Privacy Policy

Personal information means information or an opinion about an identified individual.

Introduction

This Privacy Policy explains how Metro Finance Pty Ltd (ABN 44 600 674 093), Metro CF Pty Ltd (ABN 85 650 102 891) and our related bodies corporate (“Metro”, ‘we’, ‘us’, ‘our’) manage personal information and credit-related information in compliance with the Privacy Act and the Australian Privacy Principles. Our handling of credit-related information is regulated by the Privacy Act and the Privacy (Credit Reporting) Code.

It describes:

the personal information and credit-related information we collect (including information about applicants, clients, brokers, suppliers and employees);
the reasons why we collect personal information and credit-related information, and what it is used for;
any parties with which we share personal information and credit-related information;
your rights, including rights of access and correction and how to exercise those rights; and
what to do if you have a question or complaint about the way that we handle your personal information and credit-related information.

Click on the links below to read more about each section:

Types of personal and credit-related information we collect
How we collect personal information
Legal Obligations
Cookies and social media
How we use personal information and credit-related information
Disclosure of personal information and credit-related information
Security of personal information and credit-related information
Retention of personal information and credit-related information
Your rights
Privacy concerns or complaints
Contact us
Defined terms

1. Types of personal and credit-related information we collect

The types of personal information that we collect, and how we collect it, depends on our relationship with you.

In the following sections we describe the personal information we collect relating to when:

you are an Applicant applying for loans, novated leases and other products or services from us;
you are a Client who has obtained a loan, novated lease or other product or service from us;
you are an individual or a related individual of an entity that acts as a Broker, such as in providing credit assistance to prospective borrowers in relation to loans offered by us;
you are an individual or related individual of an entity that enters into an agreement to provide products and/or services to us, such as in the case of a supplier; and
you are a job candidate who applies to us for a job, you are a contractor where you have a contract with us and you are not an employee or supplier, or you are an employee of ours.

We also collect personal information about you when you connect with us via phone, website, email or you publicly comment on social media platforms or public online forums, as well as any information we are legally required to collect.

In certain circumstances, we may also need to collect your credit-related information to provide our products and service and to provide assistance and support.

Please note: If we are not able to collect the information sought, we may not be able to process an application for a loan or a novated lease, assist with your enquiries, provide all the features for a product or service we offer, or offer certain other services or support.

1.1 Applicants

As an Applicant during the application stage, we collect personal information about you as well as any guarantor, co-applicant or other individual related to you relevant to your application for credit or the management of our relationship with you (each a Related Party). This personal information generally includes:

your name, address and contact details;
previous addresses;
date of birth;
gender;
identification documents such as driver licence, passport, or birth or marriage certificate;
name of your current employer and other employment (PAYG/Self-employed) information;
profession, occupation or job title;
marital status/family details and circumstances;
bank details;
information about your financial status including bank statements ;
property addresses and title searches;
how the asset we are financing will be used.

Loan applications

As part of processing your Application and conducting the credit approval process, we also collect credit-related information about you and Related Parties from third parties including other lenders, credit providers and CRBs. The types of credit-related information we may collect includes:

credit liability information regarding existing finance;
- name of the credit provider
- the type of finance;
- how long the finance has been held;
- the terms and conditions of the finance;
- the maximum amount of finance available;
repayment history information which is information about whether you make repayments on time. This may include default information concerning a payment owed by you as a borrower or as a guarantor in connection with credit that remains overdue for more than 60 days;
information about the type and amount of finance that you are applying for;
default and payment information;
information about your credit worthiness, credit standing, credit history or credit capacity;
a statement that an information request has been made about you by a credit provider, mortgage insurer or trade insurer;
personal insolvency information about you. This may include information relating to whether you are bankrupt or subject to a debt agreement proposal or a debt agreement or a personal insolvency agreement you have signed;
new arrangement information about you (for example, where a debt that you owe has been varied because it was overdue);
an opinion by a credit provider that you have committed a serious credit infringement in relation to consumer credit provided by the credit provider to you; and
court proceedings information.

