This Privacy Policy explains how Metro Finance Pty Ltd (ABN 44 600 674 093), Metro CF Pty Ltd (ABN 85 650 102 891) and our related bodies corporate (‘Metro’, ‘we’, ‘us’, ‘our’) manage personal information in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
Credit information about identifiable individuals is a form of personal information. This Privacy Policy also includes information about rights in relation to credit-related information, including access and correction, and what can happen if we provide information to a credit reporting body (‘CRB’). In this Privacy Policy, credit-related information also includes credit information, credit eligibility information and credit provider (CP) derived information as those terms are defined in the Privacy Act.
We manage personal information, including credit information, in an open and transparent manner.
We have appointed a Privacy Compliance Officer, who will deal with any queries regarding access to or correction of personal information, including credit information, or any privacy-related complaints. We ensure all our employees are trained at regular intervals to ensure they understand our obligations under the Privacy Act, including the Australian Privacy Principles.
Copies of this Privacy Policy are available free of charge on request and in a suitable format. This Privacy Policy is also available on our website.
Generally, we are not able to deal with customers who do not wish to identify themselves. However, where possible and appropriate we will provide information of a general nature to unidentified individuals.
Metro may collect the following personal information:
The types of personal information that we collect also depends on our relationship with the individual. In respect of loan applicants, we generally collect personal information about individuals who are loan applicants at different stages and in different ways. In particular, during the application for a loan we usually collect personal information from the applicant’s broker or other representative. Later, during the credit approval process, we collect personal information from other lenders, credit providers and CRBs. After the loan has been approved, we may collect additional personal information directly from the loan applicant (who would then be our client).
In respect of applicants for novated leases, we generally collect personal information about individual applicants from the applicant, their employer and salary packaging companies. Later, during the credit approval process, we collect personal information from other lenders, credit providers and CRBs.
If we are not able to collect the information sought, we may be unable to process an application for a loan or a novated lease, or we may be limited in the other services or assistance we can offer to the applicant or client.
In some circumstances we are also required to collect information in accordance with laws that apply to our business:
From time to time, we may receive personal information about you from third party sources. This may include publicly available information from service providers, or contact information from partners with which we offer co-branded services or engage in joint marketing activities. Examples of these type of partnerships would be when we co-author a white paper, co-sponsor a webinar series, or attend a conference as a vendor and receive information from the host regarding attendees. In all of these situations we confirm our partners are collecting this information in accordance with applicable law.
Other service providers may use cookies and other similar technologies for marketing analytics and advertising purposes. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. The information collected through this process does not enable us or them to identify your name, contact details or other personally identifying information unless you choose to provide these.
We may also receive personal information about you from social media companies based on your engagement with us on their site (e.g. liking or commenting on our posts, or viewing our profile). For more information on how your engagement with us on social media may impact how your personal information is collected or shared, see Social Media Policy.
At the application stage, we obtain a broad range of personal information from the authorised representative or broker of loan applicants, which is necessary to enable us to consider each applicant’s eligibility for a loan and the administration of the loan. That personal information includes:
In the course of processing loan applications, we collect personal information from a range of other entities including other lenders, credit providers and CRBs. That personal information may include:
If we obtain credit-related information about an applicant from a CRB, we may derive information from it that has a bearing on the applicant’s credit-worthiness or could be used in establishing the applicant’s eligibility for credit. This may include information such as credit scores and assessments which we generate from the information that we receive.
Once the applicant has settled their loan and become our client, we may also collect personal information in certain instances such as where the client is experiencing difficulties and seeking assistance in servicing the loan. We may also collect the personal information that clients provide to us directly through our websites or indirectly through use of our websites or online presence, or through our client representatives or client surveys. Depending on the circumstances, that personal information includes:
At the application stage, we obtain a broad range of personal information about the applicant which is necessary to enable us to consider each applicant’s eligibility for a novated lease and the administration of the novated lease. We obtain all or almost all that personal information from the applicant’s employer and other parties such as salary packaging companies who are assisting the applicant to apply for a novate lease. The personal information that we obtain from third parties includes:
Less commonly, we may obtain personal information from the applicant directly in the course of verifying, completing or updating the personal information obtained from the other sources.
Generally, we collect personal information from:
In some cases we may also collect personal information about individuals through the use of cookies. When individuals access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to an individual’s computer. This enables us to recognise an individual’s computer and to greet them each time they visit our website without bothering them with a request to register. It also enables us to keep track of products or services viewed by the individual so that, if the individual consents, we can send them news about those products or services. We also use cookies to measure traffic patterns, to determine which areas of our website have been visited and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our online products and services. If an individual does not wish to receive cookies, the individual can set their browser so that the computer does not accept them.
