Respecting your Privacy and the Australian Privacy Principles effective 1 July 2020
We’, ‘us’ and ‘our’ refers to FC Capital Holdings Pty Limited ACN 630 537 987 , any wholly owned subsidiaries of FC Capital Holdings Pty Ltd and any related businesses (collectively, “FCC”).
The privacy of your personal information is important to us at FCC. We are committed to respecting your right to privacy and to protecting your personal information.
We recognise that any personal information we collect about you will only be used for the purposes we have collected it for or as allowed under the law. It is important to us that you are confident that any personal information we hold about you will be treated in a way which ensures protection of your personal information.
We are bound by the Australian Privacy Principles (APPs), the Privacy Act 1988, Privacy (Credit Reporting) Code 2014 and any other applicable laws and codes with respect to credit reporting and collection, storage, use and disclosure of personal and financial information.
This Privacy Policy outlines how we manage your personal information. Further, it describes the nature of the personal information held, the purposes for which it is held and the way it is collected and disclosed.
Our Privacy Policy applies to all your dealings with us whether through one of our licensees, other FCC organisations, via our websites or our mobile applications. However, depending on the FCC organisation which you deal with, further privacy information may apply in addition to the matters discussed in this document. For example, please see Our Websites noted below.
We encourage you to check our websites regularly for any updates to our Privacy Policy.
“Personal Information” is information which may be used to identify an individual, including name, age, date of birth, gender, occupation, contact details (e.g. address, phone number, email address), residency status, country of birth, nationality, tax residency, tax file number, information contained in identity documents (e.g. passport number, driver licence number), financial information, information about your use of our products and services, credit related information or other information FCC considers necessary.
Credit-related information means:
We use your credit-related information to assess your eligibility to be provided with finance. Usually, credit-related information is exchanged between credit and finance providers and credit reporting bodies.
If you are applying for finance or provide a guarantee we may also collect the ages and number of your dependants and cohabitants, the length of time you have resided at your current address, your employment details and proof of earnings and expenses.
When you use our website or mobile applications we may collect information about your location or activity including IP address, telephone number and whether you have accessed third party sites, the date and time of visits, the pages that are viewed, information about the device used and other user location information. We collect some of this information using cookies (for more information please see the Website Terms of Use/Policy at https://www.fccapital.com.au/terms-of-use/
By law, we are required to collect and store this information in accordance with prudent risk management, banking and anti-money laundering and counter terrorism financing legislation.
We collect personal information for the purposes of assessing your application for finance and managing that finance, establishing your identity, identifying and investigating any fraud or other illegal activities (or any suspected fraud or other illegal activities), contacting you, managing our risk and to comply with our legal obligations. We may also collect your personal information for the purposes of direct marketing and managing our relationship with you. Improvements in technology also enable organisations like ours to collect and use information to get a more integrated view of our customers. From time to time we may offer you other products and services.
We will, if it is reasonable or practicable to do so, collect your personal information directly from you. This may happen when you fill out a product or service application or an administrative form (e.g. a change of address form), or when you give us personal information over the telephone, or through a FCC organisation’s website.
In certain cases, we may collect your personal information from third parties. For example, we may need to collect personal information from a credit reporting body, your representative (such as a legal adviser), your financial adviser, any publicly available sources of information, or from any of the other organisations identified below under “Using and Disclosing Your Personal Information”. The personal information is securely stored by a third party storage provider.
We will not ask you to supply personal information publicly over Facebook, Twitter, or any other social media platform that we use.
In line with modern business practices common to many financial institutions, and pursuant to your specific needs (such as, for example, where you have a financial adviser) we may disclose your personal information to the organisations described below. Where your personal information is disclosed to another person or organisation, we will take reasonable steps to satisfy ourselves that:
|
The relevant organisations are those:
In addition, for FCC organisations offering:
Your personal information may also be disclosed to other organisations involved in our normal business practices (such as securitisation) and used in connection with such purposes as outlined above.
Because we operate throughout Australia and overseas, some of these uses and disclosures may occur outside your State or Territory and/or outside of Australia. Where this is the case, we will ensure the recipient complies with the Australian Privacy Principles and our privacy policy. In some circumstances we may need to obtain your consent before the recipient receives any personal information.
We exchange credit-related information for the purposes of assessing your application for finance and managing that finance. If you propose to be a guarantor, one of our checks may involve obtaining a report from a credit report body about you.
This credit-related information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store the credit-related information we hold about you. The cloud storage and the IT servers may be located outside Australia.
When we obtain credit eligibility information from a credit reporting body about you, we may also seek publicly available information and information about any serious credit infringement that you may have committed.
The law requires us to advise you of ‘notifiable matters’ in relation to how we may use your credit- related information. You may request to have these notifiable matters (and this policy) provided to you in an alternative form.
We exchange your credit-related information with credit reporting bodies. We use the credit-related information that we exchange with the credit reporting body to confirm your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor and manage your finance.
The information we can exchange includes your identification details, what type of loans you have, how much you have borrowed, whether or not you have met your loan payment obligations and if you have committed a serious credit infringement (such as fraud).
If you fail to meet you credit obligations or commit a serious credit infringement, FCC may undertake the following:
You have the right to request access to the credit-related information that we hold about you and make a request for us to correct that credit-related information if needed. Please see the heading ‘Access and correction to your personal and credit-related information’, below.
