Privacy Policy

Introduction

We’, ‘us’ and ‘our’ refer to Cheng & Yu Consulting Pty Ltd (ABN: 93 637 963 501, Credit Representative 529662) trading as 23 Finance, a Credit Representative of Finsure Finance and Insurance Pty Ltd (ABN 72 068 153 926, Australian Credit Licence Number 384704).

This privacy policy (Policy) outlines we collect and use your personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles.

We will collect and handle your personal information in accordance with its legal obligations, including those under the Privacy Act and the Australian Privacy Principles contained in the Privacy Act. In addition, where a Cheng & Yu Consulting Pty Ltd member handles credit information, it will be bound by Division 3 of Part IIIA of the Privacy Act and the Privacy (Credit Reporting) Code 2014.

This Policy describes how your personal information and, where applicable, credit information is collected, used, disclosed and held by Cheng & Yu Consulting Pty Ltd.

Why we collect personal information

We will collect and hold your personal information for the purposes of:

  • assessing your application for finance and managing that finance;
  • letting you know about our other products and services;
  • direct marketing;
  • managing our relationship with you; and

to comply with any associated legal or regulatory obligations imposed by regulators including those under anti-money laundering and counter-terrorism financing laws or laws relating to comprehensive consumer credit reporting.

Information we collect from you

We collect information about you and your interactions with us. The type of personal information we may ask you to provide to us includes but is not limited to:

  • personal and contact details such as your name, phone number, residential or postal address, email address and date of birth;
  • documentary evidence to verify your identity such as a certified copy of your driver’s licence, passport, birth certificate, citizenship and marriage certificates;
  • financial details such as details of your employment, income, assets, financial liabilities; and
  • credit information such as a credit check. See ‘Credit Information‘ below for more information.

If you are applying for finance we may also collect the ages and number of your dependants and cohabitants, the length of time at your current address, your employment details and proof of earnings and expenses.  

If you do not provide the information, we may be unable to assist you in arranging finance or providing other services.

We do not collect sensitive information (your political or religious beliefs, ethnic background etc.).

Information we collect from others

We may collect information about you in addition to what you voluntarily provide to us in order to comply with relevant laws and regulations.

If you apply for credit, we may obtain a credit report from a credit reporting body. We may also collect information about you that has been made available by third parties who are permitted to provide your data

How personal information is collected?

The personal information we collect about you comes primarily from you. We may also collect information about you in addition to what you voluntarily provide to us from you or other sources such as:

  • from your joint applicants, co-applicants or guarantors;
  • from third parties such as our survey or competition websites, marketing websites, related companies, or CRBs;
  • from your representatives, e.g. solicitors, conveyancers, builders, agents;
  • from the organisations and entities identified under the ‘How do we use and disclose your personal information’ section below, including our related entities;
  • from publicly available sources of information; and/or
  • from our own records.

Wherever there is a legal requirement for us to ask for information about you, we will inform you of the obligation and the consequences of not giving us the requested information. For example, in addition to obtaining personal information from you when you acquire a new product or service from us, we will need to obtain certain documentary evidence from you as to your identity. Such evidence may include items such as a certified copy of your driver’s licence, passport or birth certificate. We may also collect your personal information by using electronic verification services or searching publicly available sources of information such as public registers.

We will not collect any personal information about you except where you have knowingly provided that information to us or where we believe that you have authorised a third party to provide that information to us. Any information collected from publicly available sources will be protected in the same way as the information you voluntarily disclose.

If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us, that the other person has consented to you providing us with the information, and that we can collect, use and disclose that information as set out in this Policy without having to take any further steps required under law (such as obtaining consent directly from that person).  This means that if you provide us with personal information about someone else, you must make sure that the individual concerned understands the matters set out in this Policy and has provided their consent to be bound by this Policy.

Can you deal with us anonymously?

In general, you can visit our website without telling us who you are or revealing any personal information about yourself. However, if a request is made to be dealt with anonymously yet we are required or authorised by law to deal with identified individuals, we will notify you of this.

How do we use and disclose your personal information?

We only use and hold your personal information:

  • for the purpose of assessing your application for finance and managing that finance;
  • for the purpose of providing you with the financial product you have sought from us;
  • to handle any complaints that you may have;
  • any other purpose permitted under the Privacy Act;
  • any other purpose you have consented to; and
  • any other permitted purpose set out in this Policy such as direct marketing.

The types of external organisations which we often disclose your personal information include:

  • our credit licensee Finsure Finance and Insurance Pty Ltd (ABN 72 068 153 926, Australian Credit Licence Number 384704) 
  • any prospective funders or other intermediaries in relation to your finance requirements;
  • other organisations that are involved in managing or administering your finance such as third party suppliers, printing and postal services, call centres;
  • associated businesses that may want to market products to you;
  • companies that provide information and infrastructure systems to us;
  • anybody who represents you, such as lawyers and accountants;
  • anyone, where you have provided us consent;
  • where we are required to do so by law, such as under the Anti-Money or Laundering and Courter Terrorism Financing Act 2006 (Cth);
  • investors, agents or advisers, or any entity that has an interest in our business;
  • your employer, referees or identity verification services; and
  • overseas entities that provide support functions to us.

You consent to us disclosing your information to such entities (and allowing such entities to use your personal information to provide their services) without obtaining your consent on a case-by-case basis.