We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users movements, and gather broad demographic information.
In addition to the uses identified elsewhere in this Privacy Policy, we may use your personal information for business purposes, including to:
We collect, hold, use and disclose personal information for the following purposes:
We also collect, hold, use and disclose personal information to verify the identity of our applicants and the authenticity of their identification documents. The identification documents may include drivers licences, passports, or birth or marriage certificates. We may disclose personal information to organisations and government agencies providing verification services such as OCR Labs, the Department of Home Affairs and the state and territory registrars of births, deaths and marriages as well as corresponding agencies in New Zealand. The verification service may also involve the collection of a live photograph of an applicant (generally to be taken by the applicant with their mobile phone camera) and the applicant’s location. The verification service usually involves providing personal information to the organisation or agency and asking for a confirmation about whether the information provided by the applicant matches the relevant records. The verification service may involve the use of third party systems and services.
We collect, hold, use and disclose credit-related information for the following purposes for some of the same purposes as those above and, in addition:
We reserve the right to use or disclose your personal information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
We may disclose an individual’s personal information to:
We may combine or share any information that we collect with information collected by any of our related bodies corporate.
We may also disclose personal information to third parties such as our contractors, suppliers, agents and service providers who help us deliver, administer and support our functions and activities, including:
Under the Privacy Act, credit providers can disclose certain information about an individual’s credit history to CRBs (credit reporting bodies). The CRB with which we generally exchange information is Equifax Pty Ltd (who can be contacted at telephone 13 8332, or at https://www.equifax.com.au/).
We exchange information with CRBs for the purposes of obtaining a credit report about individuals or to allow the CRB to maintain a credit information file about individuals. We participate in credit reporting so that we are able to obtain information to make better and more informed decisions about providing credit to parties. The Privacy Act restricts the purpose for which credit providers can access and use information that is held by CRBs.
We may disclose the following credit-related information about clients’ credit to CRBs:
We may also disclose how a client repays their credit. If a client fails to make repayments on their credit or a client defaults on their obligations or commits a serious credit infringement, we may report this information to a CRB. Equally, we will inform a CRB if a client makes repayments on time or if a client has corrected a default. The CRB may include the information in reports provided to credit providers to assist them to assess an individual’s credit worthiness.
How long we keep information we collect about you depends on the type of information collected, as further described below.
We retain personal information that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your Metro account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
Individuals are entitled to:
We notify individuals at the time of collecting their personal information that their personal information will be used by us and any companies within our group for the purposes of direct marketing. These direct marketing communications may be sent in various forms, including mail, SMS, fax and email. Applicants and clients consent to us sending them those direct marketing communications by any of those methods.
In all our direct marketing communications we will provide a prominent statement about how an individual can elect not to receive direct marketing. If the direct marketing communication is an email we will provide an ‘unsubscribe’ function within the email.
We will keep appropriate records to ensure those individuals that have made ‘opt-out’ requests not to receive direct marketing communications do not receive them. We do not apply a fee to unsubscribe from direct marketing communications.
We do not sell personal information.
Our Websites include Social Media Features, such as the Facebook Like button and Widgets, such as the Share This button or interactive mini-programs that run on our sites. These features may collect your IP address, which page you are visiting on our sites, and may set a cookie to enable the feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Websites. This Privacy Policy does not apply to these features. Your interactions with these features are governed by the privacy policy and other policies of the companies providing them.
Your personal information may be publicly available if you identify us in your social media pages or on various social media platforms by tagging us using a hashtag (#) or “at” (@) indicator. Your personal information also may be publicly available if you make a post on a social media site on a page we maintain. We maintain Metro social media pages on the following sites:
When you use a social media site, your personal information is subject to the privacy policies of those sites. However, once your personal information is in our possession, we will treat it in accordance with this Privacy Policy. We strongly recommend you review the privacy policies of any third-party sites you visit to understand the data collection and use practices of that third party.
Our Websites provide links to other websites. We do not control, and are not responsible for, the content or practices of these other websites. Our provision of such links does not constitute our endorsement of these other websites, their content, their owners, or their practices. This Privacy Policy does not apply to these other websites, which are subject to any privacy and other policies they may have.
We offer publicly accessible blogs. Please keep in mind that if you directly disclose any information through our public blogs, this information may be collected and used by others. We will correct or delete any information you have posted on the Websites if you so request, as described in “Opting Out and Unsubscribing” below.
