Protecting your privacy
Lendi Pty Ltd (ACN 611 161 856) (Lendi) is committed to providing you with the highest levels of customer service. This includes protecting your privacy. We comply with the Privacy Act 1988 (Cth) (Privacy Act) and the Notifiable Data Breach scheme established under the Act.
This policy explains how we can collect, use, hold and disclose your personal information, We have also supplied additional information about our company. By accessing our website and using our services, you consent to the terms of this Policy and agree to be bound by it. Your privacy matters to us, so whether you are new to Lendi or a long-time user, please take the time to get to know our practices.
Our Privacy Collection Statement
Under the Privacy Act, we are required to make you aware of certain matters. This Policy incorporates our Privacy Collection Statement, as it addresses all these matters (as well as others):
our identity and contact details;
the facts and circumstances, and the purposes, of collection of personal information;
the consequences for you if personal information is not collected;
other entities, bodies or persons to which personal information is usually disclosed;
information about access and correction of, and how you may complain about the way we handle, your personal information; and
likely cross-border disclosures of personal information.
Lendi is the trading name of Lendi Pty Ltd (ACN 611 161 856, Credit Representative 518849), a related body corporate and Credit Representative of Auscred Services Pty Ltd (Auscred Services), the holder of Australian Credit Licence 442372.
Auscred Services and Lendi are subsidiaries of Auscred Limited (ACN 162 394 881). Auscred Limited also has a joint venture with Domain Holdings Australia Ltd that is powered by Lendi, called Digital Home Loans Pty Limited (ACN 619 694 156) trading as Domain Home Loans, a credit representative of Auscred Services. Domain Holdings also acts as an intermediary under Auscred Services’ licence.
In this document, 'Lendi', 'we', 'us' and 'our' are references to Lendi, Auscred Services, Auscred Limited, and any related bodies corporate (collectively the Auscred group of companies).
How to contact us
You may contact us during Australian Eastern Standard Time (AEST) business hours on the details below:
Tel: 1300 323 181
Post: Level 9, 37 Pitt St, Sydney NSW 2000
Your personal information
Your personal information and its protection are of utmost importance to us. When we refer to personal information, we mean information or an opinion from which your identity is apparent or can reasonably be ascertained. Personal information held by us includes information such as your name, age or date of birth, current and previous addresses, telephone or mobile phone number, email address, bank details, professional job title or occupation, driver's licence number, passport details, and financial details. Personal information may include details of products and services you have acquired from us or have enquired about (including their status) together with any additional information necessary to deliver those products and services and to respond to your enquiries.
The personal information may also include credit information. Credit information is a sub-set of personal information and is information which is used to assess your eligibility to be provided with finance. It may include any finance that you have outstanding, your repayment history in respect of those loans, and any defaults. Usually, credit information is exchanged between credit and finance providers and credit reporting bodies CRBs). Personal information derived by a CRB from credit information held by the CRB that has any bearing on an individual's credit worthiness and is or has been or could be used to establish the individual's eligibility for credit is known as "CRB Derived Information".
You may also need to provide personal information about other individuals to us for example, personal information about joint applicants, co-applicants or guarantors, your authorised representatives, or your accountant or solicitor's contact details. If so, we rely on you to inform those individuals that you are providing their personal information to us, to ensure they agree to their information being provided to us, to advise them of this Policy and that we can be contacted for further information (see 'How to contact us' section).
If you choose not to provide certain personal information (i) we may not be able to provide you with the services you require or the level of service on which we aim to offer, (ii) we may be unable to tailor our offering to your preferences and (iii) your experience of our offering may not be as enjoyable or as useful.
Sensitive information is personal information that includes information or an opinion about your racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, trade union membership or associations, sexual orientation or practices, criminal record, health or genetic information, and some aspects of biometric information. We may collect, hold, use, or disclose sensitive information about you but only if that sensitive information is required for one of the purposes noted under the 'How we use your personal information' section of this Policy. This will generally be for the purpose of verifying your identity or income.
You expressly provide your consent to us collecting, holding, using and disclosing this information for the purposes outlined in this Policy.
