In handling your personal information, Eclipx Group will comply with the Australian Privacy Act 1988, including the 13 Australian Privacy Principles), and/or the New Zealand Privacy Act 1993 (as applicable), and all other relevant laws, regulations and codes relating to privacy and personal information (‘Privacy Law’).
What kind of personal information do we collect?
Personal information is information or an opinion about an identified, or reasonably identifiable, individual.
The kinds of personal information Eclipx Group collects and holds varies according to the specific product or service being provided and may include, but is not limited to, your:
- contact and identification information, such as your name, address, email address, telephone number, gender and date of birth;
- information about your assets, occupation and income, account balances, account activities, payment history and transactions with us or third parties;
- government identifiers and related information, such as your driver’s licence, passport and visa particulars obtained, for example, to verify your identity or eligibility at the time you request a product or service;
- other details relating to your relationship with us, including if we deal with you in a capacity other than a customer (for example, information about agreements or other arrangements or transactions you may have with us, billing information including your credit card details, your purchasing preferences and history, and any information contained in correspondence between us); and
- any other information lawfully obtainable under relevant Privacy Law.
In some circumstances, Eclipx Group may collect sensitive information about you, for example in relation to insurance claims. Sensitive information is a type of personal information and includes health information and information about racial or ethnic origin, political opinions, membership of a trade union or political association, religious beliefs or affiliations, philosophical beliefs, sexual preferences and criminal record. We will only collect sensitive information about you where we are permitted to do so by law.
How do we collect your personal information?
Where practicable we aim to collect your personal information directly from you. The circumstances in which we may do so will vary depending on the context in which we are dealing with you (for example, if you are a customer, according to the specific product or service we are providing) but can include, for example, when you are:
- registering for one of our websites or services or logging in to use one of our websites;
- submitting applications and other forms through our online services, by email, verbally and/or in hard copy;
- subscribing to receive alerts/e-brochures and filling in surveys or research, or participating in promotions and competitions we offer;
- contacting us for any reason including, but not limited to, reporting a problem with one of our services or websites, requesting further services, updating your personal information or otherwise seeking our assistance;
- posting or contributing material on our websites; and
- using our services and any credit provided by us in connection with those.
- There may be occasions when we collect your personal information from other sources, such as from:
- a public or commercial information services provider (such as providers of government, business or credit information);
- social media platforms, if you choose to interact with us via your social media account;
- a third party assisting us to process an application or other transaction, confirming information in an application or other request or assisting us to locate or communicate with you;
- vehicle dealers and other businesses involved in dealings with you and us;
- your employer, such as where we are providing a novated lease, salary packaging services or fleet services.
Generally, Eclipx Group will only collect your personal information from sources other than you if:
- it is unreasonable or impracticable to collect the personal information from you; and
- the collection of that personal information complies with all relevant Privacy Law.
How we use your personal information
We collect, hold, use and disclose your personal information where it is reasonably necessary for the purposes of providing our products and services, for our other business purposes and for any necessary related purposes. These purposes include, but are not limited to:
- provision of commercial and consumer vehicle leasing arrangements, including accident replacement vehicle services;
- sourcing credit products from lenders and other credit providers in relation to car loans;
- registering you to use one of our websites;
- processing a product application or service or purchase request;
- managing our products and services or other relationships and arrangements;
- processing receipts, invoices and payments and servicing customer accounts, including determining liability for payment;
- responding to customer enquiries about applications, accounts, products or services;
- understanding customer needs and offering products and services to meet those needs;
- assessing, processing and investigating insurance risks or claims;
- accounting, billing and other internal administrative purposes;
- identifying and informing customers of products and services that may be of interest;
- notifying you about changes to our products and services;
- considering, and contacting you about, any application you make for a job with us;
- any other legal and regulatory requirements. Various laws may expressly require us to collect your personal information, or we may need to do so in order to be able to comply with other obligations under those laws:
- In Australia such laws include the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (for example, to comply with identity verification requirements), the Personal Property Securities Act 2009 and State and Territory real property and security interests laws (for example, to register and search for security interests), the National Consumer Credit Protection Act 2009 (for example, to comply with responsible lending requirements), the Financial Sector (Collection of Data) Act 2001, the Corporations Act 2001 and other regulatory legislation (for example, requiring us to maintain client and transaction records, or to make reports and provide other information to regulators such as ASIC) and the Taxation Administration Act 1953, the Income Tax Assessment Act 1997 and other taxation laws (for example, to comply with information requests issued by the Commissioner of Taxation).
- In New Zealand such laws include the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (for example, to comply with identity verification requirements), the Tax Administration Act 1994 (for example, to comply with record keeping requirements) and, to the extent necessary, the Credit Contracts and Consumer Finance Act 2003 (for example, to comply with the Responsible Lending Code);
- enforcing our rights, including undertaking debt collection activities and legal proceedings; and
- undertaking business funding and development activities.
