Connect with us
Privacy Policy
Legal Disclaimer
Introduction
Collecting Personal Information
Use of Disclosure of Personal Information
Information Security
Credit Reporting and Credit-related Personal Information
Access to and correction of personal information
Complaints
Indue is committed to protecting the privacy of personal information. Personal information is any information or opinion about an identifiable individual (“you”, “your”).
The purpose of this policy is to describe how we deal with personal information, including personal information that is
collected from third parties. This policy sets out:
This policy covers Indue Ltd ABN 97 087 822 464 and its subsidiaries (“Indue”, “we”, “our”, “us”). You may contact us
using the following details:
Post: PO Box 5389, West End, QLD 4101
Phone: 07 3258 4222
Email: [email protected]
Website: www.indue.com.au
Under the Privacy Act, we are bound to comply with the Australian Privacy Principles (“APPs”), which govern how
certain entities handle personal information.
In some circumstances, we also deal with credit-related personal information. Therefore, in relation to that information, we are also bound by the provisions of the Privacy Act that regulate the credit reporting system.
For details on what kind of credit-related personal information we deal with and how we deal with credit-related
personal information, please refer to pages 5 – 6 below.
As a provider of wholesale payment products, a large majority of Indue’s clients are institutional. In order to carry out our various functions, the personal information we collect includes details about individuals who are our clients’
customers (where such details may include transactional information, personal details (such as name or date of birth)
and debit and credit card numbers) and staff (where such details may include names and contact details).
We collect the type of information mentioned above directly from our clients, as well as from other third parties,
including various participants in the financial system such as other financial institutions and data switch providers.
We require our clients to ensure that the information they submit to us is accurate, appropriately authorised and
compliant with relevant laws.
In relation to some products we provide, we also enter into direct arrangements with individual consumers. For
example, we issue gift and prepaid cards to individuals and enable individuals to enter into direct debiting arrangements with us. In these circumstances, we may collect personal information:
From time to time, the law may require us to collect certain information from a client or individual in order for us to be
able to provide that client or individual with a product or service. This includes in circumstances where we are required to identify individuals (which may include account signatories) for the purposes of complying with the Anti-Money
Laundering and Counter-Terrorism Financing Act.
We may also collect personal information from publicly available sources. For example, we may collect information
from online directories, public registers and other websites.
If we do not collect your personal information, we may be unable to provide our clients or you with a product or service.
In circumstances where we deal with you as an individual trader who applies for a product or service from us, we may collect personal information (such as contact details and financial information) direct from you. In these circumstances, we may also collect your Tax File Number (“TFN”) from you. We request this from anyone setting up a deposit account with us, so that we are able to pay interest in relation to that account. It is not compulsory to provide a TFN when requested. However, if you do not provide your TFN, we may be unable to establish an account in your name or we may be unable to pay interest on the account or we may have to deduct withholding tax from your interest payments
at the highest applicable rate.
As an employer, we also collect personal information about job applicants, which we may collect directly from you as a job applicant, via third parties such as recruitment agencies and job websites or from publicly available information.
We do not normally collect sensitive information, such as health information, sexual orientation and details about
religious and political affiliations. Under the law, we are able to do so only if that information is reasonably necessary for or directly related to our functions and if you have consented to the collection of the information.
Because we are an outsourced service provider for clients, there may be circumstances when sensitive information about customers of our clients (ie you) is disclosed to us. For example, we have clients who are credit providers to individuals who may disclose health circumstances to their credit provider when making a hardship application. Such
credit providers may store notes about those circumstances in our systems, to enable them to consider and service the application. Those clients are required to obtain your consent to the disclosure of your sensitive information.
In circumstances where we receive unsolicited personal information, we will determine whether or not we could have
lawfully collected that information in accordance with the Australian Privacy Principles. If we determine that we could have, we will handle that information in accordance with this policy and the Australian Privacy Principles. This means that you have rights to access, seek correction of and make complaints in respect of our handling of that information in accordance with the procedures set out below.
