In this Policy, “we”, “us” or “Heartland” refers to Heartland Australia Group Pty Limited ACN 604 859 752 and its related bodies corporate (as that term is defined in the Corporations Act 2001 (Cth)), successors, assigns, agents and associates, and “personal information” has the meaning set out in the Privacy Act 1988 (Cth) (“Privacy Act”).
2. What types of personal information do we collect?
Personal information is information that identifies you or from which your identity is apparent or can reasonably be worked out. It can include an opinion and does not necessarily need to include your name.
One kind of information that we regularly collect is credit information. Credit information is that part of your information that we use to assess your eligibility for the products that we make available. This can include details of any finance that you have available, your history in repaying loans and other information that credit providers use to assess eligibility. Section 6 below contains further information about credit information.
The kinds of personal information we are allowed to obtain about you and the manner in which we collect, maintain and protect your personal information, are primarily governed by the Privacy Act and the Australian Privacy Principles (APPs).
In addition, before we are able to provide you with financial products or services, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (“AML/CTF Act”) requires us to collect information about you in order to verify your identity. This information may also be provided to a credit reporting body for verification. Section 7 below contains further information about the collection and verification of identification information.
The types of personal information we collect about you depends on the circumstances in which the information is collected. Such information may include:
contact details (such as your name, address, email address and phone numbers);
photographs of you;
date of birth and gender;
current occupation and employment history;
education, qualifications and training;
details of individuals you are (or may be) connected to;
financial information, such as information about your assets, finances, income, expenses and debit and credit history (including information obtained from credit reporting bodies);
your tax file number; and/or
information concerning our products and services you may use.
We generally do not collect sensitive information about you unless required by applicable laws or rules. Sensitive information includes information in relation to:
political or religious beliefs;
race or ethnic origin;
memberships of unions, trade or professional associations;
criminal records; and/or
If you do provide sensitive information to us for any reason, you consent to us collecting that information and to us using and disclosing that information for the purpose for which you disclosed it to us and as permitted by the Privacy Act and other relevant laws.
In addition to the types of personal information identified above, we may collect personal information as otherwise permitted or required by law.
We will not use your personal information, such as certain government generated information (for example, your tax file number) in reference to any of our products or services. We will only obtain, use or disclose government generated information in circumstances where we are legally obliged to do so.
The scope of your personal information may include many records and documents. Should you require it, we would be happy to explain in greater detail what this information includes. Should you require it, you may also see the personal information we keep about you. Please contact us if you require us to give you a further explanation.
3. How do we collect your personal information?
We collect personal information in a number of ways. The most common ways we collect your personal information are:
directly from you, including when you request or use any of our products or services;
from publicly available sources;
from market research bodies who may have records about you from surveys and questionnaires you may have engaged in;
from your personal representatives, including your solicitor, accountant and financial adviser;
from distributors, agents and brokers, including insurance brokers or mortgage brokers you may have had contact with;
from other credit providers you may have had contact with and credit reporting bodies;
from Federal, State or Territory government departments and regulatory bodies; and/or
from other third parties.
Cookies, analytics and other technologies we use
We may obtain information about you if you visit our website. This may include your identity, date and time of your visits, number of visits, the type of products and services you view and how you use our website. We obtain information via our website through 'cookies' and related technologies. The use of such technologies helps us monitor the effectiveness of our website.
A ‘cookie’ is a packet of information placed on a user’s computer by a website which is used for record keeping. Cookies are used to monitor traffic on our website, but generally we do not collect personal information from you using cookies.
Throughout our websites and mobile apps we use the Google Universal Analytics system, Google Play Console and App Store Connect (as applicable) to measure anonymous website and mobile app activity. We also use data analytic software (including cookies) throughout our websites. These services provide us with information about the use, functionality and effectiveness of our websites, helping us to understand and optimise user experiences and to also optimise our advertising on, and outside of, our websites. We may also use other third party data analytic software (including cookies) in the future and you may request a list of all data analytic software providers that we use from us at any time.
We may also monitor and/or record telephone discussions between you and our staff for training purposes and to check the accuracy of our records.
4. For what purposes do we collect, use and disclose your personal information?
The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it. Generally, we collect, use and disclose your personal information so that we can:
establish who you are and assess your creditworthiness;
assess applications for products and services;
administer and monitor products or services;
develop and run our business generally;
comply with legal obligations and assist government departments and regulatory bodies; and/or
tell you about other products or services that we think may be of interest to you.
We may also collect, use and disclose your information in other ways where permitted by law.
If you do not agree to give us certain types of personal information, we may be unable to provide you with the products or services you have asked for.
5. To whom may we give your personal information?
We may disclose your personal information to third parties in connection with the purposes described above. This generally includes disclosure to the following types of third parties:
our related bodies corporate;
other persons named in your application for a product or service with us;
our service providers and contractors, including data storage providers in Australia or overseas;
other financial and insurance institutions;
identity verification agencies;
debt collecting agencies;
credit reporting bodies;
government departments and regulatory bodies and Issuer or Official record holder of identity documents;
your agents, advisers, referees, executors, administrators, trustees, guardians, beneficiaries (if you are a trustee) or attorneys;
anyone to whom we consider assigning or transferring any of our rights or obligations; and/or
other persons where this is permitted by law or to whom you have directed or otherwise permitted us to disclose your personal information to.
