Privacy Policy

The types of information that we collect and hold about you could include:

• ID information such as your name, postal or email address, telephone numbers, and date of birth;
• other contact details such as social media handles;
• financial details such as your tax file number;
• health information;
• credit information such as details relating to credit history, credit capacity, and eligibility for credit (‘credit worthiness’); and
• other information we think is necessary.

Information from a credit reporting body

When we are checking your credit worthiness and at other times, we might collect information about you from and give it to credit reporting bodies. This information can include:

ID information: a record of your name(s) (including an alias or previous name), date of birth, gender, current or last known address and previous two addresses, name of current or last known employer and drivers licence number.

Information request: a record of a lender asking a credit reporting body for information in relation to a credit application, including the type and amount of credit applied for.

Default information: a record of your consumer credit¹ payments being overdue.

Serious credit infringement: a record of when a lender reasonably believes that there has been a fraud relating to your consumer credit or that you have avoided paying your consumer credit payments and the credit provider can’t find you.

Personal insolvency information: a record relating to your bankruptcy or your entry into a debt agreement or personal insolvency agreement.

Court proceedings information: an Australian court judgment relating to your credit.

Publicly available information: a record relating to your activities in Australia and your credit worthiness.

Consumer credit liability information: certain details relating to your consumer credit, such as the name of the credit provider, whether the credit provider has an Australian Credit Licence, the type of consumer credit, the day on which the consumer credit was entered into and terminated, the maximum amount of credit available and certain repayment terms and conditions.

Repayment history information: a record of whether or not you’ve made monthly consumer credit payments and when they were paid.²

Payment information: If a lender gave a credit reporting body default information about you and the overdue amount is paid, a statement that the payment has been made.

New arrangement information: If a lender gave a credit reporting body default information about you and your consumer credit contract is varied or replaced, a statement about this.
We base some things on the information we get from credit reporting bodies, such as:

• our summaries of what the credit reporting bodies tell us; and
• credit scores. A credit score is a calculation that lets us know how likely a credit applicant will repay credit we may make available to them.

Information that we get from a credit reporting body or information we derive from such information is known as credit eligibility information.

What sensitive information do we collect?

Sometimes we need to collect sensitive information³ about you, for instance in relation to some insurance applications. This could include things like medical checks, medical consultation reports or other information about your health. Unless required by law, we will only collect sensitive information with your consent.

When the law authorises or requires us to collect information

We may collect information about you because we are required or authorised by law to collect it. There are laws that affect financial institutions, including company and tax law, which require us to collect personal information. For example, we require personal information to verify your identity under Commonwealth Anti-Money Laundering law.

Customer Identification

We may disclose personal information about you to an organisation providing verification of your identity, including CRBs, and organisations such as Document Verification Service which provide on-line verification of your identity. The organisation will give us a report of whether that personal information matches personal and credit information held by the organisation. If we use these methods and are unable to verify your identity in this way we will let you know. We may also use information about your Passport, state or territory driver licence, Medicare card, citizenship certificate, birth certificate and any other identification documents (including documents of a foreign country) to match those details with the relevant registries using third party systems and record the results of that matching.

What do we collect via your website activity?

If you use our online services, we monitor your use of our online services to ensure we can verify you and can receive information from us, and to identify ways we can improve our services for you.

If you start but don’t submit an on-line application, we can contact you using any of the contact details you’ve supplied to offer help completing it. The information in applications will be kept temporarily then destroyed if the application is not completed.

We also know that some customers like to engage with us through social media channels. We may collect information about you when you interact with us through these channels. However for all confidential matters, we’ll ensure we interact with you via a secure forum.

To improve our services and products, we sometimes collect de-identified information from web users. That information could include IP addresses or geographical information to ensure your use of our online services is secure.

We also collect de-identified information if you use one of our Group calculators or other programs. Although the information collected does not identify an individual, it does provide the Group with useful statistics so that we can analyse and improve our online services. For more information on how we use cookies and tracking tags see our Cookies Policy (detailed below).

How do we collect your personal information?

How we collect and hold your information

We understand that your personal information needs to be looked after and isn’t something you leave lying around for just anybody to take. So unless it’s unreasonable or impracticable, we will try to collect personal information directly from you (referred to as ‘solicited information’). For this reason, it’s important that you help us to do this and keep your contact details up-to-date.

