Privacy and Credit Reporting Policy – Now Finance
1. Introduction
We take our obligations to protect personal information seriously. We are committed to respecting the privacy and protecting the personal information of our users and customers. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”) (together, the “Privacy Act”), as well as the Privacy (Credit Reporting) Code. We sometimes handle personal information relying on exemptions under these laws, for example in relation to employee records. Any permitted handling of personal information under such exemptions will take priority over this privacy policy to the extent there is any inconsistency.
NOW Finance is a trading name and registered trademark of Now Finance Group Pty Ltd ACN 158 703 612, Australian Credit Licence number 425142 as agent for NF Finco 2 Pty Ltd ACN 164 213 030. In this Policy, we may use the words “NOW Finance”, “we”, “us” and “our” interchangeably to refer to our business.
The term “Website” means the websites under the domain name nowfinance.com.au and includes any other websites operated by us where this Policy is accessible.
The terms “you”, “your” and “user” refer to you as the user of the Website and / or as our customer or guarantor of a loan. If you are a customer/guarantor, additional information about our handling of your personal information may apply, for example under a privacy declaration or terms and conditions applicable to the product or service you obtain from us.
Our contact details are contained in section 8 below.
Important Note: Whilst we will take reasonable steps to keep your personal information safe from loss, unauthorised activity or other misuse, you must also do your part in protecting your own personal information, including taking steps such as using passwords that cannot easily be guessed or not disclosing your personal information to unknown third parties. If you become aware of any security breaches relating to your account, please inform us immediately.
2. Purpose
The purpose of this Privacy and Credit Reporting (“Policy”) is to tell you how we manage your personal information, including your credit information and credit eligibility information. This includes the following sections:
- Collection of Personal Information
- Dealing with Personal Information
- Credit-Related Personal Information
- Security, Websites and Cookies
- Access and Correction of Personal Information
- Contacts, Feedback and Complaints
You may interact with us anonymously or by using a pseudonym if the interaction is general in nature. However, if the interaction is specific to an account or relates to your personal information we will need to identify you before we engage in further discussions and correspondence.
We may update our Policy from time to time, the updated version will be published on our Website. If you have bookmarked this policy (or the Website) you will need to ensure that the bookmarked version has been updated so that you are aware of the most recent version of this Policy.
3. Collection of Personal Information
3.1 Kinds of Personal Information We Collect
The various type of personal information we collect and hold may vary depending on the nature of our interactions with you.
For example, if you have made an application for credit with us, or to be a guarantor for a loan, we will need to collect and hold your:
- name and contact details (eg your current and historical name, address and contact details);
- financial information;
- credit-related personal information (see section 5 below);
- identification information (eg date of birth and identity documents like driver’s licence or passport);
- repayment history information;
- banking details;
- employment information; and
- details of your transactions, communications, activity, preferences, interests and opinions relevant to our business.
Sometimes we may collect information that is considered non-personal. This is dealt with in Section 7 below.
Some of the personal information we collect from you is collected pursuant to applicable laws such as the National Consumer Credit Protection Act 2009 (Cth) and the Anti Money Laundering and Counter Terrorism Financing Act 2006 (Cth).
In order to satisfy our legal obligations, we may need to retain your information after a transaction or a relationship has ended. However, we will not retain your identifiable personal information longer than is reasonably necessary and permitted under Australian law.
We will only collect sensitive information (e.g. information about your ethnicity, health or biometric information) with your consent or when permissible under Australian law.
3.2 How We Collect Your Personal Information
Where reasonable and practicable to do so, we will generally collect your personal information directly from you or from keeping records of your interactions with us – this may be over the telephone, by email, over the internet, by email or fax, in person or by completion of a form (such as an application form).
Otherwise, generally speaking, we collect information from employers, other financiers, contractors, suppliers, brokers, introducers, agents, service providers, public sources and others where necessary. For example, we may collect information about you from:
- a credit reporting body or financier in the course of assessing your application for a loan or suitability to be a guarantor;
- your employer so that we may confirm details of your employment in support of your application for a loan; or
- your landlord so we may confirm details of your accommodation and associated payments.
Some of the other sources may include:
- a joint applicant on your application for credit;
- collection agents;
- your current or previous employer;
- another financial institution;
- someone authorised to act on your behalf (e.g. financial advisor, executor, administrator, trustee, guardian, attorney, accountant or consumer advocate);
- research agencies;
- a referee;
- recruitment consultant (e.g. for job applicants);
- a government body;
- third party service providers and / or suppliers; or
- one or more of our related companies.
