Our Legals, Protecting Your Privacy, Terms & Conditions, & Terms of Use

Protecting your privacy is important to Finstro. We want you to understand what information we collect and how we use it.

Finstro Website, Web Portals & Finstro Mobile App – Terms of Use

1. About our Terms of Use

1.1 These website and mobile application terms of use (Terms of Use) govern your use of the Finstro website, Finstro web portals and Finstro mobile applications (“the System”), which is owned and operated on behalf of Finstro Holdings Pty Ltd ACN 605 121 364 and its related bodies corporate (“we”, “us” and “our") and form a binding agreement between you, the user of the System and us.

1.2 For that reason these Terms of Use are important and you should ensure that you read them carefully and contact us with any questions before you use the System.

1.3 These Terms of Use explain our obligations as a service provider and your obligations as a customer, including users on a free trial basis. The Terms of Use govern any use of our service and apply to you from the time you have access to the service, including if you are a user on a free trial basis. By using the System you acknowledge and agree that you have had sufficient chance to read and understand the Terms of Use and you agree to be bound by them. If you do not agree to the Terms of Use, please do not use the System.

1.4 We are committed to protecting your privacy. This policy explains how your personal information will be treated as you access and interact with the System. For further information on how we deal with your personal information, please refer to our Privacy Policy.

1.5 Our Terms of Use may change from time to time. It is your obligation to ensure that you have read, understood and agree to the most recent version of the Terms of Use available on our System. By accessing, viewing or otherwise using the System, you agree to be subject to these Terms of Use, as amended from time to time.

2. Collection and Use of information

2.1 We may collect personal information from you directly or via your use of our services (including your use of the System).
We will only collect personal information which is reasonably necessary for, or directly related to, our functions or activities.

3. Use of the System

3.1 Finstro grants you the right to access and use the System according to your subscription type. This right is non-exclusive, worldwide, non-transferable, and limited by and subject to these Terms of Use.

3.2 You may access and use the System (including any incidental copying that occurs as part of that use) in the normal manner and may also print one copy of any page within the System for your own personal, non-commercial use.

3.3 You must not add any content to the Site:
- unless you hold all necessary rights, licences and consents to do so;
- that would cause you or us to breach any law, regulation, rule, code or other legal obligation;
- that is or could reasonably be considered to be obscene, inappropriate, defamatory, disparaging, indecent, seditious, offensive, pornographic, threatening, abusive, liable to incite racial hatred, discriminatory, blasphemous, in breach of confidence or in breach of privacy;
- that would bring us, or the System, into disrepute; or
- that infringes the intellectual property or other rights of any person.

3.4 The System contains links to other websites as well as content added by people other than us. We do not endorse, sponsor or approve any such user generated content or any content available on any linked website.

3.5 You acknowledge and agree that:
- we retain complete editorial control over the System and may alter, amend or cease the operation of the System at any time in our sole discretion; and
- the System will not operate on a continuous basis, and may be unavailable from time to time (including for maintenance purposes).

4. Intellectual Property Rights

4.1 Nothing in these Terms of Use constitutes a transfer of any intellectual property rights. You acknowledge and agree that, as between you and us, we own all intellectual property rights in the System.

4.2 By posting or adding any content onto the System, you grant us a perpetual, non-exclusive, royalty-free, irrevocable, worldwide and transferable right and licence to use that content in any way (including, without limitation, by reproducing, changing, and communicating the content to the public) and permit us to authorise any other person to do the same thing. This licence will survive any termination of these Terms of Use.

4.3 You consent to any act or omission which would otherwise constitute an infringement of your moral rights, and if you add any content in which any third party has moral rights, you must also ensure that the third party also consents in the same manner.

4.4 You represent and warrant to us that you have all necessary rights to grant the licences and consents set out in this section of the Terms of Use.

5. Functionality of the System

The System has the following functions:

5.1 The System is a cash management tool which allows subscribers (including if you are on a free trial) to synchronize with your cloud-based accounting software for cashflow analysis with payment reminders, collection services, automated payments, and customer credit alerts.