There are many ways we seek information from you. We might collect your information when you fill out a form with us, when you’ve given us a call or used our websites. We also find using electronic means, such as email or SMS, a convenient way to communicate with you and to verify your details.⁴

How we collect your information from other sources

Sometimes we collect information about you from other sources. We do this only if it’s necessary to do so. Instances of when we may need to include where:

• we can’t get hold of you and we rely on publicly available information to update your contact details;
• we need information from an insurer about an insurance application you make through us;
• we are checking the security you are offering through public registers and our service providers; and
• at your request, we exchange information with your legal or financial advisers or other representatives.

What if you don’t want to provide us with your personal information?

If you don’t provide your personal information to us, we may not be able to:

• provide you with the product or service you want;
• manage or administer your product or service;
• verify your identity or protect against fraud; or
• let you know about other products or services from across the Group that might better meet your financial, e-commerce and lifestyle needs.

How do we take care of your personal information?

We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:

• confidentiality requirements of our employees;
• document storage security policies;
• security measures for access to our systems;
• only giving access to personal information to a person who is verified to be able to receive that information;
• control of access to our building;
• security cameras inside our building: and
• electronic security systems, such as firewalls and data encryption on our websites.

What happens when we no longer need your information?

We’ll only keep your information for as long as we require it for our purposes. We’re also required to keep some of your information for certain periods of time under law, such as the Corporations Act, the Anti-Money Laundering & Counter-Terrorism Financing Act, and the Financial Transaction Reports Act for example. When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.

How we use your personal information

What are the main reasons we collect, hold and use your information?

Because we offer a range of services and products, collecting your personal information allows us to provide you with the products and services you’ve asked for. This means we can use your information to:

• provide you with information about products and services;
• consider your request for products and services, including your eligibility;
• process your application and provide you with products and services; and
• administer products and services which includes answering your requests and complaints, varying products and services, taking any required legal action in relation to our accounts and managing our relevant product portfolios.

Can we use your information for marketing our products and services?

Given our experience, we think we’ve learnt a lot of things along the way and we’d like to share what we know about our products with you. We may use or disclose your personal information to let you know about products and services from across the Group that might better serve your financial, e-commerce and lifestyle needs, or running competitions or promotions and other opportunities in which you may be interested.

We may conduct these marketing activities via email, telephone, SMS, iM, mail, or any other electronic means. We may also market our products to you through third party channels (such as social networking sites), or based on your use of Group programs. We will always let you know that you can opt out from receiving our third party or Group program marketing offers.

Where we market to prospective customers, we are happy to let them know how we obtained their information and will provide easy to follow opt-outs.

With your consent, we may disclose your personal information to third parties such as mortgage lenders, insurers, brokers or agents, or for the purpose of connecting you with other businesses or customers. You can ask us not to do this at any time.

Yes, You Can Opt-Out

You can let us know at any time if you no longer wish to receive direct marketing offers from the Group (see ‘Contact Us’). We will process your request as soon as practicable.

What are the other ways we use your information?

We’ve just told you some of the main reasons why we collect your information, so here’s some more insight into the ways we use your personal information including:

• giving you information about a product or service;
• considering whether you are eligible for a product or service;
• processing your application and providing you with a product or service;
• administering the product or service we provide you, which includes answering your requests and complaints, varying products and services and managing our relevant product portfolios;
• identifying you or verifying your authority to act on behalf of a customer;
• telling you about other products or services that may be of interest to you, or running competitions and other promotions (this can be via email, telephone, SMS, iM, mail, or any other electronic means including via social networking forums), unless you tell us not to;
• assisting in arrangements with other organisations in relation to a product or service we make available to you;
• allowing us to run our business and perform administrative and operational tasks, such as:
• training staff;
• developing and marketing products and services;
• risk management;
• systems development and testing, including our websites and other online channels;
• undertaking planning, research and statistical analysis;
• determining whether a beneficiary will be paid a benefit;
• preventing or investigating any fraud or crime, or any suspected fraud or crime;
• as required by law, regulation or codes binding us; and
• for any purpose for which you have given your consent.

How we use your credit information

In addition to the ways for using personal information mentioned above, we may also use your credit information to:

• enable a mortgage insurer or title insurer to assess the risk of providing insurance to us or to address our contractual arrangements with the insurer;
• assess whether to accept a guarantor or the risk of a guarantor being unable to meet their obligations;
• consider hardship requests; and
• assess whether to securitise loans and to arrange the securitising of loans.

Who do we share your personal information with?

To make sure we can meet your specific needs and for the purposes described in ‘How we use your personal information’, we sometimes need to share your personal information with others. We may share your information with other organisations for any purposes for which we use your information.

How we use your credit information

Sharing with the Group

We may share your personal information with other Group members. This could depend on the product or service you have applied for and the Group member you are dealing with.

