Alternatively, we may collect personal information indirectly through our associated organisations (as defined in the Corporations Act 2001 (Cth)).
We hold all personal information and credit related personal information in hard copy documents as electronic data, or in our software or systems.
11. Use and Disclosure of Information
Cashify will generally only use your information for the primary purpose for which it was collected, or a purpose related to the primary purpose. Cashify will not sell your information to any third parties.
We may disclose personal information (excluding credit information) to:
- a related entity of Cashify;
- an agent, contractor or service provider we engage to carry out our functions and activities, such as our lawyers, accountants, debt collectors or other advisors;
- organisations involved in a transfer or sale of all or part of our assets or business;
- organisations involved in managing payments, including payment merchants and other financial institutions such as banks;
- regulatory bodies, government agencies, law enforcement bodies and courts;
- financial product issuers and credit providers; and
- anyone else to whom you authorise us to disclose it or is required by law.
If we disclose your personal information to service providers that perform business activities for us, they may only use your personal information for the specific purpose for which we supply it. We will ensure that all contractual arrangements with third parties adequately address privacy issues and will make third parties aware of this Policy and Collection Statement.
We may disclose the following personal information to CRBs, in order to comply with our obligations under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth) (AML/CTF obligations):
- name;
- date of birth; and
- residential address.
The purpose of disclosing this information is to enable us to verify whether the personal information collected matches the identification information held by the CRB. We may, upon request, provide you with an alternative method of verification, however, any alternative verification method must also comply with the AML/CTF legislation.
These third parties will be required to sign confidentiality agreements and will only be permitted to use information disclosed to them by Cashify for the specific purposes for which it was provided.
Personal information and credit related personal information disclosed to third parties will be dealt with in accordance with that entity’s privacy policy.
We do not use your personal or credit-related information or disclose it to another organisation unless we have your consent or are obliged to disclose this by law.
12. How Do We Use and Disclose Credit Information?
We use your credit information to manage how we provide our services to you. We may disclose your personal information (including credit information about your credit liabilities, repayments and defaults) to CRBs. We may also collect this information from CRBs.
We will only disclose credit information to:
- a related body corporate;
- a person who will be processing your application for credit;
- a person who manages credit services provided by us, for use in managing those credit services;
- another credit provider if we believe you have committed a serious credit infringement, or you have consented to the disclosure;
- to a person considering whether to act as a guarantor or offer property as security and you have expressly consented to the disclosure;
- a debt collector;
- an external dispute resolution scheme of which we are a member;
- a CRB; or
- any other person or entity that is entitled or authorised by law to require us to disclose it.
If we intend to provide default information about you to a CRB, we will give you at least 14 days’ written notice. If we disclose default information to a CRB, and you subsequently repay the amount owed, we will tell the CRB you have repaid the amount owing.
Information about credit reporting, including the contact details of the CRBs we deal with, how we or a CRB may use your information, how to access our policies and your rights in relation to your credit information, is available at www.cashifyloans.com. You can request to have this information provided in hard copy by contacting our Privacy Officer.
This Privacy Policy and Collection Statement contains information about how:
- you may access the personal information we hold about you;
- you may seek the correction of your personal information; and
- you may ask us to provide an alternative means of identity verification for the purposes of the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth);
- you may complain about a breach of the Privacy Act, including the APPs; and
- we will deal with a privacy complaint.
13. Information Security
Cashify is committed to keeping secure the information you provide us and we will take all reasonable precautions to protect your personally identifiable information from loss, misuse or alteration, unauthorised access and disclosure. We aim to achieve this through:
- imposing confidentiality requirements on our employees;
- implementing policies in relation to document storage security;
- implementing security measures to govern access to our systems;
- only providing access to personal information once proper identification has been given;
- controlling access to our premises; and
- implementing website protection measures.
By law, we are required to hold certain information about you for a specific period of time, even after you are no longer a Cashify customer. However, after that time you can be assured, we will destroy your personal information thoroughly and safely or permanently de-identify it.
14. Management of Personal Information
We recognise the importance of securing the personal information of our customers. We will take steps to ensure your personal information is protected from misuse, interference or loss, and unauthorised access, modification or disclosure.
Your personal information is generally stored in our computer database. Any paper files are stored in secure areas. In relation to information that is held on our computer database, we apply the following guidelines:
- passwords are required to access the system and passwords are routinely checked;
- data ownership is clearly defined;
- we change employees’ access capabilities when they are assigned to a new position;
- employees have restricted access to certain sections of the system;
- the system automatically logs and reviews all unauthorised access attempts;
- unauthorised employees are barred from updating and editing personal information;
- all computers which contain personal information are secured both physically and electronically;
- data is encrypted during transmission over the network; and
- print reporting of data containing personal information is limited.