5.2 The System allows credit checks and searches to be conducted on customers and suppliers. Subscribers to the System will be informed of the relevant charges when conducting such searches.

5.3 The System allows users to access Finstro’s credit and payment products (subject to separate terms and conditions) through its System.

6. Compatibility and Data Synchronization with other software

6.1 The System has the ability to synchronize between your cloud-based accounting software and the System in order to view real-time business intelligence.

6.2 Any sales, purchases and cash balance data appearing in the System is a result of the synchronization process between the subscribers of the cloud-based accounting software and the System. We are not responsible for any acts or omissions or any other matter relating to your use of cloud-based accounting software.

7. Subscription fee

7.1 We may charge you a monthly subscription fee for accessing and using the System.

7.2 If you fail to pay the monthly subscription fee associated with your use of the System as and when due, we may cancel your access to the System from the date that is the last day of the calendar month after the calendar month in which the monthly fee is due to be paid.

8. Warranties

8.1 You represent and warrant to us that:

(a) you have the legal capacity to enter these Terms of Use; and

(b) you have abided by the Terms of Use relating to your use of the System

9. Sensitive information

9.1 Sensitive information is any information about a person’s racial or ethnic origin, political opinion, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health information.

9.2 We will not ask you to disclose sensitive information, but if you elect to provide sensitive information it will also be captured and stored.

10. Access Conditions

10.1 You must ensure that all usernames and passwords required to access the System are kept secure and confidential. You must immediately inform us of any unauthorized access or breach of security along with taking all reasonable actions to maintain or enhance the security of our services.

10.2 As a condition of these terms, when using the System you must:

(a) not attempt to interfere with the operational integrity of the System or overload the system;

(b) not use, or misuse, the System in any way which may disrupt the functionality of the website, or other systems used to deliver the service;

(c) not attempt to gain unauthorised access to any materials other than those which you have been given express permission to access;

(d) not transmit, or enter into the System, any files, whether synchronised from your cloud-based accounting software or through manual inputs, that may damage any other person’s computing devices, content that may be offensive or exploit sensitive information, or material or data in contravention of any law; and

(e) not attempt to modify, reproduce, adapt or decompile any computer programs used to support or operate the System except as is necessary to use either of them for normal operation.

11. Indemnity

11.1 You indemnify us against any liability, loss, claims, costs and expenses suffered or incurred by us arising from your negligence, misrepresentation, fraud, breach of law or breach of these terms except where such loss arises from a mistake, fraud, negligence or wilful misconduct by us, our employees, our agent or a receiver.

12. Information from third parties

12.1 Our website also contains links to the websites of third party providers of goods and services (Third Party websites). If you have accessed Third Party websites through our website and if those third parties collect information about you, we may also collect or have access to that information as part of our arrangements with those third parties.

12.2 Where you access a Third Party website from our website, cookie information, information about your preferences or other information you have provided about yourself may be shared between us and the third party.

13. Advertising and tracking

13.1 When you view our advertisements on a Third Party website, the advertising company uses ‘cookies’ and in some cases ‘web beacons’ to collect information such as:

(a) the server your computer is logged onto;

(b) your browser type;

(c) the date and time of your visit; and

(d) the performance of their marketing efforts.

13.2 When you access our website after viewing one of our advertisements on a Third Party website, the advertising company collects information on how you utilise our website (eg which pages you view) and whether you complete an online application.

14. Cookies

14.1 We use ‘cookies’ to provide you with better and more customised service and with a more effective website.

14.2 A ‘cookie’ is a small text file placed on your computer by our web page server. A cookie can later be retrieved by our webpage servers. Cookies are frequently used on websites and you can choose if and how a cookie will be accepted by configuring your preferences and options in your internet browser.

14.3 When you view our advertisements on a Third Party website, the advertising company uses ‘cookies’ and in some cases ‘web beacons’ to collect information such as:

(a) the server your computer is logged onto;

(b) your browser type;

(c) the date and time of your visit; and

(d) the performance of their marketing efforts.

