Credit Reporting Policy

Updated on

January 15, 2024

SECTION A – INTRODUCTION

1. PURPOSE

1.1 Speedle Pty Limited (“Speedle”) is committed to complying with all laws, codes of practice and regulations that apply to its business. Speedle recognises its responsibility to ensure its staff are adequately trained and undertake their compliance obligations in a responsible and diligent manner.

1.2 This Credit Reporting Policy (“Policy”) explains how Speedle manages clients’ Credit Information and Credit Eligibility Information.

1.3 This Policy has been developed in accordance with the Privacy Act 1988 (Cth) (“Privacy Act”), Privacy Regulations 2013 (“Privacy Regulations”) and the Privacy (Credit Reporting) Code 2014 (Version 2) (“CR Code”).

2. GLOSSARY

TERM

DEFINITION

Affected Information Recipient means:

(a) a mortgage issuer; or

(b) a trade issuer; or

(d) a person referred to in paragraph 21G(3)(b) Privacy Act being a related body corporate of a Credit Provider; or

(e) a person referred to in paragraph 21G(3)(c) Privacy Act being a person to whom the disclosure is made who processes an application made for credit or manages credit for the Credit Provider; or

(f) an entity or adviser referred to in paragraph 21N(2)(a) Privacy Act such as a legal adviser or a financial adviser.

Australian Law means:

(a) an Act of the Commonwealth or of a State or Territory;

(b) or regulations, or any other instrument, made under such an Act; or

(d) or rule of common law or equity.

Australian Link An organisation or SBO has an Australian Link if the organisation or operator is:

(a) an Australian citizen; or

(b) a person whose continued presence in Australia is not subject to a limitation as to time imposed by law; or

(d) a trust created in Australia or an external Territory; or

(e) a body corporate incorporated in Australia or an external Territory; or

(f) an unincorporated association that has its central management and control in Australia or an external Territory.

An organisation or SBO also has an Australian Link if all of the following apply:

(a) the organisation or operator is not described above;

(b) organisation or operator carries on business in Australia or an external Territory;

(c) the personal information was collected or held by the organisation or operator in Australia or an external Territory, either before or at the time of the act or practice.

Australian Privacy Principles (“APPs”) means the legally binding principles that set out standards, rights and obligations in relation to handling personal Information.

Court/Tribunal Order means an order, direction or other instrument made by:

(a) a court; or

(b) a tribunal; or

(d) a magistrate (including a magistrate acting in a personal capacity) or a person acting as a magistrate; or

(e) a member or an officer of a tribunal;

and included an order, direction or other instrument that is of a interim or interlocutory nature.

CP Derived Information means any Personal Information (other than Sensitive Information) about the individual:

(a) that is derived from Credit Reporting Information about the individual that was disclosed to a Credit Provider by a CRB; and

(b) that has any bearing on the individual’s credit worthiness; and

CRB Derived Information about an individual means any Personal Information (other than Sensitive Information) about the individual:

(a) that is derived by a CRB from Credit Information about the individual that is held by the body; and

(b) that has any bearing on the individual’s credit worthiness; and

Credit Eligibility Information means Credit Reporting Information that was disclosed to Speedle by a CRB or CP Derived Information.

Credit Eligibility Information is generally held by a Credit Provider and may be disclosed to Affected Information Recipients and other entities in specific circumstances.

Credit Information means Personal Information (other than Sensitive Information) that is:

(a) identification information about an individual; or

(b) consumer credit liability information about an individual; or

(d) a statement that an information request has been made in relation to an individual by a Credit Provider, mortgage insurer or trade insurer; or

(e) the type of consumer credit or commercial credit, and the amount of credit, sought in an application:

(i) that has been made by an individual to a Credit Provider; and

(ii) in connection with which the provider has made an information request in relation to an individual; or

(f) default information about an individual; or

(g) payment information about an individual; or

(h) new arrangement information about an individual; or

(i) court proceedings information about an individual; or

(j) personal insolvency information about an individual; or

(k) publicly available information about an individual:

(i) that relates to an individual’s activities in Australia or the external Territories and the individual’s credit worthiness; and

(ii) that is not court proceedings information about an individual or information about an individual that is entered or recorded on the National Personal Insolvency Index; or

(l) the opinion of a Credit Provider that an individual has committed, in circumstances specified by the provider, a serious credit infringement in relation to consumer credit provided by the provider to the individual.