Where we disclose your personal information to third parties we will use reasonable endeavours to ensure that such third parties only use your personal information as reasonably required for the purpose we disclosed it to them and in a manner consistent with the Privacy Act.
6. Credit reports
When you apply to us for credit, we may request a credit report about you from a credit reporting body. A credit report contains information about your credit history which assists credit providers assess your application, verify your identity and manage your accounts. Credit reporting bodies collect and exchange this information with credit providers.
The Privacy Act limits the information that credit providers can disclose about you to credit reporting bodies, as well as the ways in which credit providers can use credit reports. The information we can disclose includes your identification details, any applications for credit you have made, the type and amount of credit you have, any failure to make repayments or defaults and whether you have committed a serious infringement (such as fraud). We can also ask credit reporting bodies to provide us with an overall assessment score of your creditworthiness.
The credit reporting bodies we may share information with include:
Dun & Bradstreet (dnb.com.au); and/or
Contact details and copies of their privacy policies are available on their websites.
We use information from credit reporting bodies to confirm your identity, assess applications for credit, manage our relationship with you and otherwise in order to comply with laws, regulations and codes of practice. We may combine the information from a credit reporting body with other information.
Credit providers can ask credit reporting bodies to use your credit-related information to pre-screen you for direct marketing. You can ask a credit reporting body not to do this. You can also ask a credit reporting body to not use or disclose your credit information if you believe you have been, or are likely to be, a victim of fraud.
Sections 12 and 13 contain details about how you can access or correct any credit related information we hold about you, how you can make a complaint about a privacy breach and how we will deal with any complaint.
7. Identity verification
Before we can provide you with financial products or services, we are required to collect information from you to verify your identity. This requirement applies to Australian financial institutions such as Heartland under the AML/CTF Act.
There are two methods we can use to verify your identity: electronic verification or a manual alternate method. Heartland may choose to use either electronic verification or a manual alternate method (or both) depending on the product you are applying for and the identification you have provided to us.
Under the AML/CTF Act, we can disclose your name, residential address and date of birth to a credit reporting body. The credit reporting body will then assess whether this information matches (in whole or part) information held in their records and in the records of government departments, an Issuer or Official record holder of identity documents, or other third parties (if any).
For us to complete electronic verification, you need to:
be 18 years or over;
have an Australian residential address;
hold an acceptable form of identification; and
consent to your identity being verified in this way.
Manual alternate method
If you cannot or chose not to be electronically verified, we must identify you using a manual alternate method.
8. Does personal information leave Australia?
We may share your information with recipients located overseas, including some of our related bodies corporate or service providers. The countries in which these recipients are located include New Zealand. We take reasonable steps to ensure that these recipients protect your information in same way that we do (although they may not be subject to Australian laws).
Your information may also be held on our behalf by data storage providers, including cloud-based data storage providers in Australia, New Zealand or elsewhere.
9. How do we protect your personal information?
We keep hardcopy documents in our offices which are protected by building security and other office security measures. The electronic records that we keep are in computer systems that have firewalls, intrusion detection and virus scanning tools to protect against unauthorised access. However, the internet is not a secure environment and although care is taken, we cannot guarantee the security of information provided to us or stored or transferred via electronic means.
Our staff are trained on the proper handling of personal information so that they are aware of the things they must do to protect your personal information. We also seek to ensure that appropriate data handling and security arrangements are in place when we send information overseas or use third parties that handle or store data.
10. Direct Marketing
We may use your information to inform you of other products and services that could be of interest to you, including through direct marketing. If you don’t want to receive direct marketing, you can ask us not to contact you and not to disclose your information to others for that purpose.
We will not use or disclose sensitive information about you for direct marketing purposes unless you have consented to such use or disclosure.
11. Unsolicited Information
12. How can you access and correct your personal information?
If you wish to access the personal information we hold about you, you can contact us using the details in Section 14. We may require that the person requesting access provide suitable identification.
We will provide access to that information in accordance with the Privacy Act, subject to certain exemptions which may apply. Access may not be provided where the information would disclose personal information about someone else, would disclose commercially sensitive matters (including our business operations and decision making processes) or is protected from disclosure by law. If you have requested to see your information and we are not able to disclose it to you, then we will tell you and give you reasons.
We will usually provide your personal information free of charge. However, in some cases we may need to charge you an administration fee (such as when your request requires us to obtain information that is not readily available).
If you think that any personal information we hold is incorrect or out of date, then you can ask us to correct or update it. If your request relates to credit related information provided by others, we may need to consult with credit reporting bodies or other credit providers before being able to correct or update the information. If we disagree the information should be corrected, then we will tell you and give you reasons.
13. What can you do if you have a privacy issue?
Please provide as much detail as possible in relation to your question, concern or complaint. We will take any privacy complaint seriously and it will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need. If your complaint concerns credit related information, then we may need to consult with other organisations, including credit reporting bodies or credit providers.
If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner (click here for information) or the Australian Financial Complaints Authority (click here for information).