EdFin Pty Ltd (ACN 627 221 292, Australian Credit Licence 549660) offers credit products and services. We are subject to the operation of the Privacy Act 1988 (Cth) (Privacy Act). This Policy explains how we handle personal information relating to individuals, whether they are customers or not, to ensure we meet our obligations under the Act.

In this Policy the expressions “we”, “us” and “our” are a reference to EdFin Pty Ltd 2 Feiney Street, Marsden Park NSW 2765, and its related bodies corporate. The expressions “you” and “your” refer to each and every individual whose personal information we may collect, use or disclose from time to time.

The expression “personal information” is used in this Policy to refer to any information or an opinion about an identified, or reasonably identifiable, individual whether that information or opinion is true or not and whether it is recorded in material form or not.

Any reference to us assuming an obligation under the Privacy Act or other privacy legislation can be interpreted as a reference to us also procuring our subcontractors to undertake a reciprocal obligation to the extent relevant.

Consent to give notices electronically

You consent to EdFin giving you notices and other documents in connection with your facility electronically at your last known address or number. You warrant that you can save and print any electronic correspondence from us. In giving this consent, you acknowledge and understand that:

• we may not provide you with paper documents;
• you must regularly check your electronic communications for EdFin’s notices or correspondence;
• you may withdraw this consent at any time by contacting us; and
• you must keep us informed of any changes to your email address and mobile phone number.

Types of information collected

We only collect personal information to the extent that this is reasonably necessary for one or more of our functions or activities.

This includes the following kinds of information:

• current and past name(s);
• contact details such as your address, your email address, your telephone number, and other contact details;
• age or date of birth;
• information we require to carry out a credit suitability assessment such as your marital status, number of dependants, your income & employment history and current or previous credit information;
• information about your education course and enrolment;
• details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
• any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
• information you provide to us through customer surveys; and
• any other personal information that may be required to facilitate your dealings with us.

How we Collect Personal Information

We generally collect personal information about you directly from you unless it is unreasonable or impracticable for us to do so.

Information will generally be collected from the following sources:

• from you through our website;
• from or through correspondence, chats, email, or when you share information with us from other social applications, services, or websites;
• Contracted third party service providers
• from your education provider; and
• from Credit Reporting Bodies.

Why we collect personal information

Purposes for which we may use and disclose your personal information include, but are not limited to:

• to enable you to access and use our financial products and services;
• to identify you and verify that your information is correct;
• to identify and inform you about a product or service that we think may be of interest to you.
• to operate, protect, improve, and optimise our website, app, business, and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
• to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
• to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
• to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners; and
  to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.

Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)

Before EdFin provides a product or service to you, or to a person connected with you, we may (where you are an individual) be required to collect your personal information to comply with our customer identification obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act).

The personal information we collect for this purpose typically includes identification information, such as name, residential address, and date of birth. In some cases, we may need to collect information about the political activities and opinions of individuals to determine whether they are politically exposed persons for the purposes of the AML/CTF Act. If we ask for this information, and you provide it to us, we will infer your consent to use and disclose the information for this purpose.

In certain circumstances, we may need to clarify and/or update the personal information we previously collected for identity verification purposes, and/or collect further information, including financial information about individuals. Where this is necessary, we will collect the information directly from you and/or from third party service providers.

As a part of our AML/CTF verification processes we may need to take copies of your personal identification documents to verify your identity in accordance with the requirements of that Act.

The information obtained used by EdFin for an information match request to a relevant Official Record Holder and that a corresponding information match result will be provided via the use of third-party systems, and you provide EdFin with express consent to do so.

We may also disclose your full name, residential address, and date of birth to a credit reporting body for the purpose of providing an assessment of whether this identification information matches (wholly or in partly) personal information held by the credit reporting body. The credit reporting body may compare your details with personal information held by the body (being the names, residential address, and dates of birth of other individuals) for the purposes of making this assessment.

Third Party Disclosures

We may disclose your personal information to:

• our related corporate bodies or entities;
• third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
• professional advisers, dealers, and agents;
• your education institution to confirm your units and enrolment and integrate with their systems;
• payment systems operators (e.g., merchants receiving card payments);
• our existing or potential agents, business partners or partners;
• our sponsors or promoters of any competition that we conduct via our services;
• anyone to whom our assets or businesses (or any part of them) are proposed to be or are transferred;
• specific third parties authorised by you to receive information held by us; and/or
  other persons, including government agencies, regulatory bodies, and law enforcement agencies, or as required, authorised, or permitted by law.

