1. Purpose and Scope
GS-APAC Pty Ltd, trading as CreditReboot.com.au (Credit Reboot), relies on the information it collects, holds, uses and/or discloses for the purpose of providing effective debt management services for its clients. An illustrative summary of circumstances where such information may be used by Credit Reboot includes the following:
- to assess the specific circumstances of a client’s circumstances in relation to debt management services;
- to raise and highlight areas of concern, consult with, and/or negotiate outcomes with key stakeholders, including credit providers and credit reporting bodies;
- to engage in external dispute resolution processes, including with the Australian Financial Complaints Authority (AFCA);
- for audit and compliance purposes; and
- to comply with our legal and regulatory obligations.
The purpose of this Policy is to provide information about:
- the personal and regulated information that Credit Reboot collects;
- how we handle that information, including how we use and disclose it; and
- how you can access your personal information or make a complaint about our handling of the information.
All personal information collected by Credit Reboot, including sensitive information, is obtained through the prior informed consent of our clients, or as may be otherwise required in accordance with the law and/or lawful instructions of regulators or the Courts.
Credit Reboot is required to ensure this Policy continues to reflect new or amended laws, new technologies and/or changes to our operations and/or practices. Consequently, we may from time-to-time review, and, if necessary, update this Policy. Accordingly, we strongly recommend that you regularly review this Policy to ensure you remain aware of any such updates or changes.
Personal information is defined within the Privacy Act 1988 (Cth) as any information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
The personal information we collect includes:
- contact details (such as name, address, email and telephone numbers);
- biographical data (such as date of birth, signature and gender);
- credit information (including credit eligibility information, repayment history information, consumer credit liability information, payment information, default information, new arrangement information and the types and amounts of credit applied for);
- credit reporting information;
- financial information (such as bank details and tax file number information); and
- occupational and employment details (such as current and recent employment).
Credit Reboot collects personal information either directly from its clients or from relevant third parties. Examples of ‘relevant third parties’ include credit providers, credit reporting bodies, AFCA, mortgage brokers, intermediaries and/or credit representatives who hold personal information relating to our clients’ specific circumstances.
Sensitive information is a class of personal information which requires greater protections under the Privacy Act, 1988 (Cth)and is defined as information or an opinion about an individual’s:
- racial or ethnic origin;
- political opinions;
- membership of a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership of a professional or trade union;
- sexual orientation or practices; and/or
- criminal record.
The sensitive information we collect includes:
- professional memberships
- membership of a trade union; and/or
- racial and ethnic origin.
It is important to understand that the collection of sensitive information relating to professional memberships and/or membership of a trade union is not actively sought by Credit Reboot, however such details are frequently collected indirectly through being contained within documents obtained by Credit Reboot for the purpose of providing debt management services (such as listings within payslips or bank statements).
Credit Reboot only uses personal information for the purpose for which it was collected, unless one of the following applies:
- we obtain the individual’s consent to use the personal information for a different purpose;
- the individual would reasonably expect us to use the personal information for a different but related purpose (and if the personal information is sensitive information, that the purpose is directly related to the collection purpose); or
- we are required by law to use the information, for example by a Court Order or subpoena.
The types of bodies or persons to which we may disclose personal information collected by Credit Reboot include the following:
- credit providers and credit reporting bodies in the course of our provision of debt management services;
- contracted service providers engaged by Credit Reboot to provide specific services related to our provision of debt management services (such as software development and maintenance services, customer enquiries and business administration – including quality assurance and auditing processes);
- lawyers and external dispute resolution parties, including AFCA;
- regulators and law enforcement agencies, such as the Australian Securities and Investments Commission (ASIC);
Credit Reboot recognises its duty to protect and secure personal information from theft, loss, misuse, interference, and unauthorised access, modification, use or disclosure. Unless informed consent has been provided from the respective individual, personal information will not be disclosed to other organisations or agencies unless one of the following exceptions applies:
- the respective individual would reasonably expect us to use the information for that other purpose;
- it is legally required or authorised;
- it is reasonably necessary for an enforcement activity;
- it is contractually required;
- we reasonably believe that it is necessary to lessen or prevent a serious threat to life, health, or the safety of any individual, or to public health or safety; or
- we have reason to suspect that unlawful activity or misconduct of a serious nature that relates to Credit Reboot’s services or activities has been, is being, or may be engaged in, and we reasonably believe that it is necessary in order to take appropriate action in relation to the matter.
Credit Reboot does not generally disclose your personal information outside of Australia, however if we do make any such disclosure to an overseas recipient we will take reasonable steps to ensure that any such disclosure is performed in accordance with this Policy and all relevant local laws.
Credit Reboot stores personal information in electronic systems and paper files. We take steps to protect the personal information we hold against loss, unauthorised access, use, modification, or disclosure, and against other misuse. These steps include password protection and access privileges for accessing Credit Reboot IT systems, securing paper files in locked cabinets and offices, and through physical access restrictions.
If a data breach occurs and personal information we hold about you is subject to unauthorised loss, use or disclosure, we will respond in accordance with the Privacy Act 1988 (Cth). In accordance with this Act, we are required to notify you and the Office of the Australian Information Commissioner of any unauthorised access or disclosure or your personal information which would be likely to result in serious harm to you or any affected individuals.