14.4 When you access our website after viewing one of our advertisements on a Third Party website, the advertising company collects information on how you utilise our website (eg which pages you view) and whether you complete an online application.

15. IP addresses

15.1 Your IP address is the identifier for your computer, mobile or other internet-connected devices when you are using the internet.

15.2 It may be necessary for us to collect your IP address for your interaction with various parts of the System.

16. Online applications

16.1 When you send a completed online application to us, we retain the information contained in that application. We are able to then use that information to provide any financial services that you require.

16.2 You can also suspend and save online applications, so you can complete and send the applications at a later time. If you suspend or save your application, the information that you have entered will be retained in our systems so that you may recover the information when you resume your application. Online applications that have been suspended or saved may be viewed by us.

17. Security of information

17.1 The security of your information is very important to us.

17.2 We regularly review developments in security and encryption technologies. Unfortunately, no data transmission over the internet can be guaranteed as totally secure.

17.3 We take all reasonable steps to protect the information in our systems from misuse, interference, loss, and any unauthorised access, modification or disclosure.

17.4 We take reasonable steps to preserve the security of cookie and personal information in accordance with this policy and our Privacy Policy. If your browser is suitably configured, it will advise you whether the information you are sending us will be secure (encrypted) or not secure (unencrypted).

18. Direct marketing

18.1 We will not use or disclose sensitive information about you for direct marketing purposes unless you have consented to that kind of use or disclosure.

18.2 We may use your personal information for direct marketing purposes. If you do not wish to receive direct marketing communications from us or from other organisations, or wish to know the source of the information being used, you may submit a request to support@finstro.com.au or phone 1800 693 467.

18.3 We will respond to your request as soon as practicable.

19. Disclosure to overseas entities

19.1 We do not generally disclose personal information obtained from cookies to overseas entities in the course of our activities.

19.2 Please contact us via email support@finstro.com.au or phone 1800 693467 if you would like further information.

20. Availability and accuracy of the information and the System

20.1 We will do everything possible to ensure that the System is always available to you. However, we do not warrant that the System will operate at any time, and the System may be temporarily unavailable (for example, when we are conducting maintenance on the System). You should promptly advise us of any faults or unavailability.

20.2 We may from time to time and without notice to you:

(a) place limits on the nature of transactions that can be made and the information that can be obtained using the System; or

(b) change the software, system or equipment required to access the System. It is your responsibility to supply and maintain any software or equipment (such as a personal computer, internet browser, modem or touch-tone telephone) that may be necessary for you to access the System.

20.3 Acting reasonably, we may change, suspend, cancel or deny access to the System at any time without prior notice to you.

21. Termination

21.1 Despite any other provision of the Terms of Use, these Terms of Use terminate automatically if, for any reason, we cease to operate the System.

21.2 We may otherwise terminate these Terms of Use immediately, on notice to you, if you have breached these Terms of Use in any way.

22. Disclaimer

22.1 Subject to any rights or warranties which cannot be excluded by reason of any law, including the Competition and Consumer Act 2010 (Cth) or similar state or territory legislation, we make no representation or warranty with respect to the use of the System and accept no liability for any loss or damage whether direct, indirect or consequential arising out of access, use (or inability to use or access in whole or in part) or reliance upon, any information or services contained on or accessed through the System (including information contained in sites linked to the Finstro website).

22.2 To the full extent permitted by law, we exclude all liability in respect of loss of data, interruption of business or any consequential or incidental damages.

22.3 To the fullest extent permitted by law, where the law prohibits any part of this disclaimer, our liability is limited to re-supply of any information or services or the cost of re-supply of information or services. Use of any product and services accessible through the System is subject to the terms and conditions governing the use of those products and services.

23. Governing Law

23.1 You agree that your use of the System will be governed by all applicable laws of New South Wales, or where applicable, Australia.

24. General

24.1 You must not assign, sublicence or otherwise deal in any other way with any of your rights under these Terms of Use.