Direct Marketing

We will not use or disclose personal information for the purposes of direct marketing to you unless:

• you have consented to receive direct marketing materials; or
• you would reasonably expect us to use your personal details for this purpose and you have not previously opted-out from receiving such marketing materials; or
• we believe you may be interested in the material, but it is impractical for us to obtain your consent and you have not previously opted-out from receiving such material.

In every instance, we will ensure that our direct marketing material incorporates an option for you to opt out of future marketing communications.

Please note also that even if you have requested not to receive further direct marketing communications, we will continue to provide you with information about changes to our terms and conditions, questionnaires and other service messages or factual, non-marketing information.

Overseas Disclosure of Personal Information

Generally, we do not disclose your personal information overseas.

There may be circumstances where we, or our subcontractors, use cloud storage technology that uses servers located outside of Australia for data storage.

It is not practicable for us to specify in advance the location of every service provider with whom we deal with.

It is possible that information will be transferred to a jurisdiction where you will not be able to seek redress under the Privacy Act and that does not have an equivalent level of data protection as Australia. We will not be accountable for how these overseas recipients handle your personal information. By providing your personal information to us, you consent to our disclosure of your personal information to these parties.

Employee Records

This Policy does not apply to our acts and practices directly related to personal information forming part of an employee held by us for the purpose of a current or former employment relationship between us and that employee.

If we disclose employee records offshore for any reason, we will comply with cross-border restrictions set out by the regulator which apply to the overseas disclosure of personal information.

Security of Personal Information

We will take reasonable steps to protect the personal information we hold from misuse, interference, or loss and from unauthorised access, modification, or disclosure. For example, we typically store personal information on a secure, encrypted serve located in Australia. We will destroy or de-identify personal information once we no longer require it for our business purposes.

When using our website, you should be aware that no data transmission over the Internet can be guaranteed as totally secure. Although we strive to protect such information, we do not warrant the security of any information that you transmit to us over the Internet, and you do so at your own risk.

Where your student profile is integrated with a third-party education institution system, we cannot control the security or data management procedures of that third party. We will take reasonable steps to require such a third party to comply with the Australian Privacy Principles.

Changes to this Policy

From time to time, we may change our Policy on how we handle personal information, or the types of personal information which we hold. Any changes to our Policy will be published on our website. You may obtain a copy of our current Policy from our website or by contacting us on the details.

It is your responsibility to check the website from time to time to determine whether there have been any changes.

Access, Correction and Further Information

We will take such steps as are reasonable to ensure that the personal information which we collect remains accurate, up to date and complete.

We will provide you with access to your personal information held by us unless we are permitted under the Privacy Act to refuse to provide you with such access. Please contact us via the details below if you:

• wish to have access to the personal information which we hold about you;
• consider that the personal information which we hold about you is not accurate, complete, or up to date; or
• require further information on our personal information handling practices.

There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access.

If you consider that the information which we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, we will take reasonable steps, consistent with our obligations under the Privacy Act, to correct that information if you so request.

We will respond to all requests for access and/or correction within a reasonable time.

Complaints

If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should advise us via our contact details below.

If you are not happy with the way in which we have handled a privacy issue, you can contact the Office of the Australian Information Commissioner or our external dispute resolution scheme, the Australian Financial Complaints Authority. We will provide our full cooperation if you elect to pursue either of these courses of action.

Contact Us

For further information about our Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

The Privacy Officer

Email: info@edfin.com.au
Mail: 2 Feiney Street, Marsden Park, NSW 2765

Disclosing credit related information offshore

We will take reasonable steps to not disclose credit information or credit eligibility information offshore.

Your rights

If you believe on reasonable grounds that you have been or are likely to be a victim of fraud, you may request a CRB not to use or disclose credit reporting information about you. You may also request that a CRB not use your credit reporting information for the purposes of pre-screening of direct marketing by a credit provider.

Accessing and editing credit related information

You may request access to, and seek the correction of, the credit-related personal information that we hold about you.

Complaints or further information

If you have a complaint about how we handle your credit-related personal information under the Privacy Act or the CR Code, would like to know how we handle complaints, would like further information or a hard copy of our Credit Reporting Policy, or would like a copy of this Statement of Notifiable Matters in an alternative form (such as a hard copy), you may contact our Privacy Officer at:
Email: info@edfin.com.au
Address: 2 Feiney Street, Marsden Park, NSW 2765

Credit Reporting Policy

This Credit Reporting Policy applies to EdFin Pty Ltd (ACN 627 221 292, Australian Credit Licence 549660) of 2 Feiney Street, Marsden Park, NSW 2765, (‘us‘, ‘we‘, ‘our‘), and describes how we manage

• credit information – this information relates primarily to your credit-related dealings with us and we can disclose this information to credit reporting bodies (CRBs); and
• credit eligibility information – this information relates primarily to your credit-related dealings with other credit providers. Credit eligibility information includes:
• credit reporting information provided by CRBs; and
• credit worthiness information that we derive using credit reporting information.