We sometimes create new personal information through analysis, interpretation, combination and review of existing information.
4. Dealing with Personal Information
4.1 How We Hold Your Personal Information
We understand the importance of protecting the personal information we hold about you. We take steps to ensure your personal information is free from misuse, interference, loss, unauthorised access or modification by:
- securing personal information both in physical and electronic form at our own premises and with the assistance of our service providers;
- staff education around the importance of privacy and data security;
- limiting access to personal information only to those that need access; and
- protecting our systems with appropriate technology solutions.
If you are considering sending us any personal information through the Website or other electronic means, please be aware that the information may be insecure in transit, particularly where no encryption is used (eg email, standard HTTP).
4.2 The Purpose of Collecting, Holding, Using and Disclosing Your Personal Information
The reason we may wish to collect, hold, use and disclose your personal information is so that we can manage and administer the products we provide and to run our business efficiently. You may be an applicant, a current, previous or prospective customer, contractor, job applicant, supplier, partner or party with whom we do or have done business or may do business with in the future.
As a financial services provider, a major purpose for which we collect, hold, use or disclose personal information is to assess applications for credit or to be a guarantor, manage credit (servicing and collections activity), deal with hardship applications and to analyse the risk profiles of our customers or potential customers.
Other purposes for which we may collect, hold, use or disclose your personal information include:
- responding to your queries;
- arranging or providing credit for you, including assessing your application for a loan;
- establishing, managing, administering, evaluating and improving our products or services, including credit scoring, securitisation, portfolio analysis, research, planning, service development, security and risk management;
- identifying you and investigating and protecting ourselves against fraud and unlawful activities;
- complying with laws which apply to us, assisting regulatory authorities and protecting our lawful interests; and
- subject to our legal obligations and your requests to opt out, to provide you with promotional information about us and our products on an ongoing basis, by any means including telephone, email and other electronic messages
4.3 Direct Marketing
Personal Information may also be used or disclosed to advise you of products and services that may be of interest to you by means of direct marketing. This may include us sharing your personal information with our related bodies corporate or marketing partners for this purpose.
If you do not want your personal information to be used for direct marketing purposes, please contact us so that we can action this request. This is referred to as “opting out” of direct marketing. You can “opt-out” of direct marketing by contacting us on the details in section 8 below.
4.4 Disclosure of Personal Information
From time to time and depending on the circumstances, we may share your personal information with your joint applicant nominated in your application for credit with us, any guarantor or potential guarantor of your loan, and also to our related entities, other businesses who provide services to us and other third parties including:
- introducers such as brokers, aggregators and partners;
- certain third parties who are involved in a transaction relating to your application for credit with us, such as motor vehicle or asset dealers from whom you have organised to purchase an asset using loan proceeds;
- your employer;
- other service providers including organisations that provide database management, archival, auditing, banking, debt collection, insurance, marketing, advertising, valuation, mailhouse, delivery, recruitment, customer contact, authentication, document management, technology, data processing, research, investigation, utility, professional advisory (legal, accounting, financial and business consulting), valuation, registration and security services;
- other organisations as required or authorised by law, for example, government or regulatory bodies;
- credit reporting bodies;
- other financial institutions and credit providers;
- someone authorised to act on your behalf;
- organisations involved in our funding arrangements such as funders, investors, advisers, trustees and rating agencies; and
- organisations wishing to acquire an interest in any part of our business (including its receivables) for assessing or implementing any such acquisition.
4.5 Disclosing Information Overseas
We use overseas service providers for some of our activities and therefore need to disclose personal information to those service providers. Currently, these service providers are located in India, Philippines, and the United States of America.
5. Credit-Related Personal Information
Where you have applied for or obtained credit from us, or applied to become or have become a guarantor, this section will apply in addition to the other sections within this Policy. What this means is that we may obtain credit-related personal information about you from credit reporting bodies.
Credit-related personal information in this Policy includes:
- your personal information that has a bearing on credit that has been provided to you or that you have applied for;
- credit eligibility information relating primarily to your dealings with other credit providers (such as about credit applications you have made, or credit that you hold with other credit providers). This information will typically have been provided by other credit providers or other third parties; and
- other credit eligibility information about you that credit reporting bodies derive from the information above, such as credit scores, risk ratings and other evaluations about you.
5.1 Collection, Use and Disclosure of Credit-Related Personal Information
We collect, hold, use and disclose credit-related personal information about you for purposes reasonably necessary for our business activities and consistently with the requirements in the Privacy Act as permitted by law.
