APP Privacy and Credit Reporting Policy
This APP Privacy and Credit Reporting Policy applies from 12 March 2014 and covers Foresters Community Finance Ltd (ABN 32 087 649 296) (ACL 398639) and all of its related companies including Social Investment Australia Ltd (ABN 30 127 962 976) (AFSL 339844) (‘Foresters Group’).
The Foresters Group is committed to respecting the privacy of its clients by ensuring that it manages any personal information it collects or holds in accordance with the Australian Privacy Principles (‘APP’) and Credit Reporting Privacy Code (‘CR Code’).
A copy of this APP Privacy and Credit Reporting Policy will be made available electronically on the Foresters Group’s website (www.foresters.org.au). The Foresters Group will provide a copy of it free of charge and in any form reasonably requested (e.g. electronically or in hard copy).
Kinds of personal information the Foresters Group collects and holds
The Foresters Group will only collect personal information which is reasonably necessary for it to provide credit services in accordance with its Australian Credit Licence (‘ACL’) (e.g. to provide a loan, assess loan eligibility and assess repayment capacity) and to provide financial services in accordance with its Australian Financial Services Licence (‘AFSL’) (e.g. issue interests in managed investment schemes).
The types of personal information that is collected and held by the Foresters Group could include:
(a) identification information such as an individual’s name (including an alias or previous name), date of birth, gender, evidence of identity (e.g. passport or driver’s licence number), postal or email address and telephone numbers;
(b) tax file numbers;
(c) account transaction information;
(d) for clients with a credit facility, the following additional information:
(i) current or last known address and previous two addresses, assets and liabilities, income and expenses, marital status and dependants, proof of earnings, employment details, name of current or last known employer;
(ii) details relating to credit history, previous providers of credit, credit repayment history, credit default information, insolvency history, court judgements relating to credit, credit capacity and eligibility for credit (‘credit worthiness’) obtained from a credit reporting body; and
(iii) authorisation information such as passwords, passcodes, secret questions – used to confirm authorisation of a transaction; and
(e) other information which is necessary for the Foresters Group to conduct its credit activities and provide financial services.
Without this information, the Foresters Group would not be able to undertake its credit activities or provide financial services to its clients. Only personal information that is related to the provision of, or arranging others to provide, loans, investment or other credit or financial products and services will be collected.
In respect to loans, the Foresters Group may base some decisions on the information obtained from credit reporting bodies, including:
(a) summaries of what the credit reporting bodies advise; and
(b) credit scores.
A credit score is a calculation that assesses how likely it is that a credit applicant will repay credit made available to them. Information obtained from a credit reporting body or information derived from such information is known as credit eligibility information.
Can an individual remain anonymous when dealing with the Foresters Group
Given the nature of the Foresters Group’s products and services, other than providing general publicly available information, it is not practical for the Foresters Group to deal with individuals who wish to remain anonymous or would prefer to identify themselves only by way of pseudonym.
How the Foresters Group collects and holds personal information
When collecting, using or disclosing personal information, the Foresters Group will take such steps as are reasonable in the circumstances to ensure that the information is accurate, up-to-date and complete.
The Foresters Group will only collect personal information in a lawful and fair manner. Wherever possible, personal information will be collected directly from the individual, unless it is unreasonable or impracticable to do so. Sensitive information (e.g. health information) will only be collected where the individual consents to the collection of that information.
The Foresters Group may collect credit information from details included in an individual’s credit application form as well as from:
(a) credit reporting bodies;
(b) co-applicants, guarantors, employers, accountants, real estate agent or other referees;
(c) agents and other personal representatives like referrers, brokers, solicitors, conveyancers and settlement agents;
(d) bodies that issue identification documents to help check an individual’s identity; and
(e) service providers involved in helping provide credit or to administer credit products, including debt collectors and legal advisers.
If the Foresters Group receives unsolicited personal information it will, within a reasonable period of time, assess whether it would otherwise have been entitled to collect the information in accordance with this APP Privacy and Credit Reporting Policy. If the personal information could have been collected by the Foresters Group, it will ensure that this APP Privacy and Credit Reporting Policy is complied with in respect of that information and it will notify the individual:
(a) that the unsolicited personal information has been collected;
(b) of the circumstances of that collection; and
(c) provide access to a copy of this APP Privacy and Credit Reporting Policy.
If the personal information could not have been collected by the Foresters Group, it will destroy the information or ensure that the information is de-identified.
At or before the time or, if that is not practicable, as soon as practicable after, the Foresters Group collects personal information about an individual it will ensure the individual is aware:
(a) of the Foresters Group’s identity and its contact details;
(b) that the collection of personal information is permitted by the Foresters Group under the National Consumer Credit Protection Act 2009, the Corporations Act 2001, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and/or a particular court/tribunal order;
(c) of the purpose for which the Foresters Group collects the personal information;
(d) of the main consequences (if any) for the individual if all or some of the personal information is not collected;
(e) of any other entity (or type of entity) to which the Foresters Group generally discloses the personal information it collects;
(f) that the Foresters Group’s APP Privacy and Credit Reporting Policy contains information about how the individual may:
(i) access and seek correction of the personal information about the individual that the Foresters Group holds; and
(ii) complain about a breach of the APPs or CR Code and how the Foresters Group will deal with such a complaint; and
(g) of whether the Foresters Group is likely to disclose the personal information to overseas recipients.