Definitions of ‘credit information’ and ‘credit eligibility information’ are provided in the Privacy Act 1988 (Cth) (Privacy Act) and the Credit Reporting Privacy Code (CR Code), which are available on the website of the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. Credit information and credit eligibility information is collectively referred to throughout this policy as ‘credit related information’.

We are bound by Part IIIA of the Privacy Act, and by the CR Code, which govern credit reporting in Australia.

About this Credit Reporting Policy

This Credit Reporting Policy explains:

• the kinds of credit related information that we collect and hold, and how we collect this information;
• how we hold credit information and credit eligibility information;
• the purposes for which we collect, hold, use, and disclose credit related information;
• the circumstances in which we may disclose credit related information, including to overseas recipients and the countries where such recipients may be located;
• how you may request access to, and correction of your credit related information held by us; and
• how to make a complaint if you believe that we have not complied with Part IIIA, Division 3 of the Privacy Act or with the Credit Reporting Privacy Code, and how we will deal with such complaints.

This Credit Reporting Policy applies to credit related information about individuals and does not apply to commercial credit information. For information about how we manage other personal information about you, please see our Privacy Policy.

Credit information that we collect and hold, and how we collect this information

When you apply for credit with us, throughout our relationship, and for as long as we are required under the law, we may collect and hold your credit information. Examples of which include:

• identification information, such as your name, address, date of birth or employer;
• consumer credit liability information about you, such as the type of consumer credit, the loan date, the amount of credit applied for, the maximum credit limit approved, and similar.
• your repayment history information;
• a statement that we have made an information request about you with a CRB;
• default information, relating to an outstanding payment over $150 which has been outstanding for over 60 days and we have issued prerequisite notice(s) to pay;
• payment information when you have made a payment towards a default which was reported to a CRB;
• new arrangement information if you vary the terms of your credit following a default disclosure;
• court proceedings information, regarding a judgement of an Australian court that is made against you that relates to credit that was provided to, or applied for, by you;
• personal insolvency information about you, recorded in the National Personal Insolvency Index, and that relates to either your bankruptcy, a debt agreement proposal given by you, a debt agreement made by you, a personal insolvency agreement executed by you, a direction given, or an order made, under section 50 of the Bankruptcy Act that relates to your property, or an authority signed under section 188 of the Bankruptcy Act that relates to your property;
• publicly available information about you that relates to your activities in Australia or the external territories and your credit worthiness; and that is not court proceedings information about you or information about you that is entered or recorded in the National Personal Insolvency Index; and
• an opinion by us that you have committed, in circumstances specified by us, a serious credit infringement in relation to consumer credit provided by us to you.

We collect credit information in a variety of ways, such as obtaining the relevant information directly from you or by persons acting on your behalf (including on application forms or other forms or in our ongoing dealings with you in connection with credit). Some credit information will also be derived by us from your transactions in connection with credit, such as when you make payments to us.

Credit eligibility information that we hold

We may obtain credit reporting information about you from CRBs. Credit reporting information includes:

• credit information of the kinds described above but relating primarily to your dealings with other credit providers (such as about credit applications you have made or credit that you hold with other credit providers). This information will typically have been provided by other credit providers or other third parties; and
• credit worthiness information about you that CRBs derive from the information above, such as credit scores, risk ratings and other evaluations about you.

We may also disclose your credit information relating to your dealings with us to CRBs. Those CRBs may include that information in reports that they provide to other credit providers to assist them to assess your creditworthiness.

For example, we will provide information that identifies you and about your application for credit when obtaining credit reporting information for the purposes of assessing that application.
We may disclose credit information to the following CRBs:

Credit Sense Australia Pty Ltd
Website: http://https://www.creditsense.com.au/privacy-policy/
Phone: +617 3118 5233
Mail: L8, 133 Mary Street, Brisbane QLD 4000, Australia

These CRBs are each required to have a policy which explains how they will manage your credit-related personal information. If you would like to read the policies of these CRBs please see their privacy policies available on their websites (links above).

You have the right to request these CRBs to exclude your credit reporting information from any permissible direct marketing activities that a credit provider may request them to perform.
You also have the right to request (without cost) that CRBs not to use or disclose your credit reporting information if you believe that you have been, or are likely to be, the victim of fraud (for example, you suspect someone is using your identity details to apply for credit). You must contact the CRBs directly should this be the case.

