This Policy has been adopted by Scottish Pacific Business Finance Pty Ltd (ACN 008 636 388) and Scottish Pacific (BFS) Pty Ltd (101 657 041).
This document sets out our policy on the management of personal information which we have about individuals. Those individuals include clients to whom we may provide or may have provided a facility, guarantors of both individual and company clients and individuals who may provide a guarantee, and individuals who are or become customers of our clients.
1. Our privacy assurance to you
- the kinds of personal information we collect and hold;
- how we collect the personal information;
- the purposes for which we collect, hold, use and disclose the personal information;
- how an individual may access personal information about the individual that we hold and seek the correction of that information;
- how an individual may complain about a breach of the Australian Privacy Principles and the Credit Reporting Privacy Code and how we may deal with the complaint; and
- whether we are likely to disclose the personal information to overseas recipients and the countries where those recipients are likely to be located.
- the kinds of credit information we collect and hold and how we collect and hold that information;
- the kinds of credit eligibility information we hold and how we hold that information;
- the kinds of CP derived information that we usually derive from credit reporting information disclosed to us by a credit reporting body under Division 2 of Part IIIA of the Privacy Act 1988;
- the purpose for which we collect, hold, use and disclose credit information and credit eligibility information;
- how an individual may access credit eligibility information about the individual that we hold;
- how an individual may seek the correction of credit information or credit eligibility information about the individual that we hold;
- how an individual may complain about our failure to comply with Division 3 of Part IIIA of the Privacy Act 1988 or the Credit Reporting Privacy Code;
- how we will deal with the complaint; and
- whether we are likely to disclose credit information or credit eligibility information to entities which do not have an Australian link and the countries where those recipients are likely to be located.
3. The kinds of personal information we collect and hold
We collect and hold credit information about individuals who are clients, guarantors, debtors and associates. This information includes:
- identification information, such as the individual’s name, address and date of birth;
- the note we make of the disclosure of credit information we make to a credit reporting body so that we can obtain credit information from a credit reporting body;
- the type of commercial credit and the amount of credit sought in an application that has been made by the individual and in connection with which we have made an information request;
- court proceedings information about the individual, this is information about a judgment of an Australian court against the individual in proceedings (other than criminal proceedings) that relate to any credit that has been provided to, or applied for by, the individual; and
- personal insolvency information about the individual, this is information that is entered or recorded in the National Personal Insolvency Index that relates to bankruptcy of the individual, a debt agreement proposal given by the individual, a personal insolvency agreement executed by the individual, a direction given (or an order made) under section 50 of the Bankruptcy Act 1966 that relates to the property of the individual or an authority signed under section 188 of that Act that relates to the property of the individual.
We obtain credit reporting information about individuals who are clients, guarantors, debtors and associates from credit reporting bodies. We only obtain it to the extent we are entitled to obtain it under the Privacy Act 1988. We might, for example, need to obtain the individual’s prior authorisation. Credit reporting information includes:
- the credit information outlined above but which relates to the individual’s dealings with other credit providers;
- consumer credit liability information, default information, payment information, new arrangement information and publicly available information concerning consumer credit which the individual has obtained from other credit providers; and
- credit worthiness information about the individual that credit reporting bodies derive from the above information. This could include credit scores, risk ratings and other evaluations.
A client, a debtor or an associate may decide to make payments to us by using a credit card or debit card. In that case we may collect and hold particulars concerning the credit card or debit card which will be used to effect payment in accordance with an authorisation from the client or debtor.
The personal information, other than credit information and credit reporting information, we collect and hold varies depending on the person we are dealing with and the reason why we are dealing with them. We collect this general personal information from individuals who are clients, guarantors, debtors, associates, prospective employees, contractors, suppliers, brokers, introducers, merchants, agents, professional advisers, mercantile agents, mailing houses, call centre operators, archivers and service providers. This information will generally include the individual’s name and contact details. We will only collect sensitive information about an individual with the individual’s consent or when permissible under Australian law.
Under various laws we will be (or may be) authorised or required to collect personal information about an individual. These laws include the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, Personal Property Securities Act 2009, Corporations Act 2001, Autonomous Sanctions Act 2011, Income Tax Assessment Act 1997, Income Tax Assessment Act 1936, Income Tax Regulations 1936, Tax Administration Act 1953, Tax Administration Regulations 1976, A New Tax System (Goods and Services Tax) Act 1999 and the Australian Securities and Investments Commission Act 2001 as those laws are amended and includes any associated regulations.