About credit information and 'notifiable matters' – our Statement of Notifiable Matters
Our Statement of Notifiable Matters provides information on how we may collect, hold, use and disclose your credit information as well as information on certain rights you have in relation to your credit information. You may request to have this Statement (and this Policy) provided to you in an alternative form, such as a hard copy, just ask us, and we will attend to your request in a timely manner.
You authorise us to obtain a copy of your credit report from a CRB in accordance with the rules set out in the Privacy Act regarding access seekers. You consent to us providing information contained in that report (including any credit-related information, arrears information, credit worthiness information and personal information) to any credit provider who may be able to provide credit to you, including Adelaide Bank, ANZ Bank, Bankwest and Pepper Money.
We [may] exchange your credit information with CRBs. We use the credit information from the CRBs to assess your creditworthiness, assess your application for finance and manage your finance. If you fail to meet your payment obligations in relation to any finance that we have provided or arranged, or you have committed a serious credit infringement, we may disclose this information to a CRB.
We may disclose your Credit Reporting Information to joint applicants or co-borrowers with your consent. Under the Privacy Act, "Credit Reporting Information" means credit information or CRB Derived Information.
You have the right to request access to the credit information that we hold about you and make a request for us to correct that credit information if needed. We explain how you can do this below.
Sometimes, your credit information will be used by CRBs for 'pre-screening' credit offers on the request of other credit providers. You can contact the CRB at any time to request that your credit information is not used in this way.
You may contact the CRB to advise them that you believe that you may have been a victim of fraud. For 21 days after the CRB receives your notification, the CRB must not use or disclose that credit information. You can contact any of the following CRBs for more information: illion (www.illion.com.au), Experian (www.experian.com.au) and Equifax Pty Limited (www.equifax.com.au).
How we collect personal information
We may collect personal information in a number of ways, including:
directly from you, for example, when you provide information by phone, in application forms, or other agreements, or when you submit your personal details through our websites (e.g. during an application or via lendi.com.au);
from your joint applicants, co-applicants or guarantors;
when you visit our websites;
from third parties such as our survey or competition websites, marketing websites, related companies, or CRBs;
from your representatives, e.g. solicitors, conveyancers, builders, agents;
from referral partners, who refer your business to us;
from the organisations and entities identified under the 'When we disclose your personal information' section below, including our related entities;
from publicly available sources of information;
from our own records; and/or
when legally required to do so -- for example, in the provision of specific credit services.
If we have obtained your personal information through any of these methods and you would like a list of these entities or websites, please contact us at firstname.lastname@example.org.
If you feel you have not given us consent to use your personal information or would like to be removed from our call or email lists, please contact us at email@example.com.
How we use your personal information
The primary purpose for which we collect, hold and use information about you is to enable us to perform our business activities and functions (primary credit activities) and to provide the best possible quality of customer experience. We carry out our primary credit activities in a number of ways, including via our website (such as by providing online tools to assist you) and through an online platform.
Your personal information may be used to: verify your identity; assist you to gain approval or provision of a product or service (such as by providing you with a "approval confidence rating"); provide the services you require; administer and manage those services such as payments; inform you of ways the services provided to you could be improved or additional services that you may benefit from; provide Marketing Services (explained below); conduct appropriate checks for credit-worthiness and for fraud; research and develop our services provided, either directly or referred; gain an understanding of your information and credit or financial needs in order for us to provide you with a better service.
Your personal information is also collected, held and used so that we, and our related entities can promote and market services to you (including by way of direct mail, telephone, email, SMS and MMS messages) (Marketing Services) in accordance with any applicable marketing laws (secondary purposes). This is to keep you informed of products, services and special offers and we may continue after you cease holding an active product or service through us. If you do not wish for this to take place or continue, please contact us via firstname.lastname@example.org. See also under “Direct Marketing” section below.
When we disclose your personal information
Your information may be disclosed to persons or companies within the Auscred group of companies for the purposes noted above.