Where personal information is used and disclosed, we take steps reasonable in the circumstances to ensure the personal information is relevant to the purposes for which it is to be used and disclosed. You are under no obligation to provide your personal information to us. However, without certain information from you, we may not be able to provide our services to you or any other relevant customer.
Disclosures of your personal information
We may disclose your personal information for purposes such as those listed above and we will always do so consistently with our privacy obligations.
Third parties to whom we may disclose your personal information include:
- our related entities in Australia, New Zealand and overseas;
- administrative services providers, such as mailing houses, printers and call centre operators;
- legal, settlement, valuation and recruitment service providers;
- data processing and market research service providers;
- regulatory bodies, law enforcement authorities and toll operators in New Zealand, Australia and overseas;
- any person who is considering whether to acquire or who has acquired any part of our business, or the rights or obligations under our contract with you;
- financial and other advisors;
- other participants in financial and payment systems, such as banks, credit providers, clearing entities and credit card associations;
- account information aggregation service providers (including Yodlee), to assist in the transfer of your account data to us in connection with an application for a vehicle leasing arrangement;
- insurers, reinsurers, loss adjusters, assessors and underwriters;
- brokers and other distributors;
- your guarantors and security providers;
- debt collectors and investigators; and
- in connection with an application for a vehicle leasing arrangement, credit reporting bodies and other information providers.
We may access credit-related personal information about you through the credit reporting system in relation to any application for credit products and services.
We comply with all Privacy Law that applies to the collection, use and disclosure of credit information, including the Australian Credit Reporting Privacy Code and the New Zealand Credit Reporting Privacy Code 2004 (as applicable) in our handling of your credit-related personal information.
Credit-related personal information is a type of personal information which includes information:
- about your credit history or creditworthiness;
- about your past experiences with us and other lenders;
- about the kinds of credit products you have had or sought;
- about how you have managed your obligations;
- contained in a credit report about you which is obtained by us from a credit reporting body (CRB); and
- about your creditworthiness that has been derived by us from such a credit report about you.
Credit-related personal information that we may collect and hold includes:
- your name, address and date of birth, occupation (including the name of your employer or organisation, and any previous employers) and your driver’s licence number;
- your banking or credit card details and certain financial information about you including a statement of your assets and liabilities;
- the fact that you have applied for consumer credit, or you are a guarantor in respect of that credit application and we have accessed your credit report to assess that application;
- the fact that your organisation has applied for commercial credit, or you are a guarantor in respect of that credit application, and we have accessed your credit report to assess that credit application;
- the fact that we provide goods and services on credit terms to your organisation;
- certain publicly available information that relates to your activities in Australia and New Zealand, and your creditworthiness;
- information that, in our opinion, you have committed a serious credit infringement or credit non-compliance action (that is, acted fraudulently or shown an intention not to comply with your credit obligations);
- insolvency information, including adjudications, discharges, suspensions of discharges and annulments of bankruptcy, and entry into, and termination and discharge from, the no asset procedure.
- assessments, evaluations, scores, ratings, summaries and other information relating to your creditworthiness which is derived by a CRB or us, wholly or partly based on the above; and
- administrative information relating to credit provided by us.
We collect your credit-related personal information through your dealings with us or from those acting on your behalf. We may also obtain credit-related personal information from CRBs, who may include this information in reports provided to credit providers to assist them to assess your credit worthiness.
We collect, hold, use and disclose your credit-related personal information as reasonably necessary for our business purposes and as permitted by law, including:
- to assess, complete and process your application for credit that you make or for which you are a guarantor (where we are the credit provider) or to assist in assessing your application for credit that you make or for which you are a guarantor (where we act as agent of the credit provider);
- to derive assessments, evaluations, scores, ratings, summaries relating to your credit worthiness that we use in our decision-making processes;
- for account review and management;
- to participate in the credit reporting system;
- to undertake debt recovery and enforcement activities; or
- to deal with serious credit infringements.
We may disclose your credit-related personal information to:
- CRBs, such as Equifax and Dun & Bradstreet;
- other credit providers;
- our affiliates and related entities in New Zealand, Australia and overseas;
- current or prospective guarantors or security providers;
- other CRBs (for example, if you fail to meet your payment obligations or commit a serious credit infringement, we may be entitled to disclose this to a CRB);
- your agents, referees, employer, executors, administrators, trustees, guardians or attorneys;
- your and our professional advisers;
- other credit providers;
- organisations involved in securitisation arrangements or debt assignments; and
- administrative service providers, such as providers of credit assessment, management and debt collection services.