24.2 If a provision of these Terms of Use are invalid or unenforceable it is to be read down or severed to the extent necessary without affecting the validity or enforceability of the remaining provisions.

24.3 Each party must at its own expense do everything reasonably necessary to give full effect to these Terms of Use and the events contemplated by it.

Respecting your Privacy and the Australian Privacy Principles effective 1 June 2022


Who are we?

We’, ‘us’ and ‘our’ refer to Finstro Holdings Pty Limited ACN 605 121 364, any wholly-owned subsidiaries of Finstro Holdings Pty Ltd and any related businesses (collectively, “Finstro”).


Our commitment to protect your privacy

The privacy of your personal information is important to us at Finstro. We are committed to respecting your right to privacy and to protecting your personal and credit-related information.

We recognise that any personal and credit-related information we collect about you will only be used for the purposes we have collected it for or as allowed under the law. It is important to us that you are confident that any personal and credit-related information we hold about you will be treated in a way which ensures protection of your personal and credit-related information.

We are bound by the Australian Privacy Principles (APPs), the Privacy Act 1988, Privacy (Credit Reporting) Code 2014 (Credit Reporting Code) and any other applicable laws and codes with respect to credit reporting and collection, storage, use and disclosure of personal and credit-related information.


About this Privacy Policy

This Privacy Policy outlines how we manage your personal and credit-related information. Further, it describes the nature of the personal information held, the purposes for which it is held and the way it is collected and disclosed.

Our Privacy Policy applies to all your dealings with us whether through one of our introducers, associates, or other Finstro organisations, via our websites, telephone calls or our mobile applications. However, depending on the Finstro organisation which you deal with, further privacy information may apply in addition to the matters discussed in this document. For example, please see Our Websites noted below.

We may change this policy from time to time or as the need arises. We will post any changes to this ;policy on our website. We encourage you to check our websites regularly for any updates to our Privacy Policy.


Personal information we collect and hold

“Personal Information” is information which may be used to identify an individual, including photos, name, age, date of birth, gender, occupation, contact details (e.g. address, phone number, email address), residency status, country of birth, nationality, tax residency, tax file number, information contained in identity documents (e.g. passport number, driver licence number, Medicare number), financial information, information about your use of our products and services, credit related information or other information Finstro considers necessary.


Credit-related information means:

  • Credit information, which is information which includes your identity; the type, terms and maximum amount of credit provided to you, including when that credit was provided and when it was repaid; repayment history information, default information (including overdue payments); payment information; financial hardship information (including information that any repayments are affected by a financial hardship agreement); Commercial and Consumer credit information from a Credit Reporting Body; Customer Identification by a Credit Reporting Body; financial information; new arrangement information; details of any serious credit infringements; court proceedings information; personal insolvency information and publicly available information; and

  • Credit eligibility information, which is credit reporting information supplied to us by a credit reporting body, and any information that we derive from it.

We use your credit-related information to assess your eligibility to be provided with finance. Usually, credit-related information is exchanged between credit and finance providers and credit reporting bodies.

If you are applying for finance or provide a guarantee we may also collect the ages and number of your dependants and cohabitants, the length of time you have resided at your current address, your employment details and proof of earnings and expenses.

When you use our website or mobile applications we may collect information about your location or activity including IP address, telephone number and whether you have accessed third party sites, the date and time of visits, the pages that are viewed, information about the device used and other user location information. We collect some of this information using cookies (for more information please see the Terms of Use/Policy at https://finstro.com/en-au/legal#privacy-policy).


Why we collect your personal information

We collect personal information for the purposes of assessing your application for finance and managing that finance, establishing your identity, identifying and investigating any fraud or other illegal activities (or any suspected fraud or other illegal activities), contacting you, managing our risk and to comply with our legal obligations. We may also collect your personal information for the purposes of direct marketing and managing our relationship with you. Improvements in technology also enable organisations like ours to collect and use information to get a more integrated view of our customers. From time to time we may offer you other products and services.


