This policy sets out how Establish Property Group Pty Ltd (“EPG”) and its subsidiaries and related body corporates, including EPG Capital Pty Ltd, the EPG Contributory Mortgage Fund and sub-scheme Mortgage Investments (“EPG”) collects, uses, discloses and manages the personal data provided to it during the ordinary course of business.
We recognise that any personal information we collect about you will only be used for the purposes we have collected it for or as allowed under the law. It is important to us that you are confident that any personal information we hold about you will be treated in a way which ensures protection of your personal information.
Our commitment in respect of personal information is to abide by the Australian Privacy Principles (APPs) and Part IIIA of the Privacy Act, the Privacy (Credit Reporting) Code 2014 and any other relevant law.
What Personal Information does EPG Collect?
- Credit information, which is information which includes your identity; the type, terms and maximum amount of credit provided to you, including when that credit was provided and when it was repaid; repayment history information, default information (including overdue payments); payment information; new arrangement information; details of any serious credit infringements; court proceedings information; personal insolvency information and publicly available information; and
- Credit eligibility information, which is credit reporting information supplied to us by a credit reporting body, and any information that we derive from it.
We use your credit-related information to assess your eligibility to be provided with finance. Usually, credit-related information is exchanged between credit and finance providers and credit reporting bodies.
The type of personal information we may collect depends on the particular interaction that you have had with EPG.
In order to provide our products and services, including establishing and administering your investment or loan accounts, and providing information about our products and services, and to comply with relevant legislation, we may collect the following information:
- full name, date of birth, gender and contact details including telephone, address, e-mail address, occupation and any other information we may need to identify you;
- a copy of your driver licence and/or passport or other identification documentation for the purpose of verifying identity and to ensure compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act (AML/CTF Act) and/or other legislation and regulations regarding identification verification, and tax reporting and withholding;
- your tax file number (TFN) and bank account details for the purpose of administering investor accounts and tax reporting and withholding;
- investor contribution details and investment choice;
- details about authorised signatories on your investments or accounts with us;
- detailed contact information about your financial adviser or broker;
- copies of any relevant trust deeds, partnership agreements or constitutions, which may be relevant to comply with the Anti-Money Laundering and Counter-Terrorism Financing Act; and
- on occasion, it may also be necessary to obtain other details, including information relating to powers of attorney or for probate and estate administration.
If you are applying for finance or provide a guarantee we may also collect the ages and number of your dependants and cohabitants, the length of time you have resided at your current address, your employment details and proof of earnings and expenses.
Why we collect your personal information?
We collect personal information for the purposes of assessing your application for finance and managing that finance, establishing your identity, contacting you, managing our risk and to comply with our obligations. We may also collect your personal information for the purposes of direct marketing and managing our relationship with you. Improvements in technology also enable organisations like ours to collect and use information to get a more integrated view of our customers. From time to time we may offer you other products and services.
With respect to revenue matters, your TFN may be used in a manner consistent with the Privacy Commissioner’s Guidelines.
How do we collect and hold personal information?
We may collect your personal information in various ways including by telephone, our website, from documents or correspondence and by email. Wherever reasonable and practicable, we will collect your personal information directly from you.
However, it may be necessary at times to collect information about you from other external sources, such as:
- credit reporting bodies, mortgage and financial brokers and other people such as accountants and lawyers;
- authorised representatives, such as executors or administrators; and
- identification verification service providers.
If you use our website, our web server (i.e. the computers that house our website) has the capacity to collect the following types of information for statistical purposes:
- your location or activity including IP address, telephone number and whether you have accessed third party sites;
- the number of users who visit our website and information about the device used;
- the number of pages viewed; and
- traffic patterns.
This is anonymous statistical data and no attempt is made to identify users or their browsing activities. This data is used only to evaluate our website performance and to improve the content we display to you.
Our website may contain links to the websites of third party providers of goods and services (Third Party websites
). If you have accessed Third Party websites through our website, and if those third parties collect information about you, we may also collect or have access to that information as part of our arrangements with those third parties
Where you access a Third Party website from our website, cookie information, information about your preferences or other information you have provided about yourself may be shared between us and the third party.
