Credit Reporting Policy
BDO (and its Related Entities and Related Bodies Corporate (as defined in the provisions of the Corporations Act 2001 (Cth) (‘BDO’ referred to in this document as we, us or our) recognise that your privacy is very important and we are committed to protecting the personal information we collect from you. The Privacy Act 1988 (Cth) (Privacy Act), Australian Privacy Principles and the Privacy (Credit Reporting) Code (CR Code) govern how we must manage your personal information.
This Credit Reporting Policy sets out how we collect, use, disclose and otherwise manage credit-related information.
2.1 Kinds of information collected
If you apply for products, services or credit from us, we may collect and hold various information related to your assets and financial position, including income details, expense details, asset values and taxation information.
We also collect and use all types of ‘credit information’, ‘credit eligibility information’ and ‘CP derived information’ (as those terms are defined in the Privacy Act).
Credit information is the information we may collect and give to a credit reporting body (such as illion, or Infotrack) and take into consideration when you apply for or use credit. This information includes:
- identity details, such as your name, address, contact numbers and email address;
- the fact that you have applied for credit and the amount;
- the fact that, as we provide terms of payment of accounts which are greater than 7 days, we are a credit provider to you;
- repayment history information, including details of credit you have applied for including but not limited to dates of credit contracts, due dates for repayments, repayment history and any related information;
- in specified circumstances, default information (including payment information if you pay a defaulted amount previously listed with a credit reporting body);
- advice that payments are no longer overdue and the date on which overdue payments were made;
- in specified circumstances, our opinion that you have committed a serious credit infringement;
- the fact that credit provided to you has been paid or otherwise discharged (including the date of discharge);
- details pertaining to your financial position, including any bank account details or credit card details;
- other credit information related to your credit worthiness which is derived by us; and
- information derived from receiving credit reports about you (being ‘CP derived information’) and ‘credit eligibility information’ (as defined in the Privacy Act).
Credit eligibility information is the information that credit reporting bodies provide to us.
CP-derived information means any personal information that is derived from information provided to us by a credit reporting body. This could be, for instance, a credit score.
In this policy, we refer to ‘credit-related information’ to capture some or all information referred to above (as the context requires).
2.2 Method of collection
We will collect your credit-related information if you apply for credit from us or our related entities. We will collect this information directly from you in most cases, for instance through telephone calls, through our application forms and processes or via email.
We may also collect it from persons acting on your behalf (for instance, dealers, brokers, or financial advisors) or from our related entities. We also collect credit-related information from credit reporting bodies (such as illion and Infotrack) or from other credit providers where permitted by the Privacy Act.
If we collect details about you from someone else, we will, whenever reasonably possible, make you aware that we have done this and why, unless such information:
- is collected from publically available sources, including but not limited to any court proceeding information, personal insolvency information and credit relate publically available information; or
- is collected as otherwise required or authorised by law.
To the extent necessary, you expressly consent to us obtaining credit-related information about you from the types of external parties listed above.
3. Purposes of collection, use and disclosure
We collect and use your credit-related information in order to assess your application for consumer or commercial credit (or assess your application to be a guarantor in relation to such credit), for securitisation-related purposes, for our internal management purposes that are directly related to the management of consumer or commercial credit, where we reasonably believe that you have committed a serious credit infringement, and where otherwise required or permitted by law.
We will only use or disclose your credit-related information for the primary purposes for which it was collected or as consented to or as otherwise set out below.
We may use and disclose (and you consent to such use and disclosure of your) credit-related information about you to:
- our Related Bodies Corporate, or a person who manages credit, to process an application or manage credit or discuss an enquiry with you or for related internal management purposes that are directly related to the provision or management of commercial credit;
- the administration and management of our products and services, including charging, billing, credit card authorisation and verification, checks for financial standing, credit-worthiness (including but not limited to undertaking an assessment for credit loss and obtaining credit references, if applicable), and fraud;
- using the information for our own internal assessment of your credit worthiness;
- other third parties, where we believe on reasonable grounds that you have committed a serious credit infringement;
- assisting you to avoid defaults;
- external dispute resolution providers in relation to any complaints or disputes concerning a credit facility offered to you;
- to offer you updates, or other content or products and services that may be of interest to you;
- third parties for securitisation purposes;
- third parties for the purposes of considering whether to accept an assignment of debt, or to take an interest in the credit provider;
- other credit providers where you have consented and where permitted by law;
- guarantors or proposed guarantors, where you have consented and where permitted by law;
- mortgage insurers;
- third parties, such as external debt collectors;
- our contractors and agents, including but not limited to third party’s providers who undertake our bill and/or credit services on our behalf and any companies who assist us in providing our products and services to you; and
- other persons where required or authorised by law.
