PRIVACY AND CREDIT REPORTING POLICY
This is the Privacy and Credit Reporting Policy (Policy) for Xinja Holdings Limited ABN 99 618 937 054 AFSL and Australian Credit Licence 501764 (Xinja) and its associated companies. It also covers the prepaid cards issued by Indue Ltd ABN 97 087 822 464 AFSL and Australian Credit Licence 320204 that are made available by Xinja. In this Policy, the words “we” or “us” refer to Xinja, any of our associates and to Indue for the purposes of any prepaid card issued by Indue and made available to you by Xinja (Prepaid Card).
This Policy sets out how we collect, use and disclose your ‘personal information’. Under the law, ‘personal information’ has a broad definition, however, it really means ‘information that is not generally available and from which you can be identified’. In Australia, ‘personal information’ includes ‘credit information’.
If you use our Xinja mobile app (App), access our website or apply for one of our products or services you agree to be bound by the Policy. If you do not provide the ‘personal information’ requested by us, we may not be able to provide you with our products and services.
This Policy will be reviewed and updated from time to time. Any ‘personal information’ we hold about you will be governed by our most current Policy. You should check our App or website regularly and review this Policy for any changes.
This Policy was last updated in November 2018
1. What regulations protect your ‘personal information?
If you are in Australia or are a resident of Australia when you give us your ‘personal information’, your ‘personal information’ is protected under the Australian Privacy Act (including the Australian Privacy Principles (APPs)) and any applicable APP Code.
If you are a resident of the European Economic Area (EEU) when you give us your ‘personal information’ we will protect it in accordance with the General Data Protection Regulation (GDPR). We will also comply with the GDPR if we process your ‘personal information’ in the EEU. For GDPR purposes, we are the ‘controller’ of your information.
2. What kinds of ‘personal information’ do we collect about you?
In this Policy, if we use the words ‘personal information’, we mean ‘personal information’ (including ‘credit information’ and ‘sensitive information’ under Australian law as well as ‘personal data’ and other information under the GDPR.
The kinds of ‘personal information’ that we collect may include your name, date of birth, address, telephone number, email address, driver’s licence number, marital status, number and age of your dependents and employment history. In addition, if you apply for credit, we may collect ‘credit information’ including information about your income, assets, liabilities and repayment history information.
Generally we do not collect ‘sensitive information’ about you. However, if you make an application for a loan to be varied on the grounds of hardship we may collect health information about you. We will only collect sensitive information about you with your consent.
3. Why do we collect your ‘personal information’?
We collect ‘personal information’ about you so that we can provide you with our products and services. This includes:
- providing you with access to our App and website,
- answering your questions,
- identifying you in accordance with our obligations under the Anti-Money Laundering / Counter Terrorism Financing Act;
- performing administrative and operational tasks (including systems development and testing, staff training, and market or customer satisfaction research and
- providing you with our products and services (including our Prepaid Card).
We also collect your ‘personal information’ so that we can contact you and provide you with information about products and services that may be of interest to you.
4. Who can give us ‘personal information about you?
Where reasonable and practical we will only collect your ‘personal information directly from you. However, we may also collect information about you from third parties, such as a partner or spouse who contacts us on your behalf, from our contractors who supply services to us, from advisers such as accountants or lawyers or from other organisations authorised by you.
We may also collect ‘credit information’ about you from credit-reporting bodies when authorised by you to do so.
If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us and that we can collect, use and disclose that information as set out in the Policy without having to take any further steps required under law (such as obtain that person’s consent). This means that if you provide us with ‘personal information about someone else’, you must make sure that the individual concerned understands the matters set out in this Policy and has provided their consent to be bound by this Policy.
5. How do we collect your ‘personal information’?
We collect your ‘personal information’ in many ways. These can include:
- when you contact us by telephone, email or via our App or via our website;
- when you create or update a user profile that includes personal information such as your name and contact details;
- when you apply for one of our products or services;
- when you apply for one of our products or services; or
- when you apply for employment with us.
When you access our App or our website, we may collect ‘personal information’ about you using ‘cookies’. ‘Cookies’ are files that are implanted in your hard drive or device to collect, store and receive identifiers and information about your usage of our App and website as well as information about where you are located at the time you access our App or website (using GPS, Bluetooth, or WiFi signals, depending on the permissions that you have granted). By using ‘cookies’ we are able to enhance and personalise our App and website to better suit your needs.