Credit Provider means:

(a) a bank;

(b) an organisation or SBO if a substantial part of the organisation or SBO’s business is the provision of credit, such as a building society, finance company or a credit union;

(d) an organisation or SBO that supplies goods and services where payment is deferred for seven (7) days or more, such as a telecommunications carriers and energy and water utilities; and

(e) certain organisations or SBOs that provide credit in connection with the hiring, leasing or renting of goods.

Importantly, the following entities are not Credit Providers:

(a) real estate agents;

(b) general insurers (within the meaning of the Insurance Act 1973 (Cth)); and

Credit Reporting Body (“CRB”) means an organisation whose business involves handling Personal Information in order to provide another entity with information about the credit worthiness of an individual.

Credit Reporting Information means Credit Information or CRB Derived Information about an individual.

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and

(b) whether the information or opinion is recorded in a material form or not.

Sensitive Information means:

(a) information or an opinion about an individual’s:

(i) racial or ethnic origin; or

(ii) political opinions; or

(iii) membership of a political association; or

(iv) religious beliefs or affiliations; or

(v) philosophical beliefs; or

(vi) membership of a professional or trade association; or

(vii) membership of a trade union; or

(viii) sexual orientation or practices; or

(ix) criminal record;

(x) that is also Personal Information; or

(b) health information about an individual; or

(d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or

(e) biometric templates.

Small Business Operators (“SBO”) means a person or organisation that has an annual turnover of $3,000,000 or less. For the purposes of the Privacy Act, health service providers or businesses that trade in Personal Information are not an SBO.

SECTION B – COLLECTION OF CREDIT INFORMATION AND CREDIT ELIGIBILITY INFORMATION

3. COLLECTION

3.1 Speedle will collect Credit Information and Credit Eligibility Information when it is reasonably necessary pursuant to one or more of its business functions or activities.

3.2 This may include:

(a) providing clients with the products and services they request and, unless Speedle is told otherwise, to provide information on products and services offered by Speedle and external product and service providers for whom Speedle acts as agent;

(b) complying with Speedle’s legal obligations;

(d) gathering and aggregating information for statistical, prudential, actuarial and research purposes;

(e) assisting clients with queries; and

(f) taking measures to detect and prevent fraud.

3.3 Speedle may at times collect and retain Credit Information and Credit Eligibility Information in accordance with the Privacy Act and CR Code.

3.4 The Credit Information Speedle may collect generally includes or consists of:

(a) a client’s full name, residential address (including previous addresses), contact details (including telephone and email addresses) and other identity verification emails;

(b) a client’s date of birth and gender;

(d) details of any credit provided to the client by other Credit Providers;

(e) any credit rating or credit assessment score that Speedle has derived or that is provided to Speedle by a CRB; and

(f) details of any credit-related court proceedings or insolvency applications that relate to the client.

3.5 The Credit Eligibility Information Speedle may collect generally includes or consists of:

(a) any of the types of credit information listed in 3.4 above which was disclosed to Speedle by a CRB under the Privacy Act;

(b) any Personal Information (other than Sensitive Information) about the client that is derived by a CRB from Credit Information about the client that is held by the body that has any bearing on the client’s credit worthiness and that is used or could be used in establishing the client’s eligibility for consumer credit; and

3.6 Speedle may also collect the number and ages of dependants, the length of time at the client’s current residential address, the current employer’s name and contact details, the length of employment, proof of earnings and, if the client has changed employer in the last few years, details of previous employment.

4. MEANS OF COLLECTION

4.1 Speedle must only collect Credit Information and Credit Eligibility Information by lawful and fair means.

4.2 Speedle collects Credit Information directly from clients, unless it is unreasonable or unpracticable to do so or the client has instructed an agent to act on their behalf.

