Our Privacy Policy and Credit Reporting Privacy Policy

1. Privacy at hummgroup – Our Privacy Policy and Credit Reporting Privacy Policy

Background
At hummgroup it is important to us that we manage your personal information securely and consistently with relevant legislation, including the Privacy Act 1988 (Cth) (“Privacy Act”) as well as the Credit Reporting Privacy Code (where applicable).

This Policy outlines how hummgroup and its related companies, including:

  • Flexirent Capital Pty Ltd ABN 93 064 046 046;
  • humm Cards Pty Ltd ABN 31 099 651 877;
  • Once Credit Pty Ltd ABN 99 112 319 632;
  • humm BNPL Pty Ltd ABN 28 129 228 986;
  • humm Pro Pty Ltd ABN 94 639 701 312;
  • flexicommercial Pty Ltd ABN 17 644 644 860;
  • OxiPay Pty Ltd ABN 22 129 228 959,
    (“we / us”) collect, disclose, use, store or otherwise handle personal information.

This Policy is effective as at 12 July 2022. Sometimes we will update it – you can always find a current version at https://www.shophumm.com/humm-group/important-information/.

This Policy explains:

  • the kinds of personal information (including credit-related information) we collect, and the purposes for which we do that;
  • how we manage the personal information that we collect about you;
  • how you can seek access to and correction of that information; and
  • if necessary, how you can make a complaint relating to our handling of that information.

This Policy is not limited to current customers or guarantors of customers (where applicable) – it relates to other individuals who deal with us, whether in relation to the provision of credit or otherwise.

What is personal information?

Personal information is information about an individual who is identified or reasonably identifiable (for example, your name and date of birth).

Credit-related information (which includes credit information and credit eligibility information) is a type of personal information. This includes information from a credit report about you (or information which is derived from that report), your repayment history for loans from other credit providers, the amount of credit provided to you, and the kinds of credit products you have applied for.

Sensitive information is another type of personal information. This is information which is sensitive in nature (for example, your political opinions, philosophical beliefs, membership of a professional or trade association or union, and health information). We only collect sensitive information from you if it is necessary in the circumstances and you have consented to that collection.

2. Personal information we may collect

Personal information generally
We will collect certain information about you depending on the circumstances in which the product or service is being provided. This information can include:

  • key personal information such as your name, gender, date of birth, residential and business addresses, telephone numbers, email and other electronic addresses;
  • financial and related information, such as your occupation, accounts, bank card details, assets, expenses, income, dependents, and regarding your employment, financial and business dealings and other relevant events;
  • your transaction history (with us and our associates or relevant third parties). This information includes products you may have used, your payment history, and the capacity in which you have dealt or deal with us;
  • behavioral biometric data which includes behavioral analytics on how you use and access our websites and mobile apps;
  • data required for high-quality and safe provision of services, which can include:
    • information entered into text fields or live chat, call recordings and system notes;
    • session data that is automatically collected and transmitted by our apps, such as your device IP address, version of the operating system, brand and model of your device, unique identifiers of your device, browser used, information about the time our app was accessed, name and parameters of the network connection;
    • information about applications installed on your device (metadata from applications), such as application name, application identifier and version, device identifier and checksum;
    • information about the geolocation of your device, such as geolocation data using GPS data, nearest Wi-Fi access points and mobile networks;
    • call history on your device; and
  • other relevant information – depending on the circumstances this may also include health and medical information (e.g. if it is relevant to a hardship request), membership of professional bodies, tax file number information (other government identifiers (e.g. if relevant to identifying you)).