Sharing at your request

We may need to share your personal information with:

• your representative or any person acting on your behalf (for example, financial advisers, lawyers, settlement agents, accountants, executors, administrators, trustees, guardians, brokers or auditors); and
• your referee such as your employer (to confirm details about you).

Sharing with Credit Reporting bodies

We may disclose information about you to a credit reporting body if you are applying for credit or you have obtained credit from us or if you guarantee or are considering guaranteeing the obligations of another person to us or you are a director of a company that is loan applicant or borrower or guarantor. When we give your information to a credit reporting body, it may be included in reports that the credit reporting body gives other organisations (such as other lenders) to help them assess your credit worthiness.
Some of that information may reflect adversely on your credit worthiness, for example, if you fail to make payments or if you commit a serious credit infringement (like obtaining credit by fraud). That sort of information may affect your ability to get credit from other lenders.

Sharing with third parties

We may share your personal information with third parties outside of the Group, including:

• those involved in providing, managing or administering your product or service;
• authorised representatives of the Group who sell products or services on our behalf;
• superannuation and managed funds organisations, and their advisers;
• medical professionals, medical facilities or health authorities who verify any health information you may provide;
• valuers, insurers (including lenders’ mortgage insurers and title insurers) , re-insurers, claim assessors and investigators;
• brokers or referrers who refer your application or business to us;
• loyalty programme partners;
• other financial institutions, such as banks;
• organisations involved in debt collecting, including purchasers of debt;
• fraud reporting agencies (including organisations that assist with fraud investigations and organisations established to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime, or misconduct of a serious nature);
• organisations involved in surveying or registering a security property or which otherwise have an interest in such property;
• real estate agents;
• government or regulatory bodies (including ASIC and the Australian Tax Office) as required or authorised by law (in some instances these bodies may share it with relevant foreign authorities);
• our accountants, auditors or lawyers and other external advisers;
• rating agencies to the extent necessary to allow the rating agency to rate particular investments;
• any party involved in securitising your facility, including re-insurers and underwriters, loan servicers, trust managers, trustees and security trustees;
• guarantors and prospective guarantors of your facility;
• organisations that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems;
• organisations that participate with us in payments systems including merchants, payment organisations and organisations that produce cards, cheque books or statements for us;
• our joint venture partners that conduct business with us;
• organisations involved in a corporate re-organisation or transfer of Group assets or business;
• organisations that assist with our product planning, research and development;
• mailing houses and telemarketing agencies who assist us to communicate with you;
• other organisations involved in our normal business practices, including our agents and contractors; and
• where you’ve given your consent.

Sharing outside of Australia

The Group runs its business in Australia.

A Group member may need to share some of your information it collects from us about you (including credit information) with organisations outside Australia. Sometimes, they may need to ask you before this happens.

Some credit reporting agencies, title insurers and other third parties have operations outside of Australia. The countries in which they have related corporations include: the Philippines, USA, Canada, the United Kingdom, Malaysia, India, China, Hong Kong SAR, Macau SAR, Indonesia, Singapore and Vietnam.

We may store your information (including personal and credit-related information) in cloud or other types of networked or electronic storage and will take reasonable steps to ensure its security. However, as electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed.

Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.

We will not share any of your credit information with a credit reporting body, unless it has a business operation in Australia. We are not likely to share credit information we obtain about you from a credit reporting body or that we derive from that information.

How do you access your personal information?

How you can generally access your information

We‘ll always give you access to your personal information unless there are certain legal reasons why we can’t. You can ask us in writing to access your personal information that we hold. In some cases we may be able to deal with your request over the phone or at our office. We will give you access to your information in the form you want it where it’s reasonable and practical (such as a copy of a phone call you may have had with us – we can put it on a disk for you). We may charge you a small fee to cover our costs when giving you access, but we’ll always check with you first.

We’re not always required to give you access to your personal information. Some of the situations where we don’t have to give you access include when:

• we believe there is a threat to life or public safety;
• there is an unreasonable impact on other individuals;
• the request is frivolous;
• the information wouldn’t be ordinarily accessible because of legal proceedings;
• it would prejudice negotiations with you;
• it would be unlawful;
• it would jeopardise taking action against serious misconduct by you;
• it would be likely to harm the activities of an enforcement body (e.g. the police); or
• it would harm the confidentiality of our commercial information.

In relation to credit eligibility information⁵, the exceptions may differ.

If we can’t provide your information in the way you’ve requested, we will tell you why in writing. If you have concerns, you can complain. See ‘Contact Us’.

