this privacy policy explains how automotive lease packaging pty ltd “alp” t/as fingo finance (abn 12 094 720 804), and our related bodies corporate (‘we’, ‘us’, ‘our’) manage personal information in compliance with the privacy act 1988 (cth) and the australian privacy principles.
personal information means information or an opinion about an identified individual, or an individual who is identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
credit information about identifiable individuals is a form of personal information. this privacy policy also includes information about rights in relation to credit-related information, including access and correction, and what can happen if we provide information to a credit reporting body (‘crb’). in this privacy policy, credit-related information also includes credit information, credit eligibility information and credit provider (cp) derived information as those terms are defined in the privacy act.
we manage personal information, including credit information, in an open and transparent manner.
we have appointed a privacy compliance officer, who will deal with any queries regarding access to or correction of personal information, including credit information, or any privacy-related complaints. we ensure all our employees are trained at regular intervals to ensure they understand our obligations under the privacy act, including the australian privacy principles.
copies of this privacy policy are available free of charge on request and in a suitable format. this privacy policy is also available on our website.
generally, we are not able to deal with customers who do not wish to identify themselves. however, where possible and appropriate we will provide information of a general nature to unidentified individuals
the types of personal information that we collect depends on our relationship with the individual. in respect of loan applicants, we generally collect personal information about individuals who are loan applicants at different stages and in different ways. in particular, during the application for a loan we usually collect personal information from the applicant’s broker or other representative. later, during the credit approval process, we collect personal information from other lenders, credit providers and crbs. after the loan has been approved, we may collect additional personal information directly from the loan applicant (who would then be our client).
in respect of applicants for novated leases, we generally collect personal information about individual applicants from the applicant, their employer and salary packaging companies. later, during the credit approval process, we collect personal information from other lenders, credit providers and crbs.
if we are not able to collect the information sought, we may be unable to process an application for a loan or a novated lease, or we may be limited in the other services or assistance we can offer to the applicant or client.
in some circumstances we are also required to collect information in accordance with laws that apply to our business:
at the application stage, we obtain a broad range of personal information from the authorised representative or broker of loan applicants, which is necessary to enable us to consider each applicant’s eligibility for a loan and the administration of the loan.
that personal information includes:
in the course of processing loan applications, we may collect personal information from a range of other entities including lenders, credit providers and crbs. that personal information may include:
if we obtain credit-related information about an applicant from a crb, we may derive information from it that has a bearing on the applicant’s creditworthiness or could be used in establishing the applicant’s eligibility for credit. this may include information such as credit scores and assessments which we generate from the information that we receive.
once the applicant has settled their loan and become our client, we may also collect personal information in certain instances such as where the client is experiencing difficulties and seeking assistance in servicing the loan. we may also collect the personal information that clients provide to us directly through our websites or indirectly through use of our websites or online presence, or through our client representatives or client surveys. depending on the circumstances, that personal information includes:
at the application stage, we obtain a broad range of personal information about the applicant which is necessary to enable us to consider each applicant’s eligibility for a novated lease and the administration of the novated lease. we obtain all or almost all that personal information from the applicant’s employer and other parties such as salary packaging companies who are assisting the applicant to apply for a novate lease. the personal information that we obtain from third parties includes:
less commonly, we may obtain personal information from the applicant directly in the course of verifying, completing, or updating the personal information obtained from the other sources.
generally, we collect personal information from:
in some cases, we may also collect personal information about individuals through the use of cookies. when individuals access our website, we may send a “cookie” (which is a small summary file containing a unique id number) to an individual’s computer. this enables us to recognise an individual’s computer and to greet them each time they visit our website without bothering them with a request to register. it also enables us to keep track of products or services viewed by the individual so that, if the individual consents, we can send them news about those products or services. we also use cookies to measure traffic patterns, to determine which areas of our website have been visited and to measure transaction patterns in the aggregate. we use this to research our users’ habits so that we can improve our online products and services. if an individual does not wish to receive cookies, the individual can set their browser so that the computer does not accept them.
we may log ip addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users’ movements, and gather broad demographic information.
we collect, hold, use, and disclose personal information for the following purposes:
we also collect, hold, use, and disclose personal information to verify the identity of our applicants and the authenticity of their identification documents. the identification documents may include drivers’ licences, passports, or birth or marriage certificates. we may disclose personal information to organisations and government agencies providing verification services such as ocr labs, the department of home affairs and the state and territory registrars of births, deaths, and marriages. the verification service may also involve the collection of a live photograph of an applicant (generally to be taken by the applicant with their mobile phone camera) and the applicant’s location. the verification service usually involves providing personal information to the organisation or agency and asking for a confirmation about whether the information provided by the applicant matches the relevant records. the verification service may involve the use of third-party systems and services.