4.3 Speedle will collect Credit Information from a client when:

(a) Speedle’s Application Form is completed;

(b) a client provides the information to Speedle’s representatives over the telephone or via email;

5. STORAGE OF CREDIT INFORMATION AND CREDIT ELIGIBILITY INFORMATION

5.1 Speedle stores Credit Information and Credit Eligibility Information in different ways, including:

(a) hard copy on site at Speedle’s head office;

(b) electronically secure data centres which are located in Australia and owned by either Speedle or external service providers;

5.2 In order to ensure Speedle protects any Credit Information and Credit Eligibility Information it holds from misuse, interference, loss, unauthorised access, modification and disclosure, Speedle implements the following procedures and systems:

(a) access to information systems is controlled through identity and access management;

(b) employees are bound by internal information security policies and are required to keep information secure;

(d) Speedle regularly monitors and reviews its compliance with internal policies and industry best practice.

5.3 Speedle may take reasonable steps to destroy or de-identify Credit Eligibility Information it holds about a client where:

(a) Speedle no longer needs the information for any purpose for which the information may be used or disclosed; and

(b) Speedle is not required under Australian law or Court/Tribunal Order to retain the information.

SECTION C – USE OF CREDIT INFORMATION AND CREDIT ELIGIBILITY INFORMATION

6. PERMITTED USE

6.1 Speedle may use the Credit Information and Credit Eligibility Information that is collected from clients to help Speedle to decide whether or not to provide credit to a client. Speedle may also use Credit Information and Credit Eligibility Information to derive or calculate a credit assessment score in relation to a client, which may be used to help in conducting an assessment of a client’s creditworthiness.

6.2 The Credit Information and Credit Eligibility Information that Speedle holds about clients is used:

(a) to assess any application for credit;

(b) to collect payments that are owed to Speedle in respect of any credit previously provided to a client;

(c) where the client has offered to guarantee credit that Speedle has offered to provide the client’s company or entity, to assess their suitability as a guarantor of that credit and to enforce that guarantee if required;

(d) to assess and respond to any access or correction requests;

(e) where Speedle is consulted by a CRB or another Credit Provider about an access or correction request that a client makes to those entities, to respond to that consultation request;

(f) where a client complains to the Office of the Australian Information Commissioner (“OAIC”) or the Australian Financial Complaints Authority (“AFCA”) about Speedle’s treatment of Credit Information and Credit Eligibility Information, to respond to that complaint and to seek legal or other professional advice in relation to such complaint; and

(g) where a client otherwise expressly consents to the use.

6.3 Where Speedle uses Credit Information and Credit Eligibility Information under section 6.2, Speedle must make a written note of that use.

7. DIRECT MARKETING

7.1 Speedle must not use or disclose the Credit Information or Credit Eligibility Information it holds about a client for the purpose of direct marketing.

SECTION D – DISCLOSURE OF CREDIT INFORMATION

8. NOTIFICATION OF COLLECTION

8.1 Speedle must notify the client of the name and contact details of the CRB at the time or before it collects Credit Information about a client that it will likely disclose to the CRB.

9. PERMITTED DISCLOSURE

9.1 The credit information that Speedle holds about clients can be disclosed to a CRB in the following circumstances:

(a) Speedle is a member of AFCA; and

(b) Speedle knows, or believes on reasonable grounds that the client is at least eighteen (18) years old; and

(d) the Credit Information disclosed meets the following requirements:

(i) the information does not relate to an act, omission, matter or thing that occurred or existed before the client turned eighteen (18) years old;

(ii) if the information relates to consumer credit or commercial credit – the credit is or has been provided, or applied for, in Australia;

(iii) if the information is about repayment history:

A. Speedle holds an Australian Credit Licence or id authorised under the National Consumer Credit Protection Act 2009 (Cth); and

B. the repayment information disclosed relates to consumer credit liability information about the client; and

(i) if the information relates to default information about the client:

A. Speedle has given the client a written notice stating it intends to disclose this information to a CRB; and

B. at least fourteen (14) days have passed since the notice was given. If the client has paid the overdue amount after the disclosure has been made, Speedle must, within a reasonable amount of time, disclose the payment information to the CRB.

