In this policy we explain how and why we collect credit information about individuals, how we use such information, and what controls individuals have over our collection and use of information about them. This policy is relevant to individuals who are current and former commercial credit account holder customers, as well as other individuals that Vadals deals with in connection with credit we provide to our commercial credit account customers (for instance, such individuals may be guarantors or directors of corporate customers).
2. Vadals is committed to complying with Commonwealth legislation and regulations (the Act and the CR Code) governing privacy of credit information about individuals by credit providers and to protecting and safeguarding the privacy of individuals when they deal with us.
Collection of information and types of information collected
3. Vadals collects, holds and uses various types of credit-related information about individuals, which information includes:
identification information such as current and prior names and addresses, age, contact details and driver's licence number;
applications for credit (including the name of each relevant credit provider), the type and amount of that credit and the fact Vadals has accessed consumer credit information to assess a relevant application;
that Vadals and other credit providers are or have been a provider of credit to an individual (or an entity associated with an individual) and the type, characteristics and maximum amount of credit that have been provided or will be provided;
the date that any credit contract Vadals or other credit providers have or have had with an individual was entered into and the date that it comes to an end;
payments owed to Vadals or another credit provider, in connection with credit provided to an individual (or an entity associated with an individual) or in relation to which an individual is a guarantor (and, if there is subsequently paid any such overdue payment, the fact of that payment);
whether in Vadals’s or another credit provider's opinion an individual has committed a serious credit infringement;
whether an individual has entered into arrangements with Vadals or other credit providers in connection with credit provided to the individual (or an entity associated with the individual;
court proceedings information, personal insolvency information and credit-related publicly available information;
scores, ratings, summaries, evaluations and other information relating to an individual’s credit worthiness which is derived by Vadals or its agents or by CRBs wholly or partly on the basis of the information above;
certain administrative information relating to credit, such as account and customer numbers.
While the Act uses a variety of terms to refer to such information as referred to above, for ease of understanding and reading this policy, such information is referred to hereinafter as "credit information"
4. Credit information may be collected by Vadals in a number of ways including:
being provided by an individual directly to Vadals or by persons acting on behalf of the individual (such as on applications or other forms);
being provided by credit reporting bodies (“CRBs”) and other credit providers with the consent of the individual;
being information that is in the public domain;
being information is derived by Vadals from an individual’s usage and (where applicable) trade on and transactional history on any account (of the individual or of an entity associated with the individual) held with Vadals.
How credit information is held
5. At or before the time any credit information is collected by Vadals about an individual, we will take reasonable steps to ensure that the individual is made aware of who we are, the fact that the individual is able to gain access to the information held about the individual, the purpose of the collection, the type(s) of entities to which we usually disclose such information collected about the individuals, any laws requiring the collection of the information and the main consequences for the individual if all or part of the information is not collected.
6. Vadals may hold credit information about an individual in physical form or in electronic form on our systems or the on systems of Vadals’s IT service providers.
The credit information Vadals holds about individuals is protected by physical, electronic, and procedural safeguards and Vadals also requires its service providers that hold and process such information on Vadals’s behalf to follow appropriate standards of security and confidentiality. Any credit information we collect from an individual or about an individual is kept securely and held on secure servers in controlled facilities.
7. Vadals trains its staff and others who work for it on how to handle credit information appropriately and Vadals restricts access to what is necessary for specific job functions.
Use of information collected and disclosure of personal information to others
8. Vadals may, as permitted by law, collect, hold, use or disclose credit information held about an individual for the purposes for which such information is collected. These purposes include:
to form decisions as to whether to provide an individual, or an entity associated with an individual, with credit or to accept an individual as a guarantor;
to make assessments relating to an individual’s credit worthiness which are used in Vadals’s ongoing decision-making processes regarding provision of credit and the amount of such credit;
to participate in the credit reporting system including in obtaining from and providing information to CRBs and other credit providers as permitted by Part IIIA of the Act and the CR Code;
to assist an individual or entity associated with the individual to avoid defaulting on credit-related obligations to Vadals or other credit providers;
to undertake debt recovery and enforcement activities, including in relation to guarantors, and to deal with serious credit infringements;
to deal with complaints and meet legal and regulatory requirements; and
to assist other credit providers to do the same.
