Privacy policy

1. About this document

This is the privacy policy of: OneTwo Finance Pty Ltd (ABN 20 637 329 321) Australian Credit Licence 527230 (OneTwo); and OneTwo Fund 1 Pty Ltd (ABN 24 646 334 983) as trustee for the OneTwo Fund 1 Bare Trust (ABN 16 855 753 665) (OneTwo Trustee).

OneTwo Trustee is the credit provider for credit which is promoted, arranged, and managed by OneTwo. In this document, we, our, or us refers to both OneTwo and OneTwo Trustee, unless the context requires otherwise.

2. Our commitment to your privacy

At OneTwo, we take privacy seriously. We are committed to safeguarding the personal information entrusted to us. If you have any queries or concerns about how we manage your personal information, please email us at You can also contact us by telephone or by mail (see section 14 below – “Contact us”).

3. What is personal information?

Personal information is information or an opinion about you, or information that can be used to identify you. It includes information such as your:

  • name
  • address
  • date of birth
  • contact details (including your telephone number and email address)
  • financial details (including your income, expenses, assets, and liabilities)
  • credit history
  • employment details
  • tax file number (TFN), and
  • transaction history.

4. Collection

We collect most of your personal information directly from you. Sometimes we collect or confirm this information from a third party, such as a credit reporting body. We will use reasonable efforts to obtain your consent before we contact a third party for this purpose.

Infrequently, we may need to collect sensitive information about you (such as health-related information). We will first seek your consent to collect such information where we are required to do so.

In some cases, we are required or authorised under an Australian law or court/tribunal order to collect your personal information, for example, to:

  • prove your identity when you open an account or take out a loan
  • verify your identity when you take out a mortgage, and
  • confirm your tax residency status.

We may also collect personal information about you that is in the public domain, or from commercially available third-party databases. We also collect information about you when you visit our website. Information we collect from you if you visit our website includes your Internet protocol address, date and time of your visit to our site, the pages viewed, how you navigate our website, and any information you have downloaded.

5. Use and disclosure

We use your personal information to:

  • assist you with your queries
  • comply with our legal and regulatory obligations
  • provide you with financial products and services
  • assessing your application or your suitability to act as a guarantor
  • helping you avoid defaulting on your credit obligations
  • managing credit that has been provided to you
  • meeting our obligations under applicable laws, regulations, codes of practice and payment system roles
  • perform our necessary business functions (such as performance reporting, research, product development and planning, staff training, assessing credit applications for new or existing loans, and managing your account)
  • consider any concerns you raise or complaints you make about us, and
  • prevent or investigate any actual or suspected fraud, unlawful activity, or misconduct. Depending upon the type of product you have applied for, we may also disclose your personal information to other organisations, including the following:
  • service providers, for the purpose of providing services to us (including in relation to document verification services and to facilitate our compliance with our statutory obligations, such as our obligations in relation to anti-money laundering laws)
  • credit reporting bodies (including in respect of identification verification)
  • other credit providers
  • a person who has acted, or will act, as your guarantor
  • debt collection agencies
  • any person in connection with a new or proposed mortgage
  • mortgage insurers, third party aggregation services for our advertising purposes, and
  • enforcement bodies (as defined in the Privacy Act 1988 (Cth)).

We may disclose your information to other companies within the OneTwo group of companies (OneTwo Group) and contracted service providers to the OneTwo Group, so that they can perform services for OneTwo to enable or assist OneTwo in providing our products or services to you. These service providers may include providers of insurance, valuation, debt collection, application processing, credit management, fraud control and investigation services.

We may also disclose your personal information to a third-party individual or organisation if you:

  • direct us to do so
  • consent to the third party obtaining the information from us, or
  • consent to the third party accessing the information via our systems, and/or do anything which enables the third party to obtain access.

We do not sell your personal information to third parties.

6. Direct marketing

We may use or disclose your personal information to tell you about other financial products and services that we think you may be interested in. You can opt out of receiving this information at any time by sending us an email at . You can also contact us by telephone or by mail (see section 14 below – “Contact us”).

If you do choose to opt out, we will continue to provide you with information about your existing accounts or facilities only (including new features or products related to these accounts or facilities).

7. Disclosure to overseas recipients

In some cases, we may need to share some of your information with organisations outside Australia, for example, if we use service providers located overseas to perform a function on our behalf. If we share your information with overseas organisations, we will ensure that appropriate data-handling and security measures are in place.

Except as disclosed below, we do not disclose any credit-related personal information to any recipient located outside Australia.

We may utilise the services of a third party to verify your identity using the Document Verification Service (DVS) to confirm that the personal information you provide to us in your identity documents as evidence of your identity match the information held by the agency which issued that document (also known as the ‘official record holder’). The use of the Document Verification Service (DVS) may involve processing of information in New Zealand.

We may also utilise the services of a third party to ensure compliance with our anti-money laundering obligations. The use of such services may involve the processing of information in the United Kingdom and in the European Union.

Please note that we may store, process or back up personal information on servers (including servers offered through third-party service providers under contract to us) that are located in a jurisdiction outside Australia.

If you communicate with us via email, through a social network service or through some other electronic process, the communication may be routed through servers that are located outside Australia and, in relation to a message sent through a social network service (such as Twitter or Facebook), the social network provider and its partners may collect, hold, and process personal information in a jurisdiction outside Australia.

