The privacy of your personal information is important to us at Buzz Financial Pty Ltd ABN 53 613 917 650 (Australian Credit Licence 392439) and its related bodies corporate (we, us and our).
We are committed to protecting your privacy. This policy explains how your personal information will be treated as you access and interact with our organisation and this website.
Open and transparent management of personal information
We will manage personal information, including credit information, in an open and transparent manner. In doing so, we ensure that individuals are notified at the time of collecting their personal information:
- what type of personal information is being collected;
- who that personal information will be disclosed to; and
- how we use that personal information.
We have appointed a Privacy Compliance Officer, who will deal with any queries regarding access to or correction of personal information or any privacy related complaints. The Privacy Compliance Officers can be contacted via email at email@example.com. We ensure all our employees are trained at regular intervals to ensure they understand our obligations under the Privacy Act, including the Australian Privacy Principles.
Anonymity and pseudonymity
Generally we are not able to deal with customers who do not wish to identify themselves. However, where possible and appropriate we will provide information of a general nature to unidentified individuals.
Collection of personal information
We’ve built our websites so that you identify yourself only when you’re ready to learn more about our services, you wish to hear from us, or you wish to receive information from one of our financial services consultants, from other partners and from related companies.
We collect personal information for the following purposes:
- arranging and assessing an application for credit;
- managing credit;
- providing individuals with the products or services they have requested;
- managing our relationship with individuals;
- protecting individuals and ourselves from error or fraud; or
- complying with regulatory requirements.
We may collect sensitive information from individuals when they apply for an insurance related product. We only collect sensitive information directly from the individual and with the individuals consent.
We may also collect sensitive information when it has been provided as part of a loan application. Any sensitive information that is collected in this way is only used for the purpose for which it is provided, and is collected with the individuals consent. Where possible, we collect personal information directly from the individual.
Unsolicited personal information
If we receive unsolicited personal information we will determine whether we could have collected that personal information by lawful and fair means, and whether it is related to one of the purposes of collecting personal information above. We will do this by looking at our relationship with the individual and whether the personal information relates to our relationship with them.
If we could not have collected the personal information by lawful and fair means, or the personal information does not relate to one of our purposes for collecting the personal information, we will destroy the personal information.
Sensitive information is any information about a persons racial or ethnic origin, political opinion, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health information.
We will not ask you to disclose sensitive information, but if you elect to provide sensitive information it will also be captured and stored.
Notification of the collection of personal information
When we first collect personal information from an individual we will notify them that we have collected their personal information. We will require the individual to sign a notification and consent form detailing how we will use and disclose their personal information. This notification will provide the individual with information about:
- the purposes of the collection of their personal information and credit information;
- those entities that we usually disclose personal information or credit information to;
- what happens if the individual chooses not to provide us with personal information;
- direct marketing that may be undertaken by us or any related companies;
- when we are required to collect personal information under an Australian law, such as the National Consumer Credit Protection Act (Cth) 2009 or the Anti-Money Laundering and Counter Terrorism Financing Act (Cth) 2006;
- any disclosure of personal information that we make to an overseas entity.
If we know that as part of our relationship with the individual we will disclose their personal information to another identifiable entity, such as a specific lender, we will notify the individual of the following matters at the time we first collect their personal information:
- the identity and contact details of that organisation;
- why their information may be disclosed to the organisation.
Use or disclosure of personal information
The purpose of collecting an individuals personal information will be outlined in the notification and consent received by the individual.
If during our relationship with the individual we wish to use an individual’s personal information for an additional purpose, we will obtain their consent unless the purpose is related to the primary purpose or we are permitted under law to do so.
Keeping you updated
We may use or disclose your personal information to provide you with current information about finance, offers you may find of interest, changes to our organisation, or new products and services offered by us or any company with whom we are associated. You can contact us at any time if you no longer want us to do this, see our Contact us details below.
In all our direct marketing communications we will provide a prominent statement about how an individual can elect not to receive direct marketing. If the direct marketing communication is an email we will provide an unsubscribe function within the email.
We will keep appropriate records to ensure those individuals that have made requests not to receive direct marketing communications do not receive them. We do not apply a fee to unsubscribe from direct marketing communications.
We do not sell personal information. We do not use sensitive information for the purpose of direct marketing.
If we purchase personal information for the purposes of direct marketing we will conduct appropriate due diligence to ensure appropriate consents from the individuals have been obtained.
Cross-border disclosure of personal information
We may use cloud storage and IT servers that may be located overseas to store the personal information we hold.
Adoption, use or disclosure of government related identifiers
We do not use government related identifiers to identify individuals. We may receive tax file numbers in the course of assessing an application for credit; however, we do not use or disclose tax file numbers for any purpose.
Quality of personal information
We rely on individuals to help us to ensure that their personal information is accurate, up-to-date and complete. You may change your applicant details online while you are on our websites, or in conversation with our consultants. You may also update your details at any time before a loan settles by calling our offices or contacting us. We are as keen as you are to ensure that our information about you is accurate.
If we become aware that personal information is inaccurate, out-of-date or incomplete, such as when mail is returned, we will update our systems accordingly.
Security of personal information
The security of your information is very important to us. We store information in different ways, including in paper and electronic form.
We regularly review developments in security and encryption technologies. Unfortunately, no data transmission over the internet can be guaranteed as totally secure.
