This policy outlines how Co.Credit pty. ltd. (collectively, “Co.Credit“) and their related companies and permitted assigns (“we / us / the Group“) collect, disclose, use, store or otherwise handle personal information.
It is important to us that we manage your personal information securely and consistently with relevant legislation, including the Privacy Act 1988 (Cth) (as applicable to your jurisdiction) as amended or replaced from time to time (“Privacy Laws“).
This policy explains:
This policy does not limit our rights and obligations under Privacy Laws.
This policy is not limited to current customers or guarantors of customers (where applicable) – it relates to all other individuals who deal with us, whether in relation to the provision of credit or otherwise. By using our services or otherwise dealing with us, you are deemed to agree to our Privacy Policy.
We collect information about you and your interactions with us, for example, when you enquire, apply for, request or use our products or services, make a card payment or transfer money, phone us or visit any of our websites. When you use our website or mobile applications, we may collect information about your location or activity including your IP address, telephone number and whether you’ve accessed third-party sites. Some of this website information we collect using cookies.
This may include information collected directly from you and information that you authorise us to collect from third parties.
It is not mandatory for you to provide us with the personal information that we request – however, if you do not do so it may affect the products and services that we can provide to you.
We will collect certain personal information about you depending on the circumstances in which the product or service is being applied for or provided.
This information can include:
We collect information about you from others such as service providers, agents, your bank, advisers, aggregators, brokers, employers or family members. For example, if you apply for credit, we may need to obtain a credit report from a credit reporting body. We will also obtain bank account information from your bank throughout the term of the loan, and commission-related data from aggregators. We may collect information about you that is publicly available, for example, from public registers or social media, or made available by third parties.
If you elect to use bank statements and third-party account aggregation service providers in connection with our assessment of your application, you permit such third-party services to access your banking transaction data or commission-related data linked to the online credentials you provide. The third-party service provider will access your personal information for the purpose of providing this personal and business bank account data to us.
The third-party service provider may access transactional data from any account that is associated with the login credentials that you submit. This may include personal accounts as well as business accounts and commission-related accounts. Your provision of banking and other login credentials to utilise such third-party service providers does not provide us with your login credentials or passwords or the ability to access your internet banking or other web-related service (other than as stated above).
Through the use of such third-party service providers, we will obtain up to the last twenty-four (24) months bank and commission transactions on the date you apply for a loan, in addition to further ongoing bank and/or commission transactions for the term of the facility, for the purpose of assessing any future facility applications, continuing to offer you our facility, or making a future offer to you. We note that your third-party suppliers’ terms (including bank's terms) may prohibit you from sharing your login, so you agree to appoint our third-party service provider as your agent to access your internet banking on your behalf solely for this purpose and you consent to our ongoing access to this information for the term of the loan and the purposes outlined above.
Should you agree to the use of such a third-party service provider, you will be subject to their terms and conditions and privacy policy which will govern any act or omission of that third-party service provider in connection with your use of that service.
The Privacy Laws protect your sensitive information, such as health information that’s collected on hardship applications. If we need to obtain this type of information, we will ask for your consent, except where otherwise permitted by law.
If you provide any personal information to us about another person, you confirm that you have the authority of that person to share their information with us and to permit us to hold, use and disclose their information in accordance with this Privacy Policy. You must inform them of their rights to access and request correction of their information set out below.
In many circumstances, we will collect the above information primarily from you (or from someone who is representing or assisting you). However, there are certain instances in which we will collect information about you from third parties where it is unreasonable or impracticable to collect it directly from you. For example, even where your application is for credit, we may collect information about you from a business which provides information about commercial credit worthiness for the purpose of assessing your application.
We use your information to:
We may also collect, use and share your information in other ways where you have authorised us to do so or where permitted by law.
We may use your information for direct marketing, including by email or other electronic means. If you no longer want to receive direct marketing, you can tell us by using any of the methods set out in section 9.