We will never sell your information to any party outside of the Auscred group of companies. However, in order to deliver the services you require we may disclose your personal information to people or organisations outside of the Auscred group of companies. This may include:
your joint applicants, co-applicants or guarantors;
your representatives or advisers (e.g. your solicitors, accountants, conveyancers, builders, agents);
our professional advisers, including our accountants, auditors, and lawyers;
organisations who manage our business, marketing and corporate strategies and/or sponsors or promoters of any competition that we conduct to promote our services;
credit providers, funders, agents, Australian Banks, and non-bank lenders (e.g. for credit-related purposes such as credit approval, credit-worthiness, credit rating, credit provision and financing) including Adelaide Bank, ANZ Bank, Bankwest and Pepper Money;
CRBs and fraud-checking agencies;
our related entities (e.g. the Auscred group of companies, and their respective partnerships, joint venture entities, agents, contractors or external service providers for the operation of their business);
our referral partners, business partners or joint venture partners;
providers of credit, financial, or insurance services;
mortgage insurers and title insurers;
other comparison sites, mortgage brokers, or providers of investment finance, or credit (where legal for us to do so);
the police or other relevant authorities or enforcement bodies;
government and regulatory authorities or organisations (such as our External Dispute Resolution Scheme or ASIC, as required or authorised by law); and/or
internet service providers or network administrators (for example, if we have reason to suspect you have committed a breach of our terms and conditions or have otherwise been engaged in any unlawful activity and we reasonably believe such disclosure is necessary).
We may use external organisations for customer enquiries; mailing operations; billing and debt-recovery functions; information technology services; marketing and telemarketing market research; and website usage analysis. This means we disclose your personal information to them.
You expressly consent to us providing your information to the persons or organisations above for our primary credit activities or secondary purposes.
Your personal information is disclosed to these organisations only in relation to us providing our services to you. We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information.
Where your personal information is provided to a lender for the purpose of a loan application, you should know that the lender may list a credit enquiry on your credit file, and will be required to report certain details about your credit information to CRBs under the Comprehensive Credit Reporting (CCR) regime.
Transfer of information overseas
In order to supply you with the best service possible, we may transfer personal information we have collected about you to someone in a foreign country, but only if permitted to do so under the Australian Privacy Principles.
Some of the above external organisations and entities may be located outside of Australia. You should note that while they will often be subject to confidentiality or privacy obligations, they may not always follow the particular requirements of Australian privacy laws. Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.
The Auscred group of companies has service providers based in in the Philippines, whose role is to assist in processing and reviewing credit applications.
We do not utilise offshore personnel for the purposes of marketing or sales. We will not share any of your credit information with a credit reporting body, unless it has a business operation in Australia.
Sometimes people share information (including sensitive information) with us we have not sought out. This could be through using our website or, for example, requesting us to assess or assist in a hardship application.
If we receive unsolicited personal information (including sensitive information) about you, we will determine whether we would have been permitted to collect that information. If yes, then we will handle this information the same way we do with other information that we seek from you. If we determine that we would not have been permitted to collect that information, and the information is not contained in a Commonwealth record, then we will destroy or de-identify it as soon as practicable, but only if it is lawful and reasonable to do so. Often, it is not possible for us to neatly unbundle this information then destroy or de-identify only certain sections or parts of it, and we may need to store this information for future use, such as to help resolve disputes between us or assess future applications by you.
We have many security safeguards in place to protect the information from interference, misuse, loss, unauthorised access, modification or disclosure.
Sharing with CRBs
We will disclose information about you to a CRB when you are applying for credit, you have obtained credit from us, or if you guarantee or are considering guaranteeing the obligations of another person to us. When we give your information to a CRB, it may be included in reports that the CRB gives other organisations (such as other lenders) to help them assess your credit worthiness. Some of that information may reflect adversely on your credit worthiness, for example, if you fail to make payments or if you commit a serious credit infringement (like obtaining credit by fraud). That sort of information may affect your ability to get credit from other lenders.
We take pride in the products and services that we offer. And we love keeping you informed as to the best offers in the credit and financial market place. However, first and foremost we respect your privacy and understand that not everyone wants to be contacted regarding sales and marketing.