4. How we collect personal information
We collect personal information, other than credit eligibility information, about individuals in a variety of ways. For example, we may obtain the information from the individual or from persons acting on the individual’s behalf. When it is possible and practical we will collect the information direct from the individual. When it is not practical or reasonable to do so we will collect the information from a third party. The third party could be an authorised representative (such as a broker, agent, accountant or lawyer), another financial institution, a referee, an employer or a government body. When the individual is a debtor or an associate we may obtain the information from the client.
The credit eligibility information is obtained from a credit reporting body.
5. How we hold credit information and credit eligibility information
We take all reasonable steps to ensure that an individual’s personal information which we hold is protected from misuse, interference or loss and from unauthorised access, modification or disclosure.
We do this by having physical, electronic and procedural safeguards which protect the personal information we hold. For example, the personal information is stored in secure office premises or in secure archiving facilities and logins and passwords are required to access electronic databases. Our staff are required to maintain the confidentiality of personal information and access to personal information is restricted to persons who require access to perform their duties.
6. The purposes for which we collect, hold, use and disclose personal information
We collect, hold, use and disclose credit information and credit eligibility information on individuals for purposes permitted by law which are reasonably necessary for our business activities. Those purposes include:
- if the individual is a client, to determine if we should provide a facility which includes the provision of commercial credit to the individual and, if we decide to provide it, to assist in the provision of the facility. This includes the assessment of the application, managing the account, recovering money and dealing with security the individual gives;
- if the individual is a guarantor, to determine whether we should accept a guarantee from the individual and, if the guarantee is given, to deal with or enforce our rights under the guarantee and any security which may be given to secure it;
- if the individual is a debtor, to assess and verify the debt which the client sells to us or in which the client gives us a security interest, to collect the debt and to enforce the debt and any security which may be given to secure payment of the debt;
- if the individual is an associate of the client, to determine if we should provide a facility which includes the provision of commercial credit to the client and to assist in the provision of that facility;
- if the individual is an associate of the debtor, to assist us to verify the debt owed by the debtor and to collect and enforce the debt. For example, we may record the name and office phone number of a person in the debtor’s accounts payable department and telephone that person to verify the debt;
- to assist in the management and enforcement of the facilities we provide, for data analysis and internal management;
- to provide information to credit reporting bodies to the extent this is permitted by the Privacy Act 1988;
- to undertake securitisation activities, raise funding, assign debts and other rights, enter into insurance arrangements (for example insurance policies for debts) and provide information to and obtain information from insurers (including under policies which are taken out by us, which are assigned to us or under which we are the loss payee);
- to deal with complaints and legal proceedings;
- to meet our legal and regulatory requirements; and
- to assist other credit providers by giving personal information to them in accordance with an authorisation which the individual has provided to them or us.
We do not hold any CP derived information.
We may disclose credit information (such as identification information) about an individual to a credit reporting body. The credit reporting body may include that information in the reports it provides to other credit providers.
We disclose credit information to the following credit reporting bodies:
Name: Equifax PTY Ltd
Mail: PO Box 964
NORTH SYDNEY NSW 2059
Name: Dun & Bradstreet (Australia) Pty Ltd
Mail: PO Box 7405
St Kilda Road
MELBOURNE VIC 3004
Those credit reporting bodies are required to have a policy which explains how they will manage credit-related personal information. If an individual would like to read the policy of the credit reporting body he or she should visit the credit reporting body’s website and follow the “Privacy” links, or the individual can contact the credit reporting body direct for further information.
An individual has the right to request that the credit reporting body exclude his or her credit reporting information from any permissible direct marketing activities we may ask it to perform.
The individual also has the right to request that the credit reporting body not use or disclose his or her credit reporting information if the individual believes that he or she has been, or is likely to be, the victim of fraud (for example, the individual suspects someone is using his or her identity details to apply for credit). The individual must contact the credit reporting body direct should this be the case.
We collect, hold, use and disclose personal information which is not credit information or credit eligibility information so that we can manage and administer the facilities which we provide. When we purchase goods from or sell goods to the client we do so to assist us in determining whether we should enter into the transaction and, if we do, to assist in managing the transaction.
To provide our facilities in the most cost effective and efficient way we may decide to utilise the services of others. For example, we may use a mailing house to send monthly statements. If this requires that we disclose personal information we will require those persons to respect your right of privacy.