Credit-related information
If we need to collect information about you in relation to credit matters, this can include:

  • information such as account numbers or customer identifier numbers;
  • credit reports from credit reporting bodies (“CRBs”);
  • credit application history with us and other credit providers, such as the type of credit you applied for, the amount of credit you have applied for, the start and end date of relevant credit;
  • repayment history information, such as whether you owe any payments to us or another credit provider (regardless of the capacity in which that credit was provided) that are overdue;
  • credit ratings, scores and evaluations about you and your credit worthiness;
  • Court proceedings information about you. This is information about a judgment of an Australian court that is made against you that relates to credit that was provided to, or applied for, by you, such as whether you have been declared bankrupt or have been subject to insolvency;
  • whether we have accessed your credit information previously;
  • default information about you. This is information about a payment owed by you as a borrower or guarantor in connection with consumer credit that remains overdue for more than sixty (60) days and which we can disclose to a credit reporting body if certain requirements under the Privacy Act are met;
  • payment information about you. Payment information is a statement that an overdue payment in relation to which default information was provided to a credit reporting body has been paid;
  • new arrangement information about you. This is information about you having entered into certain types of arrangements with us in relation to consumer credit where you have been overdue in making a payment and we have provided default information to a credit reporting body. New arrangement information is either that the terms of conditions of that consumer credit have been varied as a result of you being overdue or that you have been provided with new credit relating to the original amount of credit;
  • financial hardship arrangement information. This is information about you having entered into a financial hardship arrangement in relation to consumer credit where you have been unable to meet your contracted monthly repayments and we have either granted you temporary relief from or deferral of your obligations in relation to the consumer credit; or that a permanent variation to your credit contract has been made. This may also include repayment history information and financial hardship information in relation to the financial hardship arrangement.
  • personal insolvency information about you. This is information recorded in the National Personal Insolvency Index and relating to your bankruptcy, a debt agreement proposal given by you, a debt agreement made by you, a personal insolvency agreement executed by you, a direction given, or an order made, under the Bankruptcy Act that relates to your property or an authority signed under the Bankruptcy Act that relates to your property;
  • publicly available information about you:
    • that relates to your activities in Australia or the external Territories and your credit worthiness; and
    • that is not court proceedings information about you or information about you that is entered or recorded in the National Personal Insolvency Index;
  • An opinion we have on reasonable grounds that you have committed a serious credit infringement in relation to consumer credit that we have provided to you. A serious credit infringement includes, in summary that you:
    • were fraudulently obtaining (or attempting to obtain) consumer credit;
    • are fraudulently evading (or attempting to evade) your consumer credit obligations; or
    • are no longer intending to comply with your consumer credit obligations we have not been able to contact you for six (6) months in accordance with the Privacy Act.

If you do not provide us with your personal information (including credit-related information), we may not be able to provide products or services.

3. How we collect your personal information

In many circumstances, we will collect the above information primarily from you (or from someone who is representing or assisting you). However, there are certain instances in which we will collect information about you from third parties where it is unreasonable or impracticable to collect it directly from you. For example, even where your application is for consumer credit, we may collect information about you from a business which provides information about commercial credit worthiness for the purpose of assessing your application.

Other third parties that we may collect your information from include:

  • our agents;
  • other entity involved in providing any products we offer with a partner and associated benefits;
  • your co-applicant (if any);
  • your employers, accountant, referees, banks, landlords, guarantors, lawyers, financial advisers or others with whom you have previously had dealings or persons assisting you who you direct to provide information to us;
  • other hummgroup entities who may have information about you;
  • in relation to credit information – by contacting relevant CRBs and other credit providers who may have information about you relevant to us;
  • in relation to identification information – by contacting relevant CRBs and other identification service providers;
  • by accessing information about you that is publicly available (e.g. internet sources or a search of white pages);
  • card schemes;
  • insurers (such as insurers who provide insurance in relation to your credit);
  • your executor, administrator or attorney;
  • service providers to us (including debt collection agencies, introducers, private investigators, professional advisers);
  • professional organisations;
  • public and subscriber only databases;
  • any person considered necessary in our view to execute your instructions; and
  • government authorities.

4. How we hold and protect your personal information

We will hold your personal information in paper or other physical form, but it is usually held in electronic form on our systems. Service providers may hold the information for us. Your personal information is protected by various physical, electronic and procedural safeguards. Where a service provider holds your information, we require those service providers to adhere to our approved standards of security and confidentiality to ensure the continuing protection of your personal information.