9.2 Where Speedle discloses Credit Information to a CRB under this section 9, Speedle must make a written note of that use.

SECTION E – DISCLOSURE OF CREDIT ELIGIBILITY INFORMATION

10. PERMITTED DISCLOSURE

10.1 The Credit Eligibility Information that Speedle holds about clients can be disclosed:

(a) to any of Speedle’s related companies;

(b) where the disclosure is to:

(i) a person for the purposes of processing an application for credit made with Speedle; or

(ii) a person who manages credit provided by [insert defined company name[ for the use in managing that credit;

(i) a third party that the client or Speedle has asked to act as a guarantor of any credit provided; and

(ii) the third party has an Australian link; and

(iii) the client has expressly consented in writing to the disclosure of Credit Eligibility Information;

(d) to a mortgage insurer with an Australian Link for the purposes of obtaining mortgage insurance or arising under a contact for mortgage insurance;

(e) where the disclosure is to:

(i) another Credit provider or agent of another Credit Provider for a particular purpose; and

(ii) the Credit Provider or agent has an Australian Link; and

(iii) the client has expressly consented in writing the disclosure of Credit Eligibility Information;

(f) where both of the following apply:

(i) Speedle believes on reasonable grounds that the client has committed a serious credit infringement; and

(ii) Speedle discloses the information to another Credit Provider that has an Australian Link or to an enforcement body;

(g) where the disclosure is to:

(i) a third party that carries on a business or undertaking that involves the collection of debt on behalf of Speedle; and

(ii) the primary purpose of disclosure is for collecting payments that are overdue; and

(iii) the Credit Eligibility Information provided is limited to:

A. identification information about the client; or

B. court proceedings information about the client; or

C. personal insolvency information about the client; or

D. default information about the client.

(h) where both of the following apply:

(i) the disclosure is to the OAIC or AFCA; and

(ii) Speedle is a member of AFCA; and

(i) the disclosure is required by Australian Law or Court/Tribunal Order.

SECTION F – CROSS BORDER DISCLOSURE OF INFORMATION

11. DISCLOSING PERSONAL INFORMATION TO CROSS BORDER RECIPIENTS

11.1 Where Speedle discloses Credit Information or Credit Eligibility Information about a client to a recipient who is not in Australia, Speedle must ensure that the overseas recipient does not breach the Australian Privacy Principles (with the exception of APP1).

11.2 The countries Speedle may disclose to include:

(a) Australia; and

(b) New Zealand.

11.3 Section 11.1 does not apply where:

(a) Speedle reasonably believes that:

(i) information is subject to a law or binding scheme that has the effect of protecting the information in a way that is at least substantially similar to the way in which the Australian Privacy Principles protect the information; and

(ii) there are mechanisms that the client can access to take action to enforce that protection of the law or binding scheme; or

(b) both of the following apply:

(i) Speedle has informed the client that if they consent to the disclosure of information Speedle will not take reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles; and

(ii) after being so informed, the client consents to disclosure;

(c) the disclosure of the information is required or authorised by or under an Australian law or a Court/Tribunal Order; or

(d) a Permitted General Situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1) of the Privacy Act) exists in relation to the disclosure of the information by Speedle.

SECTION G – ACCESS TO CREDIT ELIGABILITY INFORMATION

12. ACCESS

12.1 Speedle must give a client access to the Credit Eligibility Information it holds about a client if so requested.

12.2 Speedle must respond to any request for access to Credit Eligibility Information within thirty (30) calendar days after the request is made.

12.3 Speedle must not provide access without first obtaining evidence to satisfy itself as to the identity of the client making the request and the person’s entitlement under the Privacy Act and CR Code to access.

12.4 Speedle must give access to the Credit Eligibility Information in the manner requested by the client, if it is reasonable and practicable to do so and must take such steps as are reasonable in the circumstances to give access in a way that meets the needs of Speedle and the client.

12.5 Speedle must present the information clearly and accessibly and provide reasonable explanations and summaries of the information to assist the client to understand the impact of the information on the client’s credit worthiness.

12.6 Speedle must not charge a client for making a request and must not impose excessive charges for the client to access their Credit Eligibility Information.

