Privacy policy

Our commitment to your privacy

Xinja Holdings Limited ABN 99 618 937 054 and its related bodies corporate (“we” or “us”) recognise that your privacy is very important to you and we are committed to protecting your personal information.

This privacy and credit reporting policy (“policy”) applies to personal information we handle about our customers, visitors to our website (“Website”), users of our mobile application Xinja (“App”), and members of the public. It provides information about the personal information we collect and the ways in which we use that personal information.

By accessing our Website or using our App, you agree to be bound by the terms of this policy.

This policy also includes our credit reporting policy, that is, it additionally covers how we manage your personal information collected in connection with a credit application, such as details relating to your credit history, credit standing, credit capacity and credit worthiness (“credit information”).

The kinds of information we collect

At this stage, the kinds of personal information we collect may include your name, date of birth, address, telephone number, email address and location.

We may also collect information about your interests and preferences, other demographic information such as your gender, age and location, behavioural information about your use of our Website and App and information such as your IP address, browser type, and other software or hardware information. Generally this information is not personal information as it cannot be used to identify you.

Furthermore, if you apply for credit, we may collect credit information. We may ask you for this information or we may obtain this credit information from credit reporting bodiesThis information may include

  1. your assets and liabilities;
  2. income statements;
  3. bank statements;
  4. superannuation statements of account;
  5. default information;
  6. credit infringement information;
  7. personal solvency information (e.g. bankruptcy information);
  8. court proceedings information (e.g. any default judgments entered against you);
  9. repayment history information; and
  10. any other information required to make a credit assessment.

We will not request access to credit information about you from a credit reporting body unless you authorise us to do so.

How we collect personal information

We collect personal information when you voluntarily provide it to us, for example:

  1. when you contact us by telephone, email or via our Website or App;
  2. when you create or update a user profile that includes personal information such as your name and contact details;
  3. when you enter your personal information into forms on our Website or in our App; and
  4. using “cookies” (see paragraph below).

Cookies and Geo-Location Data

Our Website and App may use “cookies” (these are files that are implanted in your hard drive or device to store and receive identifiers and information about your usage patterns, for example) to enhance or personalise our Website and App. These cookies may also be used to collect and store information about your usage of our Website and our App and your location (including specific geographic locations, such as through GPS, Bluetooth, or WiFi signals, depending on the permissions that you have granted). We may in any case collect anonymous information that allows us to review information about the date, time and duration of visits to our Website without identifying you. This information is generally automatically provided to us by your web browser or device from which you access our Website or use our App.

How we collect credit information

We collect credit information from credit reporting bodies when authorised to do so by you, or when you voluntarily provide it to us, for example:

  1. when you contact us by telephone, email, letter or via our Website or App; and
  2. when you enter your credit information into forms on our Website or in our App.

How we use personal information

The primary purposes for which we collect your personal information are to:

  1. optimise and personalise our Website and App and deliver content to you;
  2. develop new features, products and services;
  3. notify you about new features and products;
  4. provide you with information about our products and services; and
  5. conduct research for our own internal purposes.

We may also use your personal information to send you communications and contact you about our goods and services, programs, events, campaigns, functions or news updates that may be relevant or of interest to you. We will generally give you the option to opt-out of receiving promotional and marketing communications at the time you provide your personal information. If you do not wish to be contacted for these purposes you can let us know at anytime by contacting us at the details below. Most commercial electronic communications sent by us will contain a functional unsubscribe facility or otherwise allow you to easily opt out of such communications.

We may aggregate personal information that we collect for reporting and statistical purposes. This allows us to better inform ourselves of your preferences and requirements, and to enable us to monitor the effectiveness of and constantly improve our Website, App and our services. If we disclose any aggregated, demographic or de-identified information to third parties it will not contain any personally identifiable information.

You agree that we may use your personal information for any of these purposes.

How we use credit information

We use the credit information that we obtain from you or a credit reporting body for the purpose of assessing your application for credit. If you do not authorise us to obtain credit information about you, we may be unable to assess your credit application and therefore your request for credit may be refused.

