8. Disclosing your personal information
We may disclose your personal information:
(a) to any member of the ColCap Group of companies insofar as reasonably necessary for the purposes of this Privacy Policy and providing our Services, and on the legal bases allowed under the Privacy Laws and as set out in this Privacy Policy;
(b) to prospective funders or other intermediaries in relation to your credit requirements;
(c) to other organisations that are involved in managing or administering your credit such as third party suppliers, brokers, mortgage managers, aggregators, lenders mortgage insurers, trade insurers, valuers, third party service providers, service providers for the purposes of verifying your identity, surveyors, accountants, credit reporting bodies, recoveries firms, debt collectors, lawyers, call centres, printing and postal services;
(d) to regulatory and supervisory bodies;
(e) to associated businesses that may want to market products to you;
(f) to companies that provide information and infrastructure systems to us;
(g) to anybody who represents you, such as mortgage brokers, mortgage managers, your representatives, lawyers, and accountants;
(h) related entities and third party service providers who assist us in our operations and certain tasks including the verifying of your identity and information technology services;
(i) to our suppliers or subcontractors insofar as reasonably necessary to provide the relevant Services to you;
(j) to anyone, where you have provided us with your consent;
(k) where we are required to do so by law, such as under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth); or
(l) to investors, agents or advisers, or any entity that has an interest in our business;
(m) organisations that provide products or services used or marketed by us; or
(n) to your employer or referees.
Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that:
(i) the person or organisation has a commitment to protecting your personal information at least equal to our commitment;
(ii) is legally able to seek access to your personal information in accordance with the Privacy Laws or any other laws; or
(iii) you have consented to us making the disclosure.
9. Overseas Recipients
Prior to disclosing your personal information to an overseas recipient, unless a permitted general situation applies, we will take all reasonable steps to ensure that:
(a) the overseas recipient does not breach the Privacy Laws; or
(b) the overseas recipient is subject to a law, or binding scheme, or contractual terms that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way your personal information is protected under the Privacy Laws; or
(c) you have consented to us making the disclosure.
Acceptance of any of our Services via an application in writing, orally or electronic means, will be deemed as giving consent to the disclosures detailed herein.
Currently we are handling, storing, and processing your data in the following locations Australia, Asia (Philippines via our call centre) and USA through the use of Microsoft products, Salesforce, 8×8, Twillio, cloud storage, technological products and services via other service providers.
The locations where we handle, store and process your data may change as our business needs changes and we appoint other service providers from time to time.
10. Direct Marketing
We may use your personal information for direct marketing. This means we may send information to you that relates to promotions within our Columbus Capital Group companies.
You have the right to object to our processing of your personal information for direct marketing purposes. If you make such an objection, we will cease to process your personal information for this purpose.
If you do not wish to receive marketing information, you may at any time decline to receive such information by calling us on 1300 462 209 or by writing to us at PO Box A992 Sydney South NSW 1235. If the direct marketing is by email you may also use the unsubscribe function.
We will not sell your personal information to other companies or organisations.
11. Credit information
Credit Reporting Bodies (CRB) are authorised by law to handle your credit related information. If you apply for credit, we may disclose your personal information to, or collect personal credit related information from a CRB and other entities.
CRBs may include credit related information provided by the Columbus Capital Group in reports provided to other credit providers to assist such other credit providers to assess the individual’s credit worthiness.
As permitted by law, we may collect, hold, use or disclose credit related information held about you for the purposes of:
(a) credit liability information being information about your existing credit which includes the name of the credit provider, whether the credit provider holds an Australian Credit Licence, the type of credit, the day the credit is entered into, the terms and conditions of the credit, the maximum amount of credit available, and the day on which the credit was terminated;
(b) repayment history information which is information about whether you meet your repayments on time;
(c) information about the type of credit that you are applying for;
(d) assessing and forming decisions as to whether to provide you with credit or to accept an individual as a guarantor;
(e) participating in the exchange of credit related information with other credit providers including obtaining from and providing information to CRBs and other credit providers and/or trade suppliers as permitted by Part IIIA of the Privacy Act and the Credit Reporting Code;
(f) to assist you with debt management and administration;
(g) to provide you with our Services;
(h) default and payment information;
(i) to undertake debt recovery and enforcement activities, including in relation to guarantors, and to deal with serious credit infringements;
(j) court proceedings information;
(k) to deal with complaints and meet legal and regulatory requirements; and
(l) to assist other credit providers to do the same.
