Privacy Policy

Effective from 1st January 2023

PRIVACY AND CREDIT REPORTING POLICY

Your information

We respect your personal information and this Privacy Policy explains how we handle it. The policy covers Australian Sun Energy Pty Ltd (ABN 38 137 709 294) and all its related companies (the Group). This Policy also includes our Credit Reporting Policy. It covers additional information on how we manage your personal information collected in connection with a credit application or a credit facility (credit information) and is our Credit Reporting Policy for the purposes of Part IIIA of the Privacy Act 1988 (Cth).

Types of personal information we collect and hold

The types of information that we collect and hold about you could include:

• ID information such as your name, date of birth, contact details (including address, email address and telephone numbers), occupation and driver’s licence number;

• Other contact details such as social media handles;

• Financial details, such as your bank account or credit card details;

• Credit information such as details relating to credit history, credit capacity and eligibility for credit (credit worthiness); and other information we think is necessary.

You might also need to provide personal information about other individuals to us (eg about your authorised representatives). If so, we rely on you to inform those individuals that you are providing their personal information to us and to advise them about this Policy.

Types of credit information we collect and hold

Information from a Credit Reporting Body (CRB)

When we’re checking your credit worthiness and at other times, we might collect information about you from CRBs. This information can include:

• A record of your name(s) (including an alias or previous name), date of birth, gender, current or last known address and previous two addresses, name of current or last known employer and driver’s license number;

• A record of a lender asking a CRB for information in relation to a credit application, including the type and amount of credit applied for;

• A record of your consumer credit payments being overdue;

• A record of when a lender reasonably believes that there has been a fraud relating to your consumer credit or that you have avoided paying your consumer credit payments and the credit provider can’t find you;

• A record relating to your bankruptcy or your entry into a debt agreement or personal insolvency agreement;

• An Australian court judgment relating to your credit;

• A record relating to your activities in Australia and your credit worthiness; certain details relating to your consumer credit, such as the name of the credit provider, whether the credit provider has an Australian Credit License, the type of consumer credit, the day on which the consumer credit was entered into and terminated, the maximum amount of credit available and certain repayment terms and conditions;

• A record of whether or not you’ve made monthly consumer credit payments and when they were paid;

• If a lender gave a CRB default information about you and the overdue amount is paid, a statement that the payment has been made;

• if a lender gave a CRB default information about you and your consumer credit contract is varied or replaced, a statement about this. We base some things on the information we get from CRBs, such as:

• Summaries of what the CRBs tell us;

• Credit scores, being a calculation that lets us know how likely it is that a credit applicant will repay credit we may make available to them.

Information we collect via your website activity

We use ‘cookies’ on our websites to provide you with a better and more effective website experience. A cookie is a small text file placed on your computer by a webpage server which may later be retrieved by webpage servers. In common with most other websites, our websites use cookies to collect information about your use of those websites. Cookies allow website operators to assign a unique identifier to a computer, which can be used to associate requests made to the website by that computer. Cookies indicate to a website that a computer has been there before and can be used to record things such as what parts of a website or other websites have been visited from that computer. We use cookies for various purposes. A cookie is allocated to each Internet browser that visits any of our websites.

This cookie does not allow us to collect personally identifiable information about you, but is used:

• To allocate an identification number to your Internet browser (you cannot be identified from this number);

• To determine if you have previously visited the website;

• To track and report on website and online campaign performance;

• To identify other pages or third parties’ websites you have accessed;

• For security purposes;

• To personalise your web browsing experience.

If you wish, you can generally configure your browser so that it does not receive cookies, but if you do so some of the functionality of our websites may not be available. We also know that some customers like to engage with us through social media channels. We may collect information about you when you interact with us through these channels.

How we collect your personal information

We will usually try to collect personal information directly from you and there are many ways that we might do this (solicited information). We might collect your information when you’ve filled in a form, sent us emails, letters or facsimiles, when you’ve given us a call, used our websites, signed up for a training program, dropped into one of our branches, subscribed to our publications or entered into our competitions. Sometimes we may supplement the information we collect with information from other sources, such as commercially available sources and data providers, as well as information from our business partners or related and affiliated companies in Australia or internationally.