If you do not wish to be contacted by Lendi, we invite you to contact us via email@example.com and we will remove you from our call and email lists.
We may conduct marketing activities (provide Marketing Services) via email, telephone, SMS, IM, mail, or any other electronic means. We may also market our products to you through third party channels (such as social networking sites). We will always let you know that you can opt out from receiving our third-party marketing. Where we market to prospective customers, we will always provide an easy way to opt-out.
With your consent, we may disclose your personal information to third parties such as brokers or agents, or for the purpose of connecting you with other businesses or customers. You can ask us not to do this at any time. We will never sell your personal information to any external organisation. We will not use or disclose sensitive information about you for direct marketing purposes unless you have consented to that kind of use or disclosure.
You can let us know at any time if you no longer wish to receive direct marketing offers from Lendi by emailing your request to firstname.lastname@example.org. We will process your request as soon as we can.
Cookies and web beacons
We generally use this information to report statistics, analyse trends, administer our services, diagnose problems and target and improve the quality of our products and services.
A web beacon is typically a transparent graphic image invisible to the user that is placed on a website. The use of a web beacon allows the website to record the simple actions of the user (such as opening the page that contains the beacon) through a tracking pixel. We may use web beacons (and cookies) for purposes such as site usage analytics, advertising auditing and reporting, as well as content and "advertising/marketing personalisation". We may share any data collected from web beacon (and cookies) with third parties to provide you with relevant advertising when browsing Third-Party networks and websites (Third-Party Websites) such as Google and Facebook.
Information from third parties
Our website may contain links to Third-Party Websites (e.g. third-party providers of goods and services). We make no representations or warranties in relation to the privacy practices of any Third Party Website and we are not responsible for the privacy policies or the content of any third-party website. Third-Party Websites are responsible for informing you about their own privacy practices. If you accessed Third-Party Websites through our website and if those third parties collect information about you, we may also collect or have access to that information as part of our arrangements with those third parties.
Where you access a Third-Party Website from our website, cookie and web beacon information, information about your preferences or other information you have provided about yourself may be shared between us and the third party.
Advertising and tracking
Using our website to compare and choose loans
When you use our website, any of our online tools, or any of our online platforms to compare or choose loans, we may share your personal information with our lenders, referral partners, business partners and joint venture partners to assist you in the loan financing process. This is to enable us to provide services such as the "approval confidence rating" so you can enjoy a level of confidence about whether a proposed loan application is likely to be successful. The information we may share include any of your personal information (such as your age), but in particular, the information may include matters relating to your income, expenditure, assets, liabilities, and your Credit Reporting Information and any similar information to enable the making of an assessment to provide the rating. Our lender partners with whom we may share your personal information in order to provide you with a rating include Bankwest, Pepper, ANZ Bank, Adelaide Bank. Our lender partners have safeguards in place to protect the information and they are not permitted to use the information for purposes other than to provide a rating.
When you send a completed online application to us, we retain the information contained in that application. We are able to then use that information to provide any services that you require. You may also be able to suspend and save online applications, so you can complete and send the applications at a later time. If you suspend or save your application, the information that you have entered will be retained in our systems so that you may recover the information when you resume your application. Online applications that have been suspended or saved may be viewed by us.
By providing your email address and then clicking submit on any online form, application, calculator, tool or query, you consent to receiving notices and other documents from us by email to the email address provided, and you understand that that if you give this consent: we may no longer send you paper copies of notices and other documents; you should regularly check your email address for documents; and you may withdraw your consent to receiving documents by email at any time. You also confirm that you have the facilities to print any notice or document that we send you by email, if required.
We take all reasonable precautions to ensure that the personal information we collect, hold, use and disclose is accurate, complete and up-to-date. However, the accuracy of that information depends to a large extent on the information you or others provided to us. If you wish to make any changes to correct your personal information, please contact us at email@example.com.
