At enably we take data security very seriously, and as such take serious steps to protect all personal information collected and held regarding our customers.
Personal information is information or an opinion about you from which your identity is apparent. Protecting your privacy is fundamental to the way we do business. This document sets out the way we will collect, store, use and share your personal information. It will also provide you with information about what you can do to access the personal information we have about you, the way you can have it corrected, if necessary, and what steps you can take to complain about any action taken by us in relation to the information.
The legal framework under which we deal with your personal information is set out in the Privacy Act, the 13 Australian Privacy Principles (contained in Schedule 1 to the Privacy Act) and the Credit Reporting Privacy Code made under the Privacy Act. These rules apply to information about individuals, not corporations.
Why we collect personal information
We collect personal information so that we can:
- Accept and process your application for a loan in accordance with the requirements by law;
- Assess your personal and/or commercial creditworthiness;
- Make a determination about the risk of you defaulting on your repayment obligations to us;
- Undertake, where appropriate, risk assessment and management involving securitisation, credit scoring, portfolio analysis, reporting and fraud prevention and claim recovery;
- If your application is successful, provide you with a loan;
- Manage your account with us;
- Assist in the resolution of any dispute you may have with us;
- Provide you with information about other products or services we currently offer, or may offer in the future or are offered by our commercial partners
Where we get personal information
We obtain personal information from any of the following sources:
- You in the process of your loan application or in other communication with you;
- Other credit providers from whom we request information;
- Credit reporting bodies;
- Persons or entities you have authorised to provide us with information;
- Your use of our website with the aid of "cookies", and
- Marketing companies from which we may acquire information in order that we may offer services to you.
Where we obtain personal information which we are either required to collect, or authorised to collect by law, we will advise you of that fact.
"Sensitive information" is information about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, health or genetic information.
We will not collect, use or disclose any sensitive information about you unless we have your specific consent, and it is necessary to undertake one of the functions referred to above.
Exchange of personal information
We may disclose your personal information to:
- Such credit reporting bodies, ratings agencies and any business which provide information about the credit worthiness of persons with whom we have a commercial arrangement;
- Other credit providers;
- Personal and/or business referees nominated by you, including your employer;
- Our professional advisers, contractors and other service providers (eg. IT consultants);
- Your legal and financial advisers (if applicable) if permitted by you;
- Centrelink, Australian Taxation Office or other Government departments, agencies or bodies, to whom we may be required by law to disclose information supplied by you to us;
- Our financiers;
- Our contractors, agents and service providers (including debt collectors) in order that we may deal with you more efficiently or collect monies owing to us;
- Our ASIC and OAIC approved external dispute resolution service;
- Payment system operators (if any);
- Our insurers, insurance underwriters/providers in relation to our insurance policies;
- Entities who may purchase (or who may be interested in purchasing) any interest in the obligations you may owe us under the credit contract, and
- Direct marketers or lead providers who may wish to market their product to you. You may be directly contacted by SSM Pty Ltd in relation to online education opportunities, utilising a Government Loan Facility.
The Privacy Act allows credit providers to disclose some information to credit reporting bodies. The information which is disclosed depends on the level at which we participate in the credit reporting system. The credit reporting bodies are also bound by the Privacy Act and are restricted in the uses to which that information may be used. Each of the credit reporting bodies must have a policy, similar to this one, to explain how it uses your information.
The information we may disclose to a credit reporting body is the following:
- Whether we provide you with a loan;
- The type of loan provided;
- The amount of the loan provided;
- The date the loan was supplied;
- The date the loan terminated;
- The terms of the loan;
- Whether payments are made on the loan;
- If you default in making a payment on the loan (where the amount is $150 or more and has been outstanding for 60 days or more);
- Whether you were late in making payments and whether you make those payments up, and
- If you commit a serious credit infringement (fraudulent activity or deliberately evading your obligations under the loan terms).
There are three credit reporting bodies that we may deal with as outlined below.
Access and correction
The Privacy Act provides that, subject to some exceptions, you have a right to know what information we hold about you including information we have obtained from a credit reporting bodies. If you wish to access the personal information we hold about you, including information we have obtained from a credit reporting body, you should make contact with us in any of the following ways:
It may be necessary for us to verify your identity before we can provide any information.
We will usually be able to provide this information to you within 30 days of the request. Should we require longer, we will write to you advising you a reason and seeking additional time. We may require you to pay our reasonable costs of providing this information to you. There are restrictions in relation to those costs contained in the law.
If possible, we will provide you with the personal information in the form you request. However, in some circumstances it may be necessary for you to access that information in a method determined by us, but we will always make it as easy as possible for you to access that information.
There may be occasions where we cannot provide you with that information. In such a case we will write to you and give you our reasons.
You can request that any personal information we hold be corrected if it is inaccurate, incomplete or out of date. If you wish to make such a request you should contact us by any of the methods set out above.
If your request relates to information that we have received from a credit reporting body, we will contact the credit reporting body and advise them of your request.
If we agree with you that your information is inaccurate, incomplete or out of date we will make the appropriate changes and will write to you and tell you the changes we have made within seven days of making that change.
If we do not agree that the information is inaccurate, incomplete or out of date, we will write to you giving you the reasons why we have formed the opinion and tell you what steps you can take as a result of our refusal to change the information.
If you believe we haven't dealt with your personal information in accordance with the provisions of the Privacy Act (including the 13 Australian Privacy Principles) or any code under the Privacy Act (including the Credit Reporting Privacy Code), please follow our complaints process, outlined here.