Unless permitted by law, the Foresters Group will not adopt a government related identifier (e.g. a tax file number) of an individual as its own identifier and it will only disclose such identifiers for the purposes of verifying the identity of the individual, or as permitted by law or as is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
The Foresters Group will store personal information physically and electronically. It may store such information with third party data storage providers. Where this occurs, contractual arrangements will be put in place to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put that information.
The Foresters Group will ensure that in relation to any personal information it holds that it will take such steps as are reasonable in the circumstances to protect the information from:
(a) misuse, interference and loss; and
(b) unauthorised access, modification or disclosure.
If the Foresters Group holds information which it no longer needs (for any purpose for which the information may be used or disclosed) or it is no longer required to keep, it will take such steps as are reasonable in the circumstance to destroy the information or to ensure that the information is de-identified.
The purpose for which the Foresters Group collects, holds, uses and discloses personal information
The Foresters Group collects, holds, uses and discloses personal information for the purposes of providing credit services in accordance with its ACL and providing financial services in accordance with its AFSL.
Where the Foresters Group collects an individual’s personal information for a particular purpose (i.e. the primary purpose), it will not use that information for another purpose (i.e. a secondary purpose) unless the individual has consented to the use or disclosure of that information or:
(a) it would be reasonably expected that the information would be disclosed for a secondary purpose which is related to the primary purpose (and in relation to sensitive information for a secondary purpose which is directly related to the primary purpose); or
(b) the use or disclosure of the information is legally required, specifically authorised by the APPs, CR Code or reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
The Foresters Group will record in writing circumstances where it uses or discloses personal information for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Personal information collected by one entity within the Foresters Group may be used by another entity within the group provided that the personal information is held, used and disclosed for the same primary purpose.
The Foresters Group does not normally disclose personal information about its clients to outside parties, except those contracted to provide services to the Foresters Group or to assess the credit worthiness of a loan applicant. These may include:
(a) professional advisers and contracted service providers – e.g. auditors, accountants, lawyers, conveyancers, custodian, registry, insurers, valuers, brokers and consultants;
(b) an entity that verifies the identity of an individual;
(c) those involved in providing, managing or administering products or services offered by the Foresters Group;
in respect to a loan application:
(i) a credit reporting body;
(ii) other financial institutions which have previously lent money to an applicant;
(iii) organisations involved in debt collecting, including purchasers of debt;
(iv) fraud reporting agencies (including organisations that assist with fraud investigations and organisations established to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime, or misconduct of a serious nature); and
(e) government or regulatory bodies (including ASIC and the Australian Taxation Office) as required or authorised by law;
(f) other organisations involved in normal business practices with the Foresters Group, including agents and contractors (e.g. mail houses); and
(g) where an individual has given consent.
If the Foresters Group uses or discloses personal information for direct marketing purposes, it will include a simple and free means of ‘opting-out’ of receiving future direct marketing material and it will ensure that it respects such requests, within a reasonable period of time and notifies any other organisation it is using to facilitate the direct marketing. If the Foresters Group has not collected the personal information directly from the individual, the ‘opt-out’ statement will be prominent. The Foresters Group will only use sensitive information for direct marketing purposes where the individual has provided consent for it to be used for that purpose.
If the Foresters Group uses personal information provided by a source other than the individual for direct marketing purposes, the individual may request the Foresters Group to provide details of the source of the information. The Foresters Group will provide this information free of charge and within a reasonable period of time.
If the Foresters Group uses the personal information for direct marketing purposes, it will ensure that it complies with the requirements of the Do Not Call Register Act 2006, the Spam Act 2003 and the Corporations Act 2001.
How an individual may access and seek correction of personal information
Generally, the Foresters Group will provide an individual with access to their personal information in a manner they request and within a reasonable period of time after the request is made. An individual can request the Foresters Group to correct any personal information it holds about that individual.
If a correction relates to credit information, the correction will be made within 30 days and confirmation will be sent to the individual or if the Foresters Group decides not to correct the information, the individual will be notified of that decision, together with reasons for the decision within a reasonable period of time (e.g. within 5 business days of making the decision).
If the Foresters Group can’t make the corrections within a 30 day time frame, or other agreed time frame, it will:
(a) inform the individual about the delay, the reasons for it and when it is expected that the matter will be resolved;
(b) seek written consent for more time; and
(c) advise the individual that a complaint can be made to the Foresters Group’s external dispute resolution scheme or the Office of the Australian Information Commissioner.