Collecting your personal information

We will, if it is reasonable or practicable to do so, collect your personal information directly from you. For example, this may happen when you fill out a product or service application or an administrative form (e.g. a change of address form), or when you give us personal information over the telephone, or through a Finstro organisation’s website or mobile app.

In certain cases, we may collect your personal information from third parties. For example, we may need to collect personal information from a credit reporting body, your representative (such as a legal adviser), your financial adviser, any publicly available sources of information, or from any of the other organisations identified below under “Using and Disclosing Your Personal Information”. The personal information is securely stored by a third party storage provider.

We will not ask you to supply personal information publicly over Facebook, Twitter, or any other social media platform that we use.


Using and Disclosing your Personal Information

In line with modern business practices common to many financial institutions, and pursuant to your specific needs (such as, for example, where you have a financial adviser or mortgage broker) we may disclose your personal information to the organisations described below. Where your personal information is disclosed to another person or organisation, we will take reasonable steps to satisfy ourselves that:

(a) the person or organisation has a commitment to protecting your personal information at least equal to our commitment, or

(b) you have consented to us making the disclosure.


The relevant organisations are those:

  • prospective funders or other intermediaries in relation to your finance requirements

  • involved in providing, managing or administering your product or service such as third party suppliers, other Finstro organisations, loyalty and reward program partners, printers, posting services, and call centres

  • Finstro organisations and related businesses that wish to inform you of their products or services that might better serve your financial, business and lifestyle needs, or to notify you of promotions or other opportunities in which you may be interested, except where you tell us not to

  • who are your brokers and their service providers

  • involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including testing or upgrading our computer systems

  • agents, contractors or external service providers who we outsource certain functions, for example, statement production, debt recovery and information technology support

  • where you have provided us consent

  • other guarantors or borrowers (if more than one)

  • borrowers or prospective borrowers, including in relation to any credit you guarantee or propose to guarantee

  • involved in auditing, insuring, re-insuring and providing health care

  • involved in a corporate re-organisation

  • involved in a transfer of all or part of the assets or business of a Finstro organisation

  • involved in the payments system including financial institutions, merchants and payment organisations (for example to process a claim for mistaken payment)

  • organisations that provide products or services used or marketed by us

  • involved in product planning and development of our products, services and business generally

  • which are your representatives including your legal advisers, finance brokers, mortgage brokers, guardians, persons holding power of attorney and accountants

  • including employers, former employers, referees or identity verification services

  • as required or authorised by law, such as under the Anti-Money or Laundering and Counter-Terrorism Financing Act 2006 (Cth) where you have given your consent.


In addition, for Finstro organisations offering:

  • Finance products or services – other organisations to which personal information is usually disclosed are card producers, card schemes, credit and fraud reporting agencies (including organisations that assist with fraud investigations and organisations established to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime, or misconduct of a serious nature), debt collection agencies, your guarantors, other borrowers, organisations involved in valuing, surveying, or registering a security property or which otherwise have an interest in such property, purchasers of debt portfolios, claims-related providers, underwriters and re-insurers.

  • Trustee or custodial services – other organisations to which personal information is usually disclosed are superannuation and managed funds organisations, their advisers and other organisations involved in our normal business practices.

  • Other organisations to which personal information is usually disclosed are fraud detection agencies and other organisations involved in our normal business practices.

Your personal information may also be disclosed to other organisations involved in our normal business practices (such as securitisation) and used in connection with such purposes as outlined above.

Because we operate throughout Australia and overseas, some of these uses and disclosures may occur outside your State or Territory and/or outside of Australia. Where this is the case, we will ensure the recipient complies with the Australian Privacy Principles and our privacy policy. In some circumstances we may need to obtain your consent before the recipient receives any personal information.


Credit-related information

We exchange credit-related information for the purposes of assessing your application for finance and managing that finance. If you propose to be a guarantor, one of our checks may involve obtaining a report from a credit report body about you.

