1. YOUR PRIVACY
1.1 We respect your personal information, and this Privacy Policy explains how we handle it. The policy covers InvestorKit Pty Ltd (ACN 625 882108) (“us” or “we”).
1.2 This Policy also includes our credit reporting policy, that is, it covers additional information on how we manage your personal information collected in connection with a credit application, or a credit facility. We refer to this credit-related information below as “credit information”.
2. THE PERSONAL INFORMATION WE COLLECT
2.1 General information
The types of information that we collect and hold about you include:
(a) ID information such as your name, postal or email address, telephone and fax numbers, and date of birth;
(b) other contact details such as social media handles;
(c) financial details such as your tax file number or ABN;
(d) Internet Protocol (IP) addresses;
(e) common technologies such as cookies and web beacons; and
(f) other information we think is necessary.
2.2 When the law authorises or requires us to collect information
We may collect information including personal information about you because we are required or authorised by law to collect it. For example, we require personal information to verify your identity under Australian Anti-Money Laundering law.
2.3 What do we collect through your website activity?
(a) If you’re an internet customer of ours, we monitor your use of internet services to ensure we can verify you and can receive information from us and to identify ways we can improve our services for you.
(b) If you start but don’t submit an on-line application, we can contact you using any of the contact details you’ve supplied to offer help completing it. The information in applications will be kept temporarily then destroyed if the application is not completed.
(c) We also know that some customers like to engage with us through social media channels. We may collect information about you when you interact with us through these channels. However, for all confidential matters, we’ll ensure we interact with you via a secure form of communication.
(d) To improve our services and products, we sometimes collect de- identified information from web users. That information could include IP addresses or geographical information to ensure your use of our web applications are secure.
3. HOW WE COLLECT PERSONAL INFORMATION
3.1 Collecting and holding to your information
(a) Unless it’s unreasonable or impractical, we will try to collect personal information directly from you (referred to as “solicited information”). For this reason, it’s important that you help us keep your contact details up-to-date.
(b) There are a number of ways we may seek information from you, and we might collect your information when you:
(i) fill out a form with us;
(ii) give us a call;
(iii) use our website; or
(iv) communicate with us by other electronic means, such as email, SMS, or any other communication software or application.
3.2 How we collect your information from other sources
(a) Sometimes, we will collect information about you from other sources as permitted by the Privacy Act 1988 (Cth).
(b) We will do this only if it’s reasonably necessary to do so, for example, where:
(i) we collect information from third parties about the loan or property made available to you arising out of the services we provide you;
(ii) we contact you and we rely on public information (for example, from public registers or social media) or made available by third parties to update your contact details; or
(iii) we exchange information with your legal or financial advisers or other representatives.
3.3 What if you don’t want to provide us with your personal information?
If you do not provide your information to us, we may not be able to provide you with our services, including:
(a) give you the credit assistance you seek from us;
(b) to assist in finding a loan or property relevant to your circumstances;
(c) verify your identity or protect against fraud; or
(d) to let you know about other products or services that might be suitable for your financial or investment needs.
3.4 How we collect and hold your credit information
(a) We will collect your credit information in the course of you answering the enquiries we make of you relating to the credit assistance you seek from us.
(b) In addition to what we say above about collecting information from other sources, other main sources for collecting credit information are:
(i) your co-applicants or co-borrowers for loan applications;
(ii) your guarantors/proposed guarantors;
(iii) your employer, legal representative, accountant, or other referees;
(iv) your agents and other representatives such as the person or organisation who referred your business to us;
(v) organisations that help us to process credit applications;
(vi) organisations that evaluate the security or collateral you are offering (e.g. valuers);
(vii) bodies that issue identification documents to help us check your identity; and
(viii) our service providers involved in helping us to process any application you make for credit through us.
3.5 What do we do when we get information we didn’t request?”
(a) Sometimes, other organisations share information with us we did not request (referred to as ‘unsolicited information’).
(b) If we receive unsolicited personal information about you, we will check whether that information is reasonably necessary for our functions or activities. If it is, we’ll handle this information the same way we do with other information we request from you. If not, we’ll ensure that we destroy or de-identify the unsolicited information.
3.6 When will we notify you that we have received your information?
(a) When we receive personal information from you directly, we’ll take reasonable steps to notify you (including directing you to this privacy policy on our website):
(i) how and why we collected your information;
(ii) who we may disclose your information to;
(iii) outline how you can access it;
(iv) how to request a correction of your information; or
(v) make a complaint regarding how your information is handled.
(b) Sometimes we collect your personal information from third parties, and you may not be aware that we have done so. If we collect information that can be used to identify you, we will take reasonable steps to notify you of that collection.
3.7 How do we take care of your personal information?
(a) We store information in different ways, including in paper and electronic form.
(b) The security of your personal information is important to us and we take reasonable steps to protect it along with other data from misuse, interference, loss, and from unauthorised access, modification, disclosure, or destruction.
(c) Some of the ways we ensure that your personal information is secure are:
(i) internal document storage security policies and reviews;
(ii) ensuring appropriate encryption as necessary;
(iii) security measures for access to our systems;
(iv) other physical security measures to guard against unauthorised access; and
(v) only giving access to personal information to a person who is verified and authorised to receive that information.