8. Access and correction

We will provide you with access to your personal information within a reasonable period of time following our receipt of your request, unless a statutory exception applies. For example, we can refuse to give you access if we believe:

  • giving you access may endanger the life, health, or safety of any individual, or endanger public health or safety
  • giving you access would have an unreasonable impact on the privacy of other individuals
  • your request is frivolous or vexatious, or
  • your personal information relates to existing or anticipated legal proceedings between you and us.

We may also refuse to give you access:

  • if the request is unlawful
  • if granting access would impede or prejudice any investigation of unlawful activity, or
  • where we are required or authorised to not comply with the request by or under Australian law or a court/tribunal order.

Where we do not provide you with access to your personal information, we will explain to you the reason(s) for denying access and provide details in relation to the relevant complaint process, should you not agree with our reason(s).

Please note that we reserve the right to verify your identity before granting you access to your personal information.

To facilitate our timely response to your request for access to the personal information we hold about you, we request that you contact us using the details set out below (see section 14 – “Contact us”).

We will give access to personal information in the manner you request, provided that it is reasonable and practicable to do so.

We will not impose a charge on you for the making of the request to access personal information. However, we may impose a charge for giving access to requested personal information to cover the reasonable costs we incur in processing your access request. Please note that we reserve the right (to the maximum extent permitted by law) to redact information included in the personal information we hold about you, in order to protect the privacy of other individuals.

Please note that if you wish to request access to your credit-related personal information, please refer to our credit reporting policy for how to request access to your credit-related personal information (including your credit eligibility personal information).

We will take reasonable steps to correct personal information that we hold, and to ensure that such information is accurate, up-to-date, complete, relevant, and not misleading, having regard to the purpose for which it is held. This includes a situation where we are satisfied (independent of any request) that personal information we hold is incorrect, and a situation where you request that we correct personal information held about you.

If you believe that any of the personal information we hold about you is not accurate, complete or up-to-date, or is irrelevant or misleading, we will take reasonable steps to correct the information. If we have disclosed inaccurate, incomplete, out-of-date, irrelevant, or misleading information to a third party, we will take reasonable steps to notify the recipient of information from us of the correction.

If we do not correct the personal information on your request, we will give written notice to you, including the reasons for our refusal to correct the personal information held about you and the complaint mechanisms available to you. If we refuse your request, you may request that we take reasonable steps to associate a statement with the personal information that you believe to be inaccurate, out-of-date, incomplete, irrelevant, or misleading.

We will not charge you for making a request to correct personal information we hold about you, or a request to associate a statement, or for making a correction or associating a statement.

Please note that if you wish to request a correction to your credit-related personal information, please refer to our Credit Reporting Policy for how to request a correction to your credit-related personal information (including your credit eligibility information).

9. Storage and security of your personal information

We have measures in place to protect the personal information we hold about you from misuse and loss, and from unauthorised access, modification, or disclosure.

These measures include:

  • implementing physical security
  • maintaining computer and network security (including firewalls and passwords to control access), and
  • maintaining and monitoring our online security systems.

Our employees and authorised agents are obliged to respect the confidentiality of any personal information held by us.

We may store your personal information on third-party data storage providers. As at the date of this document, we use the cloud infrastructure platform Amazon Web Services (AWS), a service provided by Amazon Web Services Inc.

We will ensure that appropriate data-handling and security measures are in place with third-party data storage providers.

10. Our website and the use of cookies

Cookies are text files with small pieces of data that are used to identify your computer as you use a computer network. They can help make using our website easier by storing information about your preferences and may improve your web-browsing experience.

When you access our website (, we may use cookies to record information in relation to your visit (such as your computer’s IP address, the type of browser you are using, the date and time of your visit, and the pages you access).

11. Changes to this policy

We may review the information contained in this document from time to time. We will notify you of any changes by publishing an updated version of our policy on our website.

12. Privacy concerns or complaints

If you wish to raise a concern or make a complaint regarding our handling of your personal information, or you believe that we are in breach of our obligations under the Australian Privacy Principles or the Privacy (Credit Reporting) Code 2014, please contact us. We will promptly investigate your complaint and notify you of the outcome.

To make a complaint, we request that you contact us via the details set out below (see section 14 – “Contact us”).

If you make a complaint, we will:

  • acknowledge receipt of your complaint
  • give you the details of the person handling your complaint so that you can follow up if you wish to do so
  • work with you to try to resolve your complaint as soon as possible
  • keep you informed of our progress, and
  • provide our final response to your complaint within a reasonable period following our receipt of your complaint (usually, within 30 days of our receipt of your complaint).

We reserve the right to verify your identity before dealing with your complaint.

Alternatively, you may refer your complaint directly to:

  • the Australian Financial Complaints Authority (AFCA), an independent financial services dispute resolution provider who can consider complaints involving credit, finance, or loan products from financial services providers, or
  • the Office of the Australian Information Commissioner (OAIC).


GPO Box 3
Melbourne VIC 3001 Phone: 1800 931 678
Fax: 03 9613 6399

GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992

13. Further information about privacy

You can find more information about privacy at the OAIC’s website:

14. Contact us


Phone: 1300 696 638

Attn: Privacy Officer

OneTwo Finance Pty Ltd
Level 6/454 Collins St
Melbourne VIC 3000

Document date 08.06.22