Improvements in technology enable organisations to collect and use information to get a more integrated view of customers and provide better products and services. We may combine our customer information with information available from a wide variety of external sources (for example, census or Bureau of Statistics data). We are able to analyse the data in order to gain useful insights which can be used for any of the purposes mentioned earlier in this policy. In addition, Group members may provide data insights or related reports to others, for example, to help them understand their customers better. These insights and reports are based on aggregated information and do not contain any information that identifies you.
We also use cookies to improve your user experience when using our website and to learn how you interact with our content.
We share your information with other members of the Group, so that the Group may adopt an integrated approach to its customers. Group members may use this information for any of the purposes mentioned in this section.
We may share your information with third parties where this is permitted or required by law, or for any of the purposes mentioned in section 3.
Third parties include:
Generally, we use customer service teams located within Australia. However, we may send your information overseas, including to overseas Group members and to service providers or other third parties who operate or hold data outside Australia. Where we do this, we take reasonable steps to ensure that appropriate data handling and security arrangements are in place. Please note that Australian law may not apply to some of these entities and the relevant entity may not be required to protect the information in a way that, overall, provides comparable safeguards to those in the Australian Privacy Act (as applicable).
We may also send information overseas to complete a particular transaction or where this is required by laws and regulations of Australia or another country.
Where we send your information overseas, it is likely to be one of the following countries:
Where we send your information to overseas Group members or service providers, we take reasonable steps to ensure that appropriate data handling and security arrangements are in place.
When you apply to us for credit or propose to be a guarantor, we need to know if you’re able to meet repayments under your agreement with us. We also want to avoid giving you further credit if this would put you in financial difficulty. One of our checks involves obtaining a credit report about you.
A credit report contains information about your credit history that helps credit providers assess your credit applications, verify your identity and manage accounts you hold with them. Credit reporting bodies collect and share this information with credit providers like us and other service providers such as phone companies.
The Privacy Act and Credit Reporting Privacy Code limit the information that credit providers can disclose about you to credit reporting bodies, as well as the ways in which credit providers can use credit reports.
We may use one or more of the following credit reporting bodies:
EquifaxThe information we can share includes:
We also ask the credit reporting body to provide us with an overall assessment score of your creditworthiness and other comprehensive credit information as necessary.
The credit reporting bodies we use will hold your personal information on their terms and treat your information in accordance with their own privacy policies.
We use information from credit reporting bodies to confirm your identity, assess applications for credit, manage our relationship with you and collect overdue payments. We also use this information as part of arriving at our own internal assessment of your creditworthiness.
We store credit-related information with your other information. You can access credit-related information we hold about you, request us to correct the information and make a complaint to us about your credit-related information. See sections 8 and 9.
Credit providers may ask credit-reporting bodies to use their credit-related information to pre-screen you for direct marketing. You can ask a credit reporting body not to do this. Also, if you’ve been, or have reason to believe that you’re likely to become, a victim of fraud (including identity fraud), you can ask the credit reporting body not to use or disclose the credit-related information it holds about you.
We store your electronic records on our premises and systems or offsite using trusted third parties. We use reasonable endeavours to keep your personal information secure, however, this security cannot be guaranteed.
Our security safeguards include:
We train and remind our staff of their obligations with regard to your information.
When we send information overseas or use third parties that handle or store data, we take reasonable steps to ensure that appropriate data handling and security arrangements are in place.
When you transact with us on the internet via our website we encrypt data sent from your computer to our systems. We have firewalls, intrusion detection systems and virus scanning tools to help to protect against unauthorised persons and viruses accessing our systems. When we send your electronic data outside the Group we use dedicated secure networks or encryption. We limit access by requiring use of passwords, password rotation and multi factor authentication.
We have protection in our buildings against unauthorised access such as alarms, cameras and guards (as required).
We keep information only for as long as required (for example, to meet legal requirements or our internal needs).
You are advised to keep your log-in details private and confidential. Your log-in details are your responsibility and we advise you not to share those details with any party. You hereby acknowledge that any party that accesses your account does so as your agent and accordingly you agree to be bound by any transactions effected through their use of your account. We are entitled to rely on any access to or use of your account without making any further enquiries.