15. Non-compliance and Disciplinary Actions
Privacy breaches must be reported to management by employees and relevant third parties. Ignorance of this Policy and Collection Statement will not be an acceptable excuse for non-compliance. Employees or other relevant third parties that do not comply with this Policy and Collection Statement may be subject to disciplinary action.
16. Contractual Arrangements with Third Parties
We ensure that all contractual arrangements with third parties adequately address privacy issues, and make third parties aware of this Policy and Collection Statement.
Third parties will be required to implement policies in relation to the management of your personal information in accordance with the Privacy Act. These policies include:
- regulating the collection, use and disclosure of personal and sensitive information;
- de-identifying personal and sensitive information wherever possible;
- ensuring that personal and sensitive information is kept securely, with access to it only by authorised employees or agents of the third parties; and
- ensuring that the personal and sensitive information is only disclosed to organisations which are approved by us.
17. Credit Reporting
We may also disclose your personal information (including credit information about your credit liabilities, repayments and defaults) to CRBs. We may also collect this information from CRBs.
Information about credit reporting, including the contact details of the CRBs we deal with, how we or a CRB may use your information, how to access our policies and your rights in relation to your credit information, is available at www.cashifyloans.com. You can request to have this information provided in hard copy by contacting our Privacy Officer.
18. Access to Information and Seeking Correction
Subject to the exceptions set out in the Privacy Act, you may gain access to the personal information that we hold about you by contacting the Cashify Privacy Officer. We will provide access within 30 days of the individual’s request. If we refuse to provide the information, we will provide reasons for the refusal.
We will require identity verification and specification of what information is required. An administrative fee for search and photocopying costs may be charged for providing access.
If your request relates to information that we have received from a credit reporting body, we will contact the credit reporting body and advise them of your request.
If we agree with you that your information is inaccurate, incomplete or out of date we will make the appropriate changes and will write to you and tell you the changes we have made within seven days of making that change.
If we do not agree that the information is inaccurate, incomplete or out of date, we will write to you giving you the reasons why we have formed the opinion and tell you what steps you can take as a result of our refusal to change the information.
You have the right to ask for a copy of any credit report we have obtained about you from a credit reporting agency. However, as we may not have retained a copy after we have used it in accordance with Part IIIA of the Privacy Act, the best means of obtaining an up-to-date copy is to get in touch with the credit reporting agency direct.
If we decline your credit application wholly or partly because of adverse information on your credit report, the Privacy Act requires us to tell you of that fact and how you can go about getting a copy of your credit report.
19. On-line Security
We remind our customers that, despite best practice, the privacy, security and integrity of information transmitted via the internet (including e-mail) cannot be guaranteed, except where we have indicated previously that a particular transmission will be protected (for example, the secure area of the site).
20. Links
The Cashify website may contain links to a number of other websites that are included on the basis of containing content relating to our business and related areas, or to sites containing general information for the personal interest of the user. When a user has clicked on a link to another site, they leave the Cashify site and are no longer protected by this Policy.
21. Promotional Material
We respect that you may not wish to receive special offers, updates or surveys from Cashify. If at any time you wish not to receive further information from Cashify, please contact us on the details provided below under ‘Contact Information’. Ensure that you include your name, postal address, telephone number, e-mail address and any other relevant information so that we can adequately remove your details from our list.
22. Dealing with us Anonymously
Where lawful and practicable to do so, you can deal with us anonymously or using a pseudonym. The circumstances in which you can deal with us anonymously or using a pseudonym include when making a general enquiry about the services that we can offer to you.
You may request at the start of any telephone call with us, in relation to a general enquiry, to remain anonymous (or you may use a pseudonym).
23. Complain About a Breach of our Obligations:
Complaints
You are entitled to complain if you believe we have not dealt with your personal information in accordance with the provisions of the Privacy Act (including the 13 Australian Privacy Principles) or any code under the Privacy Act (including the Credit Reporting Privacy Code).
If you wish to make a complaint, you should first contact us telling us what the complaint is and we will do our best to resolve the complaint with you.
If we believe that we cannot resolve the complaint within 30 days, we will write to you telling you why and seeking further time.
If you are not satisfied with our response or handing of the complaint, or if the complaint is not resolved, you may then contact Australian Financial Complaints Authority (AFCA) External Dispute Resolution Scheme. The AFCA scheme is an independent service provided to resolve any concerns or complaints that we are unable to resolve with you. The AFCA scheme can be contacted on:
Australian Financial Complaints Authority (AFCA)
- Phone: 1800 931 678
- Fax: 03 9613 6399
- Email: info@afca.org.au
- Web: www.afca.org.au
- Mail: Australian Financial Complaints Authority Limited, GPO Box 3, Melbourne VIC 3001
Office of the Australian Information Commissioner
- Phone: 1300 363 992 (9:00am to 5:00pm Sydney time)
- Fax: 02 9284 9666
- Mail: GPO Box 5218, Sydney NSW 2001
- Email: enquiries@oaic.gov.au
- Website: oaic.gov.au
- Complaint form: https://www.oaic.gov.au/
We have a written policy (“Dispute Resolution Policy”) in place under which we deal with any complaint made under the provisions of the National Consumer Credit Protection Act. We are required to have that policy as part of our Australian Credit Licence. We can provide you with a copy of that policy on request.