We may disclose to Equifax, Dun & Bradstreet, or any other CRB, any failure by you to meet your payment obligations in relation to consumer credit and the fact that you have committed fraud or other serious credit infringement. Equifax and Dun & Bradstreet may include information which we provide in reports to other credit providers to assist them to assess your creditworthiness. These CRBs’ policies about the management of credit-related personal information may be obtained by contacting them on the below details:
Dun & Bradstreet
PO Box 964
PO Box 7405, St Kilda Road
13 23 33
Private Bag 92156
0800 692 733
PO Box 9589
0800 362 222
In Australia, you can ask a CRB not to use or disclose your credit-related personal information for a period of 21 days without your consent if you believe on reasonable grounds that you are, or are likely to be, a victim of fraud, including identity fraud.
In New Zealand, you can ask a CRB not to use or disclose your credit-related personal information for a period of 10 working days without your consent if you believe on reasonable grounds that you are, or are likely to be, a victim of fraud, including identity fraud.
CRBs may use credit-related personal information they hold to respond to requests from us or other credit providers to “pre-screen” you for direct marketing. You can ask a CRB not to do this.
We may disclose your personal information (including, where relevant, your credit-related personal information) to overseas recipients in order to provide our services and products and for administrative, data storage or other business management purposes. It is not practicable to list all of the countries to which your information may be transmitted from time to time, but we transfer information between Australia and New Zealand, and it is likely that other such countries will include the United States of America, the United Kingdom, the Philippines, Japan, Singapore and Hong Kong.
Before disclosing any personal information to an overseas recipient, we take steps reasonable in the circumstances to ensure the overseas recipient complies with relevant Privacy Laws or is bound by a substantially similar privacy scheme to that which is in place in New Zealand and Australia, unless you specifically consent to the overseas disclosure taking place without such steps being taken, or the disclosure is otherwise required or permitted by law.
We may use and disclose your personal information (including by sharing it between members of Eclipx Group) in order to inform you of products and services that may be of interest to you.
In the event that you do not wish to receive such communications, you can opt out by following the instructions for doing so in the communications we send to you.
Security of your personal information
We may hold your personal information (including your credit-related personal information) in physical form or in electronic form on our systems or the systems of our service providers.
We take steps reasonable in the circumstances to ensure that the personal information we hold is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. We hold personal information in both hard copy and electronic forms in secure databases on secure premises, accessible only by authorised staff, and follow procedural safeguards that meet or exceed relevant Privacy Law.
We require third parties handling personal information on our behalf to follow equally compliant standards of security and confidentiality.
We will destroy or de-identify personal information in circumstances where it is no longer required, unless we are otherwise required or authorised by law to retain the information.
Access and correction to the personal information that we hold about you
We take steps reasonable in the circumstances to ensure that personal information we hold is accurate, up-to-date, complete, relevant and not misleading.
You have a right to access and seek correction of your personal information (including your credit-related personal information) that is collected and held by us. This is subject to some exceptions specified in the Privacy Act 1988 (Cth) (Australia), and the Privacy Act 1993 (New Zealand).
If at any time you would like to access or amend the personal information we hold about you, or you would like more information on our approach to privacy, please contact our Privacy Officer in accordance with the contact details set out below.
We will grant access to personal information to the extent required by applicable Privacy Law and will take reasonable steps to amend personal information where necessary and appropriate.
To obtain access to your personal information:
- you will have to provide proof of identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected;
- we request that you be reasonably specific about the information you require; and
- we may charge you a reasonable administration fee which reflects the cost to us for providing access in accordance with your request. We will not charge you for making the request.
If we refuse your request to access or correct your personal information, we will provide you with written reasons for the refusal and details of the ways in which you can make a complaint. We will also take steps reasonable in the circumstances to provide you with access to your personal information in a manner that meets yours and our needs.
If you are dissatisfied with a refusal of a request to access or correct your credit information, you may make a complaint to the Australian Information Commissioner / New Zealand Privacy Commissioner or to an applicable external dispute resolution scheme if the Eclipx Group entity you are dealing with is a member (we will provide details of any such scheme in our response to such a request for access or correction).
In the event that we correct your personal information previously disclosed to another entity and you request that other entity to be notified of the correction, we will take reasonable steps in the circumstances to do so unless impracticable or unlawful.
Complaints and Disputes
If you wish to complain about the way in which we collect or handle your personal information, including your credit-related personal information, or if you believe we have breached any Privacy Law, you can contact our Privacy Officer using the details below.
Following a complaint, our Privacy Officer will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. At all times, privacy complaints:
- will be treated seriously;
- will be dealt with promptly;
- will be dealt with in a confidential manner; and
- will not affect your existing obligations or impact on the commercial arrangements between you and us.
In the event you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Australian Information Commissioner / New Zealand Privacy Commissioner or an applicable external dispute resolution scheme if relevant to the complaint and the Eclipx Group entity you are dealing with is a member (we will provide details of any such scheme in our response to such a request for access or correction).
How to contact us
Please direct all privacy queries and complaints to our Privacy Officer at:
Mail: Privacy Officer
1 O’Connell Street
Sydney NSW 2000
Updated: 7 August 2019