Privacy Contact Officer
Scottish Pacific Business Finance
GPO Box 9969
MELBOURNE VIC 3001
7. How an individual may access personal information
An individual may access personal information (including credit eligibility information) about the individual which we hold. The individual can obtain that access by contacting our privacy contact officer as follows:
Telephone: (03) 9820 1222
Mail: Privacy Contact Officer
Scottish Pacific Business Finance
GPO Box 9969
MELBOURNE VIC 3001
We will need to verify the individual’s identity before giving access. We will usually provide the requested personal information within 30 days of receiving the request. There is no charge to make a request but we may levy an administration fee for providing access.
If there is a reason why we do not make the requested personal information available we will provide our reason in writing.
8. How an individual may seek the correction of personal information
If an individual considers that any personal information which we hold about the individual is incorrect in any way the individual may ask us to correct that personal information. To seek the correction please contact our Privacy Contact Officer on the telephone number or at the e-mail or postal address above.
In certain situations we may decide not to agree to a request to correct personal information. We will tell you in writing why we have not agreed to the correction request.
9. How an individual may complain and how we will deal with the complaint
We have an internal dispute resolution system that covers complaints. That system complies with ISO 10002-2006 Customer Satisfaction – Guidelines for Complaints Handling in Organisations: sections 4, 5.1, 6.4, 8.1 and 8.2. If an individual considers that we have failed to comply with Division 3 of Part IIIA of the Privacy Act 1988, the Credit Reporting Privacy Code or the Australian Privacy Principles he or she should contact our Privacy Contact Officer on the telephone number or at the email or postal address above. We will then follow our internal dispute resolution system. We will acknowledge the complaint within 7 days. A decision will be made and advised within 30 days or a longer period as may be agreed with the individual.
If the individual is not satisfied with the decision he or she may make a complaint to the Office of the Australian Information Commissioner (the “OAIC”).
The contact details for the OAIC are:
Telephone: 1300 363 992
Facsimile: (02) 9284 9666
Mail: The Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
10. Disclosure of personal information to overseas recipients
Generally we do not disclose personal information to overseas recipients or to persons that do not have an Australian link. However, we may do so. For example, if the debtor is located overseas we may need to send the client’s personal information overseas so that we can collect the debt. Our related company, Scottish Pacific Business Finance Limited, operates in New Zealand and it will sometimes be appropriate for us to provide personal information to that company to assist in the provision of facilities. Scottish Pacific Trade Limited may collect personal information in Australia which it provides to a person overseas to complete, enforce or manage a transaction involving the purchase or sale of goods when a party to that transaction or the relevant goods is overseas. We may use service providers located overseas. In each case personal information is provided to an overseas recipient when this is permitted under the Privacy Act.
The countries where the overseas recipients of personal information are likely to be located are New Zealand, United States, Canada, United Kingdom, Austria, Belgium, Finland, France, Germany, China (including Hong Kong), Ireland, Italy, Japan, Luxembourg, Malta, the Netherlands, Portugal, Singapore, South Africa, Spain and Switzerland.
11. Notification of Data Breaches
We recognise the obligation to notify affected individuals, as well as the Australian Information Commissioner, of any ‘eligible data breaches’ as defined for the purposes of Part IIIC of the Act.
“associate” means a person who is or may become an officer or employee of the client, the guarantor or the debtor;
“client” means a person (such as a company, sole trader or partnership) to whom Scottish Pacific Business Finance Pty Ltd and/or Scottish Pacific (BFS) Pty Ltd has provided a factoring, invoice discounting or other facility including the provision of commercial credit and includes a person who has applied for, or may apply for, a facility of that type and a person (such as a company, sole trader or partnership) from whom Scottish Pacific Trade Limited has purchased or may purchase goods or to whom Scottish Pacific Trade Limited has sold or may sell goods;
“debtor” means a person who owes, or may owe, an account (also known as a book debt) which the client has sold to us or may sell to us or in which the client has granted, or may grant, a security interest to us;
“guarantor” means a person who has guaranteed, or may guarantee, the obligations which a client has or may have to us; and
“we”, “us” and “our” means all and any one or more of Scottish Pacific Business Finance Pty Ltd (ACN 008 636 388), Scottish Pacific (BFS) Pty Ltd (ACN 101 657 041) (both companies incorporated in Australia), Scottish Pacific Business Finance Limited a company incorporated in New Zealand and Scottish Pacific Trade Limited (company registration number 1415813) a company incorporated in Hong Kong.