Privacy Policy

This privacy compliance plan documents how Metro Finance Pty Limited and our related body corporates (‘we’, ‘us’, ‘our’) will comply with the Australian Privacy Principles. This compliance plan will enable us to deal with complaints and enquiries from individuals in relation to their personal information and credit information.

In this document we treat personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.

We treat credit information as that information that we receive from a credit reporting body.

This compliance plan was last reviewed on 10 Dec 2013.

We will manage personal information, including credit information, in an open and transparent manner. In doing so, we ensure that individuals are notified at the time of collecting their personal information:

  • what type of personal information is being collected;
  • who their personal information will be disclosed to; and
  • how we use that personal information.

We have appointed a Privacy Compliance Officer, that will deal with any queries regarding access to or correction of personal information, including credit information, or any privacy related complaints. We ensure all our employees are trained at regular intervals to ensure they understand our obligations under the Privacy Act, including the Australian Privacy Principles.

We regularly update our privacy policy and will provide a copy of our privacy policy free of charge on request and in a suitable format. We will also place our privacy policy on our website.

Generally we are not able to deal with customers who do not wish to identify themselves. However, where possible and appropriate we will provide information of a general nature to unidentified individuals.

We collect personal information for the following purposes:

  • arranging and assessing an application for credit;
  • managing credit;
  • providing individuals with the products or services they have requested;
  • managing our relationship with individuals;
  • protecting individuals and ourselves from error or fraud; or
  • complying with regulatory requirements.

We may collect sensitive information from individuals when they apply for an insurance related product.

We only collect sensitive information directly from the individual and with the individual’s consent.

Where possible, we collect personal information directly from the individual. However, sometimes this information is provided by mortgage or finance brokers. We also collect credit information from credit reporting bodies.

If we received unsolicited personal information we will determine whether we could have collected that personal information by lawful and fair means, and whether it is related to one of the purposes of collecting personal information, above. We will do this by looking at our relationship with the individual and whether the personal information relates to our relationship with them.

If we could not have collected the personal information by lawful and fair means, or the personal information does not relate to one of our purposes for collecting the personal information, we will destroy the personal information.

When we first collect personal information from an individual we will notify them that we have collected their personal information. We will require the individual to sign a notification and consent form detailing how we will use and disclose their personal information.

This notification will provide the individual with information about:

  • the purposes of the collection of their personal information and credit information;
  • those entities that we usually disclose personal information or credit information to;
  • what happens if the individual chooses not to provide us with personal information;
  • direct marketing that may be undertaken by us or any related companies;
  • when we are required to collect personal information under an Australian law, such as the National Consumer Credit Protection Act (Cth) 2009 or the Anti Money Laundering and Counter Terrorism Financing Act (Cth) 2006;
  • our privacy policy and where it can be found;
  • any disclosure of personal information or credit information that we make to an overseas entity; or
  • any consents we require, such as to obtain commercial credit reports or disclose personal information and credit information to guarantors.

If we know that as part of our relationship with the individual we will disclose their personal information to another identifiable entity, such as a recoveries firm or one of our panel lawyers, we will notify the individual of the following matters at the time we first collect their personal information:

  • the identity and contact details of that organisation;
  • why their information may be disclosed to the organisation.

The purpose of collecting an individual’s personal information will be outlined in the notification and consent received by the individual.

If during our relationship with the individual we wish to use an individual’s personal information for an additional purpose, we will obtain their consent unless the purpose is related to the primary purpose or we are permitted under law to do so.

We notify individuals at the time of collecting their personal information that their personal information will be used by us and any companies within our group for the purposes of direct marketing.

In all our direct marketing communications we will provide a prominent statement about how an individual can elect not to receive direct marketing. If the direct marketing communication is an email we will provide an ‘unsubscribe’ function within the email.

We will keep appropriate records to ensure those individuals that have made ‘opt-out’ requests not to receive direct marketing communications do not receive them. We do not apply a fee to unsubscribe from direct marketing communications. We do not sell personal information.

We do not use sensitive information for the purposes of direct marketing.

If we purchase personal information for the purposes of direct marketing we will conduct appropriate due diligence to ensure appropriate consents from the individuals have been obtained.

We may use personal information for the purposes of pre-screening credit communication through credit reporting bodies. If we decide to use pre-screening we will ensure the individual concerned has not ‘opted out’ of receiving credit-related pre-screening marketing offers.

We do not disclose personal information overseas.

We do not use government related identifiers to identify individuals. We may receive tax file numbers in the course of assessing an application for credit; however, we do not use or disclose tax file numbers for any purpose.

We rely on individuals to help us to ensure that their personal information is accurate, up-to-date and complete.

If we become aware that personal information is inaccurate, out-of-date or incomplete, such as when mail is returned, we will update our systems accordingly.

We hold personal information and credit information on secure IT systems. All IT systems are appropriately updated with passwords, virus scanning software and firewalls when needed.

Any paper records are only accessible to employees and others as they are needed. Any paper records are held within an office that is locked and security protected at night.

We will destroy personal information that is held electronically and in paper form seven years after our relationship with the individual ends. We will do this by shredding paper copies and deleting electronic records containing personal information about the individual.

Individuals may request to access any personal or credit information that we hold about them. We will not charge an individual for requesting access to their personal or credit information.

When an individual requests access to their personal or credit information we will conduct a search of our customer relationship database. This search will also indicate if there are any paper records that contain personal information.

We will not give access to the personal information that we hold about an individual where it is unreasonable or impracticable to provide access, or in circumstances where the request would likely:

  • pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
  • unreasonably access the privacy of other individuals;
  • be frivolous or vexatious;
  • relate to anticipated legal proceeding, and the correct method of access to personal information is by the process of discovery in those legal proceedings;
  • reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations;
  • be unlawful or in breach of an Australian law;
  • prejudice the taking of appropriate action in relation to a matter where unlawful activity or misconduct that relates to our functions or activities;
  • to prejudice an enforcement related activities of an enforcement body (such as ASIC); or
  • reveal commercially sensitive information.

When we receive a request for access we will respond to the individual acknowledging the request with 7 days.

After we have investigated the request for assess we will advise the individual what personal or credit information we hold and provide details of that personal information.

We will comply with all reasonable requests by an individual to provide details of the personal information or credit that we hold in the requested format within 30 days of receiving the request.

If we do not provide access to the information we will provide written reasons setting out why we do not believe we need to provide access. We will also advise the individual they can access our IDR and EDR schemes if they are dissatisfied with a decision not to provide access to personal information.

If we hold personal or credit information about an individual and we are reasonably satisfied (having regarding to the purpose of any personal information) that the information is inaccurate, out of date, incomplete, irrelevant or misleading, or we receive a request to correct the information, we will take reasonable steps to correct the information.

If we correct personal or credit information that we have previously disclosed, we will take reasonable steps to notify the entity to which we disclosed the information of the correction.

We may not always make corrections to an individual’s personal or credit information. When we do not make requested corrections, we will provide reasons for our refusal to make the correction and provide details of our IDR and EDR procedures.

If, after notifying the individual of our refusal to correct personal information, the individual requests us to issue a statement on the record that contains the personal information; we take reasonable steps to do so. We are not required to issue a statement next to any credit information we may hold about the individual.

Persons who want to know what personal information Metro Finance holds about them and how it has been used are invited to send a written request to:

The Privacy Contact Officer
Metro Finance Pty Limited
PO Box R1735
Royal Exchange NSW 1225

Any complaints or concerns should also be directed to The Privacy Contact Officer.