Privacy Policy

Updated: 21st June 2019

1.1 In handling your personal information, Maleny Credit Union (ABN 52 087 650 995) and its controlled entities (“MCU”/“credit union”/”we”/”us”) are committed to complying with the Australian Privacy Principles under the Privacy Act 1988 (cth) (“Privacy Act”). We are also bound by the Division of Part IIIA of the Privacy Act, which regulates the handling of credit information, credit eligibility information and related information by credit providers.
1.2 This Privacy Policy outlines how we deal with your personal information (including credit-related information), as well as our legal obligations and rights as to that information. If we agree with you to use or disclose any of your personal information in ways which differ to those stated in this Privacy Policy, then the provisions of that agreement will prevail to the extent of any inconsistency.
2.1 Certain words have special meanings when used in this Privacy Policy. These are shown below.

“Personal information” means information or an opinion about an individual who is identified, or who can reasonably be identified, from the information. Although we try to make sure that all information we hold is accurate, “personal information” also includes any inaccurate information about the individual.

“Credit eligibility information” means information that has been obtained from a credit reporting body, or that has been derived from that information, that is about an individual’s credit worthiness.

“Credit information” means personal information that includes the following:

  • information about an individual, such as their name and address, that we may use to identify that individual,
  • information about an individual’s current or terminated consumer credit accounts and, from 12 March 2014, an individual’s repayment history,
  • the type and amount of credit applied for in any previous consumer or commercial credit applications to any credit provider, where that credit provider has requested information,
  • information about an individual from a credit reporting body,
  • information about consumer credit payments overdue for at least 60 days and for which collection action has started,
  • advice that payments that were previously notified to a credit reporting body as overdue are no longer overdue,
  • information about new credit arrangements an individual may have made with a credit provider, in relation to consumer credit currently or previously held, to deal with any defaults or serious credit infringements by that individual,
  • information about court judgments which relate to credit that an individual has obtained or applied for,
  • information about an individual on the National Personal Insolvency Index,
  • publicly available information about an individual’s credit worthiness, and
  • an opinion of a credit provider that an individual has committed a serious credit infringement of credit provided by that credit provider.
2.2 We may not hold all of these kinds of information about a particular individual. However, if we hold any of these kinds of information, then it is protected as “credit information” under this Privacy Policy.

“Credit-related information” means credit information, credit eligibility information and related information.

3.1 MCU only holds personal information that is necessary to perform the normal functions of our products and services. Wherever possible, we will collect personal information (including credit information) directly from you.
3.2 This information will generally come from what you provide in your application for one of our products or services and supporting documentation. This in turn depends upon the type of product or service you request. It may include:

  • identifying information, such as your name, address, date of birth, and contact details,
  • financial information about you and your financial position, such as your income, expenses, savings and assets and any (other) credit arrangements,
  • communications between you and the credit union,
  • your employment details,
  • your tax file number, and
  • your reasons for applying for a product or service.
3.3 The law also requires us to collect and hold personal information about you:

  1. for our register of members,
  2. to verify your identity, and
  3. to assess your capacity to pay a loan you
    1. have applied for, and / or
    2. have guaranteed.

If you fail to provide this information, then the Credit Union may be unable to process your request for a product or service.

3.4 We may also collect personal information (including credit-related information) about you from third parties, such as any referees that you provide, your employer, other credit providers and third-party service providers including credit reporting bodies.
3.5 Credit reporting bodies collect credit information about individuals which they provide as credit reports to credit providers and others in the credit industry to assist them in managing credit risk, collecting debts and other activities.
3.6 From 12 March 2014, you can also ask a credit reporting body, through contact details on their website, not to use or disclose your personal information if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud.
3.7 Some information is created through our internal processes, like credit eligibility scoring information.
4.1 MCU respects your privacy. We collect and hold personal information (including credit related information) about you for the purpose of providing products and services to you and managing our business. This may include:

  1. assessing and processing your application for the products and services we offer,
  2. establishing and providing our systems and processes to provide our products and services to you,
  3. executing your instructions,
  4. charging and billing,
  5. uses required or authorised by law,
  6. maintaining and developing our business systems and infrastructure,
  7. collecting overdue payments due under our credit products,
  8. to provide you with membership benefits, financial services and products or information related to those benefits, services and products,
  9. to provide you with information about financial services and products from 3rd parties we have arrangements with, and
  10. to conduct market or customer satisfaction research.
4.2 In addition, MCU may also use your personal information to provide you with information about other products and services offered or distributed by the credit union or a related company of the credit union. However, this will only be done with your consent. MCU does not use external identifiers to assist us in the management of personal information.
4.3 Under our Constitution, which Members have adopted and only they can agree to amend, we are required to provide you with certain information. This information includes notices of meetings, elections and any proposed changes to the Constitution.
4.4 We are also legally bound to provide certain documents such as statements. We include Member newsletters and other inserts with Members’ statements, because they contain important information relating to Members’ accounts and current services which Members would not otherwise receive.
4.5 In general, we do not use or disclose your personal information (including credit-related information) for a purpose other than:

  1. a purpose set out in this Privacy Policy,
  2. a purpose you would reasonably expect,
  3. a purpose required or permitted by law, or
  4. a purpose otherwise disclosed to you to which you have consented.
5.1 We may disclose your personal information (including credit-related information) to other organisations, for example:

  • our related companies,
  • external organisations that are our assignees agents or contractors,
  • organisations that provide information to verify your identity,
  • service providers to us, payment systems operators, contractors for statement printing and mail out, card and cheque production, market research or direct marketing,
  • 3rd party product suppliers to provide information to you about their services and products,
  • brokers and agents who have referred your business to us,
  • persons you name as referees, or your employer, in loan applications,
  • property valuers and insurers for property loans,
  • your guarantor,
  • debt collection agencies, lawyers, process servers, if you have not repaid a loan as required,
  • insurers and re-insurers, where insurance is provided in connection with our services to you,
  • superannuation funds, where superannuation services are provided to you,
  • other financial institutions, for example, when you apply for a loan from another credit provider and you agree to us providing information,
  • credit reporting bodies, including disclosing that you are in default under a credit agreement or commit a serious credit infringement, if that is the case,
  • lenders’ mortgage insurers, where relevant to credit we have provided,
  • our professional advisors, such as accountants, lawyers and auditors,
  • state or territory authorities that give assistance to facilitate the provision of home loans to individuals,
  • certain entities that have bought or otherwise obtained an interest in your credit product, or that are considering doing so, and their professional advisors,
  • your representative, for example, lawyer, mortgage broker, financial advisor or attorney, as authorised by you, or
  • if required or authorised by law, to government and regulatory authorities.
5.2 MCU contracts out some of our functions, as mentioned above, to external service providers. Your personal information may be disclosed to them so that they can provide the services that has been contracted out to them. We will take reasonable steps to ensure that these organisations are bound by sufficient confidentiality and privacy obligations with respect to the protection of your personal information.  
5.3 We will not disclose your personal information overseas.  
6.1 Where it is necessary to do so, we may collect personal information about you that is sensitive. Sensitive information includes information about an individual’s health, and membership of a professional or trade association.  
6.2 Unless we are required or permitted by law to collect that information, we will obtain your consent. However, if the information relates directly to your ability to meet financial obligations that you owe to us, then you are treated as having consented to its collection.  
7.1 We may refuse an application for consumer credit made by you individually or with other applicants. Our refusal may be based on credit eligibility information obtained from a credit reporting body about either you, another applicant or another person proposed as guarantor. In that case, we will give you written notice that the application has been refused on the basis of that information. We will tell you the name and contact details of the relevant credit reporting body and other relevant information.  
8.1 MCU stores your personal information with a strong emphasis on its security and the protection of your privacy. We take all reasonable steps to ensure that your personal information (including credit-related information), held electronically or otherwise, is protected from:

  • misuse, interference and loss, and
  • unauthorised access, disclosure or modification.
8.2 We ask you to keep your passwords and personal identification numbers safe, in accordance with our terms and conditions.  
8.3 When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we take reasonable steps to ensure that it is destroyed or de-identified.  
9.1 MCU has an ongoing obligation to take reasonable steps to handle personal information in accordance with AAP1 and 11 under the Privacy Amendment (Notifiable Data Breaches) Act 2017. This includes protecting personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.  
9.2 If a suspected or known breach occurs MCU’s first priority is to contain the suspected or known breach. Therefore, we will take immediate steps to limit any further access or distribution of the affected personal information, or the possible compromise of other information.  
9.3 An assessment will be performed to determine if the data breach is likely to result in serious harm to any of the individuals whose information was involved. Any required remedial action will be determined as part of this assessment process.  
9.4 If there is reasonable grounds to believe that serious harm will result MCU will then prepare a statement for the Office of the Australian Information Commissioner, notify the individuals concerned and APRA.  
9.5 If it is not practicable to notify the specific individuals concerned, then a statement will be published on the MCU website providing details of the notification and an explanation as to what we are doing to rectify the breach.  
9.6 A review will be conducted of the incident and action taken to prevent future breaches.  
10.1 This section explains how we handle personal information and credit information collected from our website. If you have any questions or concerns about transmitting your personal information via the internet, then you may contact our Privacy Officer, whose details are in paragraph 14 of this Privacy Policy, as there are other ways for you to provide us with your personal information.  
  10.1.1 Visiting our website

Anytime you access an unsecured part of our website, that is, a public page that does not require you to log on, we will collect information about your visit, such as:

  • the time and date of the visit
  • any information or documentation that you download
  • your browser type, and
  • internet protocol details of the device used to access the site and from which country.

This data is recorded via Google Analytics and thus stored on the internet. Neither personal data, nor any data entered into website forms are sent to/kept by Google.

Our website also includes a number of calculators and electronic forms, which may require you to enter your personal details. If you save the data you enter on the calculator or form, then this information will be stored on your local computer unless changed by the user.