This credit-related information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store the credit-related information we hold about you. The cloud storage and the IT servers may be located outside Australia.

When we obtain credit eligibility information from a credit-reporting body about you, we may also seek publicly available information and information about any serious credit infringement that you may have committed.

We may disclose your credit-related information to overseas entities that provide support functions to us. You may obtain more information about these entities by contact us. If we disclose your credit-related information to entities that are located overseas, we ensure that appropriate data handling and security arrangements are in place.


Notifiable matters:

The law requires us to advise you of ‘notifiable matters’ in relation to how we may use your credit-related information. You may request to have these notifiable matters (and this policy) provided to you in an alternative form by contacting us at our details below.

We exchange your credit-related information with credit reporting bodies. We use the credit-related information that we exchange with the credit reporting body to confirm your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor and manage your finance.

The information we can exchange with credit reporting bodies includes your identification details, what type of loans you have, how much you have borrowed, whether or not you have met your loan payment obligations, whether you have entered into a financial hardship arrangement (either with us or some otehr third party), and if you have committed a serious credit infringement (such as fraud).

If you fail to meet your credit obligations in relation to any finance that we have provided or arranged, or commit a serious credit infringement, Finstro may undertake the following:

  • Disclose information to a Credit Reporting Body.

  • Issue prescribed notices under Credit Reporting Privacy Code advising payments which have become overdue more than 60 days.

  • Issue prescribed notices under Credit Reporting Privacy Code a payment default has occurred with Finstro advising a Credit Reporting Body.

  • Engage Collections Agencies and or Legal Counsel to collect payments which have become overdue.

  • Request a Credit Reporting Body not to disclose information about you if you believe you are a victim of fraud.

You have the right to request access to the credit-related information that we hold about you and make a request for us to correct that credit-related information if needed. Please see the heading ‘Access and correction to your personal and credit-related information’, below.

Sometimes your credit information will be used by credit reporting bodies for the purposes of ‘pre- screening’ credit offers on the request of other credit providers. You can contact the credit reporting body at any time to request that your credit information is not used in this way.

You may contact the credit reporting body to advise them that you believe that you may have been a victim of fraud. For a period of 21 days after the credit reporting body receives your notification the credit reporting body must not use or disclose that credit information. You can contact any of the following credit reporting bodies for more information:


• Equifax Pty Ltd – www.equifax.com.au,

• Experian Australia Credit Services Pty Ltd – www.experian.com.au.

• Threatmetrix – www.risk.lexisnexis.com/products/threatmetrix.

• Illion Australia Pty Ltd – www.illion.com.au


Marketing our products and services

We may use or disclose your personal information to let you know about, and develop, products and services from across Finstro or any company with whom we are associated that may better serve your financial, business and lifestyle needs, or to notify you of promotions or other opportunities in which you may be of interest to you. For example, we may do this after an initial marketing contact.

You can contact us at any time if you no longer wish us to do so (see Contacting Us below). If direct marketing is by email you may also use the unsubscribe function. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.

Keeping your personal information accurate and up to date

We aim to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date and take reasonable steps to make sure this is the case. In this way we can ensure that we provide you with a better service.

If you believe your personal information is not accurate, not complete or not up to date, please contact us (see Contacting Us below). We will generally rely on you to ensure the information we hold about you is accurate or complete.


Access and correction to your personal and credit information

We will provide you with access to the personal and credit-related information we hold about you. You may request access to any of the personal information we hold about you at any time. We may charge a fee for our costs of retrieving and supplying the information to you.

Depending on the type of request that you make we may respond to your request immediately, otherwise we usually respond to you within seven days of receiving your request. We may need to contact other entities to properly investigate your request.


There may be situations where we are not required to provide you with access to your personal or credit-related information. Factors affecting a right to access include:

  • access would pose a serious threat to the life or health of any individual

  • access would have an unreasonable impact on the privacy of others

  • a frivolous or vexatious request

  • the information relates to a commercially sensitive decision-making process

  • access would be unlawful

  • access would prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security function or negotiations with you

  • legal dispute resolution proceedings

  • denying access is required or authorised by or under law

An explanation will be provided to you, if we deny you access to the personal or credit-related information we hold about you.

