This Policy has been adopted by Grapple Invoice Finance Fund Pty Ltd(ABN 82 628 786 658) and related entities.
This document sets out our policy on the management of personal information which we have about individuals. Those individuals include clients, associates of clients or debtors, to whom we may provide or may have transacted with, guarantors of both individual and company clients and individuals who may provide a guarantee, and individuals who are or become customers of our clients.
Your privacy has always been important to us. As our client, or someone in a business relationship with our client, we respect your right to be aware of who has information about you, what they are doing with it and why, and who else they are sharing it with. We have adopted a privacy compliance culture that cements this relationship with you. Its foundation is the Privacy Act 1988 (as amended, including by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and the Privacy Amendment (Notifiable Data Breaches) Act 2017), the Privacy Regulation 2013, and the Credit Reporting Privacy Code. This privacy policy is the privacy policy which we must have in accordance with Australian Privacy Principle 1.3 and incorporates our credit reporting policy which we must have in accordance with section 21B(3) of the Privacy Act 1988.
This privacy policy explains how we manage personal information which is not credit information or credit eligibility information. In particular it explains, in relation to that personal information:
This privacy policy also explains how we manage credit information and credit eligibility information. In particular it explains, in relation to that information:
We collect and hold credit information about individuals who are clients, guarantors, debtors and associates. This information includes:
We obtain credit reporting information about individuals who are clients, guarantors, debtors and associates from credit reporting bodies. We only obtain it to the extent we are entitled to obtain it under the Privacy Act 1988. We might, for example, need to obtain the individual’s prior authorisation. Credit reporting information includes:
The personal information, other than credit information and credit reporting information, we collect and hold varies depending on the person we are dealing with and the reason why we are dealing with them. We collect this general personal information from individuals who are clients, guarantors, debtors, associates, prospective employees, contractors, suppliers, brokers, introducers, merchants, agents, professional advisers, mercantile agents, mailing houses, call centre operators, archivers and service providers. This information will generally include the individual’s name and contact details. We will only collect sensitive information about an individual with the individual’s consent or when permissible under Australian law.
Under various laws we will be (or may be) authorised or required to collect personal information about an individual. These laws include the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, Personal Property Securities Act 2009, Corporations Act 2001, Autonomous Sanctions Act 2011, Income Tax Assessment Act 1997, Income Tax Assessment Act 1936, Income Tax Regulations 1936, Tax Administration Act 1953, Tax Administration Regulations 1976, A New Tax System (Goods and Services Tax) Act 1999 and the Australian Securities and Investments Commission Act 2001 as those laws are amended and includes any associated regulations.
We collect personal information, other than credit eligibility information, about individuals in a variety of ways. For example, we may obtain the information from the individual or from persons acting on the individual’s behalf. When it is possible and practical we will collect the information directly from the individual. When it is not practical or reasonable to do so we will collect the information from a third party. The third party could be an authorised representative (such as a broker, agent, accountant or lawyer), another financial institution, a referee, an employer or a government body. When the individual is a debtor or an associate we may obtain the information from the client.
The credit eligibility information is obtained from a credit reporting body.
We take all reasonable steps to ensure that an individual’s personal information which we hold is protected from misuse, interference or loss and from unauthorised access, modification or disclosure.
We do this by having physical, electronic and procedural safeguards which protect the personal information we hold. For example, the personal information is stored in secure office premises or in secure archiving facilities and logins and passwords are required to access electronic databases.
Our staff are required to maintain the confidentiality of personal information and access to personal information is restricted to persons who require access to perform their duties.
We collect, hold, use and disclose credit information and credit eligibility information on individuals for purposes permitted by law which are reasonably necessary for our business activities. Those purposes include:
We do not hold any CP derived information.
We may disclose credit information (such as identification information) about an individual to a credit reporting body. The credit reporting body may include that information in the reports it provides to other credit providers.
We disclose credit information to the following credit reporting bodies:
Name: CreditorWatch Pty Ltd
Website: www.creditorwatch.com.au
Mail: GPO Box 276, Sydney NSW 2001
Name: Equifax Pty Ltd
Website: www.equifax.com.au
Mail: PO Box 964, North Sydney NSW 2059
Name: illion Australia Pty Ltd
Website: https://www.illion.com.au/
Mail: PO Box 7405, St Kilda Road, Melbourne VIC 3004
Name: Vix Verify Pty Ltd t/as GreenID
Website: https:/www.vixverify.com
Mail: P.O. Box 4863, Sydney NSW 2001
Name: Rapid ID Pty Ltd
Website: https://www.rapidid.io
Mail: support@rapidid.io
Those credit reporting bodies are required to have a policy which explains how they will manage credit-related personal information. If an individual would like to read the policy of the credit reporting body he or she should visit the credit reporting body’s website and follow the “Privacy” links, or the individual can contact the credit reporting body directly for further information. Our policy about the management of credit related personal information is contained in this privacy policy, but if an individual would like to receive it as a separate document he or she can request a copy by contacting our Privacy Contact Officer at the address specified in paragraph 7 below.