We may disclose your personal information to credit reporting bodies where we are permitted to do so by law, for example, in circumstances where you fail to meet your payment obligations in relation to consumer credit. These credit reporting bodies may include any such information in reports provided to other credit providers to assist them to assess your creditworthiness.

The circumstances in which we may disclose personal information

So that we may use your information for the purposes identified above, we may disclose it to external providers of specialised services, for example, marketing and IT services. We may also share personal information internally (that is, between Xinja Holdings Limited and its related bodies corporate).

We may disclose your personal information to the extent that we are required to do so by law, including in connection with any legal proceedings or anticipated legal proceedings, or in order to comply with any legal obligation, or to establish, exercise or defend our legal rights.

We may sell, transfer, or otherwise disclose our database of personal information to an actual or potential successor entity, purchaser, or investor in connection with a corporate merger, consolidation, sale of our assets or a substantial part of our assets, share sale, investment transaction or other corporate rearrangement.

You agree that we may disclose your personal information in any of these circumstances. We disclaim all liability for any privacy breaches by third parties to whom we have disclosed your personal information in accordance with this policy.

You may withdraw your consent to use or disclose your personal information at any time. To withdraw this consent please contact us at the details below. Please note that withdrawing your consent may mean that we are unable to provide you with our services.

Do we transfer or disclose any personal and credit information overseas?

We do not transfer or disclose any personal data or credit information overseas. However, we may use service providers with whom we store this data for purposes such as sending emails to customers, whose data servers are overseas. Xinja does not deem this ‘disclosure’ as we (not the service providers) remain owners of the data and the data is only used for the purposes of communication from Xinja to its customers.

We may also transfer personal or credit information overseas for the purposes of fraud mitigation (please see see section 13 below).

Your personal and credit information may be transferred overseas if we sell, transfer or disclose our database of personal information to an actual or potential successor entity, purchaser or investor who is located or has offices overseas. It is not practicable to specify the likely countries in which recipients of information may be located in this regard.

Security of your personal and credit information

Once in our possession, we take all reasonable precautions to protect the personal and credit information we hold about you from misuse, interference and loss and unauthorised access, modification or disclosure.

Whilst we endeavour to provide a secure online environment, there are inherent risks associated with the transmission of information via the internet and no data transmission over the internet can be guaranteed to be completely secure. We therefore cannot warrant the security of any information you provide to us over the internet and you do so at your own risk.

We encourage you to play an important role in keeping your personal and credit information secure, by maintaining the confidentiality of any passwords and account details used on our Website or App. It is your sole responsibility to maintain such confidentiality and we will not be liable for any damage, loss or expense suffered due to such disclosure.

Third parties

Our Website and App may contain links to third party websites and social media features that are hosted by a third party. Links to other websites do not constitute sponsorship, endorsement or approval of the information found on those websites. You should evaluate the accuracy, relevance and suitability for your purposes of any such information. We are not responsible for the privacy policies or practices of third party websites, and your interactions with any social media features are governed by the privacy policies and practices of the hosting entities.

Access to and correction of your information

We aim to ensure that your personal and credit information is accurate, complete and up to date. To assist us, please contact us via the details below if any of your details provided have changed or if you believe that the information we hold is inaccurate.

You may request us to provide you with access to the personal or credit information we hold about you at any time. We will respond to your access request as soon as possible, however, prior to disclosing any such information it will may be necessary for you to satisfactorily verify your identity.

There are exceptional circumstances where access to or correction of your personal or credit information may be refused by us such as where access would be unlawful. We will advise you of such circumstances if they arise.

Prepaid card

Xinja is an Authorised Representative of Indue Ltd ABN 97 087 822 464 (“Indue”) for the prepaid card.

Indue and Xinja collect information:

  1. you provide to us (including information about your identity);
  2. about your Card, including how you use your card and your card transactions;
  3. held by service providers in relation to the confirmation of your identity and the operation of your Card; and
  4. that you may provide us when you need our assistance.