The kinds of information we derive from credit reporting information disclosed to us by a Credit Reporting Body

We may use credit reporting information that we have obtained from a CRB to derive other information that assists us in assessing your creditworthiness, for example, to form a credit risk rating, credit scores, or eligibility to be provided with consumer credit agreement.

How we hold credit related information

We understand the importance of protecting the personal information we hold, including credit information and credit eligibility information. We take reasonable steps to ensure that this information is free from misuse, interference, loss, unauthorised access, or modification. Examples of these steps include:

• securing information both in physical and electronic form;
• having internal procedures and measures limiting access to personal information only to those that need access for their legitimate activities; and
• protecting our systems using reasonable and appropriate technology solutions.

The purpose for which we collect, hold, use, and disclose credit related information

We may collect, hold, use, and disclose credit related information about you, as well as information derived from credit information and credit eligibility information for purposes reasonably necessary for our business activities and consistently with the requirements in the Privacy Act as permitted by law.

These purposes include:

• to assess applications for credit (including assessing any proposed guarantors);
• for the ongoing servicing and administration of our accounts and products;
• to assist with the management, including recovery, of outstanding debts;
• to assist you if we consider that you may be at risk of default;
• internal management purposes;
• for data analysis;
• to participate in the credit reporting system and provide information to CRBs as permitted by the Privacy Act;
• to undertake securitisation activities and debt assignments;
• to deal with complaints and legal proceedings;
• to meet our legal and regulatory requirements (such as reporting matters to regulators or enforcement bodies when authorised or required by law); and
• to assist other credit providers with such purposes in circumstances permitted by the Privacy Act (such as disclosing information to another credit provider with your consent or where you have committed a serious credit infringement).

Restrictions apply under the Privacy Act in relation to the circumstances and purposes for which such information may be used or disclosed and we comply with these restrictions. For example, credit eligibility information may not be disclosed to some types of overseas entities and restrictions apply on the use of credit eligibility information for direct marketing.

Disclosing credit related information, including to overseas recipients and other countries where such recipients may be located

We may share your credit related information with related companies, and other organisations to help us provide credit. These other organisations may include, insurers, credit reporting bodies or system operators. We may also use third party service providers.

One or more of these third parties may be located overseas. Using their services may require us to disclose your credit related information to overseas recipients. As we engage service providers, we will update this Policy to include offshore disclosure information.

How you may access your credit related information held by us

You may request us to provide you with access to the credit related information which we hold about you by contacting us on the details listed below at ‘Contact Us’.

We will need to verify your identity before giving you access to your credit related information. We will usually provide the information requested within 30 days of receiving your request.

In certain situations, we may not agree to a request for access of credit related information that we hold about you. If this occurs, we will advise you in writing of our decision, and of our reason(s) for not agreeing to the access request.

There is no charge to make an access request or how you may seek to correct your credit relates information held by us

We aim to hold accurate and up-to-date credit related information about you at all times. If you consider that any such information, we hold about you is incorrect in any way, you may ask us to correct that information.

To seek such a correction, please contact us using the details listed below at ‘Contact Us’.

If we do not agree to a request to correct information we hold about you, we will advise you in writing of our decision, and of our reason(s) for not agreeing to the correction request.

How to make a complaint if you believe that we have not complied with Part IIIA, Division 3 of the Privacy Act or the CR Code, and how we will deal with such complaints.

If you believe that we have failed to comply with the credit reporting requirements in Division 3, Part IIIA of the Privacy Act or the Credit Reporting Privacy Code, please contact our Internal Dispute Resolution team using our details listed below. We will aim to respond as soon as possible with a solution, or with our anticipated resolution time.

You may also refer the matter to the Office of the Australian Information Commissioner (OAIC), who can be contacted by phone on 1300 363 992, by mail at GPO Box 5218, Sydney NSW 1042, or online at https://www.oaic.gov.au/about-us/contact-us.

If you are unhappy with our resolution, you may contact our external dispute resolution scheme is the Australian Financial Complaints Authority (AFCA), who can be contacted on 1800 931 678 or at http://www.afca.org.au/.

Contact Us

If you would like a copy of this Credit Reporting Policy, have questions, or would like to make a request, our contact details follow.

Email: info@edfin.com.au
Address: 2 Feiney Street, Marsden Park, NSW 2765

This Credit Reporting Policy was last updated on 1 Nov 2023 and is subject to change.