  10.1.2 Cookies

A “cookie” is a small text file which is placed on your internet browser and which we may access each time you visit our website. When you visit the secured pages of our website (ie pages that you have to provide login details to access) we use cookies for security and personalisation purposes.

When you visit the unsecured pages of our website (ie public pages that you can access without providing login details) we use cookies to obtain information about how our website is being used. You may change the settings on your browser to reject cookies, however doing so might prevent you from accessing the secured pages of our website.

  10.1.3 Email

When we receive emails, we will retain the content of the email and our response to you where we consider it necessary to do so.

Your email address will only be used or disclosed for the purpose for which it was provided. It will not be added to any mailing lists or used for any other purpose without your consent.

  10.1.4 Security

We use up-to-date security measures on our website to protect your personal information and your credit information. Any data containing personal, credit or related information which we transmit via the internet is encrypted. However, we cannot guarantee that any information transmitted via the internet by us, or yourself, is entirely secure. You use our website at your own risk.

  10.1.5 Links on our website

Our website may contain links to third party websites. The terms of this Privacy Policy do not apply to external websites. If you wish to find out how any third parties handle your personal information or credit information, then you will need to obtain a copy of their privacy policy.

11.1 In most cases, you may gain access to personal information the credit union holds about you. MCU will handle requests for access to your personal information in accordance with the NPPs. All requests for access to your personal information will be handled by the Privacy Access Officer, who can be contacted by telephone or in writing at the telephone number and postal and email addresses set out in item 5 below.  
11.2 You may request access to the personal information (including credit-related information) that we hold about you at any time.  
11.3 We will respond to your request for access within a reasonable time. If we refuse to give you access to the personal information, then we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. You can contact our Privacy Officer if you would like to challenge our decision to refuse access.  
11.4 There will be no charge for lodging a request for access to personal information. However, there may be a charge for providing access to the information to you. You will be advised at the time of your application for access, of the applicable fee. Please refer to our current Schedule of Fees Accounts and Access Facilities for the current fee for this service.  
12.1 We take reasonable steps to make sure that the personal information (including credit-related information) that we collect, use or disclose is accurate, complete and up-to-date. However, if you believe your information is incorrect, incomplete or not current, then you can request that we update this information by contacting our Privacy Officer whose details are in paragraph 14 of this Privacy Policy.  
13.1 We may use your personal information, including your contact details, to provide you with information about products and services, including those of third parties, which we consider maybe of interest to you. We are permitted to do this while you are our customer, and even if you are on the Do Not Call Register.  
13.2 We may also provide your details to other organisations for specific marketing purposes.  
13.3 We will consider that you consent to this, unless you opt out. You may opt out at any time if you no longer wish to receive marketing information or do not wish to receive marketing information through a particular channel, such as email. In order to do so, you will need to request that we no longer send marketing materials to you or disclose your information to other organisations for marketing purposes. You can make this request by contacting our Privacy Officer whose details are in paragraph 14 of this Privacy Policy, or by ‘unsubscribing’ from our email marketing messages, which always include an unsubscribe option.  
14.1 To get more information about the way the credit union manages personal information held about you OR if you are concerned that the credit union may have breached your privacy and wish to make a complaint, please contact the telephone number, postal or email addresses set out below.  
14.2 Once a complaint has been lodged, the Privacy Officer will respond to you as soon as possible. We will aim to deal with your complaint at the source of your complaint. If you are not satisfied with the response you receive, please let us know and our Member Services Team will investigate further and respond to you.  
14.3 If you are still not satisfied, then you can contact external bodies that deal with privacy complaints. These are the AFCA scheme which is our external dispute resolution scheme, the Federal Privacy Commissioner or, in the case of insurance-related privacy complaints, the Australian Prudential Regulation Authority. Any of these bodies may forward your complaint to another external dispute resolution body if it considers the complaint would be better handled by that other body.

Australian Financial Complaints Authority
AFCA scheme
Post: GPO Box 3, Melbourne VIC 3001
Telephone: 1800 931 678
Website: www.afca.org.au

Federal Privacy Commissioner
Post: GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992
Website: www.oaic.gov.au

Australian Prudential Regulation Authority
Post: GPO Box 9836, Sydney NSW 2001
Telephone: 1300 55 88 49
Website: www.apra.gov.au

15.1 Our Privacy Officer’s contact details are:

The Chief Finance Officer
Maleny Credit Union
PO Box 1099
Ph 5499 8988 Fax 5494 3363
Email – privacy@mcu.com.au

16.1 From time to time it may be necessary to review the credit union’s privacy policy. The credit union reserves the right to change the privacy policy at any time. If this privacy policy is changed, then the amended versions will be available at the credit union office and will be posted on the credit union website.  
17.1 This Privacy Policy is provided for the purposes of information only. While we have taken care to ensure that it is accurate and current, we provide no guarantee as to its accuracy or currency. We accept no liability for loss or damage suffered as a result of reliance on the information provided in this Privacy Policy.  
© copyright exists in this document