If we obtain credit-related information about you from a CRB, we may derive information from it that has a bearing on your credit-worthiness or could be used in establishing your eligibility for credit. The kinds of information we usually derive from credit-related information received from a CRB includes credit scores and assessments as to suitability for credit which we generate from the information that we receive.

Novated lease applications

During the processing of your novated lease application, we collect personal information about you and Related Parties, typically directly from you, your employer and third parties such as salary packaging companies assisting with your application. The personal information we collect may include:

your name, address and contact details;
identification documents such as driver licence, passport, or birth or marriage certificate;
name of your current employer;
employment-related information such as your profession, occupation or job title, payroll information;
vehicle-related information such as your driving speeds, patterns and locations, fuel fills and purposes of travel; and
criminal history.

In some cases, we may collect personal information from you directly in the course of verifying, completing or updating the personal information obtained from the other sources.

Later, during the credit approval stage, we collect personal information about you from other lenders, credit providers and CRBs. See Section 2.2 for more information on the information we collect from third parties.

1.2 Clients

After your novated lease or loan application is settled and you become our Client, we may need to collect additional personal information about you, particularly if you encounter difficulties and seek assistance in managing your loan. We may also collect personal information from you through your interactions with our client representatives or through client surveys. Depending on the situation, the personal information we collect may include:

amendments to bank details;
updated financial information (such as income, expenses, liabilities and assets);
health-related information;
details of family disruptions (e.g., separation, divorce, family violence or financial abuse);
information about the death of a relative; and
criminal history.

In cases where we need to collect sensitive information, we will only do so when it is necessary for our functions or activities, and with your consent, or if required by law.

1.3 Brokers and suppliers

If you are a broker we may collect the following types of personal information about you:

personal and contact details;
government issued identification copies and government related identifiers such as your Credit Representative (CR) number or Australian Credit Licence (ACL) (if applicable); and
other information from your direct interactions with us.

If you are a supplier we collect your personal and contact details such as your name, title, mailing address, telephone number and email address.

1.4 Job candidates, contractors and employees

If you are a job candidate, contractor or employee, the personal information we collect may include:

Identity information – We may ask for information such as your full name, email address, telephone number, date of birth as well as identity verification information such as your passport and/or driver’s licence details and residency status.
Professional or employment related information – We may ask for your education, qualifications and work history. If we are considering offering you a job or contractor role, we may also use a third party to conduct a background check and/or psychometric assessment (for example, personality and cognitive ability assessments).
Sensitive personal information – some roles may require your health information for work health and safety laws and related insurance claims or a criminal background check. We may also collect your tax file number and, if you choose, demographic information to support our diversity and inclusion goals. We do not collect sensitive information unless you provide it voluntarily. If needed for a specific purpose, we will request your consent.
Recruitment and employment – we may collect personal information directly from you or indirectly from third parties such as recruitment agencies, your referees, or past employers as part of the recruitment process and for ongoing human resources management. This may include name, contact details, work history, and other job-related information.
Work management information – where you are a contractor or employee, we may collect information about your accessibility needs and/or adjustment requirements, performance information for example, how you are performing your duties and information required for investigation of an incident or allegation.

2. How we collect personal information

2.1 Directly from you

From time to time we collect personal information or credit-related information about you directly from you, including information you provide and as part of your engagement with us, in response to requests, through our representatives, surveys, or indirectly through your use of our websites or other online presence.

We also collect personal information and credit-related information directly from you in call recordings when you contact sales representatives or customer support services. In these instances, you will be notified in advance of the recording and given the opportunity to request your interaction not be recorded.