How to access your credit eligibility information

Where you request access to credit information about you that we’ve got from credit reporting bodies (or based on that information), you have the following additional rights.
We must:

• provide you access to the information within 30 days (unless unusual circumstances apply);
• make the information clear and accessible; and
• ask you to check with credit reporting bodies what information they hold about you.
  This is to ensure it is accurate and up-to-date.
  We are not required to give you access to this information if
• it would be unlawful; or
• it would be likely to harm the activities of an enforcement body (e.g. the police).

We may also restrict what we give you if it would harm the confidentiality of our commercial information.

If we refuse to give access to any credit eligibility information, we will tell you why in writing. If you have concerns, you can complain to our external dispute resolution scheme or the Office of the Australian Information Commissioner.

How do you correct your personal information?

How we correct your information

Contact us if you think there is something wrong with the information we hold about you and we’ll try to correct it if it’s:

• inaccurate;
• out of date;
• incomplete;
• irrelevant; or
• misleading.

If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We’ll try and help where we can – if we can’t, then we’ll let you know in writing.

How we correct your information

Contact us if you think there is something wrong with the information we hold about you and we’ll try to correct it if it’s:

• inaccurate;
• out of date;
• incomplete;
• irrelevant; or
• misleading.

If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We’ll try and help where we can – if we can’t, then we’ll let you know in writing.

What additional things do we have to do to correct your credit information?

If you ask us to correct credit information, we will help you with this in the following way.

Helping you manage corrections

Whether we made the mistake or some one else made it, we are required to help you ask for the information to be corrected. So we can do this, we might need to talk to others. However, the most efficient way for you to make a correction request is to send it to the organisation which made the mistake.

Where we correct information

If we’re able to correct the information, we’ll let you know within five business days of deciding to do this. We’ll also let the relevant third parties know as well as any others you tell us about. If there are any instances where we can’t do this, then we’ll let you know in writing.

Where we can’t correct information

If we’re unable to correct your information, we’ll explain why in writing within five business days of making this decision. If you have any concerns, you can access our external dispute resolution scheme or make a complaint to the Office of the Australian Information Commissioner.

Time frame for correcting information

If we agree to correct your information, we’ll do so within 30 days from when you asked us, or a longer period that’s been agreed by you.

• If we can’t make corrections within a 30 day time frame or the agreed time frame, we must:
• let you know about the delay, the reasons for it and when we expect to resolve the matter;
• ask you to agree in writing to give us more time; and
• let you know you can complain to our external dispute resolution scheme or the Office of the Australian Information Commissioner.

How do you make a complaint?

How do you generally make a complaint?

Brighten Home Loans has an Internal Dispute Resolution (IDR) process to investigate and respond to all customer complaints within 45 days. Our IDR process is detailed below.

Referral

When we receive a complaint, the matter is referred to a manager with the appropriate knowledge and authority to undertake the investigation.

Investigation

The manager completes a thorough investigation of your complaint and sources any supporting documentation if required. Once their investigation is completed, full details and results are returned to the Customer Relations team for assessment.

Response

Once we receive the completed complaint investigation, we will then provide the outcome of the investigation and the reasons for reaching that decision to you in the same way you contacted us whether that’s by post, fax, email (if submitted via our website), or telephone.

If you aren’t satisfied with our response to your complaint, you have the option to contact the Australian Financial Complaints Authority (AFCA) with your concerns.
Before you contact AFCA, you must give Brighten Home Loans the opportunity to investigate and respond to your complaint.
You can contact the AFCA at www.afca.org.au or on 1800 931 678.

If you have a complaint about how we handle your personal information, we want to hear from you.

You can contact us by using the details below:
The Privacy Officer
Brighten Home Loans
BOX H338, Australia Square, NSW 1215
Phone +61 2 8880 6633
[email protected]

We are committed to resolving your complaint and doing the right thing by our customers. Most complaints are resolved quickly, and you should hear from us within five business days.

Further Options

If you still feel your issue hasn’t been resolved to your satisfaction, then you can raise your concern with our external dispute resolution scheme, Australian Financial Complaints Authority (AFCA), which can be contacted at www.afca.org.au or on 1800 931 678 or the Office of the Australian Information Commissioner:

• Online: www.oaic.gov.au/privacy
• Phone: 1300 363 992
• Email: [email protected]
• Fax: +61 2 9284 9666
• Mail: GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601

What additional things do we have to do to manage your complaints about credit information?

If your complaint relates to how we handled your access and correction requests
You may take your complaint directly to our external dispute resolution scheme or the Office of the Australian Information Commissioner. You are not required to let us try to fix it first.