We may also disclose your personal information where it is:

  • necessary to provide our products or services to you or undertake operations relating to these products and services (such as to our employees, business partners, suppliers and service providers, professional advisers);
  • to carry out promotions or other activities you have requested or for direct marketing purposes (unless you have opted-out of direct marketing communications);
  • required by law (such as to the Australian Securities and Investments Commission or AUSTRAC);
  • authorised by law (such as where we are obliged to disclose information in the public interest or to protect our interests);
  • required to assist in law enforcement (such as to a police force);
  • any successors in title to our business (including new business partners or owners); and
  • with your consent (express or implied), other entities.

The above entities may in turn disclose your personal information to other entities as described in their respective privacy policies or notices.

Direct marketing

From time to time, we may also use your personal information to tell you about products and services we think may be of interest and value to you, changes to our organisation, or new products or services being offered by us or any company with whom we are associated, but we will stop if you tell us to.

We may contact you by various means, including by mail, telephone, email, SMS or other electronic means such as through social media or targeted advertising through our website or online services.

If you do not want to receive direct marketing from us, you can opt-out by writing to us at [email protected].  If the direct marketing is by email you may also use the unsubscribe function. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.

Credit Information

Credit information is information which is used to assess your eligibility to be provided with finance and may include any finance that you have outstanding, your repayment history in respect of those loans, and any defaults. 

Security of Collected Information

We will take reasonable steps to protect your personal information from misuse, interference, loss and unauthorised access, modification or disclosure. Personal information is stored in electronic form.

We have implemented policies, procedures and systems to keep your personal information secure.  In addition, we limit access to the personal information we hold to employees with a legitimate need to use it consistent with the purpose for which the information was collected, for any other matters related to that purpose that you would reasonably expect and other permitted purposes set out in this Policy such as direct marketing.

When your personal information is no longer required, we will take reasonable steps to destroy, delete or de-identify your personal information in a secure manner.  However, we may sometimes be required by law to retain certain information, for example, under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) or the Archives Act 1983 (Cth).

Social Media

We compile and categorise a list of our followers on social media platforms.  We also receive aggregate, non-personalised statistics on our coverage in social media.

Cross-border disclosure

Depending on the type of service or product we provide to you, your personal information may be disclosed to our associated entities, contractors and unaffiliated service providers located in other overseas jurisdictions such as the Philippines. The overseas jurisdictions that your personal information is subject to cross border disclosure may change from time to time.

Where Cheng & Yu Consulting Pty Ltd discloses your personal information to an overseas recipient, Cheng & Yu Consulting Pty Ltd will take reasonable steps to ensure the overseas recipients are carefully chosen and comply with this Policy.

Overseas recipients may not be subject to privacy obligations equivalent to those under the Privacy Act and could be compelled by foreign law to make disclosure of the information.

Access to and correction of personal information

You have the right to request access to your personal information and to request its correction.

You can seek access to your information or request a correction by contacting us on the details provided at the end of this Policy.

We will give you access to your personal information within a reasonable time period in a manner requested by you. We may charge a reasonable fee to cover our costs. We may decline the access in the exceptional circumstances that are permitted under the Privacy Act. If this is the case we will inform you and explain the reasons why.

We will take reasonable steps to ensure that the personal information we collect, hold, use or disclose is accurate, complete, up to date, relevant and not misleading. Reasonable steps that we may take include updating your personal information from public sources such as a telephone directory or we may ask you to confirm the personal information we hold is complete, accurate and current.

We ask that you notify us of any incorrect personal information we may hold as promptly as possible and advise of changes to your contact details in accordance with our terms and conditions. Alternatively, if you believe that any of the personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading and needs to be corrected or updated, please contact us using our details provided at the end of this Policy.

We will respond to your request to correct your personal information we hold within 30 calendar days after the request is made. There will be no charge for the making of any request. We may refuse to correct your personal information we hold about you if we do not agree with the corrections you have supplied. When we refuse your request, we will give you a written notice to that effect and an information statement if requested.

Lodging a Question or Complaint

If you have a question or a complaint about how we have handled your personal information, please contact us using the contact details provided at the end of this Policy.

The Privacy Officer will acknowledge the receipt of your complaint as promptly as possible after we receive your complaint. We will endeavour to investigate and resolve your complaint within 30 calendar days. If you are unsatisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner.

Notifiable Data Breaches

We are required to notify you and the Office of the Australian Information Commissioner where there is a data breach that will likely result in serious harm to you.

If at any time you believe your personal information which we hold has been the subject of a data breach, please contact us immediately using the contact details set out in this Policy.

Changes to this Policy

This Policy is subject to change from time to time as Cheng & Yu Consulting Pty Ltd considers necessary. This Policy was last updated in December 2022. We will publish material changes by making them available on our website.

If you would like a copy of this Policy in another form (such as a paper copy), we will take such steps as are reasonable in the circumstances to provide you with a copy in the requested form.

Contacting Us

Access, Correction or Complaints

If you need more information, want to access or update your personal information or you have a privacy concern, or if you wish to contact us regarding our handling of your personal information or any of the matters covered in this Policy, please contact the us by email, phone or mail using the following details:

Email:             [email protected]

Phone:           02 8593 3408

Mail:               Compliance

Cheng & Yu Consulting Pty Ltd

Suite 200, 1 Barratt Street Hurstville NSW 2220

If you are not satisfied with our response after you have been through our internal complaints process, you can contact the Office of the Australian Information Commissioner if your complaint is about your privacy.

Office of the Australian Information Commissioner

Email:             [email protected]

Phone:           1300 363 992

Mail:               Office of the Australian Information Commissioner
GPO Box 5218,
Sydney NSW 2001

en_AUEnglish