We train staff who handle your personal information to ensure that your personal information is handled appropriately. Our procedures ensure that your personal information is only made available to staff where necessary.

5. Purposes for which we may collect, hold, use and disclose your personal information

Personal information we collect about you will only be held, used and disclosed as is reasonably necessary for our business purposes and as permitted by law.

Purposes for which we will usually hold, use and disclose your personal information, depending on the circumstances and the nature and products and services you are obtaining from us, include:

  • in order for us to decide whether to provide a product applied for or service requested (this might include evaluating your credit worthiness, or deciding whether to accept you as a guarantor);
  • providing the products or services that we or our partners (if applicable) provide, including related arrangements (e.g. where we provide you with a credit to make a purchase, or where our product is a payment service, that includes arranging for the purchase to be paid for or the payment to be made);
  • managing the products and services that we provide;
  • the ongoing monitoring of credit worthiness;
  • to identify the user of our apps and the user’s device;
  • to ensure the safety of using our apps and other services;
  • to detect and prevent instances of fraud and identity theft, unlawful conduct, and other risks to you or our products and services;
  • to ensure fast and accurate approval and processing of payment transactions including via cheque;
  • to administer your insurance policy, assess any insurance risks or claims associated with you or our products or services;
  • dispute and complaint resolution, and assisting other credit providers to do the same;
  • enforcing our rights, including the collection of outstanding payments and where necessary, initiating legal proceedings;
  • undertaking review and maintenance of our systems and infrastructure;
  • undertaking research and development regarding new and potential products and services;
  • undertaking securitisation activities and other activities relating to funding and capital requirements;
  • enabling our associated entities and selected other entities to promote their products and services to customers;
  • meeting any legal and regulatory requirements we are subject to, or that may be imposed on us;
  • marketing products and services provided by us, our related entities and any retailer or entity with which we have an alliance or partnership arrangement including by sending notifications, requests and other information about the services provided by us;
  • providing you with information by mail, email and telephone (including SMS) about products and services provided by any retailer or entity with which we have an alliance or partnership arrangement;
  • developing an understanding of the products and services you may be interested in receiving from us and our related entities;
  • compiling statistical data e.g. credit scoring information;
  • improving the quality of the apps and services provided by us;
  • customer data analytics, which may be provided to or shared with any retailer or entity with which we have an alliance or partnership arrangement;
  • providing or attributing loyalty points or benefits to you under a loyalty or other program that you are a member of (whether with us, a related body corporate, or a third party);
  • participating in the credit reporting system and providing information to CRBs as permitted by Part IIIA of the Privacy Act and the Credit Reporting Code;
  • assisting customers in meeting their credit related obligations;
  • enforcing our rights, including debt recovery and other enforcement;
  • dealing with serious credit infringements, and assisting other credit providers to do the same; and
  • complying with various Australian laws which may specifically require us to collect your personal information, and other laws where collecting your information is necessary for us to comply with our obligations. Some of the key laws which may apply include the:
    • National Consumer Credit Protection Act;
    • Anti-Money Laundering and Counter-Terrorism Financing Act;
    • Personal Property Securities Act and State and Territory real property and security interests laws;
    • Financial Sector (Collection of Data) Act;
    • Corporations Act and other regulatory legislation; and
    • Taxation Administration Act, the Income Tax Assessment Act and other taxation laws.

6. Disclosing your personal information to third parties (including overseas)

Where the Privacy Act permits it, we may disclose your personal information (including credit-related information) for the purposes above to third parties. Other third parties that we may disclose your personal information to include:

  • your co-applicant (if any)
  • related entities based in Australia or overseas;
  • entities that provide services to us such as mailing houses or call centre operators;
  • entities providing other services to us, including legal services, financial services, market research and data providers;
  • our assignees or potential assignees, or where we act as an agent for, or otherwise on behalf of, another person, to the principal or that other person;
  • the supplier of any goods or services financed with credit we provide;
  • retailers, where the payment or credit service provided by us involves payments to the retailer for goods or services to be provided by them;
  • loyalty or other benefit partners that you hold a membership with and any entity involved in providing those benefits;
  • our introducers, partners or any other entity with whom we have an alliance or partnership arrangement;
  • other financial institutions or entities such as banks and credit providers;
  • identification service providers and providers of digital identity protection and fraud prevention;
  • insurers, assessors, underwriters, brokers and other distributors;
  • government regulatory bodies in Australia and overseas;
  • if appropriate, guarantee or security providers;
  • organisations involved in debt assignment or securitisation arrangements;
  • debt collectors or other enforcement bodies;
  • entities who wish to be involved in our business, or acquire an interest in our business;
  • third parties you authorise to act on your behalf or that are otherwise connected with you (such as your accountant, legal representative, referee or an access seeker acting on your behalf to obtain your credit report); and
  • law enforcement agencies.

Some of these entities may not be located in Australia and may not have an Australian link. For example, we employ service providers in countries such as the Philippines, New Zealand and Ireland.

In addition, although many of the retailers we deal with are in Australia, some of them are overseas. Therefore, when you ask us to make a payment to or to provide credit for a product or service from such a retailer, we will provide information to that retailer and also to banks and other financial institutions, who may also be overseas, who are involved in processing that payment. These entities are not our service providers, and we do not control how they manage your information.

7. Disclosing your credit information to third parties such as CRBs

Your consumer credit information may also be disclosed, where relevant, in many of the circumstances described above. In addition, where the Privacy Act permits it, we are permitted to disclose your credit information to CRBs for the purposes above. CRBs may include the information we provide to them in their reports in order for them to conduct an assessment of your credit worthiness. If you fail to meet your payment obligations to us in relation to consumer credit or commit a serious credit infringement, we may be entitled to disclose that information to CRBs. Where you have entered into a financial hardship arrangement with us in relation to consumer credit, we may report the financial hardship arrangement to CRBs along with any repayment history information and financial hardship information in relation to the financial hardship arrangement.

The CRBs to whom we may disclose your information include:

Illion
Website: www.creditcheck.illion.com.au
Phone: 13 23 33
Address: Attention: Illion Public Access Centre, PO Box 7405, St Kilda, VIC 3004

Equifax
Website: www.equifax.com.au
Phone: 138 332
Address: Equifax, PO Box 964, North Sydney, NSW 2059

Experian
Website: https://www.experian.com.au/
Phone: 1300 783 684
Address: Level 6, 549 St Kilda Road, Melbourne VIC 3004

8. Your rights in relation to CRBs

You are entitled to:

  • opt out of direct marketing pre screenings: CRBs often use credit information to assist credit providers to market their products and services. If you do not want a credit reporting body to use your credit information in this manner, the Privacy Act gives you the right to request you be excluded from being contacted. You should contact the relevant CRB directly if you wish to request this; and
  • request non-disclosure where you believe you have been, or are likely, a victim of fraud: if you believe that you are a victim of fraud, or are likely to be a victim of fraud, then you are entitled, under the Privacy Act, to request that a credit reporting body not use or disclose any of your credit information. You should contact the relevant CRB if you wish to request this.

9. Your rights in relation to opting out / unsubscribing from marketing or promotional communications

If you do not want us to send you any marketing or promotional materials, you can opt out of these services by following the unsubscribe instructions in the promotional message itself, by changing your marketing preferences in your online product portal (if this service is available) or by contacting our Customer Service team via phone.

If you do not want one of our third parties or retailer partners to send you marketing or promotional materials, you will need to opt out of these services with them directly.

Important note on service and operational communications: Even if you opt out of our marketing and promotional communications, there is certain service, operational and other correspondence that we will need to send you about the products and services we provide. (As an example, we have a legal obligation to provide you with statements and make you aware of any changes to terms and conditions.)

10. Your ability to access and delete your personal information that we hold (including credit information)

You have specific rights under Australian law in relation to requesting access to and correction of personal information we hold about you and making a privacy complaint.