For all other complaints relating to credit information

If you make a complaint about things (other than an access request or correction request) in relation to your credit information, we will let you know how we will deal with it within seven days.

Ask for more time if we can’t fix things in 45 days

If we can’t fix things within 45 days, we’ll let you know why and how long we think it will take. We will also ask you for an extension of time to fix the matter. If you have any concerns, you may complain to our external dispute resolution scheme or the Office of the Australian Information Commissioner.

Contact details for Credit Reporting Bodies

As outlined above, if you apply for credit or have a credit facility with us, we may give your personal information to one or more credit reporting bodies. The contact details of the credit reporting bodies we may use are outlined below. Each credit reporting body has a credit reporting policy about how they handle your information. You can obtain copies of these policies at their websites.

Equifax Pty Ltd

• Online: https://www.mycreditfile.com.au/
• Phone: 1300 762 207
• Equifax’s credit reporting policy is set out at https://www.equifax.com.au/credit-reporting-policy
• Mail: Attention Customer Resolutions Team PO Box 964 North Sydney , NSW 2059

illion Australia Pty Ltd

• Online: www.checkyourcredit.com.au
• illion’s credit reporting policy is set out at https://www.illion.com.au/illion-credit-reporting-policy-australia
• Phone: 1300 734 806
• Mail: PO Box 7405 St Kilda Road, Melbourne VIC 3004

Contact credit reporting bodies if you think you have been the victim of a fraud

If you believe that you have been or are likely to be the victim of fraud (including identity fraud), you can request a credit reporting body not to use or disclose the information they hold about you. If you do this, the credit reporting body mustn’t use or disclose the information during an initial 21 day period without your consent (unless the use or disclosure is required by law). This is known as a ban period.

If, after the initial 21 day ban period, the credit reporting body believes on reasonable grounds that you continue to be or are likely to be the victim of fraud, the credit reporting body must extend the ban period as they think reasonable in the circumstances. The credit reporting body must give you a written notice of the extension.

Contact credit reporting bodies if you don’t want your information used by them for direct marketing/pre-screening purposes.

Credit reporting bodies can use the personal information about you that they collect for a pre-screening assessment at the request of a credit provider unless you ask them not to. A pre-screening assessment is an assessment of individuals to see if they satisfy particular eligibility requirements of a credit provider to receive direct marketing. You have the right to contact a credit reporting body to say that you don’t want your information used in pre-screening assessments. If you do this, the credit reporting body must not use your information for that purpose.

Contact us

We care about your privacy. Please contact us if you have any questions or comments about our privacy policies and procedures. We welcome your feedback.

You can contact us by using the details below:
The Privacy Officer
Brighten Home Loans
BOX H338, Australia Square, NSW 1215
Phone (61) 2 8880 6633
[email protected]
​

What if you want to interact with us anonymously or use a pseudonym?

If you have general enquiry type questions, you can choose to do this anonymously or use a pseudonym. We might not always be able to interact with you this way however as we are often governed by strict regulations that require us to know who we’re dealing with. In general, we won’t be able to deal with you anonymously or where you are using a pseudonym when:

• it is impracticable; or
• we are required or authorised by law or a court/tribunal order to deal with you personally.

What do we do with government-related identifiers?

In certain circumstances we may be required to collect government-related identifiers such as your tax file number. We will not use or disclose this information unless we are authorised by law.

Cookies
When you visit the website, our server places small pieces of data known as ‘cookies’ on your hard drive. Cookies are pieces of information that are transferred to your computer when you visit a website for record-keeping purposes. Most Web browsers are set to accept cookies. However, if you do not wish to receive any cookies you may set your Web browser to refuse cookies. We use cookies to provide us with aggregate (anonymous) information on how people use our website and to help us know what our customers find interesting and useful in our website. We do not link this information back to other information that you have provided to us.

Changes to this Privacy Policy
This Policy may change. We will let you know of any changes to this Policy by posting a notification on our website.

Footnotes:

1. Consumer credit is credit that is intended to be used wholly or primarily:
   • for personal, family or household purposes; or
   • to acquire, maintain, renovate or improve residential property for investment purposes or to refinance credit for any of these purposes.
2. Consumer credit liability information and repayment history information: These information types can only be provided to credit reporting bodies on and after 12 March 2014 in connection with a consumer credit facility.
3. Sensitive information is information about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, health information, genetic or biometric information.
4. However we’ll never ask you for your security details in this way – if you are ever unsure, just contact us.
5. Credit eligibility information is credit information about you that we’ve got from credit reporting bodies or based on that information.