6. How do we use your ‘personal information’?
We will only use your ‘personal information’ for the purpose for which it has been provided, for reasonably related secondary purposes, any other purpose you have consented to and any other purpose permitted under the Privacy Act.
The ways that we use your ‘personal information’ may include:
- to improve and personalise our App or website for you;
- to develop new features, products and services;
- to notify you about new features and products;
- to provide you with information about our products and services;
- to assess your application for credit or your application to guarantee credit we provide to someone else;
- to conduct research for our own internal purposes;
- to assess, process and manage your application for employment; and
- to handle any complaints that you may have.
We may also aggregate the ‘personal information’ that we collect for reporting and statistical purposes and to help us improve our App or website. If we disclose any aggregated information to a third party, the information will be de-identified and will not contain any personally identifiable information.
You agree that we may use your ‘personal information’ for any of these purposes.
7. To whom can we disclose your ‘personal information’?
We may disclose your ‘personal information’ to:
- other members of the Xinja group of companies or Indue Limited (the issuer of the Xinja Prepaid Card);
- participants in the payments system and other financial institutions for the purpose of resolving disputes, errors or other matters arising out of use of your Prepaid Card, card information or our other products and services;
- organisations that provide products or services used or marketed by us, including, other credit providers, funders, lenders, valuers, trustee companies, financial institutions and securitisers, mortgage insurers, title insurers, surveyors, credit reporting agencies, rating agencies and debt collectors;;
- your employer/s or referees, your guarantors, your professional advisors and your bank;
- companies and contractors who we retain to provide services for us, such as IT contractors, ‘software as a service providers’ (such as email engines and contract management service providers), call centres, stationery printing houses, mail houses, storage facilities, lawyers, accountants and auditors;
- Organisations considering acquiring an interest in your loan or our business and assets generally; and
- Other individuals or companies authorised by you
You consent to us disclosing your information to such entities without obtaining your consent on a case by case basis.
Sometimes we are required or authorised by law to disclose your ‘personal information’. For example, we may disclose your ‘personal information’ to a Court, Tribunal or law enforcement agency in response to a request or subpoena or to the Australian Taxation Office.
8. Will we send your ‘personal information’ offshore?
We use several outsourced service providers in order to bring you the latest technology solutions to enhance your ease of doing business with us. Some of these third party suppliers such as the marketing automation, email marketing and customer service platforms we use are located in countries outside of Australia or the EEU. Some of the services provided by our third party suppliers may also be located in the cloud.
We only use highly reputable third party suppliers and we take all reasonable steps to ensure that our suppliers abide by the high standards that protect ‘personal information’ disclosed to us in Australia and the EEU. Our contracts with these third parties generally include an obligation for them to comply with Australian privacy law and with our Policy and generally, we will maintain control of any data that is released to these third-party service providers. This means that even though we may send your ‘personal information’ to a third party provider, that provider cannot see your ‘personal information’ and cannot use your ‘personal information’ for their own purposes.
However, not all countries have the same high standards for the protection of your ‘personal information’ as Australia and the EEU an by using our App or website or by asking us to provide you with one of our products or services, you specifically consent to us sending your data out of Australia and the EEU to countries located in the Americas, Asia or Europe and to the cloud.
9. What special rules apply if you give us ‘credit information’ in Australia? (Notifiable Matters)
If you apply for a loan with us, we may provide your ‘credit information’ to a credit reporting body. The credit reporting body may provide the information that we report about you to other credit providers to assist them to assess your credit worthiness. We may also obtain information that other credit providers have provided to a credit reporting body to use in our assessments of your credit-worthiness.
If you fail to meet your payment obligations in relation to any loan that we have provided to you, or any loan that we have arranged for you, or if you commit a serious credit infringement, we may report this to a credit reporting body
The information that we provide to a credit reporting body may sometimes be used for ‘pre-screening’ of direct marketing offers to be made by another credit provider. You may contact the credit reporting body to request that your ‘credit information’ is not used in this way.
If you think that you have been a victim of fraud or think that the ‘credit information’ a credit reporting body holds about you is incorrect, you may also contact the credit reporting body to ask them not to use or disclose your ‘credit information’. The credit reporting body must not use or disclose your ‘credit information’ for a period of 21 days after receiving your notice. For further information about credit reporting bodies, visit:
You can also contact us to access the ‘credit information’ that we hold about you and correct that information if you think that it is incorrect. See section 17 of this Policy for more information about this.
