1. About this document
This is the privacy policy of: OneTwo Finance Pty Ltd (ABN 20 637 329 321) Australian Credit Licence 527230 (OneTwo); and OneTwo Fund 1 Pty Ltd (ABN 24 646 334 983) as trustee for the OneTwo Fund 1 Bare Trust (ABN 16 855 753 665) (OneTwo Trustee).
OneTwo Trustee is the credit provider for credit which is promoted, arranged, and managed by OneTwo. In this document, we, our, or us refers to both OneTwo and OneTwo Trustee, unless the context requires otherwise.
2. Our commitment to your privacy
At OneTwo, we take privacy seriously. We are committed to safeguarding the personal information entrusted to us. If you have any queries or concerns about how we manage your personal information, please email us at privacy@onetwo.com.au. You can also contact us by telephone or by mail (see section 14 below – “Contact us”).
3. What is personal information?
Personal information is information or an opinion about you, or information that can be used to identify you. It includes information such as your:
4. Collection
We collect most of your personal information directly from you. Sometimes we collect or confirm this information from a third party, such as a credit reporting body. We will use reasonable efforts to obtain your consent before we contact a third party for this purpose.
Infrequently, we may need to collect sensitive information about you (such as health-related information). We will first seek your consent to collect such information where we are required to do so.
In some cases, we are required or authorised under an Australian law or court/tribunal order to collect your personal information, for example, to:
We may also collect personal information about you that is in the public domain, or from commercially available third-party databases. We also collect information about you when you visit our website. Information we collect from you if you visit our website includes your Internet protocol address, date and time of your visit to our site, the pages viewed, how you navigate our website, and any information you have downloaded.
5. Use and disclosure
We use your personal information to:
We may disclose your information to other companies within the OneTwo group of companies (OneTwo Group) and contracted service providers to the OneTwo Group, so that they can perform services for OneTwo to enable or assist OneTwo in providing our products or services to you. These service providers may include providers of insurance, valuation, debt collection, application processing, credit management, fraud control and investigation services.
We may also disclose your personal information to a third-party individual or organisation if you:
We do not sell your personal information to third parties.
6. Direct marketing
We may use or disclose your personal information to tell you about other financial products and services that we think you may be interested in. You can opt out of receiving this information at any time by sending us an email at privacy@onetwo.com.au . You can also contact us by telephone or by mail (see section 14 below – “Contact us”).
If you do choose to opt out, we will continue to provide you with information about your existing accounts or facilities only (including new features or products related to these accounts or facilities).
7. Disclosure to overseas recipients
In some cases, we may need to share some of your information with organisations outside Australia, for example, if we use service providers located overseas to perform a function on our behalf. If we share your information with overseas organisations, we will ensure that appropriate data-handling and security measures are in place.
Except as disclosed below, we do not disclose any credit-related personal information to any recipient located outside Australia.
We may utilise the services of a third party to verify your identity using the Document Verification Service (DVS) to confirm that the personal information you provide to us in your identity documents as evidence of your identity match the information held by the agency which issued that document (also known as the ‘official record holder’). The use of the Document Verification Service (DVS) may involve processing of information in New Zealand.
We may also utilise the services of a third party to ensure compliance with our anti-money laundering obligations. The use of such services may involve the processing of information in the United Kingdom and in the European Union.
Please note that we may store, process or back up personal information on servers (including servers offered through third-party service providers under contract to us) that are located in a jurisdiction outside Australia.
If you communicate with us via email, through a social network service or through some other electronic process, the communication may be routed through servers that are located outside Australia and, in relation to a message sent through a social network service (such as Twitter or Facebook), the social network provider and its partners may collect, hold, and process personal information in a jurisdiction outside Australia.
8. Access and correction
We will provide you with access to your personal information within a reasonable period of time following our receipt of your request, unless a statutory exception applies. For example, we can refuse to give you access if we believe:
We may also refuse to give you access:
Where we do not provide you with access to your personal information, we will explain to you the reason(s) for denying access and provide details in relation to the relevant complaint process, should you not agree with our reason(s).