If you apply for credit with us, or offer to guarantee a loan, we may ask for identification information. This could include your name, address, date of birth and drivers’ licence number.
We may also collect information about your financial position for the purpose of assessing an application for credit and to assist in the ongoing management of that credit product. This could include:
- your employment details, income, expenses, debts and savings;
- your past experiences with us and other lenders such as the kinds of credit products you have had or sought and how you have managed your repayment obligations; and
- if you make a hardship application, other information about your personal circumstances.
Other examples of your credit-related personal information we may collect, hold, use and disclose include:
- your applications for credit – the fact that you have applied for credit including the amount and type of credit;
- the identity of your current and previous credit providers;
- records of previous requests made by credit providers to credit reporting bodies for information about you in connection with consumer or commercial credit applications, guarantees or securitisation arrangements;
- repayment history including any information about whether you have made repayments on time, or, where a temporary or permanent financial hardship arrangement applies, whether you have followed the requirements of that arrangement;
- separate from repayment history, information about defaults (where repayments are more than 60 days overdue, in certain circumstances);
- where those default repayments are no longer overdue, or new payment arrangements have been agreed;
- our or another credit provider’s opinion that you have committed a serious credit infringement (that is, acted fraudulently or shown an intention not to comply with your credit obligations);
- the start and end dates, credit limits and certain terms and conditions of your credit arrangements;
- information about court judgments against you;
- publicly available information relevant to your credit worthiness;
- certain insolvency information from the National Personal Insolvency Index;
- information derived by credit reporting bodies from the above information (eg assessments and ratings in respect of your credit worthiness); and
- information we derive from the above information (eg our own assessments and ratings in respect of your credit worthiness).
This information may include information about your arrangements with other credit providers as well as with us.
Our purposes for collecting, using and disclosing credit-related personal information include but aren’t limited to the following:
- assessing credit applications and requests to be a guarantor;
- internal management purposes, including securitisation, risk management, credit scoring and portfolio analysis;
- to assist in the collection of overdue payments;
- to help prevent defaults and deal with financial hardship;
- to participate in the credit reporting system;
- to undertake securitisation activities and debt assignments;
- to deal with complaints and legal proceedings;
- to administer any guarantee;
- to meet our legal and regulatory requirements (such as reporting matters to regulators or enforcement bodies when authorised or required by law);
- to assist other credit providers with such purposes in circumstances permitted by the Privacy Act; and
- sharing that information with:
- organisations involved in our securitisation (funding) arrangements;
- organisations who purchase our debt and to whom we assign our debt to;
- organisations wishing to acquire an interest in any part of our business (including its receivables) for assessing or implementing any such acquisition.
Restrictions apply under the Privacy Act in relation to the circumstances and purposes for which such information may be used or disclosed and we comply with these restrictions. For example, in general, credit eligibility information may not be disclosed unless the recipient is a credit provider and restrictions apply on the use of credit eligibility information for direct marketing
We may also disclose your credit-related personal information relating to your dealings with us, including any repayment history and defaults, to credit reporting bodies (see section 5.2 below). Those credit reporting bodies may include that information in their own records on individuals and also in reports that they share with other credit providers to assist them to assess your credit worthiness.at information in their own records on individuals and also in reports that they share with other credit providers to assist them to assess your credit worthiness.
5.2 Credit Reporting Bodies
We access and disclose credit-related personal information to the following credit reporting bodies:
Equifax Australia
Website: https://www.equifax.com/personal/
Phone: 13 8332
Illion
Website: creditcheck.illion.com.au
Email: pac.austral@illion.com.au
Phone: 1300 734 806
Experian Australia Credit Services Pty Ltd
Website: www.experian.com.au/consumer
Email: creditreport@au.experian.com
Phone: 1300 783 684
You can contact these credit reporting bodies or visit their websites to see their policies on the management of your credit-related personal information, including details of how to access your credit-related personal information they hold.
In relation to commercial credit, we also access information from and disclose it to commercial credit bureaux, some of which are operated under the same brands as the credit reporting bodies above.
5.3 Other Rights Regarding your Credit-Related Personal Information
You must contact the credit reporting bodies directly if you wish to enable either of the following rights:
5.3.1 Direct Marketing Pre-Screening
You have the right to request these credit reporting bodies to exclude certain credit-related personal information to determine your eligibility to receive direct marketing from credit providers including us.
5.3.2 Victim of Fraud
You also have the right to request credit reporting bodies not to use or disclose certain credit-related personal information if you believe that you have been, or are likely to be, the victim of fraud (for example, you suspect someone is using your identity details to apply for credit).