An individual has the right to request that the credit reporting body exclude his or her credit reporting information from any permissible direct marketing activities we may ask it to perform. The individual also has the right to request that the credit reporting body not use or disclose his or her credit reporting information if the individual believes that he or she has been, or is likely to be, the victim of fraud (for example, the individual suspects someone is using his or her identity details to apply for credit). The individual must contact the credit reporting body direct should this be the case.
We collect, hold, use and disclose personal information which is not credit information or credit eligibility information so that we can manage and administer the facilities which we provide. When we conduct business transactions with entities we do so to assist us in determining whether we should enter into the transaction and, if we do, to assist in managing the transaction. To provide our facilities in the most cost effective and efficient way, we may decide to utilise the services of others. If this requires that we disclose personal information we will require those persons to respect your right of privacy.
Personal information may also be used or disclosed to tell an individual about products or services that may be of interest to that individual. If the individual does not want his or her personal information used for these direct marketing purposes the individual should tell us. He or she can “opt-out” of direct marketing by sending an e-mail to or by writing to us at:
Privacy Contact Officer
Grapple
Level 12, 77 York Street
SYDNEY NSW 2000
An individual may access personal information (including credit eligibility information) about the individual which we hold. The individual can obtain that access by contacting our privacy contact officer as follows:
Telephone: 1 300 495 300
Mail: Privacy Contact Officer
Grapple
Level 12, 77 York Street
SYDNEY NSW 2000
We will need to verify the individual’s identity before giving access. We will usually provide the requested personal information within 30 days of receiving the request. There is no charge to make a request but we may levy an administration fee for providing access.
If there is a reason why we do not make the requested personal information available, we will provide our reason in writing.
If an individual considers that any personal information which we hold about the individual is incorrect in any way, the individual may ask us to correct that personal information. To seek the correction please contact our Privacy Contact Officer on the telephone number or at the e-mail or postal address above.
In certain situations, we may decide not to agree to a request to correct personal information. We will tell you in writing why we have not agreed to the correction request.
We have an internal dispute resolution system that covers complaints. That system complies with ISO 10002-2006 Customer Satisfaction – Guidelines for Complaints Handling in Organisations: sections 4, 5.1, 6.4, 8.1 and 8.2. If an individual considers that we have failed to comply with Division 3 of Part IIIA of the Privacy Act 1988, the Credit Reporting Privacy Code or the Australian Privacy Principles he or she should contact our Privacy Contact Officer on the telephone number or at the email or postal address above. We will then follow our internal dispute resolution system. We will acknowledge the complaint within 7 days. A decision will be made and advised within 30 days or a longer period as may be agreed with the individual.
If the individual is not satisfied with the decision he or she may make a complaint to the Office of the Australian Information Commissioner (the “OAIC”).
The contact details for the OAIC are: Telephone: 1300 363 992
Facsimile: (02) 9284 9666
Website: www.oaic.gov.au
Mail: The Office of the Australian Information Commissioner
GPO Box 5218
SYDNEY NSW 2001
Generally, we do not disclose personal information to overseas recipients or to persons that do not have an Australian link. However, we may do so. For example, if the debtor is located overseas we may need to send the client’s personal information overseas so that we can collect the debt. We may use service providers located overseas. In each case personal information is provided to an overseas recipient when this is permitted under the Privacy Act.
The countries where the overseas recipients of personal information are likely to be located are New Zealand, United States, Canada, United Kingdom, Austria, Belgium, Finland, France, Germany, China (including Hong Kong), Ireland, Italy, Ukraine, Japan, Luxembourg, Malta, the Netherlands, Portugal, Singapore, South Africa, Spain and Switzerland.
We recognise the obligation to notify affected individuals, as well as the Australian Information Commissioner, of any ‘eligible data breaches’ as defined for the purposes of Part IIIC of the Act.
In this privacy policy:
“associate” means a person who is or may become an officer, shareholder or employee of the client, the guarantor or the debtor;
“client” means a person (such as a company, sole trader or partnership) to whom Grapple Invoice Finance Fund Pty Ltd has provided a debtor finance or other facility including the provision of commercial credit and includes a person who has applied for, or may apply for, a facility of that type and a person (such as a company, sole trader or partnership) from whom Grapple Invoice Finance Fund Pty Ltd has purchased or may purchase goods or services or to whom Grapple Invoice Finance Fund Pty Ltd has sold or may sell goods or services;
“debtor” means a person who owes, or may owe, an account (also known as a book debt) which the client has sold to us or may sell to us or in which the client has granted, or may grant, a security interest to us;
“guarantor” means a person who has guaranteed, or may guarantee, the obligations which a client has or may have to us; and
“we”, “us” and “our” means Grapple Invoice Finance Fund Pty Ltd (ABN 82 628 786 658).
Words which are defined in the Privacy Act 1988 have the same meaning in this privacy policy.