(Some credit information may only be used or disclosed under the Act for some of the above purposes or in some particular circumstances. Certain such particular circumstances are set out in clause 9 below.)
9. Generally, Vadals will be permitted to use or disclose credit information held about an individual where the individual has consented to the use or disclosure. Vadals may disclose credit information about an individual to CRBs and/or to other credit providers for such purposes as set out at clause 8 above as permitted by the Act. For example, Vadals may be permitted to disclose credit information to a CRB in such circumstances as where the individual has consented to the disclosure or where the individual has failed to meet payment obligations in relation to credit provided by Vadals or if the individual has committed a serious credit infringement. Similarly, Vadals will generally be permitted to disclose credit information to another credit provider about an individual where the individual has consented to such disclosure.
10. CRBs may include credit information provided by Vadals in reports provided to other credit providers to assist such other credit providers to assess the individual’s credit worthiness. Vadals shares credit information with the following CRB:
Veda Applied Intelligence - http://www.veda.com.au/contact-us
You are able to obtain a copy of Veda's credit reporting policy from its website.
Rights in relation to CRBs
11. Individuals have certain rights in respect of CRBs and the information a CRB holds about the individual and those rights include:
Opting out of direct marketing pre-screenings. A CRB may use an individual’s credit information to assist a credit provider to market to that individual by pre-screening the individual for direct marketing by the credit provider. This process is known as a "pre-screening". If an individual does not want a CRB (including that CRB listed above) to use that individual’s information for the purpose of pre-screening, the individual has the right under the Act to contact the CRB to request that they exclude the individual from such processes.
If an individual is a victim of fraud (including identity-related fraud). An individual is entitled under the Act to request that a CRB not use or disclose credit reporting information they hold about the individual in circumstances where the individual reasonably believes that they have been or are likely to be a victim of fraud, including identity-related fraud. The period while this applies is called a "ban period". An individual can make such a request to any CRB, including that listed above.
12. As part of Vadals’s functions and business activities and to promote the services we can provide to its customers, including in respect of Vadals’s credit-related activities, Vadals may be permitted to use personal information about individuals that individuals have provided to Vadals for the purposes of direct marketing. Direct marketing includes, but is not limited to, sending to and/or contacting individuals in relation to promotions and information about Vadals. All recipients, including individuals, can opt out of receiving direct marketing communications by sending an email to Vadals’s Privacy Officer at firstname.lastname@example.org. In any direct marketing communication we remind recipients of their right to opt out of receiving direct marketing communications. However, as a general rule, a credit provider such as Vadals is not permitted to disclose to others credit information about individuals for the purposes of direct marketing. We also refer to the right of individuals, set out at paragraph 11 above, to opt out of direct market pre-screenings by CRBs.
Anonymity and Pseudonymity
13. Individuals would generally have the option of dealing with Vadals anonymously. However, this only applies where it is not impracticable for Vadals to deal with individuals acting anonymously or under a pseudonym. For example, individuals making general enquiries of Vadals may do so anonymously or under a pseudonym. However, if the dealing with Vadals is for Vadals to supply goods and services and/or to enter into contractual relations (such as a commercial credit account) with a customer that is the individual or is associated with the individual, then it is impractical for such individuals to deal with Vadals on an anonymous basis or under a pseudonym.
14. Our web site may contain links to other web sites and those third party web sites may collect personal information about individuals. We are not responsible for the privacy practices of other businesses or the content of web sites that are linked to our web site. Vadals encourages users to be aware when they leave the site and to read the privacy statements of each and every web site that collects personally identifiable information.
Security and storage
15. Vadals places a great importance on the security of all information associated with our customers, clients and contractors. We have security measures in place to protect against the loss, misuse and alteration of personal information (including credit information) under our control. Vadals takes all reasonable steps to protect individuals’ personal information that is under Vadals’s control from misuse, interference, loss and/or unauthorised access, modification or disclosure. All personal information (including credit information) held is kept securely and that held electronically is held on secure servers in controlled facilities.
16. Personal information (including credit information) is de-identified or destroyed securely when no longer required by us.
17. Vadals retains information provided to us including individuals’ contact and financial and transactional information to enable us to verify transactions and customer details and to retain adequate records for legal and accounting purposes. Such information is held securely, including on secure servers in controlled facilities.