When we obtain credit information from a credit reporting body about you, we may also seek publicly available information and information about any serious credit infringement that you may have committed.
12. Credit Information handling and Credit Reporting
In assessing your credit application and providing the Services to you, we may exchange your personal information, as well as your consumer and commercial credit information with the following entities, including but not limited to:
(a) Obtaining credit information about you from Equifax Australia Information Services and Solutions Pty Limited (ABN 26 000 602 862) (Equifax) and we may provide to Equifax your personal information with respect of:
(i) request for access seeker services in accordance with section 6L of the Privacy Act; and
(ii) request for your credit information and credit report.
(b) Equifax and its related companies may use and disclose your personal information to manage the provision of credit reporting information and the access seeker services, and to undertake data management for quality related purposes. The Equifax privacy policy is available on the Equifax website at https://www.equifax.com.au/privacy, and contains information about how Equifax handles personal information (other than credit reporting information), including how an individual may access his or her personal information held by Equifax and its related companies and seek the correction of that information, and how an individual may complain about a breach of the Australian Privacy Principles and how Equifax and its related companies will deal with such a complaint.
(c) The Equifax Credit Reporting Policy contains information about how Equifax collects and handles credit reporting information and is available on the Equifax website at https://www.equifax.com.au/credit-reporting-policy.
(d) Obtaining your financial information via our third party Service Provider illion Australia Pty Ltd ABN 95006399677 (Ilion) who is the owner of illion BankStatements (www.bankstatements.com.au) whereby with your consent they can access your banking transaction data and categorise it in an income and expense report which assists us with assessing your ability to service the loan applied for.
(e) The Ilion privacy policy is available on the Ilion website at https://www.illion.com.au/privacy-policy-risk-marketing-solutions/, and contains information about how Ilion handles personal information, including how an individual may access his or her personal information held by Ilion and its related companies and seek the correction of that information, and how an individual may complain about a breach of the Australian Privacy Principles and how Ilion and its related companies will deal with such a complaint.
(f) Other credit providers for the purposes of assessing your creditworthiness, credit standing, and credit history or credit capacity.
(g) Finance brokers, mortgage managers, our accountants, lawyers, mortgage insurers and such other persons who assist us to provide our Services to you such as:
(i) Lenders Mortgage Insurers (LMIs) who hold, use and disclose your personal information and credit information for the purposes of assessing whether to provide insurance to us, including to assess the risk of you defaulting or the risk of a guarantor being unable to meet their liability, managing the insurance, dealing with claims, enforcing any mortgage and recovering proceeds, conducting risk and credit assessments, fraud prevention, and verifying personal information provided by us or any purpose under the insurance contract. The LMIs that we may disclose your personal information and credit information to are:
(A) Genworth Financial Mortgage Insurance Pty Ltd ACN 106 974 305 who can be contacted and a copy of their privacy policy obtained on 1300 655 422 or their website at https://www.genworth.com.au/privacy-policy/; and
(B) QBE Lenders Mortgage Insurance Limited ACN 000 511 071 who can be contacted and a copy of their privacy policy obtained on 1300 367 764 or their website at https://www.qbe.com/lmi/about/governance/privacy-policy
(ii) Our Funders we may use include:
(A) Perpetual Corporate Trust Limited ACN 000 341 533 a copy of their privacy policy can be found on their website at https://www.perpetual.com.au/privacy-policy
(B) Permanent Custodians Ltd (and associated entities) ACN 001 426 384 a copy of their privacy policy can be found on their website at https://www.bnymellon.com/au/en/index.jsp#ir/privacy
13. Your Rights in Relation to CRBs
You may be asked to participate in a “pre-screening“. This is where your credit related information is provided to a CRB to use, to provide marketing relating to your credit related circumstances. You have the right to contact the CRB and ask that you be excluded from this process.