2.2 From others

We otherwise collect most personal information and credit-related information about you from others. For example, we may collect information from:

your representatives (including your legal adviser, broker, financial adviser or accountant) for the purposes of assessing an application for a product with us or managing a product;
your use of our products or services facilitated by brokers;
other account holders or co-borrowers;
property information services;
publicly available sources such as public registers, social media and news sources in order to verify personal information about you;
credit representatives who sell or arrange products and services for you on our behalf;
CRBs, other lenders and financial institutions and your agents (for example, brokers) to allow us to provide you with the services you request;
suppliers engaged by us, including service providers who assist us with various tasks, such as identity verification, eligibility assessments for relevant products or services, and conducting background checks and assessments for employees and contractors;
your current or previous employer, to confirm your employment status or salary in connection with an application for our products or services; and
partners we work with on co-branded services or joint marketing efforts. For example, this could happen when we co-author a white paper, co-sponsor a webinar, or attend a conference as a vendor and receive attendee information from the host.

2.3 If you give us personal information about someone else

Before you provide another person’s personal information to us, whether directly or with the support of a broker (for example, a proposed Guarantor) or where, as a broker, you provide access to any of our products or services to your customers whereby we will collect or you will provide to us their personal information, you must make them aware that you will be doing this; and that you will collect, use and disclose their personal information in accordance with this Privacy Policy.

Where you provide us with another person’s sensitive information, you must first obtain their consent to sharing it with us and their consent to us collecting, using and disclosing their sensitive information in accordance with this Privacy Policy.

3. Legal Obligations

Certain laws require us to collect, use and/or disclose your personal information (including credit-related information) in particular circumstances, including:

if you apply for or hold a credit product from us via Metro CF, the National Consumer Credit Protection Act 2009 (Cth) requires us to obtain information about you to assess your requirements, objectives and suitability relating to a loan;
if you apply for a product or service from us, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) requires us to collect personal information about you to verify your identity; and
if you offer or give us security over personal property, we will conduct searches and register our security interest under the Personal Property Securities Act 2009 (Cth).

4. Cookies and social media

4.1 Cookies

We use cookies on our websites. Cookies may collect certain information about you, your device and your use of our websites including date and time of your visits to our website[s] and information about the device used to visit our website[s] such as device IDs and IP addresses. We collect limited personal information about you via cookies for the following purposes:

to help secure your experience by simplifying login, maintaining session integrity or validating content entered into form fields;
to remember user preferences and measure website traffic patterns to determine which areas of our website have been visited;
to collect data about how users of our website[s] interact with it to measure effectiveness of our marketing and to improve our services.

If you do not wish to receive cookies, you can set your browser so that your device does not accept them.

4.2 Social media

Our websites include social media features, such as the Facebook ‘Like’ button and widgets such as the ‘Share this button’ or interactive mini-programs that run our sites. These features may collect your IP address, which page you are visiting on our sites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our websites. This privacy policy does not apply to these social media features. Your interactions with these features are governed by the policies of the third parties providing them.

Your personal information may be publicly available if you identify us in your social media pages or on various social media platforms by tagging us using a hashtag (#) or “at” (@) indicator. Your personal information also may be publicly available if you make a post on a social media site on a page we maintain. We maintain social media pages on the following sites:

Facebook
X
LinkedIn
Instagram

When you use a social media site, your personal information is subject to the privacy policies of those sites. However, once your personal information is in our possession, we will treat it in accordance with this Policy. We strongly recommend you review the privacy policies of any third-party sites you visit to understand the data collection and use practices of that third party.

4.3 Other websites

Our websites provide links to other websites. We do not control, and are not responsible for, the content or practices of these other websites. Our provision of such links does not constitute our endorsement of these other websites, their content, their owners, or their practices. This Policy does not apply to these other websites, which are subject to any privacy and other policies they may have.

We offer publicly accessible blogs. Please keep in mind that if you directly disclose any information through our public blogs, this information may be collected and used by others. We will correct or delete any information you have posted on the blogs if you so request.

5. How we use personal information and credit-related information

5.1 Applicant and client information

For most of our products and services, we use your personal information to help us run our business and serve you better, including to:

assess your application (including eligibility) for a product or service;
verify your identity;
verify aspects of your financial situation in connection with assessing your application;
answer your questions;
provide you with and manage the products and services you have with us directly or with the support of a broker;
support vulnerable clients in the management of their product or service;
manage our relationship with you;
manage, train and develop our employees, contractors and representatives;
develop and improve our products and services;
comply with our legislative and regulatory requirements.