Consequences of not providing your personal information

If you don’t provide your personal information to us, we may not be able to:

• Provide you with the product or service you want;

• Manage or administer your product or service;

• Verify your identity or protect against fraud; or

• Let you know about other products or services that might also meet your needs.

How we collect your credit information

We will collect your credit information from details included in your application for credit (whether paper based, phone or electronic). In addition to what we say above about collecting information from other sources, other main sources for collecting credit information are:

• CRBs;

• Credit providers;

• Your co-applicants;

• Your guarantors/proposed guarantors;

• Your referees;

• Your agents and other representatives;

• Organisations that help us to process credit applications;

• Organisations providing insurance to us;

• Bodies that issue identification documents to help us check your identity; and

• Our service providers involved in helping us to provide credit or to administer credit products, including our debt collectors and our legal advisers.

Unsolicited information

Sometimes people share information with us which we haven’t sought out (unsolicited information). Where we receive unsolicited personal information about you, we will check whether that information is reasonably necessary for our functions or activities. If it is, we’ll handle this information the same way we do with other information we seek from you. If not, we’ll ensure we do the right thing and destroy or de-identify it.

How we hold your information

We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure.

Some of the ways we do this are:

• Confidentiality requirements of our employees;

• Document storage security policies; • security measures for access to our systems;

• Control of access to our buildings; and

• Electronic security systems, such as firewalls and data encryption on our websites.

We can store personal information physically or electronically with third party data storage providers. Where we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put that information. We’ll only keep your information for as long as we require it for our purposes. We’re also required to keep some of your information for certain periods of time under law, such as the Corporations Act. When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.

How we use your personal information

Main uses

Because we offer a range of services and products, collecting your personal information allows us to provide you with the products and services you’ve asked for.

This means we can use your information to:

• Contact you to provide you with information about products and services;

• Consider your request for products and services, including your eligibility;

• Process your request or application for products and services;

• Provide you with products and services; and

• Administer products and services, which includes answering your requests and complaints, varying products and services and taking any required legal action in relation to our accounts.

Marketing

We may use or disclose your personal information to let you know about products and services that might better serve your needs, or for running competitions or promotions and other opportunities in which you may be interested. We may conduct these marketing activities via email, telephone, SMS, iM, mail or other electronic means. We may also market our products to you through third party channels (such as social networking sites). We will always let you know that you can opt out from receiving our marketing offers at any time. We will process your opt out request as soon as practicable. Where we market to prospective customers, we are happy to let them know how we obtained their information and will provide easy to follow opt-outs. With your consent, we may disclose your personal information to third parties, such as brokers or agents, or for the purpose of connecting you with other businesses or customers. You can ask us not to do this at any time.

Other uses

Other than for the main uses set out above and for marketing purposes, we may use your personal information for:

• Assisting in arrangements with other organisations (such as loyalty partners, energy companies, industry bodies) in relation to a product or service we make available to you;

• Allowing us to run our business and perform administrative and operational tasks, such as:

• Training staff;

• Developing and marketing products and services;

• Risk management;

• Systems development and testing, including our websites and other online channels;

• Undertaking planning, research and statistical analysis;

• Preventing or investigating any fraud or crime, or any suspected fraud or crime;

• As required by law, regulation or codes binding us; and • for any purpose for which you have given your consent.

How we use your credit information

In addition to the ways for using personal information mentioned above, we may also use your credit information to:

• Enable an insurer to assess the risk of providing insurance to us or to address our contractual arrangements with the insurer;

• Assess whether to accept a guarantor or the risk of a guarantor being unable to meet their obligations; and

• Consider hardship requests.

Sharing your personal and credit information

To make sure we can meet your specific needs, and for the purposes described above, we sometimes need to share your information with others. We may share your information with other organisations for any purposes for which we use your information.