We use ‘cookies’ to provide you with better and more customised service and with a more effective website.
A ‘cookie’ is a small text file placed on your computer by our web page server. A cookie can later be retrieved by our webpage servers. Cookies are frequently used on websites and you can choose if and how a cookie will be accepted by configuring your preferences and options in your internet browser.
- to allocate a unique number to your internet browsers;
- to customise our website for you;
- for statistical purposes;
- to identify if you have accessed a Third Party website; and
- for security purposes.
Your IP address is the identifier for your computer when you are using the internet.
It may be necessary for us to collect your IP address for your interaction with various parts of our website.
For what do we use personal information?
Generally, we only use and disclose information for the purpose for which it was disclosed or for related purposes which would reasonably be expected. Those purposes include:
- to establish and administer your investment or account and your relationship with us;
- for communication purposes including surveys and questionnaires;
- to comply with our record-keeping, reporting, and tax obligations;
- to protect legal rights and comply with legal obligations;
- to prevent fraud and abuse;
- for quality assurance and training purposes;
- to associated businesses that may want to market products to you;
- to companies that provide information and infrastructure systems to us;
- to our agents, contractors, external service providers to outsource certain functions, for example, statement production, debt recovery and information technology support;
- to anyone, where you have provided us consent;
- to other guarantors or borrowers (if more than one);
- to borrowers or prospective borrowers including in relation to any credit you guarantee or propose to guarantee;
- any Investors or Prospective Investors looking to assess the potential of an investment in a loan or product offered by EPG;
- to other financial institutions, for example to process a claim for mistaken payment;
- organisations that provide products or services used or marketed by us
- to enable us to provide information about new and existing products and services that will enhance our relationship with you. However, we do respect the right of individuals to ask us not to do this;
- to handle any relevant enquiries or complaints; and
- where we are authorised to do so by law, such as under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth), government and law enforcement agencies or regulators.
In order to meet our investors’ needs and provide some investor services, such as administration of accounts and mailing of investor distribution statements, it may be necessary to release information or provide access to external service providers, for instance:
- to prospective funders or other intermediaries in relation to your finance requirements;
- to any organisations involved in providing, managing or administering our products systems or services such as custodians, registries, administrators, mail houses and software and information technology providers;
- to investors, agents or advisers, trustees, rating agencies or any entity that has an interest in your finance or our business;
- to auditors, consultants and other professional advisers;
- to your financial adviser or broker;
- to a legal personal representative, attorney or any other person who may be entitled to receive the proceeds from your investment or account with us;
- to other financial institutions who hold an account in an investor’s name, for example, where amounts have been transferred to or from that account; and
- to authorities investigating (or who could potentially investigate) alleged fraudulent or suspicious transactions in relation to an investment or account.
Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that:
- the person or organisation has a commitment to protecting your personal information at least equal to our commitment, or
- you have consented to us making the disclosure.
Information about you or your dealings with us is not and will not be sold to any other company, individual, or group.
We exchange credit-related information for the purposes of assessing your application for finance and managing that finance. If you propose to be a guarantor, one of our checks may involve obtaining a credit report about you.
This credit-related information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store the credit-related information we hold about you.
When we obtain credit eligibility information from a credit reporting body about you, we may also seek publicly available information and information about any serious credit infringement that you may have committed.
The law requires us to advise you of ‘notifiable matters’ in relation to how we may use your credit-related information. You may request to have these notifiable matters (and this policy) provided to you in an alternative form.
We exchange your credit-related information with credit reporting bodies. We use the credit-related information that we exchange with the credit reporting body to confirm your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor and manage your finance.
The information we can exchange includes your identification details, what type of loans you have, how much you have borrowed, whether or not you have met your loan payment obligations and if you have committed a serious credit infringement (such as fraud).
If you fail to meet your payment obligations in relation to any finance that we have provided or arranged or you have committed a serious credit infringement then we may disclose this information to a credit reporting body.
You have the right to request access to the credit-related information that we hold about you and make a request for us to correct that credit-related information if needed. Please see the heading ‘Can you access and amend your personal information?’ below.