18. Information stored within our computer systems or by our agents who provide electronic storage facilities can only be accessed by those entrusted with authority and computer network password sanctions.
19. No data transmission over the Internet can be guaranteed to be 100 per cent secure. As a result, while we strive to protect users' personal information (including credit information), Vadals cannot ensure or warrant the security of any information transmitted to it or from its online products or services, and users do so at their own risk. Once Vadals receives a transmission, we make every effort to ensure the security of such transmission on our systems.
20. Ultimately, individuals are solely responsible for keeping their passwords and/or account information secret. Individuals should be careful and responsible whenever they are online.
Access to and correction of personal information
21. Vadals is committed to and takes all reasonable steps in respect of maintaining accurate, timely, relevant, complete and appropriate information about our customers, clients and web-site users.
22. Any individual may request access to personal information (including credit information) about them held by Vadals. Such a request for access to personal information is to be made to Vadals’s Privacy Officer:
Vadals’s Privacy Officer
PO Box 3433 TIngalpa DC Qld 4173
07 3907 7877
23. Please note Vadals does require that, as part of any request by an individual for access to personal information (including credit information), the individual verify their identity so that Vadals may be satisfied that the request for access is being made by the individual concerned.
24. Please note that Vadals is not required to give an individual access to credit information about them in circumstances where:
giving access would be unlawful; or
denying access is required or authorised by or under an Australian law or a court/ tribunal order; or
giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
25. Inaccurate information will be corrected upon receiving advice to this effect. To ensure confidentiality, details of an individual’s personal information (including credit information) will only be passed on to the individual if we are satisfied that the information relates to the individual. From time to time, and having regard to the purpose of the collection and use of personal information (including credit information) about individuals, we may contact individuals to seek confirmation that the personal information provided to us by the individual is accurate, up-to-date and complete.
26. If we refuse to provide an individual with access to their personal information (including credit information) or to correct the personal information (including credit information) held by us about them, then we will provide reasons for such refusal. Such reasons will set out the grounds for refusal, the mechanisms available to complain about the refusal and any other matters that are required by the Act.
27. Vadals will respond to any requests for access or correction within a reasonable time of receipt of the request, but by no later than 30 days of the request being received.
28. If an individual has a complaint that Vadals has not complied with its obligations under the Act then any such complaint should be directed in the first instance to Vadals’ Privacy Officer at the contact details set out at clause 22 of this policy.
29. Upon receiving a complaint we will, within 7 days, give the complainant written notice acknowledging receipt of the complaint and setting out the process of how we will deal with it. Unless a longer time is agreed by the complainant, we will investigate the complaint and make a decision within 30 days of receipt of the complaint and communicate the decision to the complainant. We aim to resolve all complaints within 30 days of receipt. If we cannot resolve a complaint within 30 days we will notify the complainant of the reasons and specify a date when we expect a decision or resolution will be made and seek the complainant’s agreement to extend the 30 period – if the complainant does not agree then we may not be able to resolve the complaint.
30. It may be necessary (and it may be required by the Act), in order to deal with a complaint, to consult with a CRB or another credit provider. Further, if, while a complaint remains unresolved, we are disclosing information subject to the complaint to a third party, we may be required to advise the third party about the complaint.
31. If we find a complaint is justified we will resolve it and do what is required to rectify any breach. Vadals is committed to fulfilling its obligations as an APP entity and a credit provider under the Privacy Act.
32. If a complainant is not satisfied with the outcome of Vadals’s internal complaints procedure in respect of Vadals privacy practices then the complainant may refer their complaint to the Office of the Australian Information Commissioner (“OAIC”). The website for the OAIC is: www.oaic.gov.au.
Transfer of information overseas
33. Vadals is unlikely to disclose personal information (including credit information about individuals) to overseas recipients. Personal information (including any credit information) would only be disclosed by Vadals to overseas recipients in accordance with the requirements of the Act, such as if the individual consents to the disclosure or if the disclosure is required by law. However, personal information (including credit information) may be stored with third party overseas entities under circumstances where Vadals retains control of the information.
37. For further information regarding our privacy policies, please contact us at the following address:
38. For more information on privacy legislation and the CR Code please visit the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.