If you have been or have a reasonable belief that you are likely to be a victim of fraud, you can contact the CRB and request for a “ban-period“. For a period of 21 days after the credit reporting body receives your notification the credit reporting body must not use or disclose that credit information. The CRB will not be permitted to use your personal or credit related information during this time.
14. Notifiable matters
From February 2018, the Privacy Act includes a new Notifiable Data Breaches scheme (NDB) which requires us to notify you and the Office of the Australian Information Commissioner (OAIC) of certain data breaches and recommend steps you can take to limit the impacts of a breach (for example, a password change).
The NDB scheme requires us to notify about a data breach that is likely to result in serious harm to affected individuals. There are exceptions where notification is not required. For example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.
If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as possible and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.
If you believe that any personal information, we hold about you has been impacted by a data breach, you can contact us using the contact details below.
15. Updating your personal information
It is important to us that the personal information we hold about you is accurate and up to date. During the course of our relationship with you, we may ask you to inform us if any of your personal information has changed.
If you wish to make any changes to your personal information, you may contact us. We will generally rely on you to ensure the information we hold about you is accurate or complete.
16. Your Privacy Rights
In this section 16, we have summarised the rights that you have under the Privacy Laws. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
The summary of your principal rights under Privacy Laws are:
(a) to request, at any time, for us to inform you of the personal information we hold about you;
(b) the right to access your personal information and we will respond to you within 30 days of making a request;
(c) the right to rectification of your personal information;
(d) the right to erasure (where we have no legitimate right or business requirements to retain your personal information);
(e) the right to restrict or object to processing (where we have no legitimate right or business requirements to process your personal information);
(f) the right to complain to a supervisory authority; and
(g) the right to withdraw your consent (where we have no legitimate right or business requirements to retain or process your personal information).
We may refuse to give you access to personal information we hold about you if we reasonably believe that giving access would pose a serious threat to the life, health or safety of an individual, or to the public health or safety, where giving access would be unlawful, where giving access would have an unreasonable impact on the privacy of other individuals, if there are legal proceedings, or if we consider the request to be frivolous or vexatious.
If we refuse to give you access to or to correct your personal information, we will give you a notice explaining our reasons except where it would be unreasonable to do so.
17. How safe and secure is your personal information that we hold?
We will take reasonable steps to protect your personal information by storing it in a secure environment. We may store your personal information in paper and electronic form. We will also take reasonable steps to protect any personal information from misuse, loss and unauthorised access, modification or disclosure.
If we are no longer required or wish to keep your personal information for the purpose it was collected, we will securely destroy it or remove all identity features from the information unless we are legally required to keep it for a period of 7 years after an account is closed.
18. Complaints Handling
Contact Us
You may exercise any of your rights in relation to your personal information by contacting us. If you have a question or complaint about how your personal information is being handled by the Columbus Capital Group, our affiliates or contracted service providers, please contact us first on the following email: service@originmms.com.au.
We will try to have your complaint resolved within 5 business days, but it may take longer depending on the complaint. If this is the case, we will aim to resolve your complaint within 30 days.
You can request further information about the way we manage the personal information that we hold, or make a complaint, by contacting our:
Privacy Officer
telephoning: 1300 767 023
e-mailing: service@originmms.com.au
writing to: Origin MMS, PO Box A1244, Sydney South NSW 1235
If you are dissatisfied with the response of our Complaints Officer you may make a complaint to our External Dispute Resolution Scheme:
Australian Financial Complaints Authority Limited (AFCA)
GPO Box 3
Melbourne VIC 3001
Telephone: 1800 931 678
Email: info@afca.org.au
Website: https://www.afca.org.au/
The Office of the Australian Information Commissioner
Under the Privacy Laws you may also complain to the Office of the Australian Information Commissioner (OAIC) about the way we handle your personal information. Please note the OAIC requires that any complaint be first made to the respondent organisation, which is us. The law also allows 30 days for the respondent organisation to deal with the complaint before a person may make a complaint to the OAIC.
The Commissioner can be contacted at:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au
19. Amendments
We may update this Privacy Policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this Privacy Policy.
This Privacy Policy is dated 11 March 2021.