If practicable, we will deal with you anonymously (or under a pseudonym) if you advise that you do not want to share your name or other personal information with us. For example, this may be practicable if you are just making a payment or an enquiry.
The Indue website uses cookies and other digital identifiers. These are small files or identifiers we send to your browser and may include:
Using these cookies and identifiers enables us to collect information about you. For example, they enable us to collect information about your usage of our website, your usage of third party websites, your location and IP address.
In some circumstances, this information may enable us to identify who you are. For example, if you provide personal information on the Indue website and if we send a cookie to your browser, we may be able to determine how you personally use our website and other websites.
To the extent that the information we collect about you is personal information that enables us to identify you, the Australian Privacy Principles apply. This means that we will treat that information in accordance with our Privacy Policy.
Otherwise, if the information we collect is not personal information, we will use that information as we see fit.
There are ways you can clear cookies or identifiers from your browser and block cookies or identifiers from being used.
Please refer to the security settings for your browser.
We may use the personal information we collect:
For details on the products and services we provide, please visit our website (www.indue.com.au).
In relation to job applicants’ personal details, we use this information to consider applicants for positions within our organisation.
There are certain laws that require us to keep certain types of information for a period of time. Subject to those
requirements, we will take such steps that are reasonable in the circumstances to destroy (or make anonymous) any personal information we hold once we no longer need that information. When we destroy personal information, we do so using secure destruction facilities.
We may provide information about individuals to:
Some of the third parties listed above, such as some outsourced service providers, may be overseas, such that your
details may be sent to countries other than Australia. These countries include, but are not limited to, the Republic of
Ireland, US, UK, Israel, Spain and The Netherlands.
We maintain robust physical, electronic and procedural safeguards to protect the personal information we hold from loss, unauthorised access, modification and disclosure. These include procedures for ensuring physical security and
computer system and network security. For example, appropriate locks and security systems are installed at our premises where we store personal information and the networks we manage are protected by firewalls that undergo penetration testing at regular intervals.
Authorised Indue personnel are provided with access to personal information only as necessary to perform their roles and these personnel have agreed to ensure the confidentiality of the information they handle. Staff also undertake privacy training at regular intervals.
As a financial institution that deals with financial information and card data, we are subject to various security standards and guidelines set by the payment industry and the Australian Prudential Regulation Authority. Our systems and procedures undergo regular audits in order to identify risks to information security so that we can take reasonable steps to mitigate and eliminate any such risks.
Our websites may contain links to other sites. Indue is not responsible for the privacy practices or the content of such
web sites. We encourage you to read the privacy statements of any linked sites as their privacy policy may differ from ours.
In some circumstances, we deal with individuals who may be required to guarantee the obligations of an entity applying to Indue for a wholesale facility. Such individuals are often the directors of a corporate applicant. When we deal with you for this purpose, we may be required to collect certain personal information from you to enable us to:
Similarly, if you apply to us for a facility in your capacity as a sole trader or member of a partnership, we may be required to collect personal information from you to enable us to:
In these circumstances, we will obtain your consent before providing your information to a credit reporting body. If you do not provide us with your relevant personal information, we may be unable to enter into an agreement with you or, where you may act as a guarantor, we may be unable to enter into an agreement with the entity applying for the facility.
The information that we may disclose to a credit reporting body for the above purpose includes your name, address,
gender, date of birth and the fact that you are dealing with Indue for a commercial-credit related purpose.
We disclose information to the following credit reporting body:
Name: Equifax Australia
Information Services and Solutions Pty Ltd
Phone: 13 8332
Address: GPO Box 964, North Sydney, NSW 2059
Web: www.equifax.com.au/understanding-your-credit-file
We are not a consumer credit provider and we do not disclose any consumer credit information to credit reporting bodies.
When we provide your information to a credit reporting body as set out above, we do so in order to request from the credit reporting body a credit report about you. A credit report contains information such as your credit history and other information designed to assist in assessing your creditworthiness.