Indue and Xinja may collect your personal information:

  1. to identify you in accordance with the AML Legislation and Visa scheme rules;
  2. to provide information about a product or service;
  3. to consider your request for a product or service;
  4. to assist in arrangements with other organisations in relation to the provision of a product or service;
  5. to perform administrative and operational tasks (including systems development and testing, staff training, and market or customer satisfaction research);
  6. to prevent or investigate any fraud or crime (or a suspected fraud or crime); and
  7. as required by relevant laws and scheme rules.

Xinja may also collect your personal information to let you know about products and services you may be interested in (for example other products that Xinja offers or may offer in the future, including a loan, credit or debit product). You agree that Xinja may use your contact details to communicate with you including providing updates, reminders, and marketing information. If you don’t want to receive direct marketing messages or want to change your contact preferences, call Xinja on 1800 XINJAS (1800 946 527).

In some circumstances, Indue or Xinja (as the case may be) may collect your personal information from a third party service provider. Indue or Xinja may collect information from other participants in the payments system and other financial institutions in order to resolve disputes or errors. Indue and Xinja collect this information in order to manage the service they provide to you, consistent with these conditions of use.

If you do not provide some or all of the information requested, Indue and Xinja may be unable to provide you with a product or service.

Indue and Xinja may provide your information:

  1. to another member of its group;
  2. to any outsourced service providers (for example mailing houses, fraud and anti-money laundering service providers, data switch service companies);
  3. to regulatory bodies, government agencies, law enforcement bodies and courts;
  4. to other parties as is authorised or required by law; or
  5. to participants in the payments system and other financial institutions for the purpose of resolving disputes, errors or other matters arising out of use of your Card or card information.

You may access any of your personal information at any time by calling Xinja on 1800 XINJAS (1800 946 527). You may also call Indue on 1300 671 819. Indue or Xinja may charge you a reasonable administration fee for access. This fee will be advised to you upfront in order for you to determine whether you wish to access your personal information. If you can show that information about you is not accurate, complete and up to date, Xinja or Indue (as the case may be) will take reasonable steps to ensure it is corrected so that it is accurate, complete and up to date. Xinja or Indue (as the case may be) will not charge any extra fee for correcting your information. There may be circumstances when Indue or Xinja may be unable to provide you with access or to correct your information, in which case Indue or Xinja (as the case may be) will provide you with a written reason. Indue and the Xinja will not collect sensitive information about you, such as health information, without your consent.

To facilitate transaction identification and to assist with the identification of suspicious or fraudulent transactions, your personal information and transaction details may be sent to countries other than Australia. As at the date of the Conditions of Use, these countries are likely to include the United Kingdom, the United States, Israel, Spain and the Netherlands. By using your Card, you agree that your personal information and transaction details may be sent overseas for the purposes of assisting with the identification of suspicious or fraudulent transactions or as required by law.

In accordance with the Privacy Act 1988 (Cth), Indue and Xinja must comply with the Australian Privacy Principles. You have the right to lodge a complaint if you believe Indue or Xinja has breached the Australian Privacy Principles. For details on how you may complain about a breach and how Indue and Xinja deal with complaints, please refer to Indue’s and Xinja Privacy Policies available at and

If you would like a copy of Indue’s Privacy Policy to be sent to you, please contact Indue on 1300 671 819.

Contact us

If you have any questions or complaints about this policy or our treatment of your personal or credit information, or if you would like to access or amend your personal information, please contact us:

[email protected]

We will endeavour to:

  1. provide an initial response to your query or complaint within 48 hours; and
  2. resolve your query or complaint within 10 business days.

If you are still not satisfied, you can contact the Australian Privacy Commissioner (see or call 1300 363 992).

This policy will be reviewed from time to time to take account of new laws and/or changes to our operations. Any information we hold about you will be governed by our most current policy. We recommend that you periodically review this policy for any changes.

This privacy policy was last updated on 12th February 2018.