We will manage your complaint, so far as we are able, under the Dispute Resolution Policy. There will, of course, need to be some changes as a result of the type of complaint being made.
Contact Information
- Contact: Nathan Gazal
- Email: nathan@cashifyloans.com
- Phone: 1300 933 053
- Mail: PO Box 3383, Rhodes NSW 2138
For more information:
If you have any questions, concerns or comments, please visit the Australian Information Commissioner website at oaic.gov.au or:
Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001
This policy was last updated on 1 December 2020 and is subject to change.
Acknowledgement
- I have read Cashify’s (you, your) Privacy and Collection Statement located here, and the Website Terms and Conditions located here.
- I authorise you to act as my agent in seeking access to my credit information held by credit reporting bodies and credit providers. This authority applies to your inquiries in connection with the provision of services to me by you in order to verify my personal information (including name, residential address and date of birth) for Anti-Money Laundering and Counter Terrorism Financing purposes.
- I consent to you collecting sensitive information about me for the purposes of you providing services to me.
- I consent to you sending my personal information to the recipients located outside Australia as described in the Policy and Collection Statement.
- I agree to receive information about your products, services or promotions.
- By proceeding to use our services, you agree that you fully understand and agree to be bound by the terms and conditions contained in our Client Agreement. If you would like to clarify anything, please contact us, or consult an adviser.
Annexure A
The following are key terms:
Controller means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. (This is an APP entity under the Privacy Act).
Data Subject means an identified or Identifiable Natural Person (This is an Individual under the Privacy Act)
Identifiable Natural Person means one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical physiological, genetic, mental, economic, cultural or social identity of that natural person (This is an individual under the Privacy Act)
Personal data means any information relating to a Data Subject (This is similar to personal information under the Privacy Act)
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptions or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. (There is no single concept in the Privacy Act that is equivalent; the Privacy Act uses concepts of ‘collection’, ‘use’ and ‘disclosure’)
Processor means a natural or legal person, or other body which processes personal data on behalf of the controller (There is no direct equivalent concept in the Privacy Act other than references to ‘third parties’ who deal with personal information on behalf of or for an APP entity).
Item No. | Obligation | Australian Privacy Act Requirement |
1 | Use or disclosure of personal information / data for secondary purpose | Cashify may use personal information for a secondary purpose if the individual has consented, it is within their reasonable expectations, or another exception applies. |
2 | Collection of solicited personal information / data | Cashify will only collect personal information where it is reasonably necessary or when it is directly related to Cashify’s functions or activities, and by lawful and fair means. Sensitive information will only be collected with consent, or where a listed exemption applies. |
3 | Notification of collection of personal information / data | Cashify’s Privacy Collection Notice is drafted in accordance with the APP requirements. |
4 | Direct marketing | Cashify will comply with section 12 of the Privacy Policy.
Cashify may only use or disclose personal information for direct marketing purposes if certain conditions are met. In particular, direct marketing messages must include a clear and simple way to opt out of receiving future messages and must not be sent to individuals who have already opted out. Sensitive information about an individual may only be used for direct marketing with the consent of the individual. |
5 | Dealing with unsolicited personal information | Cashify will comply with section 4 of the Privacy Policy.
Cashify will destroy or de-identify all unsolicited personal information. |
6 | Cross border disclosure of personal information | In accordance with section 11, before Cashify discloses personal information to an overseas recipient, it must take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information.
Personal information may only be disclosed where the recipient is subject to a regulatory regime that is substantially similar to the APPs, where the individual has consented, or another listed exception applies. |
7 | Correction of personal information | In accordance with section 18, Cashify takes reasonable steps to correct personal information they hold about an individual, on request by the individual. |
8 | Consent | Cashify ensures that when obtaining consent from an individual, the following elements are complied with:
· the individual is adequately informed before giving consent · the individual gives consent voluntarily · the consent is current and specific; and · the individual has the capacity to understand and communicate consent |
9 | Data breach notification | From January 2019, Cashify has in place policies and procedures which comply with the mandatory data breach notification scheme. |
10 | Complaints | In accordance with section 23, individuals may lodge a complaint about Cashify’s handling of their personal information with the Office of the Australian Information Commissioner. |
11 | Right to restriction of processing | Nil |
12 | Right to be forgotten | |
13 | Data profiling | Nil |
14 | Monitoring behaviour | Nil |