This assists us to make the assessments and manage and administer the services as set out above. When doing so, we use the information provided to us by the credit reporting body together with information provided by you, or the entity for which you may act as guarantor, when submitting the relevant facility application and supporting documents.
In relation to assessing your ability to be a guarantor, if, as a result of our assessment, we determine that we cannot provide the applicant entity with the facility it has applied for due wholly or partly due to adverse information received or derived from your credit report, we may disclose to the entity that fact (without disclosing particulars).
Other than this, we do not disclose to any other third parties any information we have received or derived from your credit report, except where we may be required or authorised by the law to do so.
You have the right to request that credit reporting bodies not use or disclose credit reporting information about you if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.
In addition to collecting credit-related personal information from a credit reporting body as set out above, there may be circumstances when we collect credit-related personal information about individuals from other parties.
For example, we have institutional clients who utilise our systems for the processing and storing of information in relation to credit cards, personal loans, mortgages and other credit related facilities that are issued by those clients to
individuals. If you are the individual holder of one of those products, we may collect and store information that
includes:
Any of above credit information that is collected by us would be collected from:
It is possible for a credit provider (being our client and the issuer of the product) to store general notes in our system in relation to your account. Therefore, there may be circumstances where we collect (by the credit provider inputting the information into our system) credit eligibility information about you. For example, this may occur if you have applied for an increase in your credit limit and if the credit provider inputs into our system notes that are relevant to that application. Credit eligibility information includes information that was disclosed to a credit provider by a credit reporting body, such as information from a credit report.
We collect the above information for the purpose of providing a service to our clients, being the issuers of the products. Our clients use our system to effectively manage the credit products they provide to the market. We may disclose to third parties the credit information we hold only for this purpose, or as required or authorised by the law.
Refer to page 4 above for details on the purposes for which we may disclose personal information generally, which may include information that relates to the use of your credit product.
Generally, we do not disclose to third parties any credit-eligibility information that we hold in our system. Exceptions to this are where we are required or authorised by the law to disclose it or as necessary for the provision of secure back-up facilities for our systems.
With some exceptions, if we hold personal information (including any credit-related personal information) about you, you have the right to find out what that information is and request us to correct or update the information if necessary.
Please contact us using the contact details set out on page 1 of this policy if you would like to find out what information we hold about you. Before considering whether we can grant you access, we will need to verify your
identity.
There may be circumstances when we are unable to let you know what information we hold about you. For example, we will be unable to grant access where to do so would violate the privacy of another individual. We may also be unable to grant you access if we cannot verify your identity. Circumstances where we are unable to verify your identity
may include where you have a customer relationship with one of our clients (such as a credit union or other financial institution or organisation), rather than us, meaning that we may not be in a position to reliably verify your identity.
In the circumstances above, we will write to you to explain the reason and, if possible, we will endeavour to assist you in finding another way to access your information. Where applicable, this may involve us referring you to our client (such as a credit union or other financial institution or organisation) with whom you have a customer relationship.
Otherwise, we will grant you access within a reasonable period of time after you request the information. This will usually be within 30 days of your request. If reasonable and practicable, we will provide you with access in the manner you requested. We may charge you a fee for that access, but under the law we are not permitted to charge an excessive fee.
Please contact us using the details set out on page 1 of this policy if you think that any of the information we hold about you is incorrect or out-of-date. If you request us to correct any of your information, we will respond to your request within a reasonable period of time and we will not charge you for correcting or updating your information.
If your request relates to credit-related personal information that we hold, we will notify you of our decision on correcting the information within 5 business days of the decision. Where we are satisfied that the relevant credit-related personal information is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will take reasonable steps to correct the information within 30 days of your request, or such other period of time that you agree to.
You may also request that we notify another relevant organisation (for example, an outsourced service provider
mentioned above) to whom we have disclosed your personal information in circumstances where we correct that information. In that case, we will take steps (if reasonable) to notify that organisation of the correction so that it may also update its own records.