(d) We may store personal information physically or electronically with third party data storage providers. If we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict how they can use that information.
3.8 What happens when we no longer need your information?
(a) We’ll only keep your information for as long as we require it for our purposes or if required by law.
(b) When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.
(c) You acknowledge that in the event personal information is deleted, residual copies may not be immediately deleted and remain on our active servers for some time, and may remain in our backup servers.
4. HOW WE USE PERSONAL INFORMATION
4.1 What are the main reasons we collect, hold, and use your information?
Collecting your personal information allows us to provide you with the products and services you’ve asked for. This means we can use your information to:
(a) give you credit assistance, including assisting you in your credit applications;
(b) give you information about loan products or related services including help, assistance, and guidance;
(c) consider whether you are eligible for a loan;
(d) assist you to prepare an application for a loan;
(e) search and inspect properties on your behalf;
(f) if necessary, negotiate or bid on properties on your behalf;
(g)provide learning tools and information regarding property;
(h) any related service you requested including identifying or verifying you or your authority to act on behalf of another person or organisation;
(i) administer services we provide, for example, to answer requests or deal with complaints; and
(j) administer payments we receive, or any payments we make when we provide our services.
4.2 Using your information for marketing our products and services?
(a) We may use or disclose your personal information to let you know about other products or services we or a third party makes available and that may be of interest to you.
(b) We will always give you the option to opt out from receiving marketing offers. You can notify us at any time if you no longer wish to receive direct marketing offers from us, and we will process your request as soon as possible.
(c) With your consent, we may disclose your personal information to third parties for the purpose of connecting you with other businesses or customers. Using our forms, purchasing a product/service and signing our engagement agreement may be deemed as marketing consent. You can request us not to do this at any time.
(d) We do not sell your personal information to any organisation.
4.3 What are the other ways we use your information?
We may use your personal information for the following purposes unless you request us not to:
(a) telling you about other products or services we make available and that may be of interest to you, unless you tell us not to;
(b) identifying opportunities to improve our services to you;(c) allowing us to run our business efficiently and perform general administrative tasks;
(d) preventing any fraud or crime or any suspected fraud or crime;
(e) as required by law, regulation or codes which are binding on us; and
(f) any purpose which you have provided consent.
5. HOW WE SHARE PERSONAL INFORMATION
5.1 To ensure that we provide you with our services that has been requested by you, we may need to share your personal information with other organisations for any purposes for which we use your information.
5.2 Sharing with your representatives and referees
In order to confirm details about you, we may share your information with:
(a) your representative or any person acting on your behalf (for example, lawyers, accountants, agents, spouse or relative, authorised officer); and
(b) your referees, like your employer.
5.3 Sharing with third parties
We may share your information with third parties in relation to the services we provide to you, and those third parties may include:
(a) the mortgage aggregator through whom we may submit loan or lease applications to lenders;
(b) the Australian Credit Licence holder that authorises us to engage in credit activities;
(c) lenders, lender’s mortgage insurers, and other loan or lease intermediaries;
(d) real estate agents marketing properties for sale;
(e) individuals and organisations that referred your business to us; (f) valuers;
(g) organisations, like fraud reporting agencies, that may identify, investigate and/or prevent fraud, suspected fraud, crimes, suspected crimes, or other misconduct;
(h) government or regulatory bodies (including ASIC and the Australian Taxation Office) as required or authorised by law. In some instances, these bodies may share the information with relevant foreign authorities;
(i) guarantors and prospective guarantors of your loan;
(j) service providers, agents, contractors and advisers that assist us to conduct our business for purposes including, without limitation, storing or analysing information;
(k) with your knowledge, any organisation that wishes to take an interest in our business or assets; and
(l) any third party to which you consent to us sharing your information.
5.4 Sharing outside of Australia
(a) We endeavour to avoid the disclosure of your information to organisations overseas. However, for marketing and operational purposes, some data may be processed overseas by InvestorKit’s vendors. This includes platforms that are GDPR compliant, such as: Google Workspace, Google Analytics, Ortto.com, Attio.com, JustCall.com, CrazyEgg.com, DigitalOcean, Amazon Web Services,
(b) We may, however, store your information in the cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held.
6. ACCESS YOUR PERSONAL INFORMATION
6.1 How you can generally access your information
(a) We will give you access to your personal information unless there are certain legal reasons why we cannot.
(b) You can ask us in writing to access your personal information that we hold. If are able to confirm your identity by asking you certain security questions, we may be able to deal with your request over the phone.
(c) We will give you access to your information in the form you request if it’s reasonable and practical.
(d) We may charge you a small fee to cover our costs when giving you access, but we’ll always notify you of the fees before granting access.