Sometimes your credit information will be used by credit reporting bodies for the purposes of ‘pre-screening’ credit offers on the request of other credit providers. You can contact the credit reporting body at any time to request that your credit information is not used in this way.
You may contact the credit reporting body to advise them that you believe that you may have been a victim of fraud. For a period of 21 days after the credit reporting body receives your notification the credit reporting body must not use or disclose that credit information. You can contact any of the following credit reporting bodies for more information:
- Equifax Pty Ltd – www.equifax.com.au,
- illion Australia Pty Ltd formerly trading as Dun & Bradstreet - https://www.illion.com.au.
Can you access and amend your personal information?
In most cases, you can have access to your personal information collected and held by us however there are some exceptions to this as specified in APP 12 (Australian Privacy Principles) where access may be denied.
We will only grant access to personal information of an individual where appropriate identification verification has been provided, which may be required in writing. We reserve the right to impose reasonable charges for providing such access to information.
Depending on the type of request that you make we may respond to your request immediately, otherwise we usually respond to you within seven days of receiving your request. We may need to contact other entities to properly investigate your request.
There may be situations where we are not required to provide you with access to your personal or credit-related information, for example, if the information relates to existing or anticipated legal proceedings, if your request is vexatious or if the information is commercially sensitive.
An explanation will be provided to you, if we deny you access to the personal or credit-related information we hold about you.
If any of the personal or credit-related information we hold about you is incorrect, inaccurate or out of date you may request that we correct the information by telephoning us on (08) 6444 1739 or by writing to us at U12A, 151 Herdsman Parade, Wembley, WA 6014 or email to email@example.com.
If appropriate we will correct the personal information at the time of the request, otherwise, we will provide an initial response to you within seven days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal or credit-related information within 30 days.
We may need to consult with other finance providers or credit reporting bodies or entities as part of our investigation.
If we refuse to correct personal or credit-related information we will provide you with our reasons for not correcting the information.
How safe and secure is your personal information that we hold?
We will take a range of measures and reasonable steps to protect your personal information. Your personal information will always be stored in a secure environment. We may store your personal information in paper and electronic form. We will also take reasonable steps to protect any personal information from misuse, loss and unauthorised access, modification or disclosure.
Can you complain? Yes.
Your complaint will be referred to our Privacy Officer/Finance and Compliance Officer who will investigate the issue and determine the steps we will take to resolve your complaint. We may ask you to provide additional information.
We will acknowledge your complaint within seven days and aim to resolve the complaint as quickly as possible. We will provide you with a decision on your complaint within 30 days.
If you are dissatisfied with the response of our Privacy Officer/Finance and Compliance Officer you may make a complaint to the Privacy Commissioner which can be contacted on either www.oaic.gov.au
or 1300 363 992.
Notifiable Data Breaches
If there is a suspected or actual data breach
which may compromise personal information, we will promptly undertake an assessment of the incident. Where relevant, immediate steps will be taken to contain the breach. These steps may include limiting any further access or distribution of the affected personal information, or the possible compromise of other personal information.
If the unauthorised access, disclosure or loss of personal information is likely to cause serious harm to one or more individuals and the likely risk of serious harm has not been prevented by remedial action, we will notify all of the affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable. The notification will include our identity and contact details, a description of the incident, the kind/s of information concerned and any recommended steps for affected individuals.
Following any data breach incident, we will undertake a review process to help prevent future breaches in accordance with our Data Breach Response Plan and Breach Reporting Template.
Will your information be sent overseas?
We do not anticipate that we will need to disclose information to overseas recipients.
- You can email us at firstname.lastname@example.org;
- You can write to us and request a copy be mailed or emailed to you. Our postal address is: U12A, 151 Herdsman Parade, Wembley, WA 6014
We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. Technology is constantly changing, as is the law and marketplace practices.
As a consequence we may change this policy from time to time or as the need arises. We will post any changes to this policy on our website.
You may request this policy in an alternative form by telephoning us on (08) 6444 1739 or by writing to us at email@example.com.