Sometimes your credit information will be used by credit reporting bodies for the purposes of ‘pre- screening’ credit offers on the request of other credit providers. You can contact the credit reporting body at any time to request that your credit information is not used in this way.
You may contact the credit reporting body to advise them that you believe that you may have been a victim of fraud. For a period of 21 days after the credit reporting body receives your notification the credit reporting body must not use or disclose that credit information. You can contact any of the following credit reporting bodies for more information:
We may use or disclose your personal information to let you know about, and develop, products and services from across FCC or any company with whom we are associated that may better serve your financial, business and lifestyle needs, or to notify you of promotions or other opportunities in which you may be of interest to you. For example, we may do this after an initial marketing contact.
You can contact us at any time if you no longer wish us to do so (see Contacting Us below). If the direct marketing is by email you may also use the unsubscribe function. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.
We aim to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date and take reasonable steps to make sure this is the case. In this way we can ensure that we provide you with a better service.
If you believe your personal information is not accurate, not complete or not up to date, please contact us (see Contacting Us below). We will generally rely on you to ensure the information we hold about you is accurate or complete.
We will provide you with access to the personal and credit-related information we hold about you. You may request access to any of the personal information we hold about you at any time. We may charge a fee for our costs of retrieving and supplying the information to you.
Depending on the type of request that you make we may respond to your request immediately, otherwise we usually respond to you within seven days of receiving your request. We may need to contact other entities to properly investigate your request.
There may be situations where we are not required to provide you with access to your personal or credit-related information. Factors affecting a right to access include:
An explanation will be provided to you, if we deny you access to the personal or credit-related information we hold about you.
If any of the personal or credit-related information we hold about you is incorrect, inaccurate or out of date you may request that we correct the information by contacting us by one of the methods referred to in the Contacting Us section of this document.
If appropriate we will correct the personal information at the time of the request, otherwise, we will provide an initial response to you within seven days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal or credit-related information within 30 days.
We may need to consult with other finance providers or credit reporting bodies or entities as part of our investigation.
If we refuse to correct personal or credit-related information we will provide you with our reasons for not correcting the information.
In most circumstances it will be necessary for us to identify you in order to successfully do business with you, however, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information, for example, if you make general inquiries about interest rates or current promotional offers.
Records of your personal information are kept in several forms including both paper and electronic form. The security of your personal information is important to us and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure and from loss or misuse. These precautions include:
If FCC receives any personal information which we did not solicit the information, FCC will determine whether or not we could have collected the information if we had reasonably solicited the information. If not, we will take reasonable steps destroy this information.
FCC is required to comply with the Notifiable Data Breach (NDB) scheme from 22 February 2018.
Our data breach response plan provides the ability to respond quickly to any such breaches and includes:
|
A data breach occurs when personal information is lost or subjected to unauthorised access, modification, use or disclosure or other misuse.
What is an eligible data breach?
An eligible data breach warranting notification will arise when:
|
An eligible data breach can occur irrespective of the number of individuals that are likely to be at a risk of serious harm.
A determination of whether a data breach has or may cause serious harm will be dependent on the following factors:
|
Assessing a suspected data breach
If we suspect that an eligible data breach has occurred, we will take the following steps.
|
If it is not practicable to notify individuals at risk of serious harm, we will publish a copy of the statement prepared for the OAIC on our website, and take reasonable steps to bring its content to the attention of individuals at risk of serious harm.
The Data Breach plan is regularly reviewed and tested by the Compliance Officer
If you are dissatisfied with how we have dealt with your personal information, or you have a complaint about our compliance with the Privacy Act and the Credit Reporting Code, you may contact our complaints officer
On receipt of a complaint by a company, business or individual, it must relate to an act or practice of FCC and we must:
We take care to ensure that the personal information you give us on our websites and mobile applications are protected, with electronic security systems in place, including the use of firewalls and data encryption. Depending on the FCC organisation with which you deal, user identifiers, passwords or other access codes may also be used to control access to your personal information. Please refer to the website and mobile applications of those FCC organisations with which you transact electronically for more information on our website specific privacy and security procedures.
You may be able to access external websites by clicking on links we have provided. Those other websites are not subject to our privacy standards, policies and procedures. You will need to contact or review those websites directly to ascertain their privacy standards, policies and procedures.
Although in certain circumstances we are required to collect government identifiers such as your Medicare number or drivers licence details, we do not use or disclose this information other than when required or authorised by law, or unless you have voluntarily consented to disclose this information to any third party.
Without your consent we will not collect information about you that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional or trade association, membership of a trade union, details of health, disability, sexual orientation, or criminal record.
This is subject to some exceptions including when:
If you start but do not submit an on-line application, FCC may contact you using any of the contact details you supply, to offer help completing it. If you do not submit the on-line application, the information in it will be kept by FCC for a period of time before being destroyed.
At FCC we care about your privacy and your trust is important to us.
Should you have any queries or concerns about your privacy, please provide full details the nature of your concerns by contacting the FCC Privacy Officer, care of any of the following details:
Phone: 1800 307 903
Email: privacy@fccapital.com.au
Post: Privacy Officer, PO Box H173, Australia Square Sydney 1215