Please note that we reserve the right to verify your identity before granting you access to your personal information.
To facilitate our timely response to your request for access to the personal information we hold about you, we request that you contact us using the details set out below (see section 14 – “Contact us”).
We will give access to personal information in the manner you request, provided that it is reasonable and practicable to do so.
We will not impose a charge on you for the making of the request to access personal information. However, we may impose a charge for giving access to requested personal information to cover the reasonable costs we incur in processing your access request. Please note that we reserve the right (to the maximum extent permitted by law) to redact information included in the personal information we hold about you, in order to protect the privacy of other individuals.
Please note that if you wish to request access to your credit-related personal information, please refer to our credit reporting policy for how to request access to your credit-related personal information (including your credit eligibility personal information).
We will take reasonable steps to correct personal information that we hold, and to ensure that such information is accurate, up-to-date, complete, relevant, and not misleading, having regard to the purpose for which it is held. This includes a situation where we are satisfied (independent of any request) that personal information we hold is incorrect, and a situation where you request that we correct personal information held about you.
If you believe that any of the personal information we hold about you is not accurate, complete or up-to-date, or is irrelevant or misleading, we will take reasonable steps to correct the information. If we have disclosed inaccurate, incomplete, out-of-date, irrelevant, or misleading information to a third party, we will take reasonable steps to notify the recipient of information from us of the correction.
If we do not correct the personal information on your request, we will give written notice to you, including the reasons for our refusal to correct the personal information held about you and the complaint mechanisms available to you. If we refuse your request, you may request that we take reasonable steps to associate a statement with the personal information that you believe to be inaccurate, out-of-date, incomplete, irrelevant, or misleading.
We will not charge you for making a request to correct personal information we hold about you, or a request to associate a statement, or for making a correction or associating a statement.
Please note that if you wish to request a correction to your credit-related personal information, please refer to our Credit Reporting Policy for how to request a correction to your credit-related personal information (including your credit eligibility information).
9. Storage and security of your personal information
We have measures in place to protect the personal information we hold about you from misuse and loss, and from unauthorised access, modification, or disclosure.
These measures include:
Our employees and authorised agents are obliged to respect the confidentiality of any personal information held by us.
We may store your personal information on third-party data storage providers. As at the date of this document, we use the cloud infrastructure platform Amazon Web Services (AWS), a service provided by Amazon Web Services Inc.
We will ensure that appropriate data-handling and security measures are in place with third-party data storage providers.
10. Our website and the use of cookies
Cookies are text files with small pieces of data that are used to identify your computer as you use a computer network. They can help make using our website easier by storing information about your preferences and may improve your web-browsing experience.
When you access our website (www.onetwo.com.au), we may use cookies to record information in relation to your visit (such as your computer’s IP address, the type of browser you are using, the date and time of your visit, and the pages you access).
11. Changes to this policy
We may review the information contained in this document from time to time. We will notify you of any changes by publishing an updated version of our policy on our website.
12. Privacy concerns or complaints
If you wish to raise a concern or make a complaint regarding our handling of your personal information, or you believe that we are in breach of our obligations under the Australian Privacy Principles or the Privacy (Credit Reporting) Code 2014, please contact us. We will promptly investigate your complaint and notify you of the outcome.
To make a complaint, we request that you contact us via the details set out below (see section 14 – “Contact us”).
If you make a complaint, we will:
We reserve the right to verify your identity before dealing with your complaint.
Alternatively, you may refer your complaint directly to:
AFCA
GPO Box 3
Melbourne VIC 3001
Phone: 1800 931 678
Fax: 03 9613 6399
Email: info@afca.org.au
www.afca.org.au
OAIC
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
www.oaic.gov.au
13. Further information about privacy
You can find more information about privacy at the OAIC’s website: www.oaic.gov.au/privacy/
14. Contact us
Email: privacy@onetwo.com.au
Phone: 1300 696 638
Attn: Privacy Officer
OneTwo Finance Pty Ltd
Level 6/454 Collins St
Melbourne VIC 3000
Document date 08.06.22