5.2 Credit-related information

If you apply for a credit product, obtain credit from us, are offering to act as a guarantor or acting as guarantor in relation to credit, we also use your credit-related information for the following purposes:

determine your eligibility for credit or your suitability to act as a guarantor and we may assess or rate your suitability for credit or to act as a guarantor;
to enable us to develop, administer and manage our services and businesses;
manage the products we provide, as well as your accounts with us;
to engage a CRB to conduct a credit and reference check;
to provide information to CRBs as permitted by law;
to assist you during hardship,
to advise credit providers of the status of your agreements with us, in circumstances where you are in default with credit providers;
to enforce our rights when you are in breach, including debt recovery and other enforcement.

We may also use share your credit-related information with potential securitisation partners.

For more information on how we use and share your credit-related information, and who we may share this information with, see Section 6.2.

5.3 Broker and supplier information

We use your personal information to:

verify your identity;
respond to requests for information or materials;
communicate with you;
fulfil our legal, regulatory and risk management obligations;
develop, maintain and manage our relationship with you.

5.4 Job candidate, contractor and employee information

We use your personal information to:

verify your identity;
assess your suitability for the role you have applied for;
conduct reference and background checks;
communicate with you;
fulfil our legal, regulatory and risk management obligations;
develop, maintain and manage our relationship with you.

5.5 Other Uses

In addition to the specific reasons we provide for collecting your personal information, we may also use your personal information for our business purposes, including to:

provide marketing communications or promote our services;
deliver, manage or improve our products and services and to research and develop new ones (including via data analytics and development of AI and machine-based learning tools);
protect the safety and security of our business including to assist in an investigation, to protect and defend our rights and property or the rights of third parties or enforce terms and conditions;
prevent suspected fraud, or other illegal activities, prevent misuse or for any other reason permitted by law;
ensure quality control and for research purposes of us and our brokers, suppliers and contractors;
analyse how visitors use our website in order to enhance and personalise their experience.

5.6 Direct marketing

You will be notified at the time we collect your personal information that it will be used by us for direct marketing purposes. Direct marketing communications may be sent in various forms, including mail, SMS, email or other electronic means such as through social media or targeted advertising through our website.

If you do not want to receive direct marketing from us, you can opt-out by:

where applicable, updating your message preference settings in your online services;
utilising the ‘unsubscribe’ function if the direct marketing communication is an email; or
contacting us using the details in Section 11 below.

We do not sell personal information or credit-related information.

6. Disclosure of personal information and credit-related information

6.1 General Disclosure

We may share (i.e., disclose) your personal information with:

brokers, authorised representatives, guarantors and co-applicants where you are an Applicant or Client;
suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes;
insurers and financiers of credit products or other products that we have supplied to you;
financiers and rating agencies for the purpose of the funding, refinancing, sale or securitisation associated due diligence and review of the products and related services provided to you;
organisations and government agencies providing verification and information services such as Equifax, ID Verse , the Department of Home Affairs and the state and territory registrars of births, deaths and marriages as well as corresponding agencies in New Zealand;
third parties including government agencies or toll road operators where required or allowed by law or court or tribunal order or in order to register or to protect our interests or to deal with infringements;
organisations that assist us with funding for loans;
organisations involved in valuing, registering a security property, or which otherwise have an interest in such property, purchasers of debt portfolios;
other credit providers which provide, or are considering providing, credit to individuals; and
organisations that provide information relevant to or assist us with fraud prevention, credit management and loan recovery;
other third parties that provide services to us (or to individuals on our behalf). These may include debt collectors, credit management agencies and other third parties that process applications for credit made to us;
organisations and government agencies as required or authorised by law;
any organisation for any authorised purpose with an individual’s consent.

We may also disclose your personal information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.

6.2 Disclosure of information to CRBs

Under the Privacy Act, credit providers can disclose certain information about an individual’s credit history to CRBs. The CRB with which we generally exchange information is Equifax Pty Ltd (who can be contacted at telephone 13 8332, or at https://www.equifax.com.au/).

