Privacy Statement
Open and transparent management of personal information
We will manage personal information, including credit information, in an open and transparent manner. We ensure that individuals are notified at the time of collecting their personal information what type of personal information is being collected, who that personal information will be disclosed to, and how we use that personal information.
We are responsible for dealing with queries regarding access to or correction of personal information, and privacy related complaints. We ensure employees are trained at regular intervals to understand obligations under the Privacy Act, including the Australian Privacy Principles.
We periodically update our privacy policy and will provide a copy free of charge on request and in a suitable format.
Anonymity and pseudonymity
Generally, we are not able to deal with customers who do not wish to identify themselves. However, where possible and appropriate, we will provide information of a general nature to unidentified individuals.
Collection of personal information
We collect personal information for the following purposes:
- arranging and assessing an application for credit;
- managing credit;
- providing individuals with products or services marketed by us and our associates;
- managing our relationship with individuals;
- protecting individuals and ourselves from error or fraud; and
- complying with regulatory requirements.
Types of personal information we may collect and hold
Personal information may include identification information, contact details such as name, address, phone, email and other personal contact information, date of birth, occupation and employment history, family status and relationship information, cohabitants, dependants and the ages of individuals in your household.
From time to time we may collect information that contains government identifiers, which could include your tax file number. We do not use or disclose this information other than as required by law.
Financial information may include bank statements, transaction and savings statements, credit card or store card statements, and information related to assets and liabilities.
Credit reporting information includes credit reports from credit reporting bodies. These reports may disclose repayment history, overdue payments, defaults, adverse credit history, infringements, insolvency or bankruptcy, court proceedings and other publicly available information. We use credit-related information to assess eligibility for finance.
Sensitive information
We may collect sensitive information if individuals are referred to an insurance agency or apply for an insurance related product where the insurer may have affiliations with our business. Insurance products may include life insurance, income protection and TPD.
We only collect sensitive information directly from the individual and with consent. Sensitive information collected in this way is only used for the purpose for which it is provided.
Website and internet activity
When you access our website, we may monitor your use of the site to verify you, receive information from us, and identify ways we can improve our services. We may collect information when you interact with us through social media channels, but we recommend more secure channels for personal or sensitive information.
To improve our services and products, we sometimes collect de-identified information from web users, including IP addresses or geographical information, to ensure use of our web applications is secure.
Unsolicited personal information
If we receive unsolicited personal information, we will determine whether we could have collected that information by lawful and fair means and whether it relates to one of our purposes for collecting personal information. If not, we will destroy the information.
Notification of collection
When we first collect personal information, we will notify individuals that we have collected their personal information and require consent to our use and disclosure of that information. This notification may include the purposes of collection, usual disclosures, consequences of not providing information, direct marketing, where this privacy policy can be found, and any overseas disclosure.
Direct marketing
We notify individuals at the time of collecting personal information that their information may be used by us and associated businesses for direct marketing. Our direct marketing communications provide a prominent statement about how to opt out. Email marketing will include an unsubscribe function.
We do not sell personal information. We do not use sensitive information for direct marketing.
Cross-border disclosure
We may disclose information to overseas organisations contracted to us for the purpose of audits of loan files to ensure legislative, regulatory and industry expectations have been met. We may store information in the cloud or other networked or electronic storage, including cloud storage and IT servers that may be located overseas.
Government related identifiers
We do not use government related identifiers to identify individuals. We may receive tax file numbers in the course of assessing an application for credit; however, we do not use or disclose tax file numbers for any purpose when engaging in credit activities.
Quality and security of personal information
We rely on individuals to help ensure their personal information is accurate, up-to-date and complete. If we become aware that information is inaccurate, out-of-date or incomplete, we will update our systems accordingly.
We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Controls may include access restrictions, training, cyber intrusion awareness, governance around information provided to third parties, and ICT security including firewalls, malware scanning and encryption.
We keep personal information only for as long as reasonably necessary for the purpose for which it was collected or to comply with applicable legal, ethical reporting or document retention requirements.
Access to personal information
Individuals may request access to personal information that we hold about them. We will verify identity before disclosing personal information. We usually respond to access requests within 7 days, depending on the nature of the request.
We may refuse access where unreasonable, impracticable, unlawful, frivolous or vexatious, where it would threaten safety, unreasonably affect another person's privacy, relate to anticipated legal proceedings, prejudice negotiations or enforcement activity, or reveal commercially sensitive information. If access is refused, we will provide written reasons and information about our IDR and EDR schemes.
Correction of personal information
If we hold personal information and are reasonably satisfied that it is inaccurate, out of date, incomplete, irrelevant or misleading, or we receive a request to correct it, we will take reasonable steps to correct the information. If we refuse a correction request, we will provide reasons and details of our IDR and EDR procedures.
Privacy complaints
If you have concerns about whether we have complied with the Privacy Act or this privacy policy, contact our Privacy Representative by email at compliance@spfgroup.com.au or by phone on 08 9286 6888.
Examples of issues include internet privacy complaints, security breaches and misuse of personal information. Your complaint will be considered through our internal complaints resolution process and we will respond with a decision within 30 days of you making the complaint.
If you remain dissatisfied, you may contact:
- Australian Financial Complaints Authority (AFCA): phone 1800 931 678, email info@afca.org.au, in writing to GPO Box 3, Melbourne VIC 3001.
- Office of the Australian Information Commissioner (OAIC): visit www.oaic.gov.au or phone 1300 363 992.
Any issues regarding spam or telemarketing will generally be referred by OAIC to the Australian Communications and Media Authority (ACMA).
Version: 1.8; October 2025.