You can ask for access to your basic information (for example, what transactions you’ve made) by going online or calling us. To obtain a copy of current credit-related information we hold about you, you can call or email us using the ‘Contact’ details on our website.
There is no fee for making the initial request. However, in some cases, where permitted by law, there may be an access charge to cover the time we spend locating, compiling and explaining the information you ask for. If there is an access charge, we’ll give you an estimate up front and confirm that you’d like us to proceed. Generally, the access charge is based on an hourly rate plus any photocopying costs or other out-of-pocket expenses. You’ll need to make the payment before we start, unless you’ve authorised us to debit your account.
We try to make your information available within 30 days of your request and we will respond to your request within 20 days. Before we give you the information, we’ll need to confirm your identity.
In certain circumstances we’re allowed to deny your request, or limit the access we provide. For example, we might not provide you access to commercially sensitive information. Whatever the outcome, we’ll write to you explaining our decision.
It’s important that we have your correct details, such as your current address and telephone number. You can check or update your information by going online, emailing or phoning us.
You can ask us to correct any inaccurate information we hold or have provided to others (including credit-related information) by contacting us. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests.
If your request relates to credit-related information provided by others, we may need to consult with credit reporting bodies or other credit providers. We’ll try to correct information within 30 days. If we can’t complete the request within 30 days, we’ll let you know the reason for the delay within 20 days and try to agree on a timeframe with you to extend the period.
If we’re able to correct your information, we’ll inform you when the process is complete.
If we disagree with you that information should be corrected, we’ll let you know in writing our reasons. You can ask us to include a statement with the relevant information, indicating your view that the information is inaccurate, misleading, incomplete, irrelevant, or out-of-date. We will take reasonable steps to comply with such a request.
If you were introduced or applied to us through a broker or other agent, we will provide them with information about each application you make with us and each loan which we provide to you. Your account will be linked to that broker and we will continue to provide them your information for each application you make with us, whether that application is made through that broker or direct with us. If you do not wish us to provide your information to your broker or other agent, you must advise us by contacting privacy@cocredit.com.au.
If you have a concern about your privacy (including credit-related matters), you have a right to make a complaint and we’ll do everything we can to put matters right.
To lodge a complaint, please get in touch with us using your point of contact or one of the customer service teams set out in section 9. We’ll review your situation and try to resolve it straight away. If you’ve raised the matter through your point of contact or through our customer service teams and it hasn’t been resolved to your satisfaction, please contact our Customer Relations team using the details in section 9.
We acknowledge every complaint we receive and provide you with our name, a reference number and contact details of the investigating officer. We keep you updated on the progress we’re making towards fixing the problem.
Usually, it takes only a few days to resolve a complaint. However, if we’re unable to provide a final response within 45 days we’ll contact you to explain why and discuss a timeframe to resolve the complaint.
If you’re not satisfied with our handling of your matter, you can refer your complaint to external dispute resolution. We suggest you do this only once you’ve first followed our internal complaint processes set out above.
If your complaint is about the way we handle your personal information you may also contact:
The Office of the Australian Information Commissioner by calling them at 1300 363 992, online at www.oaic.gov.au or writing to the Office of the Australian Information Commissioner (“OAIC”), GPO Box 5288 Sydney NSW 2001.
For privacy related queries, access or correction requests, or complaints, or to request a printed version of this policy, please contact us:
Email privacy@cocredit.com.au. Our customer service representatives are available Monday to Friday. See hours of operation on our website.
See our feedback page on our website for more information.
We aim to resolve your query or complaint at your first point of contact with us. You can use your usual point of contact or call our customer service team
You can email us using the email address above.
For more information about the Australian Privacy Principles and credit reporting rules visit:
We may change this Privacy Policy at any time by changing or removing existing terms or adding new ones. Changes may take the form of a completely new Privacy Policy. We will tell you about any changes by posting an updated Privacy Policy on our website. Any change we make applies from the date we post it on the website. By continuing to use our services you will be deemed to agree to our updated Privacy Policy.
Updated January 2024