Sharing with the Group

We may share your information with other Group members. This could depend on the product or service you have applied for and the Group member you are dealing with.

Sharing at your request

We may need to share your information with:

• Your representative or any person acting on your behalf (for example, financial advisers, lawyers, accountants, executors, administrators, trustees, brokers or auditors); and

• Your referees (to confirm details about you).

Sharing with CRBs

We may disclose information about you to a CRB if you are applying for credit or you have obtained credit from us or if you guarantee or are considering guaranteeing the obligations of another person to us or you are a director of a company that is an applicant or borrower or guarantor. When we give your information to a CRB, it may be for the following purposes:

• To obtain a credit report about you;

• To allow the credit CRB to create or maintain a credit information file containing information about you.

When we give your information to a CRB, it may be included in reports that the CRB gives other organisations to help them assess your credit worthiness. Information that reflects adversely on your credit worthiness may affect your ability to get credit from other lenders.

The information that we share with a CRB may include:

• The fact that you have applied for credit and the amount;

• If applicable, the fact that we are a current credit provider to you;

• Details of loan repayments which are overdue by more than 60 days and for which debt collection action has started;

• Advice that your loan repayments are no longer overdue in respect of any default that has been listed;

• Information that we reasonably believe that there has been a fraud relating to your consumer credit or that you have avoided paying your consumer credit payments or shown an intention not to comply with your credit obligations;

• Details of dishonoured cheques, being cheques drawn by you for $100 or more which have been dishonoured more than once;

• That credit provided to you by us has been paid or otherwise discharged.

Sharing with third parties

We may disclose your personal information to third parties, including:

• Those involved in providing, managing or administering your product or service;

• Authorised representatives who sell products or services on our behalf;

• Valuers, insurers, re-insurers, claim assessors and investigators;

• Brokers or referrers who refer your application or business to us;

• Loyalty program partners;

• Other financial institutions, such as banks;

• Organisations involved in debt collecting, including purchasers of debt;

• Fraud reporting agencies (including organisations that assist with fraud investigations and organisations established to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime, or misconduct of a serious nature);

• Government or regulatory bodies (including local councils and electricity authorities) as required or authorised by law (in some instances these bodies may share it with relevant foreign authorities);

• Our accountants, auditors or lawyers and other external advisers;

• Guarantors and prospective guarantors of your credit facility;

• Organisations that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems;

• Organisations that participate with us in payments systems including merchants, payment organisations and organisations that produce cards, cheque books or statements for us; • our joint venture partners that conduct business with us;

• Organisations involved in a corporate re-organisation or transfer of Group assets or business;

• Organisations that assist with our product planning, research and development;

• Mailing houses and telemarketing agencies who assist us to communicate with you;

• Other organisations involved in our normal business practices, including our agents and contractors; and

• Where you’ve given your consent.

Overseas Disclosures

We may occasionally need to share some of your information (including credit information) with organisations outside Australia. Sometimes, we may need to ask you before this happens. The countries in which these organisations are located are:

• Singapore • New Zealand • China • Germany • Austria • Italy • United States • United Kingdom

We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed. Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure. We will not share any of your credit information with a CRB unless it has a business operation in Australia. We are not likely to share credit eligibility information (that is, credit information we obtain about you from a CRB or that we derive from that information) with organisations unless they have business operations in Australia.

Accessing your personal and credit information

Accessing your personal information

We‘ll always give you access to your personal information unless there are certain legal reasons why we can’t. We will give you access to your information in the form you want it where it’s reasonable and practical.

We’re not always required to give you access to your personal information. Some of the situations where we don’t have to give you access include when:

• We believe there is a threat to life or public safety;

• There is an unreasonable impact on other individuals;

• The request is frivolous;

• The information wouldn’t be ordinarily accessible because of legal proceedings;

• It would prejudice negotiations with you;

• It would be unlawful;

• It would jeopardise taking action against serious misconduct by you;

• It would be likely to harm the activities of an enforcement body (eg. the police); or

• It would harm the confidentiality of our commercial information.