We will generally rely on you to assist us in informing us if the information we hold about you is inaccurate or incomplete. You may request access to the personal information we hold about you by contacting us. We will respond to your request within a reasonable period. We will give access in the manner you have requested if it is reasonable to do so. We may charge you a fee to access the information. The fee will not be excessive and will not apply to the making of the request. We may deny you access to your personal information in certain circumstances, for example, if required or authorised by or under an Australian law or a court/tribunal order, or it would be likely to prejudice enforcement related activities by an enforcement body, if granting access would interfere with the privacy of others, or if it would result in a breach of confidentiality. If we decide not to give you access, we will provide reasons for the refusal and information on how you can complain about the refusal.
Storage and security
We store information in different ways, including in paper and electronic form.
The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are: confidentiality requirements of our employees; document storage security policies; security measures for access to our systems; only giving access to personal information to a person who is verified to be able to receive that information; control of access to our buildings; and electronic security systems, such as firewalls and data encryption on our websites.
We take protecting the security of your personal information seriously. We have a response plan that is designed to enable us to contain, assess and respond to suspected data breaches in a timely fashion, and to help mitigate potential harm to affected individuals.
We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from anywhere via an internet connection, it is not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed here or those we referred to from time. In addition to the above, we also regularly review developments in security and encryption technologies. However, it is important to remember that the use of email and the internet may not always be secure, even with these safeguards in place.
When we no longer require your information, and we are legally permitted to, we take reasonable steps to destroy or de-identify the information. However, sometimes it is impossible or impractical to completely isolate the information then completely remove all traces of the information, and we may store the information for future use, such as to help resolve disputes between us or assess future applications by you. The same security safeguards will be in place to protect the information, as detailed in this Policy.
Doing business without identifying you
In most circumstances, it will be necessary for us to identify you in order to successfully do business with you. However, where it is lawful and practicable to do so, we will provide you with the option to remain anonymous or to use a pseudonym, for example, when you make general inquiries about our business or current promotional offers. We do not adopt a government related identifier (such as your tax file number or your driver's licence number) as a means of identifying you.
Complaints and further information
If you have a complaint about how we handle your personal information, we want to hear from you.
Internal Dispute Resolution (IDR)
You are always welcome to contact us to let us know about your complaint at:
Privacy Officer, Lendi
Tel: 1300 323 181
Post: Level 9, 37 Pitt Street, Sydney, NSW 2000
We have a formal procedure for investigating and dealing with privacy breaches or complaints. Once the Privacy Officer receives a complaint, whether it is in writing or by verbal means, the Privacy Officer will commence an investigation with the relevant business unit from which the complaint (including an alleged breach) stemmed. Through the investigation, we will endeavour to determine the nature of the complaint and how it occurred. We may contact you during the process to seek any further clarification if necessary. If a breach is found, the Privacy Officer will escalate the matter to management so that the process can be rectified to prevent any further breaches from taking place. We will also contact you to inform you of the outcome of the investigation. We will endeavour to resolve all investigations within a reasonable time.
By giving us as much information as possible, you will help us resolve things faster. If you have any supporting documentation, please have it handy when you raise your concern(s). We will try to acknowledge your complaint within 5 business days and try to respond to your complaint within 45 days. Where we are unable to do so, we will send you an email or letter advising of the reasons for any delay, and your right to complain to our EDR scheme.
External Dispute Resolution (EDR)
If you are dissatisfied with our Internal Dispute Resolution response, you can make a formal complaint to our External Dispute Resolution provider, the Australian Financial Complaints Authority (AFCA). AFCA can consider certain privacy complaints relating to either the provision of credit or Credit Reporting Information in general. You can contact AFCA on:
Tel: 1800 931 678
Post: Australian Financial Complaints Authority, GPO BOX 3, MELBOURNE VIC 3001
Time limits may apply to complain to AFCA and so you should act promptly or otherwise consult the AFCA website to find out if or when the time limit relevant to your circumstances expires.
Under the Privacy Act, you may make a complaint to the Office of the Australian Information Commissioner (OAIC) about the way we handle your personal information. The OAIC can be contacted at either www.oaic.gov.au or by calling 1300 363 992.