If we reasonably suspect that there has been any such unauthorised access or disclosure, we will carry out an expeditious assessment to determine if it is an ‘eligible data breach’ in accordance with the Privacy Act 1988 (Cth) and take all reasonable steps to contain the unauthorised access or disclosure.
Personal information is held by Credit Reboot in accordance with legal and regulatory timeframes and is destroyed when no longer required.
Where possible, we will allow you to interact with us anonymously or using a pseudonym. An example of a situation where this may occur may be that if you contact us to ask a general question about our debt management services we will not collect your name unless we need it to adequately handle your question. However, for most our services, functions, and activities it is impractical to deal with an individual who has not identified themselves or is otherwise using a pseudonym.
We usually require your name and contact information, and enough information (including personal information) about your circumstances to enable us to assess your specific situation, validate your identity, demonstrate to relevant stakeholders (including credit providers and credit reporting bodies) that we are authorised to act as an access seeker or otherwise engage with them on your behalf (as appropriate), and ultimately deliver effective debt management services.
When you browse our website, we collect the following information for statistical purposes, identification of trends, to deliver personalised content, and to enhance user experiences:
- server address;
- top-level domain name;
- date and time of your visit;
- type of browser used, including version and language;
- pages accessed;
- operating system; and
- referring website.
Credit Reboot does not identify users or their browsing activities except in the event of an investigation where a law enforcement agency lawfully requests such details.
If you make an online payment by credit card, we will collect information such as your email address, name, and credit card details to enable us to process your payment, and we will provide you with a payment receipt.
Credit Reboot uses social networking sites, including Facebook, to communicate with the general public about our services. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public.
It is also important to understand that any information you provide on a social networking site is open to the wider public and may be used by third-parties to contact you with unsolicited messages. Credit Reboot strongly recommends individuals to remain cautious in disclosing personal information on social networking sites and/or blogs or forums.
Credit Reboot may from time-to-time provide details of updates and service enhancements to clients via email, however we do not sell personal information, including email and contact addresses.
Clients have the ability to ‘opt-out’ of any such updates or notifications of service enhancements through their personal account login.
You have a right to access personal information we hold about you, and to request personal information be corrected. Credit Reboot will take reasonable steps to ensure that the personal information we hold about you is accurate, up-to-date, relevant, and complete, including when it is used or disclosed.
Clients of Credit Reboot may be provided a personal account login through which they may access their personal information at any time. Clients may also edit personal information details through this login, including email and contact details, to ensure this information remains accurate.
It is important to understand that whilst Credit Reboot will take reasonable steps to provide access to, or correct personal information we hold that you believe is incorrect, there are a number of circumstances where this may not be possible. Examples of such situations (without limitation) may include the following:
- where the respective information belongs to, or has been provided by, a third-party (such as an incorrect entry on credit report provided by a credit reporting body, or the incorrect spelling of a name on a default notice);
- where your identity cannot be verified;
- where the correction itself may adversely impact upon another party (such as seeking to amend personal information that relates to joint obligations with another individual or individuals); and/or
- where there is a law or regulatory requirement that allows or requires us not to.
Where any such circumstances arise, Credit Reboot will work with you to identify the source of the incorrect personal information, in order for you to request these details be corrected at their source.
If we refuse to provide access to, or to correct, your personal information, we will notify you in writing as to the reasons why.
If we make a subsequent correction and we have disclosed the incorrect information to others, you can ask us to tell them about this correction.
It is also important to understand that we may require you to submit your request to correct personal information in writing to us, so that we may have a record of this request for security, quality assurance and audit, and compliance purposes.
We appreciate that despite our best efforts to ensure your privacy rights are maintained and to deliver a quality service, there may be times where you may wish to address issues, shortfalls, instances where your expectations may not have been met, or to make a complaint.
For issues relating to this Policy, including privacy-related complaints, our contact details are as follows:
Postal: GPO Box 1294, Brisbane, QLD 4001
Clients may also lodge a complaint directly through their personal account login where they have been provided with one.
All privacy complaints will be handled in accordance with our Complaints Policy, and we will acknowledge receipt of any complaint within five business days. Credit Reboot will seek to provide a response to any such complaint within thirty days, however there may be occasions where the complaint itself is complex, or where we do not have sufficient information to complete an investigation within this timeframe.
Where we are unable to provide any such response within this thirty-day period, we will inform you and seek to agree on an acceptable alternative timeframe.
Where a complaint continues to remain unresolved, there may be the option to escalate the matter to an external body, including the Office of the Australian Information Commissioner or AFCA.
Contact details for AFCA are as follows:
Postal: GPO Box 3, Melbourne, VIC 3001
Phone: 1800 931 678
The Chief Executive Officer (or their delegate) is responsible for the management and oversight of this Policy and all related subordinate documentation.
This Policy is required to be reviewed every two years.
This Policy has been written in ‘plain English’ to assist in awareness and comprehension, however it is not legal advice and is not intended to replace the rights, duties, and obligations a party has under the Privacy Act 1988 (Cth). Nothing in this Policy is intended to create or impose rights, remedies, or obligations additional to those contained in this Act. All reasonable care has been taken by Credit Reboot to ensure the currency and accuracy of this Policy, however it is not intended to be a warranty or representation or otherwise to create any form of legal contractual relationship or obligations between you and Credit Reboot.
Further information relating to your privacy rights may be obtained through the Office of the Australian Information Commissioner’s website at https://www.oaic.gov.au/.
Updated: 16 February 2022