We value the ongoing trust you place in us and consider the protection and maintenance of your personal information to be of the utmost importance. When handling your personal information, we are bound by the Australian Principles of the Privacy Act 1988. We are also bound by Division 3 of Part IIIA of the Privacy Act and the Credit Reporting Privacy Code (CR Code), which regulates the handling of credit information, credit eligibility information and related information by credit providers, like us and the credit reporting bodies (CRBs) we use such as:
We may tell you more about how we handle your information for example when you complete an application form, receive terms and conditions, or a Product Disclosure Statement. When you receive this information, please consider it carefully.
Personal information is information or opinion about you that may identify you or by which your identity may be reasonably determined. The types of personal information that we collect and hold may include the following information about customers and potential customers of HPC and associated persons (such as guarantors, or third parties who share commitments or expenses with a person who has applied for a Heritage credit product) which is relevant to our relationship with that person. This information includes:
We will only ask for personal information (including credit information and credit eligibility information) relevant to our business relationship with you and we will tell you why we are asking for it when we collect it. If you do not provide some of your personal information, we may not be able to provide you or a person with whom you are associated with some of our products or services, or we may be required to restrict operation of a financial product.
Personal information may be collected from you:
If you have a credit facility with us or are a guarantor, we may also collect your information for the purpose of collecting overdue payments relating to credit you owe or a guarantor you have given and for our internal management purposes related to credit provided.
We may also ask for your personal information because we are obliged to collect it under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, which requires us to ask you for information to check your identity (for instance, by referring to your driver’s licence, birth certificate or passport).
The National Consumer Credit Protection Act 2009 (Cth) may also require us to make reasonable enquiries when you or a person with whom you share commitments or expenses apply for credit or a credit limit increase.
We may collect your TFN in order to calculate our withholding obligations as authorised by the Taxation Administration Act 1953 and the Income Tax Assessment Act 1936. You are not required to provide your TFN, however if you do not, we may be required to withhold amounts from you and remit them to the Australian Taxation Office.
We collect most personal information directly from you. We may do this when you apply to become a customer, complete an application for one of HPC’s products and services, deal with us over the telephone, communicate by post or electronically (such as via email, SMS, or social media), through mobile or tablet applications, using our internet banking services, or visiting our website or one of our branches (including our community branches).
We may monitor and/or preserve telephone calls, video calls, postal or email transmissions for the purpose of staff training, quality assurance, security reasons, to verify statements made and to assist with our complaint management process.
The technology “cookies” may be used to collect statistical information on our website or online banking. Cookies may also be used for other purposes which help us further enhance our service such as collecting preferences, geographical information and to auto populate. You are able to use your browser settings to manage cookies including preventing the acceptance of some or all cookies. For more information on adjusting browser settings and system requirements please see our website heritage.com.au. If personal information about you is collected by third parties on any website you have accessed through our websites, we may also collect or have access to that information as part of our arrangement with those third parties.
Sometimes, such as where we need to verify your identity, undertake customer due diligence, prevent or detect money laundering or terrorist financing and where we are required or authorised by law, we may obtain personal information (including credit information and credit eligibility information) about you from our other brands or a third party. These third parties may include banks, financial advisers, family members, your employer, medical practitioners, CRBs, government authorities and publicly available sources of information.
We store your personal information (including credit information and credit eligibility information) in a number of ways including:
This may include storage on our behalf by trusted third party service providers.
The security of your personal information is important to us, and we take all reasonable precautions to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Some of the ways we do this are:
Additional information about the security systems we employ is available at heritage.com.au
Whilst we take all reasonable measures, no data transmission over the internet can be guaranteed to be totally secure.
To assist us we expect you to take appropriate steps to ensure security of your information including keeping your access passwords confidential, destroying any documentation we send to you containing your access passwords and logging out properly when you leave your computer.
We may disclose your personal information (including credit information and credit eligibility information) across any HPC brand, to third parties where they help us with our businesses, where it is required or authorised by law, or you consent to us doing so. Where your personal information is disclosed to third parties, we will seek to ensure that the information is held, used, or disclosed consistently with the Australian Privacy Principles in Part IIIA of the Privacy Act 1988 and the CR Code.
Types of third parties include:
We may also disclose your personal information (including credit information and credit eligibility information) to third parties in circumstances where:
Your personal information may be sent outside Australia where, for example:
We will not send your personal information outside Australia unless it is authorised by law, and we are satisfied that the recipient of the personal information has adequate data protection arrangements in place. Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure. The countries to which we are likely to disclose your personal information include New Zealand, Singapore, India, China, United Kingdom, Japan, France, Philippines, Canada, Germany, the Netherlands, and the US.
If you would like to access, update, or request a correction to your personal information held by us you can do so using any of the methods listed under “How to contact us.”
You may request access to your personal information (including credit information and credit eligibility information) held by us at any time. Prior to providing you with access to your information we may require you to establish your identity. We are able to deny access to some or all of your personal information in specified circumstances but will provide the reasons in writing. In some cases we may charge a fee to access personal information for example when it has been archived, but we will advise you first.
It is important that you advise us as soon as possible if there is a change to your personal information that needs updating. If you have new contact details (such as postal address, email address or telephone numbers) you should let us know immediately. You may request that we correct any personal information (including credit information and credit eligibility information) we hold about you at any time. If your request relates to credit related information provided by others, we may need to consult with credit reporting bodies or other credit providers.
If you wish to make a complaint regarding the handling of your personal information you can let us know by:
Your complaint will be managed in accordance with our Complaint Management Promise, which includes information about accessibility options, and is available on our website at heritage.com.au or by contacting us.
We will acknowledge your complaint promptly, either verbally or in writing and do our best to resolve it straight away. We aim to resolve all complaints within 21 days, however in some cases it may take up to 30 days. Your complaint may take a little longer to assess if we need more information or if your complaint is complex. In all cases we’ll keep you updated on the progress.
If you are not satisfied with our response, you may request a review by the Australian Financial Complaints Authority (AFCA). AFCA provides free and independent financial services complaint resolution.
You may also obtain further information about privacy or refer a privacy complaint by contacting the Office of the Australian Information Commissioner:
Should you have any concerns or if you would like further information regarding the handling of your personal information you can get in touch using any of the following methods:
|at one of our branches
|The Privacy Officer
PO Box 190
|13 14 22
|firstname.lastname@example.org or email@example.com or go to our website heritage.com.au and click on "contact us" then use the "feedback/enquiries"
We can make changes to this policy at any time and the latest version will always be available online and in our branches.
Where you apply to work with HPC as an employee or contractor, HPC may use your personal information for the purpose of understanding your qualifications, experience and suitability for employment or a contract, and otherwise assessing your application.
HPC collect information in relation to employees as part of their application and during the course of their employment, either from them or in some cases from third parties such as recruitment agencies. This may include information about the employee’s health, their right to work in Australia, or other sensitive information. For some roles, employees may need to provide a criminal history search.
Under the Privacy Act, personal information about a current or former employee may be held, used, or disclosed in any way that is directly connected to the employment relationship. HPC handle employee information in accordance with legal requirements and applicable policies in force from time to time.
Where HPC engage you as a contractor, we use your personal information to manage the working relationship with you, to communicate with you, and for other purposes relevant to the work for which you are engaged.