we collect, hold, use, and disclose credit-related information for the following purposes for some of the same purposes as those above and, in addition:
we may disclose an individual’s personal information to:
we may combine or share any information that we collect with information collected by any of our related bodies corporate.
individuals are entitled to:
we notify individuals at the time of collecting their personal information that their personal information will be used by us and any companies within our group for the purposes of direct marketing. these direct marketing communications may be sent in various forms, including mail, sms, fax, and email. applicants and clients consent to us sending them those direct marketing communications by any of those methods.
in all our direct marketing communications we will provide a prominent statement about how an individual can elect not to receive direct marketing. if the direct marketing communication is an email, we will provide an ‘unsubscribe’ function within the email.
we will keep appropriate records to ensure those individuals that have made ‘opt-out’ requests not to receive direct marketing communications do not receive them. we do not apply a fee to unsubscribe from direct marketing communications.
we do not sell personal information.
we do not disclose personal information overseas.
we rely on individuals to help us to ensure that their personal information is accurate, up-to-date, and complete.
if we become aware that personal information is inaccurate, out-of-date, or incomplete, such as when mail is returned, we will update our systems accordingly.
all personal information held by us is stored on secure servers in australia. we use a variety of technical and organisational security techniques, including encryption and authentication, to help with the protection and maintain the availability, security, and integrity of individuals’ personal information.
we are committed to protecting individuals’ information through the following measures:
any paper records are held within an office that is locked and security protected at night.
individuals may request to access any personal or credit information that we hold about them. if an individual wishes to access the personal information we hold about them, they may contact us using the contact details provided below. before we provide individuals with access to their personal information, we may require some proof of identity. when contacting us to request access to or correction of any personal information we hold about an individual, we ask that they provide us with as much detail as they can about the information in question as this will help us to retrieve it.
we will not charge an individual for requesting access to their personal or credit information.
when an individual requests access to their personal or credit information we will conduct a search of our customer relationship database. this search will also indicate if there are any paper records that contain personal information.
we will not give access to the personal information that we hold about an individual where it is unreasonable or impracticable to provide access, or in other circumstances permitted by law such as where the request would be likely to have an unreasonable impact on the privacy of others.
when we receive a request for access, we will respond to the individual acknowledging the request with 7 days.
after we have investigated the request for assess we will advise the individual what personal or credit information we hold and provide details of that personal information.
we will comply with all reasonable requests by an individual to provide details of the personal information or credit that we hold in the requested format within 30 days of receiving the request.
if we do not provide access to the information, we will provide written reasons setting out why we do not believe we need to provide access. we will also advise the individual they can access our internal dispute resolution procedures and details of a recognised external dispute resolution scheme of which we are a member if they are dissatisfied with a decision not to provide access to personal information.
individuals have the right to request us to correct the personal information we hold about them. if we hold personal or credit information about an individual and we are reasonably satisfied (having regarded to the purpose of any personal information) that the information is inaccurate, out of date, incomplete, irrelevant, or misleading, or we receive a request to correct the information, we will take reasonable steps to correct the information.
if we correct personal or credit information that we have previously disclosed, we will take reasonable steps to notify the entity to which we disclosed the information of the correction.
we may not always make amendments to an individual’s personal or credit information. when we do not make requested corrections, we will provide reasons for our refusal to make the correction and provide details of our internal dispute resolution procedures and details of a recognised external dispute resolution scheme of which we are a member.
if, after notifying the individual of our refusal to correct personal information, the individual requests us to issue a statement on the record that contains the personal information; we take reasonable steps to do so. we are not required to issue a statement next to any credit information we may hold about the individual.
if an individual believes that their privacy has been breached or that we have not complied with any of our obligations relating to their credit-related information, please contact our privacy officer using the contact information below and provide details of the incident so that we can investigate it.
we request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. our privacy officer deals with privacy complaints and any complaints should be directed to our privacy officer using the contact details below. we will attempt to confirm as appropriate and necessary with the individual their understanding of the conduct relevant to the complaint and what they expect as an outcome. we will inform them whether we will conduct an investigation, the name, title, and contact details of the investigating officer and the estimated completion date for the investigation process.
after we have completed our enquiries, we will contact the individual, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. if we receive a response from the individual, we will assess it and advise if we have changed our view. if the complaint remains unresolved, the individual may refer the matter to the office of the australian information commissioner (the ‘oaic’).
the contact details for the oaic are:
the office of the australian information commissioner
gpo box 5218
sydney nsw 2001
phone: 1300 363 992
website: www.oaic.gov.au
if an individual has any questions about this privacy policy, or any concerns or a complaint regarding the treatment of their privacy or a possible breach of their privacy, they may contact our privacy officer using the details set out below. individuals can write to:
the privacy officer
fingo finance
10-14 cochranes road
moorabbin vic 3189
australia
phone: 1300 134 646
e-mail: [email protected]