13. EXCEPTIONS

13.1 Speedle is not required to give a client access to their Credit Eligibility Information if:

(a) giving access would be unlawful; or

(b) denying access is required or authorised by or under an Australian law or a Court/Tribunal order; or

(c) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

14. REFUSAL TO GIVE ACCESS

14.1 If Speedle refuses to give access in the manner requested by the client, Speedle will give the client a written notice that sets out:

(a) the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and

(b) the mechanisms available to complain about the refusal to the OAIC or AFCA.

SECTION H – CORRECTION OF CREDIT INFORMATION AND CREDIT ELIGABILITY INFORMATION

15. CORRECTION

15.1 Speedle must take reasonable steps to correct all Credit Information and Credit Eligibility Information having regard to the purpose for which the information is held where:

(a) Speedle is satisfied the information is inaccurate, out of date, incomplete, irrelevant or misleading; or

(b) the client requests Speedle corrects the information within thirty (30) days of the request being made.

15.2 Speedle must not charge a client for making a request and correcting the Credit Information or Credit Eligibility Information.

16. NOTICE OF CORRECTION

16.1 Where Speedle has previously disclosed Credit Information or Credit Eligibility Information it has corrected, Speedle will, within a reasonable period provide each recipient a written notice of the correction.

SECTION I – COMPLAINTS

17. POLICY

17.1 Speedle has internal procedures in place to deal with client complaints, through the Dispute Resolution Policy.

18. RECEIVING COMPLAINTS

18.1 Speedle’s employees must immediately refer clients wishing to make a complaint to the Compliance Officer. This ensures that wherever possible, the complaint will be investigated by a staff member not involved in the subject matter of the complaint.

18.2 On receiving a complaint, the following information must be recorded:

(a) date of complaint;

(b) name of client;

(d) format of complaint (phone/email/letter/fax);

(e) preferred contact method of client (phone/email/letter/fax);

(f) details of the complaint; and

(g) classification of the complaint (Refer to section 20).

18.3 Once the complaint is received, the Compliance Officer must acknowledge receipt of the complaint within seven (7) calendar days using the preferred contact method of the client and attempt to resolve the complaint within thirty (30) calendar days of it being received.

19. COMPLAINTS RECEIVED OVER THE PHONE

19.1 The following procedure must be followed when a complaint is received orally:

(a) identify yourself, listen, record details and determine what the client wants;

(b) confirm the details received;

(d) explain the courses of action available;

(e) do not attempt to lay blame or be defensive;

(f) resolve the complaint if possible or commit to doing something immediately, irrespective of who will ultimately handle the complaint;

(g) don’t create false expectations;

(h) inform the client of the name and contact details of the person who will be formally dealing with the complaint (i.e. the Compliance Officer);

(i) refer the matter immediately to the Compliance Officer (even if you resolved the matter); and

(j) record the details in the complaints register.

20. CLASSIFICATION OF COMPLAINTS

20.1 All complaints must be classified by Speedle and then analysed to identify systemic, recurring and single incident problems and trends.

20.2 Level 1 – the least serious complaints. The complaint could not be resolved at first contact with the client. Some complaints at this level will require the assistance of other employees at Speedle. The complaint can be resolved without escalating it to the Compliance Officer.

20.3 Level 2 – more serious complaints. The Compliance Officer must be informed of the complaint and may provide input where necessary to help resolve the complaint.

20.4 Level 3 – the most serious complaints. This type of complaint will require the involvement of the Compliance Officer.

21. RESPONSIBILITY FOR AND INVESTIGTION OF COMPLAINTS

21.1 At first instance the Compliance Officer is responsible for dealing with complaints.

21.2 If the Compliance Officer is unable to resolve the complaint within thirty (30) calendar days, a letter or email must be provided before the end of the period which:

(a) informs the client of the reasons for the delay;

(b) the expected timeframe to resolve the complaint;

(c) seeks the client’s agreement to an extension period that is reasonable in the circumstances to resolve the complaint; and

(d) advise the client that they may contact AFCA or the OAIC and provide the relevant contact details.