6. Security, Websites and Cookies
6.1 Tracking Information on the Web
We collect non personal information about users of the Website, including information on which areas of the Website are most often accessed and how long visitors visit those areas, as well as other information such as browser types and operating systems to help us manage and improve the Website.
We store information that we collect through cookies, log files and / or third party site traffic software to create profiles of users generally.
Our website may also contain links to other websites, for convenience to you. Please be aware that the information handling practices of those linked websites may differ from ours.
6.2 Cookies
Cookies are packets of information that enable our servers to identify and interact more effectively with users’ computers. We use cookies which enable us to monitor such traffic patterns and to improve users’ future experiences of the Website.
A cookie does not identify the user personally but it does identify their computer. Users can set their browser to notify them when they receive a cookie and this will provide them with an opportunity to accept or reject it in each instance. Rejecting cookies may have the effect of limiting access to parts of the Website.
Cookies used may be “session cookies”, which terminate once a user closes their browser. We also may use “persistent cookies” which is a small piece of text stored on a user’s computer for a defined period of time, after which the cookie is erased.
6.3 Other Activities on our Website
Like most standard website services, we use log files. This includes internal protocol (IP) addresses, browser types, internet service provider (ISP), referring / exit pages, platform type, date/time stamp, and number of clicks to analyse trends, administer the Website, track users movement in the aggregate and gather broad demographic information for aggregate use. IP address etc are not linked to personal information. There may be instances where your obfuscated email address may also be used for this purpose.
In some cases third parties may use cookies and other technologies such as web beacons and JavaScript on the Website in connection with online services like banner advertising, website analytics and surveys. This may allow them to collect information about your use of our Website (including your computer’s IP address) which they may store in the United States of America or other countries. The use of these technologies allows them to deliver use of the Website and other websites and provide other services relating to website activity and internet usage. Those third parties may also transfer the information they collect to others where required to do so by law, or where those others process the information on their behalf.
The services we may use from time to time include Google Analytics, Yahoo, Adobe and Microsoft. You can find more details in the privacy policies for those services, including information on how to opt-out of certain conduct.
7. Access and Correction of Personal Information
7.1 Access
You are entitled to access the information we hold about you. To make a request to access your personal information we hold, please contact us on the details in section 8 below. We may need to verify your identity so we will need as much detail as you can give us about yourself and the particular information you seek so that we may locate it efficiently.
We will usually provide the information requested within 30 days of receiving your request. If there is a reason to deny your request for access we will advise you of this in writing. Some examples of why we may refuse a request for access include where the information:
- may pose a threat to the health or safety of an individual or the public;
- may have an unreasonable impact on the privacy of another individual;
- is not allowed by law; or
- may reveal internal information relating to a commercially sensitive decision-making process.
There is no charge to request access to your personal information, however, we may apply an administration fee for providing access in accordance with your request.
7.2 Correction
We aim to hold accurate and up-to-date personal information about you at all times. If you consider that any such information we hold about you is incorrect in any way, you may seek the correction of that information. To seek such a correction please contact us on the details in section 8 below.
In certain situations, we may not agree to a request to correct information we hold about you. If this occurs, we will advise you of this and our reason for not agreeing to the correction request in writing. In response, you may ask us to make a note of your requested correction with the information we hold.
8. Contacts, Feedback and Complaints
If you have any questions, concerns or feedback about privacy, please contact our Privacy Officer at:
PO Box 24313, Melbourne VIC 3000
We take your privacy concerns seriously.
Where you express any concerns that we have mishandled your personal information, failed to comply with the Privacy Act (including credit reporting requirements in Part IIIA) or the Privacy (Credit Reporting) Code, or interfered with your privacy, please contact us on the details above.
We will respond to let you know who will be handling your matter and when you can expect a further response. We aim to resolve your concerns in a fair and efficient manner.
If you are unsatisfied with our response, or if your complaint remains unresolved, you may refer it to our external dispute resolution scheme, the Australian Financial Complaints Authority (AFCA), which provides a free independent industry dispute resolution service. AFCA’s contact details are:
Australian Financial Complaints Authority
GPO Box 3
Melbourne Victoria Australia 3001
Phone: 1800 931 678
Website: www.afca.org.au
Alternatively, you may refer the matter to the Office of the Australian Information Commissioner (the “OAIC”).
The contact details for the OAIC are:
The Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Australia
Phone: 1300 363 992
Fax: 02 9284 9666
Website: www.oaic.gov.au
Website: www.oaic.gov.au
Last Revised: August 2024