We may disclose your credit-related information to credit reporting bodies as set out in this Credit Reporting Policy from time to time. The credit reporting body’s separate credit reporting policy can be obtained from their web-site.
We do not generally store credit-related information overseas, but we may disclose credit-related information to credit reporting bodies and other parties overseas. The location of any overseas-based credit reporting bodies or other parties will be any country where you are conducting business that is directly related to the services for which you have engaged, or propose to engage, BDO.
We may also use or disclose your personal information and in doing so we are not required to seek your additional consent:
- when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose;
- if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
- if we have reason to suspect that unlawful activity has been, or is being, engaged in; or
- if it is required or authorised by law.
4. How do we store credit information
We will store any credit information you provide to us, or which we obtain about you, with any other personal information we may hold about you, which shall include but is not limited to the use of paper files, electronic files and databases.
5. Access and correction
You may access the credit-related information we hold about you, by making a written request to us at the details in section 6. We will need to verify your identity before giving you access to your credit-related information. We will respond to your request within a reasonable period. In relation to credit eligibility information specifically, we will provide access within 30 days unless unusual circumstances apply.
Except where prohibited by the Privacy Act and Credit Reporting Privacy Code, we may charge you a reasonable fee for providing access to your personal information (but not for making a request for access).
We may decline a request for access in circumstances prescribed by the Privacy Act, and if we do, we will provide you with a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons) and notify you that you may access a recognised external dispute resolution scheme of which we are a member, or make a complaint to the Information Commissioner.
To ensure you have access to the most up-to-date information, you should also request access to credit reporting information held by credit reporting bodies.
You can ask us to correct the credit-related information we hold about you, by making a written request to us at the details in the following section 6. If we are satisfied that your information is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to update your information within 30 days (or such longer period you agree to in writing) and will provide written notice of that correction.
If we form the view that we will not be able to resolve your correction request within the 30-day time period, we will write to you seeking an extension of time, and notify you that you can complain to a recognised external dispute resolution scheme.
BDO has effective systems and processes in place to resolve privacy complaints. All complaints will be resolved within 30 calendar days of receipt, unless you have agreed to a longer timeframe in writing.
You can make a formal complaint by lodging the BDO Complaints Form on our website. We will acknowledge your complaint within 1 business day of receipt, or as soon as reasonably practicable. We will then investigate the complaint and consult with any relevant third parties in order to appropriately resolve your complaint. All complaints will be recorded on the BDO Complaints Register, along with the actions taken to address and resolve these complaints.
In order to resolve a complaint, we:
- will liaise with you to identify and define the nature and cause of the complaint
- may request that you provide the details of the complaint in writing
- will keep you informed of the likely time within which we will respond to your complaint, and
- will inform you of the legislative basis (if any) of our decision in resolving such complaint.
For more on our Internal Dispute Resolution (IDR) process, as well as avenues for External Dispute Resolution (EDR), see the publicly available BDO Complaints Policy.
If you wish to make an enquiry about your personal information at BDO, or want to update your registration information, please contact firstname.lastname@example.org or call (07) 3237 5624.
7. Statement of Notifiable Matters under the Credit Reporting Privacy Code
Under the Credit Reporting Privacy Code, there are several ‘notifiable matters’ that we are required to disclose to you at or before the time of collecting personal information that is likely to be disclosed to a credit reporting body.
Those matters are:
- the credit reporting body may include the credit information we provide to it in reports, which it then provides to other credit providers to assist those other credit providers to assess your credit worthiness;
- if you fail to meet your payment obligations in relation to consumer credit, or commit a serious credit infringement, we may disclose this to a credit reporting body;
- you can request a copy of this Credit Reporting Policy by contacting us, or obtain it directly from our website;
- you can request a copy of illion’s credit reporting policy from its website (www.illion.com.au) or by contacting them directly by mail to illion Australia, PO Box 7405, St. Kilda Road, Melbourne, VIC, 3004;
- you can request a copy of Infotrack’s credit reporting policy from its website (www.infotrack.com.au) or by contacting them directly by mail to Infotrack, GPO Box 4029, Sydney NSW, 2001;
- you have the right to access credit information we hold about you, request that we correct the information, and make a complaint, as set out further in the remainder of this Credit Reporting Policy;
- you can request a credit reporting body not to use your credit reporting information for the purposes of pre-screening of direct marketing by us; and
- you can request a credit reporting body not to use or disclose your credit reporting information if you believe on reasonable grounds that you have been, or are likely to be, the victim of fraud.
You can ask us to provide you a hard copy of this policy (including the Statement of Notifiable Matters).
8. Further information
For further information please contact:
Credit reporting policy
BDO Australia Ltd
Level 10, 12 Creek St
+61 7 3237 5999