We take all reasonable steps to protect the information in our systems from misuse, interference, loss, and any unauthorised access, modification or disclosure.
If we no longer require your information, and we are legally permitted to, we will take all reasonable steps to destroy or de-identify the information.
We take reasonable steps to preserve the security of cookie and personal information in accordance with this policy. If your browser is suitably configured, it will advise you whether the information you are sending us will be secure (encrypted) or not secure (unencrypted).
We take reasonable steps to protect your personal information, these include:
- confidentiality requirements for our employees;
- document storage security policies;
- security measures for systems access;
- providing a discreet environment for confidential discussions;
- only allowing access to personal information where the individual seeking access has satisfied our identification requirements;
- access control for our buildings; and
- electronic security systems in place for our website, including the use of encrypted passwords and data, firewalls and expert monitoring.
Any paper records are only accessible to employees and others as they are needed. We will usually destroy personal information that is held electronically and in paper form ten years after our relationship with the individual ends. We will do this by shredding paper copies and deleting electronic records containing personal information about the individual or permanently de-identifying the individuals within those records.
Access to personal information
Individuals may request access to any personal information that we hold about them. We will not charge an individual for requesting access to their personal information.
We will verify the individuals identity prior to disclosing any personal information.
When an individual requests access to their personal information we will conduct a search of our customer relationship database. This search will also indicate if there are any paper records that contain personal information.
Providing we contact you, your call may be monitored or recorded for coaching and training purposes.
We will not give access to the personal information that we hold about an individual where it is unreasonable or impracticable to provide access, or in circumstances where the request would likely:
- pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- unreasonably access the privacy of other individuals;
- be frivolous or vexatious;
- relate to anticipated legal proceedings, and the correct method of access to personal information is by the process of discovery in those legal proceedings;
- reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- be unlawful or in breach of an Australian law;
- prejudice the taking of appropriate action in relation to a matter where unlawful activity or misconduct that relates to our functions or activities;
- prejudice an enforcement related activities of an enforcement body (such as ASIC); or
- reveal commercially sensitive information.
When we receive a request for access we will usually respond to the individual within 7 days. However, depending on the nature of the request we may provide the personal information when the request is made.
If the individual is requesting a large amount of personal information or the request cannot be dealt with immediately, then after we have investigated the request for access we will advise the individual what personal information we hold and provide details of that personal information.
We will comply with all reasonable requests by an individual to provide details of the personal information that we hold in the requested format.
If we do not provide access to the information we will provide written reasons setting out why we do not believe we need to provide access. We will also advise the individual they can access our Internal Dispute Resolution (IDR) and External Dispute Resolution (EDR) schemes if they are dissatisfied with a decision not to provide access to personal information.
Correction of personal information
If we hold personal information about an individual and we are reasonably satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading, or we receive a request to correct the information, we will take reasonable steps to correct the information.
If we correct personal information that we have previously disclosed, we will take reasonable steps to notify the entity to which we disclosed the information of the correction. We may not always make corrections to an individuals personal information. When we do not make requested corrections, we will provide reasons for our refusal to make the correction and provide details of our IDR and EDR procedures.
If, after notifying the individual of our refusal to correct personal information, the individual requests us to issue a statement on the record that contains the personal information; we will take reasonable steps to do so.
Advertising and tracking
When you view our advertisements on a Third Party website, the advertising company uses ‘cookies’ and in some cases ‘web beacons’ to collect information such as:
- the server your computer is logged onto;
- your browser type;
- the date and time of your visit; and
- the performance of their marketing efforts.
When you access our website after viewing one of our advertisements on a Third Party website, the advertising company collects information on how you utilise our website (for example, which pages you view) and whether you complete an online application.
A cookie is a small text file placed on your computer by our web page server. A cookie can later be retrieved by our webpage servers. Cookies are frequently used on websites and you can choose if and how a cookie will be accepted by configuring your preferences and options in your internet browser.
- To allow our matching process to be completed. The cookies used here are transient cookies, sometimes called session cookies. These cookies are not stored on your computers hard disk, cannot be linked to applicant details or subscriber details, and are discarded when you finish the matching process, or if you have left the loan-matching process alone for more than 30 minutes. We cannot use any information from these cookies to find out anything about you. Without them, we cannot complete the loan-matching process.
- To record usage details primarily, how many times a visitor has been to our site before. The cookies used here are persistent cookies that remain on your hard disk for a year after your visit our sites. They contain no information that could be read by any other user of your computer. These persistent cookies ensure that no user receives an exit survey twice, and help us make our sites easier to use for both new users and those who are familiar with our sites. However, if you disable persistent cookies in your browser, you can still use our sites.
- to allocate a unique number to your internet browsers;
- to customise our website for you;
- for statistical purposes;
- to identify if you have accessed a Third Party Website; and
- for security purposes.
We do not generally disclose personal information obtained from cookies to overseas entities in the course of our activities.
Your IP address is the identifier for your computer when you are using the internet. It may be necessary for us to collect your IP address for your interaction with various parts of our website.
Online assessment requests
When you send a completed online assessment request to us, we retain the information contained in that request. We are able to then use that information to provide any financial services that you require.
We are a member of the Credit & Investments Ombudsman (CIO), previously known as Credit Ombudsman Services Limited. If you have been unable to resolve your complaint to your satisfaction, you can refer your complaint to CIO by visiting their website www.cio.org.au or phoning 1800 138 422.