22. RESOLUTION OF COMPLAINTS

22.1 When an outcome is reached for a complaint, the client needs to be advised of the final response by email, fax or letter.

23. COMPAINTS REGISTER

23.1 A Complaints Register is to be compiled and managed by the Compliance Officer.

23.2 A copy of the Complaints Register is to be provided to the Compliance Officer prior to the quarterly meeting of the Compliance Committee.

23.3 The Compliance Officer must maintain a soft copy record of the Complaints Register on file.

24. IDENTIFIYING AND RECORDING SYSTEMIC ISSUES

24.1 The Compliance Officer should aim to identify any systemic issues or recurring complaints as a result of compiling the Complaints Register.

24.2 Where any systemic issues or recurring complaints are identified, these should be addressed to the Compliance Officer by preparing a report to accompany the Complaints Register. The issues will be included in the Compliance Report presented at the next Compliance Committee Meeting. This will encourage the identification of compliance issues or risks, which can be investigated to determine their causes and then rectified.

25. EXTERNAL DISPUTE RESOLUTION SCHEME

25.1 Speedle is a member of AFCA. AFCA is the External Dispute Resolution (“EDR”) Scheme approved by ASIC.

25.2 This external and impartial service is available to clients free of charge. It has jurisdiction to hear and resolve any dispute that is not resolved by Speedle’s Internal Dispute Resolution process.

25.3 The external and impartial process will apply the law and may take into account what is fair in all the circumstances to both the client and Speedle.

25.4 Speedle has a guide for clients that includes reference to the availability of this EDR mechanism.

SECTION J – RECORD KEEPING

26. DOCUMENT RETENTION POLICY

26.1 In accordance with Speedle’s Document Retention Policy, Speedle will maintain adequate records that evidence their compliance with Part IIIA of the Privacy Act, Privacy Regulations and CR Code for a minimum period of five (5) years.

27. TYPE OF RECORDS

27.1 Speedle is required to maintain the following records:

(a) information where credit-related personal information is destroyed to meet obligations under Part IIIA of the Privacy Act, the Privacy Regulations and CR Code (if possible);

(b) where Speedle receives Credit Eligibility Information disclosed to it by another Credit Provider:

(i) the date on which the information was disclosed;

(ii) the Credit Provider who disclosed the information;

(iii) a brief description of the type of information disclosed; and

(iv) evidence relied upon that the consent requirements have been met;

(i) the date on of the disclosure;

(ii) a brief description of the type of information disclosed; and

(iii) evidence that the disclosure was permitted under Part IIIA of the Privacy Act, the Privacy Regulations and CR Code;

(d) records of any consent provided by a client for the purposes of Part IIIA of the Privacy Act, the Privacy Regulations and CR Code;

(e) records of any written notice given to a client stating that a consumer credit application has been refused within ninety (90) days of disclosure by a CRB to Speedle of Credit Reporting Information in relation to that client; and

(f) records of correspondence and actions taken in relation to:

(i) requests to establish or extend a ban period;

(ii) request for, or notifications of, corrections;

(iii) complaints;

(iv) pre-screening requests by Speedle; and

(v) monitoring and auditing of Speedle in accordance with Part IIIA of the Privacy Act, the Privacy Regulations and CR Code.

SECTION K – CONCLUSION

28. POLICY BREACHES

28.1 Breaches of this Policy may lead to disciplinary action being taken against the relevant party, including dismissal in serious cases and may also result in prosecution under the law where that act is illegal. This may include re-assessment of bonus qualification, termination of employment and/or fines (in accordance with the Privacy Act).

28.2 Staff are trained internally on compliance and their regulatory obligations to Speedle. They are encouraged to respond appropriately to and report all breaches of the law and other incidents of non-compliance, including Speedle’s policies, and seek guidance if they are unsure.

28.3 Staff must report breaches of this Policy directly to the Director.

29. POLICY REVIEW

29.1 This Credit Reporting Policy will be reviewed on at least an annual basis by the Compliance Officer having regard to the changing circumstances of Speedle. The Compliance Officer will then report to the Director on compliance with this Policy.

Issued by Speedle Pty Limited – 15 January 2024

‍