10. Will we use your ‘personal information’ to send you information about our products and services’? (Direct Marketing)
We may use your ‘personal information’ to send you information about our products, services and special offers, new products or services we are introducing or about changes to our organization. By providing us with your’ personal information’, you consent to us using your ‘personal information’ to contact you on an ongoing basis for this purpose, including by SMS, social media, email, telephone or mail.
If you do not want us to send you marketing information, you can contact our Privacy Officer on the details in section 17 of the Policy to ‘opt out’ of receiving this type of information. There is no charge if you elect to ‘opt out’ of receiving these types of updates and we will take all reasonable steps to ensure that you stop receiving them as soon as possible.
11. How can you access and correct the ‘personal information’ that we hold about you?
We want to ensure that your ‘personal information’ is always accurate, complete and up to date. Please help us to do this by contacting our Privacy Officer on the details in section 17 of this Policy if any of the personal details you have given us have changed or if you believe that the ‘personal information’ that we hold about you is inaccurate.
You can ask us to provide you with access to the ‘personal information’ that we hold about you at any time. We will get back to you as soon as possible, however, for your protection, we may need to verify your identity before we give you access to your ‘personal information’.
There are situations where we cannot give you to access to your ‘personal information’ or may refuse to correct your ‘personal information’. For example, in some situations it may be unlawful for us to do so. We will advise you of any such situations if they arise.
If you reside in the EEU you also have additional rights to access and correct your ‘personal information’. Please see section 12 below for more details.
12. What additional access rights apply if you give us ‘personal information’ in the EEU?
If you reside in the EEA, you may have additional rights to request us to correct, amend, delete, or limit the use of your ‘personal information’ and you can contact us about any of the following additional rights:
- your right to request that we delete the ‘personal information’ we hold about you;
- your right to object to our processing of the ‘personal information’ we hold about you;
- your right to request that we restrict the processing of ‘personal information’ we hold about you;
- your right to have us transfer, where technically feasible, the ‘personal information’ we hold about you to another controller;
- your right to withdraw consent to allow us to process ‘personal information’ we hold about you (unless we have compelling and legitimate grounds for continuing processing).
For your protection, we may need to verify your identity before we give you access to your ‘personal information’.
13. For how long will we hold your ‘personal information’?
We will only keep ‘personal information’ that we hold about you while we need it or while we are required by law to keep it. Once we no longer need your ‘personal information’, we will take all reasonable steps to destroy it or to de-identify it.
At any time we hold your ‘personal information’, we will only use and disclose as set out in this Policy.
14. Is the ‘personal information’ that we hold about you secure?
While we hold ‘personal information’, about you, we will take all reasonable precautions to protect it from misuse, interference, loss, unauthorised access, modification or disclosure.
However, although we endeavour to provide a secure online environment, there are inherent risks associated with the transmission of information via the internet and no data transmission over the internet can be guaranteed to be completely secure. We therefore cannot guarantee the security of any ‘personal information’ that you provide to us over the internet and you do so at your own risk.
We encourage you to help us to keep your ‘personal information’ secure by selecting a secure password and maintaining the confidentiality of that password. It is your responsibility to maintain confidentiality of your password and we will not be liable for any damage, loss or expense suffered because you have disclosed it or made it available to someone else.
15. What happens if you click on a link to a third party’s website that is contained on our App or website?
Our App and website may contain links to third party websites and social media features that are hosted by a third party. A link to another website does not mean that we sponsor, endorse or approve the information found on that website. We are not responsible for the privacy policies or practices of third party websites or social media features and you use of those websites and features are governed by the privacy policies and practices of the hosting entities.
16. Can you get a copy of this Policy in a different format?
If you would prefer to receive a copy of this Policy (including Section 9 about ‘Notifiable Matters’) in an different form (for example in hard copy or via email) please contact our Privacy Officer on the details in section 17 of this Policy. We will be pleased to comply with your request.
17. How can you contact us?
If you have any questions or complaints about this Policy or our treatment of your ‘personal information’, or if you would like to access or correct your ‘personal information’, please contact our Privacy Officer on:
Email: [email protected]
Telephone: 1800 946527 – or from overseas – +61 2 8598 8525
If you have a Prepaid Card you can also contact Indue Limited about any questions or complaints relating to that Prepaid Card on 1300 671 819.
We will try to provide an initial response to your query or complaint within 48 hours; and resolve your query or complaint within 10 business days. If you are still not satisfied, you can contact the Australian Privacy Commissioner (see http://www.oaic.gov.au/about-us/contact-us-page or call 1300 363 992).