Similarly, if you are a customer of one of our clients and if you request that institution corrects its records about you, you may also request that the institution notifies us of the correction so that we may update our own records that may contain personal information about you. For this reason, if you do not have a customer relationship with us and if you are a customer of one of our clients we encourage you in the first instance to contact that entity with whom you have a
customer relationship.
In circumstances where we refuse to correct or update your personal information as you request, we will write to you
to explain the reasons for the refusal (if reasonable) and provide details to you about how you may complain about the
refusal.
Details about how you may complain about our handling of personal information, including in relation to any request for access or correction, are set out below.
Although we take every reasonable care to ensure the privacy of your personal information, there may be
circumstances when you have a concern or complaint.
If you have a complaint that relates to any personal information we hold about you, please contact the relevant Indue
team or department you have dealt with in the first instance. Otherwise, please contact Indue’s Head of Operations & Customer Service, who is appointed as our Complaints Management Handling Representative. The Head of Operations & Customer Service may be contacted using the following details:
Mail: Head of Operations & Customer Service
Indue Ltd
PO Box 5389
West End QLD 4101
Alternatively, you may contact our call centre using the following details:
Phone: 07 3258 4222 between 9.00am – 6.00pm Monday to Friday.
We aim to acknowledge receipt of your complaint within 24 hours of receiving it, or as soon as practicable. Indue will attempt to resolve your complaint at the first point of contact through our Internal Dispute Resolution processes. If we are unable to resolve your complaint by the end of the 5th business day we will notify you in writing. Once our
investigation has completed, we will provide you with an ‘Internal Dispute Resolution (IDR) response’. However, please
be aware that we will not provide you with an IDR response if we close the complaint by the end of the 5th business day after receipt and we have, resolved the complaint to your satisfaction or given you an explanation and/or apology when we can take no further action to reasonably address the complaint. We will still provide you with a written
response even when the compliant is resolved within 5 business days if you have requested a written response.
The maximum allowable timeframe for resolving a complaint is 30 days after receipt of the complaint.
If you are not satisfied with the resolution of your complaint, you can lodge a complaint with the Australian Financial Complaints Authority, or AFCA. AFCA provides fair and independent financial services complaint resolution that is free
to consumers.
Website: www.afca.org.au
Email: [email protected]
Telephone: 1800 931 678 (free call)
In writing to: Australian Financial Complaints Authority
GPO Box 3, Melbourne VIC 3001
Alternatively, you may contact the Office of the Australian Information Commissioner (“OAIC”). The OAIC may be contacted using the following details:
Website: www.oaic.gov.au
Email: [email protected]
Phone: 1300 363 992
Mail: GPO Box 5288
Sydney NSW 2001
Fax: 02 6123 5145
This site is managed by Indue Ltd ABN 97 087 822 464.
All information regarding any products or services described in this site can be withdrawn or varied by Indue at any time.
Indue is not responsible to you or anyone else for any loss (including any indirect or consequential loss or damage) suffered in connection with the use of this website or any of the content. This includes, but is not limited to, the transmission of any computer virus.
Indue makes no warranties or representations about this website or any of the content displayed on it. We exclude, to the maximum extent permitted by law, any liability which may arise as a result of the use of this website, its content or the information on it.
Where liability cannot be excluded, any liability incurred by Indue in relation to the use of this website or the content is limited as provided under the Australian Consumer Law. By accessing and using this website you agree that Indue will not be liable for any indirect, incidental, special or consequential loss arising out of your use of this website.
This website is linked to other websites over which we have no control. Indue makes no representations about the accuracy of information contained on those websites. Indue is not liable for the content on those websites.
Indue will not be responsible for any unauthorised access to information you forward to this site during its transmission to us. If you are not comfortable sending any information over the Internet, please contact us on 07 3258 4222 to discuss alternative methods for providing any information.
All personal information contained on this site is dealt with in accordance to the Privacy Policy that appears on this site.
The information and material contained in this site is subject to copyright, which is owned by Indue, unless otherwise indicated.