You can request access to the personal information we hold about you subject to certain exceptions under the Privacy Act. You are entitled to specify how you wish to access your personal information, so long as this is reasonable and practicable. In order to access your personal information, please contact the Privacy Officer on 1300 858 608.

We verify the identity of anyone requesting access to personal information, so as to ensure that we do not provide that information to a person or people who do not have the right to access that information.

We ask that your request for information be as specific as possible so that we can accommodate your request. We will usually provide you with access within thirty (30) days of a request but in some circumstances it may take longer.

Please note, that under Australian law, we are entitled to refuse you access to your information in the following circumstances:

  • access would be unlawful;
  • denying access is required or authorised by or under an Australian law or a court/tribunal order; or
  • access would prejudice enforcement activities or the taking of appropriate action in relation to unlawful activity or serious misconduct.

There may be other reasons we may refuse to provide you access to your information.

Subject to our compliance with our obligations under law, you can request for the deletion of certain personal information we hold about you by contacting the Privacy Officer on 1300 858 608.

11. How you can correct the personal information we have about you (including credit information)

We take every step that is reasonably practicable to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date. The Privacy Act gives you the right to request correction of the personal information we hold. If you believe that the personal information we have is incorrect, then please contact us using the details below:

Phone: 1300 858 608
Fax: (02) 8905 1821
Email: [email protected]
Address: Locked Bag 5005, Royal Exchange Sydney NSW 1225

Please address your correspondence, or ask to speak to, our Privacy Officer.

If we do not agree to your request for correction, we will give you notice of this outlining our reasons and what next steps you can take. You may also request us to associate a statement with that information to the effect that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading so that it is apparent to users of the information.

12. Personal information about other persons

If you provide us with personal information about any other person, such as a referee, you agree to tell them:

  • that you are providing this information to us;
  • of our contact details set out in this Privacy Policy
  • the reason you are providing their information; and
  • the fact that we collect, use and disclose personal information as set out in this Privacy Policy.

13. Cookies

One way of collecting information is through cookies. Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. Cookies allow us to recognise you when you return. They also help us provide a customised experience.

In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without reference to Personal Information. For example, we use information we collect about website users to optimise our website and to understand website traffic patterns.

  • Third party vendors, including Google, use cookies to serve ads based on your prior visits to their websites.
  • Google’s use of the DART cookie enables it and its partners to serve ads to you based on your visit to sites and/or other sites on the Internet.
  • You may opt out of the use of the DART cookie by visiting the advertising opt-out page. (Alternatively, you can opt out of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page.)

You can use Ads Settings to manage the Google ads you see and opt out of interest-based ads. Even if you opt out of interest-based ads, you may still see ads based on factors such as your general location derived from your IP address, your browser type and recent, previous searches related to your current search.

14. AdWords

We use the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our site. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to our website. Any data collected will be used in accordance with this Privacy Policy and Google’s privacy policy. You can set preferences for how Google advertises to you using the Google Ad Preferences page.

15. Privacy complaints and disputes

The Privacy Act gives you the right to make a complaint if you believe that we have not complied with our obligations under the Privacy Act, including obligations relating to consumer credit information under Part IIIA of the Privacy Act and the Credit Reporting Code. If you believe this to be the case, please contact us using the details below:

Phone: 1300 858 608
Fax: (02) 8905 1821
Email: [email protected]
Address: Locked Bag 5005, Royal Exchange Sydney NSW 1225

We will endeavour to contact you within seven (7) days of you making your complaint acknowledging receipt of your complaint. It is our policy to investigate and resolve all complaints (where practicable) within thirty (30) days of receiving the complaint. Where it is a legal requirement to do so, then if we need more time to investigate and resolve your complaint, we will notify you as to the reasons why and seek your agreement to extend this thirty (30) day period (if you do not agree, we may then not be able to resolve your complaint).

Please note, that where your complaint relates to your credit information, we may consult with a credit reporting body or other credit provider in order to investigate and resolve your complaint. Depending on the type of complaint, it may also be necessary for us to consult with other third parties.