6.2 Refusing Access
(a) By law, we’re not always required to give you access to your personal information, and some of the situations where we don’t have to give you access may include:
- (i) we believe there is a threat to life or public safety;
- (ii) there is an unreasonable impact on other individuals;
- (iii) the request is frivolous;
- (iv) the information wouldn’t be ordinarily accessible because of legal proceedings;
- (v) it would prejudice negotiations with you;
- (vi) denying access is required by a court or tribunal order;
- (vii) it would be unlawful;
- (viii) it would jeopardise taking action against serious misconduct by you;
- (ix) it would be likely to harm the activities of an enforcement body (e.g. the police); or
- (x) it would harm the confidentiality of our commercial information.
(b) If we can’t provide your information in the form you’ve requested, we will tell you why in writing. If you have concerns, you can send us a complaint in writing by email – see our ‘Contact Us’ page.
Removal of Personal Information
In all instances, you have the right to request to have information removed from our direct marketing and where physically and technically possible, our vendor/sub-processors database in accordance to section 5.3, 6.2, 7.1.
7. CORRECTING YOUR PERSONAL INFORMATION
7.1 How we correct your information
Contact us if you think there is something wrong with the information we hold about you and we’ll try to correct it if it’s:
(a) inaccurate; (b) out-of-date; (c) incomplete; (d) irrelevant; or (e) misleading.
7.2 If you are concerned that we have given incorrect information to others, you can request us to inform them about the correction. We’ll assist if necessary, and if we are unable to do so, then we’ll inform you in writing.
7.3 Managing correction of credit information
(a) If there is an error on your credit information by us or someone else, we will assist you in requesting the information to be corrected. However, the most efficient way for you to make a correction is requesting the correction directly from the organisation which made the mistake.
(b) If we are able to correct the information, we’ll let you know within five (5) business days of deciding that correction.
(c) We’ll inform the relevant third parties of the correction and any other organisation you request us to inform. If there are any instances we are unable to do this, then we’ll inform you in writing.
(d) If we’re unable to correct your information, we’ll provide a written explanation within five (5) business days of making this decision.
(e) If you have any concerns, you may contact our office in order to try and resolve the dispute, and if that fails, you may make a complaint to the Office of the Australian Information Commissioner.
(f) If we agree to correct your information, we’ll do so within 30 days from the date of your request, or a longer period that’s been agreed by you.
(g) If we can’t make corrections within a 30 day time frame or the agreed time frame, we will:
(i) inform about the delay, the reasons for the delay and when we expect to resolve the matter;
(ii) request that you agree in writing to give us more time; and
(iii) inform you that you can make a complaint to our office (where we can try and resolve your complaint internally), or the Office of the Australian Information Commissioner.
8. COMPLAINTS
8.1 If you have a complaint about how we handle your personal information, we want to hear from you and you are always welcome to contact us.
8.2 You may contact us at:
Email: [email protected]
Phone: 1300 119 796
Post: Level 13/50 Carrington St, Sydney, 2000 NSW, Australia
8.3 We are committed to resolving your complaint and doing the right thing by our customers. Most complaints are resolved quickly, and you should hear from us within five (5) business days.
8.4 Need more help?
If you still feel your issue hasn’t been resolved by us to your satisfaction, then you can raise your concern with the Office of the Australian Information Commissioner:
Online: www.oaic.gov.au/privacy
Phone: 1300 363 992
Email: [email protected]
Fax: (02) 9284 9666
Mail: GPO Box 5218, Sydney, NSW 2001 or GPO Box 2999, Canberra, ACT 2601
8.5 If your complaint relates to how we handled your access and correction requests, you may take your complaint directly to the Office of the Australian Information Commissioner. You are not required to let us try and resolve it first.
8.6 If you make a complaint about things in relation to your credit information (other than an access request or correction request), we will let you know how we will deal with it within seven (7) days.
8.7 If we can’t resolve things within 30 days, we’ll let you know why and how long we estimate it will take. We will also ask you for an extension of time to resolve your issue. If you have any concerns, you may make a complaint to the Office of the Australian Information Commissioner.
8.8 We’ll inform you about our decision within 30 days or any longer agreed time frame. If you have any concerns, you may make a complaint to our office or the Office of the Australian Information Commissioner.
9. CONTACT US
9.1 We care about your privacy and welcome your feedback, so please contact us if you have any questions or comments about our privacy policies and procedures.
9.2 You can contact us by using the details below:
Email: [email protected]
Phone: 1300 119 796
Post: Level 3.06/33 Lexington Drive, Bella Vista, NSW, 2138, Australia
9.3 What if you want to interact with us anonymously or use a pseudonym?
(a) If you have a question that is a general enquiry, you can choose to do this anonymously or use a pseudonym.
(b) We might not always be able to interact with you this way as we are often governed by regulations that require us to know whowe’re dealing with.
(c) In general, we won’t be able to deal with you anonymously where you are using a pseudonym when it is impractical, or we are required or authorised by law or a court/tribunal order to deal with you personally.
9.4 What do we do with government-related identifiers?
In certain circumstances we may be required to collect government- related identifiers such as your tax file number. We will not use or disclose this information unless we are authorised by law.
10. CHANGES TO THIS PRIVACY POLICY
10.1 This policy may change and we will let you know of any changes to this policy by:
(a) posting a notification on our website;
(b) correspondence by post or e-mail; or
(c) you may contact us for a copy of the most up to date policy at any time.