This is the privacy policy of FDB Commercial Pty Ltd.
The purpose of this policy is to clearly express an up-to-date policy about our company’s management of personal information.
We are committed to protecting your personal information. By submitting your personal information to us, or by using our services, you acknowledge and consent to us using your personal information in accordance with this policy.
This policy is intended to enhance the transparency of our company’s operations, notify you of your rights and our obligations and provide information regarding:
This Privacy Policy sets out how we comply with our obligations under the Privacy Act 1988 (Act).
We acknowledge that we must take reasonable steps when handling personal information.
Whilst we cannot warrant that this policy will be followed in every instance we will endeavour to follow this policy on each occasion. Similarly, while we cannot warrant that loss, misuse or alteration of information will never occur, we will take all reasonable steps to prevent these things from occurring.
Our company has taken reasonable steps to endeavour to comply with the APPs and the Act, some examples are noted below.
Our policy is available on our website however should you require a hardcopy please contact us and we will provide you with a copy.
Collection
It is our usual practice to collect personal information directly from the subject individual or their authorised representative(s).
Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether or not recorded in a material form, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Some examples of some personal information we might collect are:
We use different types of technology to collect your personal information, including tracking technologies such as cookies.
Identification
You may choose to interact with us using a pseudonym and/or not identify yourself.
In circumstances where we are required to do so, or are authorised by law, a court or tribunal to ask for your identification, we will request your personal information.
Further it is likely that it will be impractical for us to interact with you without some form of identification, and therefore we will request identification details from you at the beginning of each transaction.
For example, we will not be able to open a commercial credit trading account or process a commercial credit application for you without obtaining identification details.
If you do not consent to the collection of your personal information, in accordance with this privacy policy, we may not be able to assist you with the provision of certain services.
We only collect and hold personal information by lawful and fair means.
In some circumstances, we may collect and hold personal information that has been collected from a third party or publicly available source (such as social media platforms). This will likely occur in instances where:
We will take steps to hold personal information in a manner which is secure and protected from unauthorised access.
Your personal information may be held in either a psychical form or in electronic form on our IT system.
Where stored in electronic form on our IT system, we will take steps to protect the information against modification, disclosure, or misuse by including such things as physical restrictions, password protections, internal and external firewalls, and anti-virus software.
We will also endeavour to ensure that our service providers have protection for electronic IT systems and other necessary restrictions.
We will endeavour to ensure our staff are trained with respect to the security of the personal information we hold, and we will restrict any access where necessary.
While we retain personal information for as long as necessary in relation to the purposes for which it is collected, we will endeavour to destroy and de-identify the personal information once it is no longer required, except as required for business record purposes.
In the event we hold personal information that is unsolicited, and we were not permitted to collect it, the personal information will be destroyed as soon as practicable.
If we collect personal information about you from someone else, we will advise you as soon as practicable that this information has been collected and the circumstances which surround the collection.
When you visit our website, we may collect information about the session between your computer and our website through the use of cookies.
Cookies are text files which are stored on your computer or mobile device (by your web browser) that record specific information, such as which pages you visit, the information you have searched for, or the device you are using to access our website.
We use cookies for the purposes of managing and improving our website, improving our business functions, and gathering demographic information about the persons who visit our website, among other things.
Third parties may store cookies on our website, including, by way of example, the following entities.
You may elect to disable or turn off cookies in your web browser, however, this may impact upon the services we are able to offer you on our website and may impact upon your ability to access certain features of our website.
Our server will also automatically record your Internet Protocol address (IP address).
An IP address is a numerical designation assigned to each device connected to a computer network by your internet service provider. While IP addresses can be used to identify the general physical location of a computer, they are otherwise anonymous, and we will not use your IP address to identify you.
We will endeavour to only collect and hold personal information which is relevant to the operation of our company.
Our purpose for collecting or holding personal information about you is so that it may be used directly for our functions or activities.
We may use your personal information for the functions or activities of our company, which include, among other things:
We may also collect personal information (including sensitive information) for both the primary purposes specified herein and purposes other than the primary purposes, including the purpose of direct marketing.
We may also collect personal information from other credit providers, Credit Reporting Bodies (CRBs) and any other third parties for the purposes of our functions and activities including, but not limited to, credit, sales, marketing, and administration.
We will endeavour to only use and disclose personal information for the primary purposes noted above in relation to the functions or activities of our company.
In addition, we may also use and disclose personal information (including sensitive information) for both the primary purposes specified herein and purposes other than the primary purposes, including the purpose of direct marketing.
Unless one or more of the below scenarios has occurred, we will take necessary steps to prevent personal information from being given to government agencies or other organisations.
Further we will endeavour to only disclose personal information for the purpose in which it was collected, unless disclosure is reasonably necessary to:
We will take steps not to disclose personal information for direct marketing purposes unless consent has been provided.
In any event you will be provided with an opt out option with respect to direct marketing should you wish to be excluded from direct marketing.