We exchange information with CRBs for the purposes of obtaining a credit report about individuals or to allow the CRB to maintain a credit information file about individuals. We participate in credit reporting so that we are able to obtain information to make better and more informed decisions about providing credit to parties. The Privacy Act restricts the purpose for which credit providers can access and use information that is held by CRBs.

We may disclose the following credit-related information about a Client’s credit to CRBs:

that we provide credit to a Client;
the type of credit hold by a Client;
the amount of credit provided to a Client;
the terms and conditions of a Client’s credit; and
when a Client’s credit account is opened and closed.

Where you are a Client, we may also disclose how you repay your credit. If you fail to make repayments on your credit or you default on your obligations or commit a serious credit infringement, we may report this information to a CRB. Equally, we will inform a CRB if you make repayments on time or if you have corrected a default. The CRB may include the information in reports provided to credit providers to assist them to assess your credit worthiness.

CRBs can pre-screen you for direct marketing purposes. You can contact the CRBs if you want to stop your credit information being used for this purpose by contacting them using the details above.

Information provided to CRBs may include your personal information and credit-related information, including information we provide them in relation to the credit products you have with us, in reports that they provide to other credit providers to assist those providers in assessing your credit worthiness.

If you think you have been, or could be, a victim of fraud you can ask CRBs not to use or give anyone your credit-related information by contacting them using the details above.

6.3 Disclosure to related parties and service providers

We may share personal information with our related bodies corporate, contractors, suppliers, service providers or other third parties (including data warehouses, data partners and analytic services and consultants) who help us deliver, administer and support our functions and activities, including:

Data and processing, storage and back-up;
Hosting our servers and website;
Software development, analysis, data management and other IT services;
Conducting research, surveys and market analysis;
Data analytics and development of tools to support our business;
Improvement of existing products and services and development of new products and services;
Processing payments;
Delivering marketing and digital marketing services;
Employment and workforce management.

6.4 Disclosure overseas

Some of the contractors, service providers and other third parties (including data warehouses, data partners and analytic services and consultants) we use may be located outside of Australia in countries including Singapore, the United States, India and the Philippines. We may disclose credit information or credit eligibility information to third parties in these countries.

Before disclosing any personal information to third parties outside Australia we ensure that appropriate contractual protections are in place, to ensure that the third party provides the same level of protection as would apply under the Privacy Act.

We may, in accordance with the Privacy Act, disclose credit information to entities without an Australian link (as defined in the Privacy Act).

7. Security of personal information and credit-related information

We use a range of reasonable technical, physical, electronic and other security measures to protect the security, confidentiality and integrity of your personal information. These measures include:

restricting access to personal information and credit-related information to only those who need to use it for the relevant purpose;

transferring personal information and credit-related information in encrypted form;
preventing unauthorised access to IT systems by using firewalls;
continuous monitoring of IT systems to detect and stop misuse of personal information and credit-related information;
storing personal information and credit-related information on secure IT systems, regularly updated with passwords, virus protection and firewalls; and
ensuring that any paper records are only accessible to employees and authorised personnel as needed.

8. Retention of personal information and credit-related information

The length of time we retain your personal information and credit-related depends on the type of information collected, as outlined below.

We retain personal information and credit-related information that you provide to us for as long as we have a legitimate business need, such as complying with legal obligations, resolving disputes, or enforcing agreements.

If you have opted to receive marketing communications, we retain information about your preferences for a reasonable period from when you last showed interest in our content, products or services, such as the last time you opened an email from us or used your account.

Information collected via cookies and other tracking technologies is also retained for a reasonable period from the date it was created.

9. Your rights

9.1 Access and Correction

You may request access to the personal information including credit-related information that we hold about you. You can also ask for corrections to be made to it. To do so, please contact us using the contact details provided below.

We will seek to verify your identity before we allow access, or make changes, to your personal information or credit-related information.

We will not charge you for requesting access or corrections to your personal information or credit-related information.

