Supalease Privacy Policy
Managing private information
SupaLease respects our customer’s privacy. This policy explains how we handle personal information and how we interact with our customer’s in relation to their private information.
Whenever we handle personal information, we take steps to ensure that appropriate standards of privacy practice and security are applied.
The Policy also describes how you can access or correct information we hold about you, how you can ask further questions or make a complaint, and information about our websites and online activities.
For most products and services, it is necessary for us to collect ‘personal information’ such as your name, identity details, photos, contact details and transaction information. We may also need to collect other personal details (such as gender, marital status and financial information) and other information from which you can be identified.
Our Privacy Consent Form sets out details of our collection process and other handling of personal credit information, including collection of credit information from credit reporting bodies as well as our disclosure of credit information to credit reporting bodies. This form applies mostly to our Australian leasing and finance products such as novated leases.
Sensitive Information
Generally, we do not collect sensitive information about you unless required or permitted by law or where you consent for us to do so. Sensitive information will only be collected if it is relevant to your product or the service or function you are engaging us to provide.
We will not collect sensitive information about you where this is expressly prohibited by Australian law.
Sensitive information includes information relating to:
– race
– political or religious beliefs
– sexual orientation and sexual life
– criminal convictions
– membership of professional or trade associations or unions
– biometric and health information
– information about your affiliation with certain organisations, such as professional associations
Why we collect personal information
We collect personal information about you which is reasonably necessary to:
– provide you with quality products and services. This may include regulated consumer lending services.
– consider finance applications you make to us
– conduct marketing and social functions
– maintain your contact details
– fulfil our legal obligations, such as those relating to taxation, anti-money laundering and counter-terrorism financing and comprehensive consumer credit reporting under the National Consumer Credit Protection Act or to prevent fraud or as otherwise authorised by you
Without such information, we may not be able to process your application or provide you with an appropriate level of service. In such circumstances, we will process your application and provide you with the most appropriate level of service that we can.
How we collect your information
We collect personal information about you directly from you — this can be in person, in documents you give us, from telephone calls, emails, competitions you enter, your access to our website or from transactions you make. We take reasonable steps to be transparent about how and why we collect personal data. We may also collect your personal information from joint account holder(s) or third parties including public sources, your adviser(s), employer (or its affiliates), agents, introducers, referrers, brokers, our related companies and service providers (including credit reporting bodies, fraud and financial crime information exchanges and other information service providers).
How we store your information
We keep personal information in physical and electronic records, at our premises and the premises of our service providers, which may include processing or storage in the cloud, which may mean in practice that this information is stored outside Australia. Where this occurs, we take steps to protect the security and integrity of personal information.
We also keep records of our interactions with you (including by telephone, email and online) and of your transaction history.
How we use your information
We use personal information about you for the purpose for which it was provided to us, including to:
– process applications
– administer and manage our products and services (including monitoring, auditing, and evaluating those products and services)
– model and test data (in a controlled environment)
– develop scores, risk assessments and related analytical tools
– communicate with you and deal with or investigate any complaints or enquiries
We may also:
– anonymise your data for our own purposes including market research and new product development
– use personal information about you for the prevention and mitigation of fraud and other financial crimes
– use or permit our affiliates to use your personal information for related purposes to the extent that it is lawful to do so without your express permission. For example, we may from time to time use your personal information to inform you or your employer of investment opportunities or to provide information about products and services which we expect may be of interest to you. However, if you don’t want to receive such communications you can tell us by using any of the methods listed below.
While we may sometimes – where it is lawful and with your permission if necessary – share personal information with companies we do business with (e.g., in product development, joint venture arrangements or distribution arrangements), we do not sell personal information for marketing purposes to other organisations or allow such companies to do this.
When your information is disclosed
Subject in all cases to Australian law, we may share your personal information
– with our service providers, who provide services in connection with our products and services (including archival, auditing, accounting, customer contact, legal, business consulting, banking, payment, delivery, data processing, data analysis, information broking, mailing, marketing, research, investigation, insurance, identity verification, brokerage, maintenance, trustee, securitisation, website and technology services)
– to comply with any legal or regulatory obligations imposed by regulators including those under anti-money laundering and anticounter-terrorism financing laws or laws relating to comprehensive consumer credit reporting, or reasonably arising in connection with legal proceedings.
– to our affiliates
– to your nominated financial adviser with your permission
– for the prevention and mitigation of fraud and other financial crimes
– as contained in the terms and conditions of any specific product or service. We may also disclose your personal information (on a confidential basis) in connection with our operating business and principal investment activities including, but not limited to:
– mergers and acquisitions,
– the management of any parts of our business assets (including divestments and reorganisation),
– the provision of any debt to another party
In some circumstances the parties to whom we disclose personal information may operate outside of Australia or, in the case of data collected within the United Kingdom or European Union, outside the United Kingdom and European Union — this includes locations in the countries listed in the Appendix. Where this occurs, we take steps to protect personal information against misuse or loss and to comply with local law in respect of the transfer of your data from one jurisdiction to another. Those parties, in turn, may make such information available to the governments of such other countries in accordance with local law requirements.
Keeping information accurate and up to date
We take reasonable steps to ensure that all information we hold is as accurate as possible. You are able to contact us at any time and ask for its correction if you feel the information we have about you is inaccurate or incomplete.
Keeping information secure
We use security procedures and technology to protect the information we hold. Access to and use of personal information within SupaLease seeks to prevent misuse or unlawful disclosure of the information — this includes internal policies, auditing, training and monitoring of staff.
If other organisations provide support services, we require them to take appropriate technical and organisational measures to secure the privacy of the information provided to them.
Data Breach Notification
SupaLease has processes in place to investigate data breaches involving personal information and will notify you of a data breach where we are required to do so under local legislation or as is otherwise appropriate in the circumstances. Where notification is required, we will do so promptly and in accordance with the time period for notification provided for under local legislation, for example within 72 hours in jurisdictions governed by the General Data Protection Regulation.
How you can access or correct your information
You can contact us to request access to or correction of your personal information. In normal circumstances we will give you full access or make the requested corrections to your information. However, there may be some legal or administrative reasons to deny these requests. If your request is denied, we will provide you with the reason why (if we can). Where we decide not to make a requested correction to your personal information and you disagree, you may ask us to make a note of your requested correction with the information.
For further assistance in relation our Privacy Policy please call 1300 668 283 or email [email protected]