We are constantly reviewing all of our policies and attempt to keep up to date with market expectations, technology, the law and market practices. As a consequence, we may change this Policy from time to time or as the need arises. All personal information held by us will be governed by the most recently updated policy, available on our website (https://www.lendi.com.au/about-us/privacy-policy/) or by request.
We have assumed that all statements of fact are correct, and what is set out in this policy reflects how you actually operate. If this is not the case, the wording must be amended in order for us to provide the privacy opinion.
We have included this wording here so it is very clear that APP 5 has been addressed. APP 5 says you need to take reasonable steps, before, or at the time you collect personal information, either to notify the individual of these matters or to ensure the individual is aware of these matters. (If this is not practicable, reasonable steps must be taken as soon as practicable after collection.)
Consider whether Click Loans should be removed, given it will no longer be an active brand, nor provide credit services.
Please ensure the details are still correct.
don't agree, we progressively collect information about customers "may" is correct
We have refined the wording here so it reflects the wording used by the OAIC.
We also note previous advice given in relation to Auscred not strictly needing a notifiable matters paragraph (as it is not a credit provider), however we understood at the time that Lendi may in the future wish to exchange data with CRBs and will also obtain credit reports. Please review this paragraph (and the paragraph under Sharing with CRBs) to ensure it reflects how you current handle client credit information with CRBs. We also note that Auscred previously informed BankWest that it obtains express consent to share CI with CRBs and we will therefore check this in your consents processes.
We can resend (or extract into the Privacy Opinion) those previous advices, as required.
is this an actual obligation? if not please remove
Please ensure this is still accurate and up-to-date.
We understood that Auscred did not 'exchange' credit information with CRBs but rather obtain information from CRBs? Please ensure this paragraph reflects what you actually do with credit information in practice.
Please ensure this is current and up-to-date.
Please also consider any further secondary purposes or direct marketing that is or might occur.
Please consider whether currently or in the future Auscred will transfer PI to any other overseas jurisdictions.
Also, there is no consent wording here. Consent must be obtained if an APP entity wants to disclose PI to an overseas recipient without complying with APP 8.1, which provides that before an APP entity discloses PI about an individual to an overseas recipient, the entity must take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information – see 8.27 in the OAIC guidelines for APP 8 (here). We have not yet reviewed your consents, which we assume will include the consent to overseas disclosures required. TBC
An APP entity may retain unsolicited personal information if the entity has determined that it could have collected the PI under APP 3, or the PI is contained in a Commonwealth record, or the entity is not required to destroy or de-identify the PI under APP 4.3 because it would be unlawful or unreasonable to do so. This policy explains that there are times Auscred should destroy or de-identify the PI, but it is not possible to do so, and it has security safeguards to protect the PI. This is technically not in line with what APP 4 requires regarding dealing with unsolicited PI, so we could either update the policy to ensure it aligns (and Auscred would need to ensure it can operationalise this), or we can add this as a qualification in the privacy opinion. Please confirm your preferred approach.
phone calls and emails are recorded as a single file it is not reasonable to assume we delete entire interactions for small portions of unsolicited information.
Note that our Privacy Opinion will cover privacy consents including for direct marketing. We will confirm whether the consents are appropriate once that review is completed, and whether or not wording in this section should be enhanced.
As you have used this term previously, we have included it here. Please let us know if we have misunderstood this meaning and use of the term here.
edit for consistency some parts of the policy refer to direct mail
APP 11.2 says an APP entity must take reasonable steps to destroy or de-identify the PI it holds once the PI is no longer needed for any purpose for which the PI may be used or disclosed under the APPs. This requirement does not apply where the PI is contained in a Commonwealth record or where the entity is required by law or a court/tribunal order to retain the PI. This policy explains that there are times Auscred should destroy or de-identify the PI, but it is not possible to do so, and it has security safeguards to protect the PI. As mentioned, this is technically not in line with what APP 4 requires re dealing with unsolicited PI. To be decided how to deal with this.
I'm not sure what the question is; APP 11.33 defines what reasonable steps are and refers to practicality as a consideration. Can you please propose what a re-draft would look like