If we can’t provide your information in the way you’ve requested, we will tell you why in writing.

Accessing your credit eligibility information

Where you request access to credit information about you that we’ve got from CRBs (or based on that information), you have the following additional rights.

We must:

• Provide you access to the information within 30 days (unless unusual circumstances apply); • Make the information clear and accessible;

• Ask you to check with CRBs what information they hold about you. This is to ensure the information is accurate and up-to-date.

• We are not required to give you access to this information if: it would be unlawful; or

• It would be likely to harm the activities of an enforcement body (eg the police).

We may also restrict what we give you if it would harm the confidentiality of our commercial information.If we refuse to give access to any credit eligibility information, we will tell you why in writing.

Correcting your personal and credit information

Correcting your personal information

Contact us if you think there is something wrong with the information we hold about you and we’ll try to correct it if it is:

• Inaccurate;

• Out of date;

• Incomplete;

• Irrelevant; or

• misleading.

If you are worried that we have given incorrect information to others, you can ask us to tell them about the correction. We’ll try and help where we can – if we can’t, then we’ll let you know in writing.

Correcting your credit information

Whether we made the mistake or someone else made it, we are required to help you ask for the information to be corrected. So we can do this, we might need to talk to others. However, the most efficient way for you to make a correction request is to send it to the organisation which made the mistake. If we’re able to correct the information, we’ll let you know within 7 days of deciding to do this. We’ll also let the relevant third parties know as well as any others you tell us about. If there are any instances where we can’t do this, then we’ll let you know in writing. If we’re unable to correct your information, we’ll explain why in writing within 7 days of making this decision. If we agree to correct your information, we’ll do so within 30 days from when you asked us. If we need more time, we will notify you about the reasons for the delay and ask for your agreement to extend this 30 day period (if you do not agree, we may not be able to resolve your complaint).

How to make a complaint

Complaints about personal information

If you have a complaint about how we handle your personal information, including if you think that we have failed to comply with the Australian Privacy Principles (APP) or any binding APP code that has been registered under the Privacy Act, you are always welcome to contact us by using our details set out below. We are committed to acknowledging your complaint in a prompt manner and will give you an estimated timeframe for when we will respond to your complaint. How to make a complaint regarding our compliance with Part IIIA of the Privacy Act and the Credit Reporting Privacy Code If you think that we have not complied with Part IIIA of the Privacy Act or with the Credit Reporting Privacy Code (which regulates credit reporting) you can make a complaint by using the contact details set out below. We will acknowledge your complaint in writing as soon as practicable within 7 days. We will aim to investigate and resolve your complaint within 30 days of receiving it. If we need more time, we will notify you about the reasons for the delay and ask for your agreement to extend this 30 day period (if you do not agree, we may not be able to resolve your complaint). We may need to consult with a CRB or another credit provider to investigate your complaint.

Further steps

While we hope that we will be able to resolve any complaint without needing to involve third parties, if you are not satisfied with the outcome of your complaint you can access our external dispute resolution scheme, the Credit Ombudsman Service (www.cosl.com.au), or make a complaint to the Australian Information Commissioner (www.oaic.gov.au).

Anonymity and use of pseudonyms

If you have general enquiry type questions, you can choose to make these anonymously or to use a pseudonym. We might not always be able to interact with you this way however. In general, we won’t be able to deal with you anonymously or where you are using a pseudonym when:

• It is impracticable; or

• We are required or authorised by law or a court/tribunal order to deal with you personally.

Contact Us

We care about your privacy. Please contact us if you have any questions or comments about our privacy policies and procedures. We welcome your feedback.

You can to contact us by:

• Writing to the Privacy Officer, Australian Sun Energy Pty Ltd, PO Box 8535, Mount Gambier South Australia,5290

• Calling us on 1300 137 407

• Speaking to us in person at our office.

Changes to this Privacy Policy

This Policy may change. Any amended Policy will be posted on our website stating the date from which it becomes effective. Any information collected after the amended Policy has been posted on the site will be subject to that amended Policy.