The Metro website may contain a link to third party websites. The links are provided for convenience only and we are not responsible for the content or material contained in, or obtained through, any third-party website or for the privacy practices of the third-party website. We suggest that you review the privacy policy of each website that you visit.
Our links to the linked websites should in no way be construed as an endorsement, approval or recommendation by us of the owners or operators of the linked website or of the content, products or services contained on or referred to by the linked websites.
Except in respect of the verification of identification documents issued by government agencies in New Zealand, we do not disclose personal information overseas.
We rely on individuals to help us to ensure that their personal information is accurate, up-to-date and complete.
If we become aware that personal information is inaccurate, out-of-date or incomplete, such as when mail is returned, we will update our systems accordingly.
All personal information held by us is stored on secure servers in Australia. We use a variety of technical and organisational security techniques, including encryption and authentication, to help with the protection and maintain the availability, security and integrity of individuals’ personal information.
We are committed to protecting individuals’ information through the following measures:
Any paper records are held within an office that is locked and security protected at night
Individuals may request to access any personal or credit information that we hold about them. If an individual wishes to access the personal information we hold about them, they may do so by emailing customer.relations@metrofin.com.au. Before we provide individuals with access to their personal information we may require some proof of identity. When contacting us to request access to or correction of any personal information we hold about an individual, we ask that they provide us with as much detail as they can about the information in question as this will help us to retrieve it.
We will not charge an individual for requesting access to their personal or credit information.
When an individual requests access to their personal or credit information we will conduct a search of our customer relationship database. This search will also indicate if there are any paper records that contain personal information.
We will not give access to the personal information that we hold about an individual where it is unreasonable or impracticable to provide access, or in other circumstances permitted by law such as where the request would be likely to have an unreasonable impact on the privacy of others.
When we receive a request for access we will respond to the individual acknowledging the request with 7 days.
After we have investigated the request for assess we will advise the individual what personal or credit information we hold and provide details of that personal information.
We will comply with all reasonable requests by an individual to provide details of the personal information or credit that we hold in the requested format within 30 days of receiving the request.
If we do not provide access to the information we will provide written reasons setting out why we do not believe we need to provide access. We will also advise the individual they can access our internal dispute resolution procedures and details of a recognised external dispute resolution scheme of which we are a member if they are dissatisfied with a decision not to provide access to personal information.
Individuals have the right to request us to correct the personal information we hold about them. If we hold personal or credit information about an individual and we are reasonably satisfied (having regarding to the purpose of any personal information) that the information is inaccurate, out of date, incomplete, irrelevant or misleading, or we receive a request to correct the information, we will take reasonable steps to correct the information.
If we correct personal or credit information that we have previously disclosed, we will take reasonable steps to notify the entity to which we disclosed the information of the correction.
We may not always make amendments to an individual’s personal or credit information. When we do not make requested corrections, we will provide reasons for our refusal to make the correction and provide details of our internal dispute resolution procedures and details of a recognised external dispute resolution scheme of which we are a member.
If, after notifying the individual of our refusal to correct personal information, the individual requests us to issue a statement on the record that contains the personal information; we take reasonable steps to do so. We are not required to issue a statement next to any credit information we may hold about the individual.
If an individual believes that their privacy has been breached or that we have not complied with any of our obligations relating to their credit-related information, please contact our Privacy Officer using the contact information below and provide details of the incident so that we can investigate it.
We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. Our Privacy Officer deals with privacy complaints and any complaints should be directed to our Privacy Officer using the contact details below. We will attempt to confirm as appropriate and necessary with the individual their understanding of the conduct relevant to the complaint and what they expect as an outcome. We will inform them whether we will conduct an investigation, the name, title, and contact details of the investigating officer and the estimated completion date for the investigation process.
After we have completed our enquiries, we will contact the individual, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from the individual, we will assess it and advise if we have changed our view. If the complaint remains unresolved, the individual may refer the matter to the Office of the Australian Information Commissioner (the ‘OAIC’).
The contact details for the OAIC are:
The Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Website: www.oaic.gov.au
If an individual has any questions about this Privacy Policy, or any concerns or a complaint regarding the treatment of their privacy or a possible breach of their privacy, they may contact our Privacy Officer using the details set out below. Individuals can write to:
The Privacy Officer
Metro
Level 8, 201 Sussex Street,
Sydney NSW 2000
Alternatively, individuals can email us at customer.relations@metrofin.com.au or call us on
Business Products: 1300 362 627
Personal Products: 1300 696 387
This Privacy Policy was last reviewed in August 2024.