If you do not elect to ‘opt out’ to receiving direct marketing material from us, you consent to us using personal information (other than sensitive information) provided to us for direct marketing purposes.
We may however use sensitive information for direct marketing purposes if you provide your consent to do so.
You may at any point in time, request to no longer receive direct marketing material from us by opting out.
We will record this information on our opt out register.
Direct Marketing and Third Parties
We may also from time to time, if we have received your consent, provide your personal information to a third party for the purposes of direct marketing.
You may at any time request the source of the personal information that has been disclosed.
We will endeavour not to use or disclose a government related identifier, unless:
As indicated above, we may disclose personal information to a CRB in accordance with the permitted disclosures as defined under the Act.
We may disclose your Credit Information to the following CRBs listed below.
Equifax Level 15, 100 Arthur Street NORTH SYDNEY NSW 2060 Tel: 1300 921 621 | NCI Level 2, 165 Grenfell St ADELAIDE SA 5000 Tel: 1800 882 820 | Illion Level 2, 143 Coronation Drive MILTON QLD 4064 Tel: (07) 3360 0600 | Creditor Watch Level 13, 109 Pitt Street SYDNEY NSW 2000 Tel: 1300 501 312 | Experian Level 6, 549 St Kilda Road MELBOURNE VIC 3004 Tel: (03) 9699 0100 |
A copy of the credit reporting policy for the CRBs listed above will be available on their website or will be provided in hard copy upon request.
You are entitled to access your personal information held in our possession.
We will endeavour to respond to your request for personal information within a reasonable time period or as soon as practicable in a manner as requested by you. We will normally respond within 30 days.
You can make a request for access by sending an email or letter addressed to our office, the details of which are specified below.
FDB Commercial Pty Ltd
Phone: 07 3088 6379
Fax: 02 9826 4915
Email: [email protected]
With any request that is made we will need to authenticate your identity to ensure the correct person is requesting the information.
We will not charge you for making the request, however, if reasonable we may charge you with the costs associated with your request.
You will only be granted access to your personal information where we are permitted or required by law to grant access. We are unable to provide you with access that is unlawful.
Further we are not required to, and will not, give access to personal information to the extent that:
If we refuse access to the information, written notice will be provided to you setting out:
Should we hold personal information and it is inaccurate, out of date, incomplete, irrelevant, or misleading, or incorrect you have the right to make us aware of this fact and request that it be corrected.
If you would like to make a request to correct your information, please contact our office on the details above.
In assessing your request, we need to be satisfied that the information is inaccurate, out of date, incomplete, irrelevant, or misleading. We will then take all reasonable steps to ensure that it is accurate, up-to-date, complete, and not misleading.
It is our normal policy to resolve any correction requests within 30 days. If we require further time, we will notify you in writing and seek your consent.
Should we refuse to correct your personal information written notice will be provided to you setting out:
We will endeavour to notify any relevant third parties of the correct personal information where necessary and required.
A Notifiable Data Breach is an event where access to your personal data has been gained and there is a risk of serious harm or it is suspected that there is a serious risk to you.
In the event of a Notifiable Data Breach, we will notify you. Examples of Notifiable Data Beaches include:
In the event that you wish to make a complaint about a failure of us to comply with our obligations in relation to the Act or the APPs please raise this with our office on the contact details above.
We will provide you with a receipt of acknowledgment as soon as practicable.
We will then endeavour to respond to your complaint and attempt to resolve the issues within 30 days.
In dealing with your complaint we may need to consult another credit provider or third party.
If you are not satisfied with the process of making a complaint to our office you may make a complaint to the Information Commissioner, the details of which are below.
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Email: [email protected]
Telephone: 1300 363 992
Facsimile: (02) 9284 9666
The Information Commissioner can decline to investigate a complaint on a number of grounds including, among other things, where the complaint wasn’t made at first to us.
For more information about privacy in general, you can visit the Australian Information Commissioner’s website: https://www.oaic.gov.au/.
We may choose to, if permitted by law, share and/or disclose your personal information with recipients outside of Australia.
We are required to notify you with a list of any countries which personal information may be transmitted to or disclosed where it is practical for us to do so.
We do not currently share and/or disclose personal information to countries overseas.
If you have any queries regarding our privacy policy or wish to find out more regarding any of our other policies, please contact our office on the details listed above.
We take all reasonable steps to keep secure any information which we hold about you. Personal information may be stored both electronically on our computer system, and in hard-copy form. Firewalls, 128 SSL encryption, passwords, anti-virus software, and email filters act to protect all our electronic information.
We do not store credit card information. All payments are processed via NAB Transact. Your credit card details will be processed and stored in a secure PCI DSS compliant environment. NAB is an authorised third-party processor for all major Australian Banks and all transactions are performed under 128 SSL encryption.
We will update this privacy policy from time to time. We therefore recommend that you read it each time you visit our website. If you do not agree with the privacy policy at any time, please do not continue to use our website. If you do continue to use our website, you are deemed to have accepted the terms of the privacy policy as they appear at the time of use.