To apply for access or to request a correction to personal information, contact the Privacy Officer by:
- Writing to:
The Privacy Officer, PO Box 742, Fortitude Valley Qld 4006
375 Wickham Terrace, QLD 4000
07 3851 8000
by clicking here
There are no charges for an individual requesting access to personal information. However, the Foresters Group may charge a fee to provide access, provided that such fee is not excessive.
Having regard to the purpose for which the personal information is held, if the Foresters Group is satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading or a request is received from an individual, the Foresters Group will take such steps as are necessary to correct that information. This will be done free of charge within a reasonable period after the request has been made. If the Foresters Group has provided that information to a third party, the individual may request the Foresters Group to notify that third party of that correction.
As set out in the APPs, some exceptions apply. If the Foresters Group relies on one of the exceptions, is unable to provide the personal information in the manner requested by the individual or refuses to correct an individual’s personal information, it will take such steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of both the Foresters Group and the individual and it will provide a written notice setting out:
(a) the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so;
(b) the mechanisms available to complain about the refusal; and
(c) any other relevant matter.
If the Foresters Group refuses to correct an individual’s personal information and the individual requests the Foresters Group to associate a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading with that information, the Foresters Group must take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information. This will be done free of charge within a reasonable period after the request has been made.
How an individual can complain about a breach of the APP’s and how the complaint will be dealt with
An individual may complain to the foresters group about a breach of the APPs or the CR Code by the Foresters Group by contacting the Complaints Officer by:
- Writing to:
The Complaints Officer, PO Box 742, Fortitude Valley Qld 4006
375 Wickham Terrace, Spring Hill QLD 4000
07 3851 8000
by clicking here
Data Security Policy
It is important to us that the data that you provide to us is protected and we maintain adequate data security measures to mitigate unauthorised access and disclosure.
The measure implemented are:
- Established policies and procedures for securely managing information;
- Limiting employee access to sensitive information;
- Locating our servers within Australia with industry compliant data storage service providers;
- Protection against unauthorised access to customer data by using data encryption, authentication and regular anti-virus updates, as required;
- Monitoring our websites through recognised online privacy and security organisations;
- Technology reviews such as software, virus protection and firewall settings;
- Continually assessing our data privacy, information management and data security practices;
- Destroying or de-identifying your personal information when it is no longer required by law or our record retention policies;
- Protecting our website using industry standard 256-bit encryption using a SSL (secure sockets layer) certificate signed by VeriSign.
The complaint will be handled within 30 days in accordance with the Foresters Group’s complaints handling procedures, a summary of which can be found at www.foresters.org.au/contact-us/complaints-compliments. An individual can request that a copy of the complaints handling procedures be sent to them free of charge.
If the complaint relates to credit information and the individual is not satisfied that the Foresters Group has resolved the matter to their satisfaction or the complaint relates to how an access and correction request was handled, the individual can complain directly to the External Dispute Resolution Scheme of which the Foresters Group is member by:
- Writing to:
Financial Ombudsman Services Limited, GPO Box 3, Melbourne Vic 3001
1300 780 808 (Australia Wide)
(03) 9613 6399
Concerns can also be raised with Office of the Australian Information Commissioner by:
- Writing to:
GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601
1300 363 992 (Australia Wide)
(02) 9284 9666
Credit Reporting Bodies
When checking credit worthiness and at other times, the Foresters Group might give and collect personal information about an individual to one or more credit reporting bodies.
The credit reporting body used by the Foresters Group is Veda. Its contact details are set out below. The credit reporting body has its own credit reporting policy about how they handle personal information. A copy of their policy can be obtained from their website.
- Veda Advantage Business Information Services Ltd (www.mycreditfile.com.au)
- Veda’s credit reporting policy is set out at www.veda.com.au/privacy
1300 762 207
PO Box 964, North Sydney NSW 2059
Is the Foresters Group likely to disclosure personal information to overseas recipients?
No, the Foresters Group is not likely to disclose personal information about an individual to an overseas recipient.
If at some future time, the Foresters Group chooses to disclose personal information about an individual to an overseas recipient, it will either obtain the individual’s informed consent prior to doing so, will be required to do so by Australian law or prior to doing so will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs (other than APP 1) or CR Code in relation to the information.
If an individual believes they have been or are likely to be the victim of fraud (including identify fraud), they can request a credit reporting body not to use or disclose the information they hold about them. The credit reporting body must not use or disclose the information during an initial 21 day period without the individual’s consent (unless the use or disclosure is required by law). This is known as a ban period.
If, after the initial 21 day ban period, the credit reporting body believes on reasonable grounds that the individual continues to be or is likely to be the victim of fraud, the credit reporting body must extend the ban period as they think reasonable in the circumstances. The credit reporting body must give the individual a written notice of the extension.
Credit reporting bodies can use personal information about an individual that they collect for a pre-screening assessment at the request of a credit provider unless the individual asks them not to. A pre-screening assessment is an assessment of an individual to see if they satisfy particular eligibility requirements of a credit provider to receive direct marketing. Individuals have the right to contact a credit reporting body to say that they don't want their information used in pre-screening assessments. If an individual does this, the credit reporting body must not use their information for that purpose.