Key Factors Pty Ltd (ACN 009 398 369) collects and manages personal information as described in this policy. We can manage information about individuals involved and associated with facilities where we may provide a facility; guarantors of both individual and company clients and individuals who may provide a guarantee; individuals who may sell goods or services to a client; individuals who are or become customers of a client; and individuals that are associates of entities that do any of those things.
This document sets out our policy on the management of personal information which we have about individuals. Those individuals include clients to whom we may provide or may have provided a facility, guarantors of both individual and company clients and individuals who may provide a guarantee, and individuals who are or become customers of our clients.
Our privacy assurance to you
- the kinds of personal information we may collect and hold;
- how we may collect personal information;
- the purposes for which we collect, hold, use and disclose the personal information;
- how an individual may access personal information we may hold
- how an individual may complain about a breach of the Australian Privacy Principles and the Credit Reporting Privacy Code and how we may deal with the complaint; and
The kinds of personal information we collect and hold
We collect and hold credit information about individuals who are clients, guarantors, debtors, and associates. This information includes:
- identification information, such as the individual’s name, address, and date of birth;
- the note we make of the disclosure of credit information we make to a credit reporting body so that we can obtain credit information.
- the type of commercial credit and the amount of credit sought in an application that has been made
- court proceedings information about the individual, this is information about a judgment of an Australian court against the individual in proceedings (other than criminal proceedings) that relate to any credit that has been provided to, or applied for by, the individual; and
- personal insolvency information about the individual, this is information that is entered or recorded in the National Personal Insolvency Index
- consumer credit liability information, default information, payment information, new arrangement information, and publicly available information concerning consumer credit which the individual has obtained from other credit providers.
- creditworthiness information about the individual that credit reporting bodies derive from the above information. This could include credit scores, risk ratings, and other evaluations.
We only obtain credit reporting information from credit reporting bodies to the extent we are entitled to obtain it under the Privacy Act 1988.
We may disclose credit information (such as identification information) about an individual to a credit reporting body.
Under various laws, we will be (or may be) authorised or required to collect personal information about an individual. These laws include the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, Personal Property Securities Act 2009, Corporations Act 2001, Autonomous Sanctions Act 2011, Income Tax Assessment Act 1997, Income Tax Assessment Act 1936, Income Tax Regulations 1936, Tax Administration Act 1953, Tax Administration Regulations 1976, A New Tax System (Goods and Services Tax) Act 1999 and the Australian Securities and Investments Commission Act 2001 as those laws are amended and include any associated regulations.
How we collect personal information
We may collect personal information from or about you in a number of circumstances, including: from publicly available sources of information, when you use our services or contact us directly when you sign up to receive information from us when you use our website and/or via software, such as cookies and web/tracking pixels (also known as “web beacons”), when you provide or offer services to us, from a third party entity engaged to collect the personal information from you on behalf of Key Factors, from our records at Key Factors, and when legally required to do so.
- Key Factors will, at all times, take reasonable steps to collect your personal information directly from you, unless: it is unreasonable or impracticable for us to do so; or we have contracted with a third-party entity to collect the information from you and to store the information for us; or you consent to the collection of the information from someone other than you; or we are required or authorised by or under Australian law, or a court/tribunal order, to collect the information from someone other than you.
The main consequence for you if all or some of the personal information is not collected by us is that we may be unable to process your (or the person’s) application; we may decide not to provide a facility or we may decide to restrict or end a facility; we may not be able to complete a transaction in which you are involved.
The credit eligibility information is obtained from a credit reporting body.
- In all circumstances, it will not be possible or practicable for Key Factors, in the course of conducting its activities, to deal with individuals who have not identified themselves or who have used a pseudonym. Key Factors is required and/or authorised under Australian law to deal only with individuals who have identified themselves.
We collect personal information, other than credit eligibility information, about individuals in a variety of ways. For example, we may obtain the information from the individual or from persons acting on the individual’s behalf. When it is possible and practical, we will collect the information directly from the individual. When it is not practical or reasonable to do so we will collect the information from a third party. The third-party could be an authorised representative (such as a broker, agent, accountant, or lawyer), another financial institution, a referee, an employer, or a government body. When the individual is a debtor or an associate, we may obtain the information from the client. The credit eligibility information is obtained from a credit reporting body.
How we hold credit information and credit eligibility information
We take all reasonable steps to ensure that an individual’s personal information which we hold is protected from misuse, interference, or loss and unauthorised access, modification, or disclosure.
We do this by having physical, electronic, and procedural safeguards that protect the personal information we hold. For example, personal information is stored in secure office premises or in secure archiving facilities, and logins and passwords are required to access electronic databases. Our staff are required to maintain the confidentiality of personal information and access to personal information is restricted to persons who require access to perform their duties.
The purposes for which we collect, hold, use and disclose personal information
We collect, hold, use, and disclose credit information and credit eligibility information on individuals for purposes permitted by law that are reasonably necessary for our business activities. Those purposes include:
- if the individual is a client, to determine if we should provide a facility that includes the provision of commercial credit to the individual and, if we decide to provide it, to assist in the provision of the facility.
- if the individual is a guarantor, to determine whether we should accept a guarantee from the individual and, if the guarantee is given, to deal with or enforce our rights under the guarantee and any security which may be given to secure it;
- if the individual is an associate of the client, to determine if we should provide a facility which includes the provision of commercial credit to the client and to assist in the provision of that facility;
- if the individual is an associate of the debtor, to assist us to verify the debt owed by the customer and to collect and enforce the debt. For example, we may record the name and office phone number of a person in the customer’s accounts payable department and telephone that person to verify the debt;
- to assist in the management and enforcement of the facilities we provide, for data analysis and internal management;
- to provide information to credit reporting bodies to the extent this is permitted by the Privacy Act 1988;
- to deal with complaints and legal proceedings;
- to meet our legal and regulatory requirements
Notification of data breaches
We recognise the obligation to notify affected individuals, as well as the Australian Information Commissioner, of “eligible data breaches” as defined for the purpose of Part IIIC of the Privacy Act 1988. We will provide the notification when we are required to do so by that Act.
“associate” means a person who is or may become an officer, trustee or employee of the client, the guarantor, a seller of goods or services to the client or a customer of the client;
“client” means a person (such as a company, sole trader, or partnership) to whom we have provided a facility including the provision of commercial credit and includes a person who has applied for, or may apply for, a facility of that type;
“debtor” means a person who owes, or may owe, an account (also known as a book debt) which the client has sold to us or may sell to us or in which the client has granted, or may grant, a security interest to us;