We will not give access to your personal information that we hold about an individual where it is unreasonable or impracticable to provide access, or in other circumstances permitted by law such as where the request would be likely to have an unreasonable impact on the privacy of others. We will not give access to your credit-related information if it would be unlawful to do so or if not granting access is in compliance with the Privacy Act. There are also certain circumstances where we are not required to correct your personal information or credit-related information– for example, where we are not satisfied that the information we have on record for you is inaccurate, out-of-date, incomplete, irrelevant or misleading.

If we refuse to give you access to or correct your personal information or credit-related information, we will give you a notice explaining our reasons (except to the extent it would be unreasonable or unlawful to do so). If you are unhappy about something we have done, you can make a complaint per Section 10 below and contact us per Section 11 below. You can also contact the Office of the Australian Information Commissioner (OAIC) – see further the details in Section 10 below.

We try to comply with all reasonable requests by an individual to be given access to or correct their personal information or credit-related information within 30 days of receiving the request.

9.2 Additional rights – Credit-related information

If you believe that you have been, or are likely, a victim of fraud, you can request the we not use or disclose any of your credit information

10. Privacy concerns or complaints

If you have a concern or complaint about how we have handled your personal information (including your credit-related information) or about our compliance with Division 3 of Part IIIA of the Privacy Act or the Privacy (Credit Reporting) Code, let us know by contacting us at the contact details in Section 11 below and we’ll try to fix it.

We will acknowledge any such complaint as soon as reasonably practicable and seek to promptly resolve any issue. The handling of your complaint may involve further correspondence or communication with us and we may consult with or engage any relevant third parties.

If you are not satisfied with our response to, or handling of, your complaint or concern, you can complain to the Office of the Australian Information Commissioner (OAIC). The contact details for the OAIC are set out below.

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au.
Website: www.oaic.gov.au

11. Contact us

If you have any questions about this Privacy Policy, or any concerns or a complaint regarding how we have handled your personal information, you may contact our Privacy Officer using the details set out below.

The Privacy Officer
Metro
Level 8, 201 Sussex Street,
Sydney NSW 2000

Alternatively, individuals can email us at customer.relations@metrofin.com.au or call us on

Business Products: 1300 362 627

Personal Products: 1300 696 387

12. Defined terms

In this Privacy Policy, terms used have the following meaning:

In this Policy, terms used have the following meaning:

Application means an application to enter into a Credit Agreement or Novated Lease with Metro;

Applicant includes any person who submits an Application to Metro (directly or via a Broker or other arranger);

Broker means any entity or individual who has entered into a Broker Agreement with Metro;

Client means an Applicant who has entered into a Credit Agreement or Novated Lease with Metro;

CRB means a credit reporting body;

Credit Agreement means:

A loan agreement, lease agreement, rental agreement or hire purchase agreement;
Any such other form of financing agreement entered into by Metro from time to time;

Credit-related information about identifiable individuals is a form of personal information. In this Privacy Policy, credit-related information also includes credit information and credit eligibility information and credit provider (CP) derived information as those terms are defined in the Privacy Act and the Privacy (Credit Reporting) Code.

Guarantor means any person who gives a guarantee or indemnity in connection with the Client’s obligations under a Credit Agreement or Novated Lease including its successors and assigns;

Novated Lease means a novated lease provided by Metro to a Client;

Privacy Act means the Privacy Act 1988 (Cth);

Privacy (Credit Reporting) Code means the Privacy (Credit Reporting) Code 2024 (as updated from time to time).

Related Party means any guarantor, co-applicant or other individual related to the Applicant or a Client relevant to the Application or the management of our relationship with the Applicant or Client;

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.

In this Policy:

a singular word includes the plural and vice versa;
a word which suggests one gender includes the other gender;
a reference to a person includes a corporation, trust, partnership, unincorporated body, government and local authority or agency, or other entity whether or not it comprises a separate legal entity;
a reference to a document or agreement (including a reference to this Policy) is to that document or agreement as amended, supplemented, varied or replaced;
a reference to legislation or to a provision of legislation (including subordinate legislation) is to that legislation as amended, re-enacted or replaced, and includes any subordinate legislation issued under it.