If your complaint is not handled satisfactorily by us, you can contact the external dispute resolution scheme Australia Financial Complaints Authority using the details below.

Australian Financial Complaints Authority

Online: www.afca.org.au
Email: [email protected]
Phone: 1800 931 678
Address: Australian Financial Complaints Authority, GPO Box 3, Melbourne, VIC 3001

If you are having difficulties meeting your payment obligations, please contact us directly to discuss payment options. Alternatively, you can also call the National Debt Helpline on 1800 007 007 to talk to a financial counsellor.

16. Contacting us

If you wish to find out more information, or raise any specific or general concerns, about us and this Policy and privacy practices, the contact details are as follows:
Phone: 1300 858 608
Fax: (02) 8905 1821
Email: [email protected]
Address: Locked Bag 5005, Royal Exchange Sydney NSW 1225

17. Important consents

You are deemed to have provided the following consents by agreeing to this Policy. If you do not wish to provide your consent to any of the matters listed below, please contact us immediately.

  • You agree to the collection, use and disclosure of your personal information (including credit-related information) in accordance with the Privacy Policy.
  • You agree to us using and disclosing your personal information (including your telephone number, and your email or other electronic addresses) to develop products and services you may be interested in, and to provide you with information about our other products and services and the products and services offered by our dealers, insurers, related companies or supplies. However, you can tell us that you no longer wish to use or disclose your personal information for these purposes by contracting us on 1300 858 608.
  • You agree to the disclosure of your personal information (including credit-related Information) to entities located outside Australia. You acknowledge that by providing this consent, Australian Privacy Principal (“APP”) 8.1 will not apply to the disclosure (which means that we will not be obliged under the Privacy Act to take reasonable steps to ensure that an overseas recipient does not breach the APPs and we may not be liable under the Privacy Act if the recipient does not act consistently with the APPs).
  • You agree to us obtaining credit related-information about you from a credit reporting agency (including where you are a borrower applying for commercial credit or a guarantor).
  • You agree to us disclosing credit-related information about you to a person for the purpose of that person considering whether to offer to act as guarantor in relation to the credit or to offer property as security for the credit or to any person who is a guarantor or has offered security in relation to credit provided by us to you.
  • You agree to us disclosing your personal information (including credit-related information) to another credit provider for the purpose of assessing your application for credit or for any other purpose permitted by the Privacy Act.
  • You agree that we can disclose your name, residential address and date of birth to a credit reporting body so that the credit reporting body can provide an assessment to us of whether the information provided by you matches (in whole or in part) the information in the credit reporting body’s possession or control (which may include personal information held by the credit reporting body about you or other individuals). This will be done for the purpose of verifying your identity as required under Australia’s antimoney laundering and counter-terrorism laws where applicable. If you would prefer us to use another form of verification, such as your passport or driver’s licence, you must notify us and provide us with any information that we request.
  • You agree that your behavioural biometric data may be provided to a third party for the purposes of digital identity protection and fraud prevention.
  • You consent that your session data may be provided to a third party for the purposes of digital identity protection and fraud prevention, including IP address, version of the operating system, brand and model of your device, unique identifiers of your device, browser used, information about the time the application was accessed, name and parameters of the network connection.
  • You consent that information about applications installed on your device may be provided to a third party for the purposes of digital identity protection and fraud prevention, including application name, application identifier and version, device identifier and checksum.
  • We may also verify your identity using electronic sources. In order to do so, we will ask you for your details (such as your name, address and date of birth) and details of your identification documents.
  • This information will be passed to external organisations in order to electronically match your information with identification data on their databases including:
    • Commonwealth and State government departments that issued or hold records relating to your identification document;
    • independent, private-sector organisations; and
    • outsourced service providers who co-ordinate the electronic identification process and who may conduct additional matches against public or proprietary databases.
  • These external organisations will record, use and disclose your information in accordance with their own privacy policies and legal obligations.
  • Neither us nor our outsourced service providers will access records held about you by these external organisations other than for the purpose of matching the identifying information you have chosen to enter through this website.