If any of the personal or credit-related information we hold about you is incorrect, inaccurate or out of date you may request that we correct the information by contacting us by one of the methods referred to in the Contacting Us section of this document.

If appropriate we will correct the personal information at the time of the request, otherwise, we will provide an initial response to you within seven days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal or credit-related information within 30 days.

We may need to consult with other finance providers or credit reporting bodies or entities as part of our investigation.

If we refuse to correct personal or credit-related information we will provide you with our reasons for not correcting the information.


Business without identifying you

In most circumstances it will be necessary for us to identify you in order to successfully do business with you, however, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information, for example, if you make general inquiries about interest rates or current promotional offers.


Protecting your personal information

Records of your personal information are kept in several forms including both paper and electronic form. The security of your personal information is important to us and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure and from loss or misuse. These precautions include:

  • confidentiality requirements for our employees

  • document storage security policies

  • security measures for systems access

  • providing a discreet environment for confidential discussions

  • only allowing access to personal information where the individual seeking access has satisfied our identification requirements

  • access control for our buildings

  • the security measures described below under Our Websites.

If Finstro receives any personal information which we did not solicit the information, Finstro will determine whether or not we could have collected the information if we had reasonably solicited the information. If not, we will take reasonable steps to destroy this information.


Mandatory data breach reporting

Finstro is required to comply with the Notifiable Data Breach (NDB) scheme from 22 February 2018.

Our data breach response plan provides the ability to respond quickly to any such breaches and includes:

(a) the steps and actions staff should take in the event of a breach or suspected breach;

(b) reporting lines if staff suspect a data breach;

(c) the recording of data breaches;

(d) means for identifying and addressing anything that contributed to the breach; and

(e) systems for a post-breach review and assessment of the entity’s response to the data breach.

A data breach occurs when personal information is lost or subjected to unauthorised access, modification, use or disclosure or other misuse.


What is an eligible data breach?

An eligible data breach warranting notification will arise when:

(a) there has been unauthorised access to or unauthorised disclosure of personal information; and

(b) access or disclosure would likely result in serious harm to affected individuals.

An eligible data breach can occur irrespective of the number of individuals that are likely to be at a risk of serious harm.

A determination of whether a data breach has or may cause serious harm will be dependent on the following factors:

(a) the sensitivity of the personal information which has been exposed due to the data breach;

(b) whether the information is protected by security measures and the likelihood that any such security measures could be overcome;

(c) who has or may have obtained or could obtain the information; and

(d) the nature of the harm, for example, whether any affected individuals will suffer financial or reputational damage.


Assessing a suspected data breach

If we suspect that an eligible data breach has occurred, we will take the following steps.

(a) Where possible contain the breach and take remedial action.

(b) Conduct a reasonable and expeditious assessment of the breach to determine whether notification is required. We will take all reasonable steps to complete our assessment within 30 calendar days after the day it first became aware of the suspected data breach.

(c) Where serious harm can not be mitigated through remedial action, we will notify individuals at risk of serious harm and provide a statement to the OAIC as soon as practicable, but not later than 30 calendar days from becoming aware of the breach.

If it is not practicable to notify individuals at risk of serious harm, we will publish a copy of the statement prepared for the OAIC on our website, and take reasonable steps to bring its content to the attention of individuals at risk of serious harm.

The Data Breach plan is regularly reviewed and tested by the Compliance Officer


Complaints Handling

If you are dissatisfied with how we have dealt with your personal information, or you have a complaint about our compliance with the Privacy Act and the Credit Reporting Code, you may contact our complaints officer.

On receipt of a complaint by a company, business or individual, it must relate to an act or practice of Finstro and we must:

  • within 7 days after the complaint is made, acknowledge receipt of the complaint

  • investigate the matter via the Finstro’s Disputes & Complaints Resolution Policy, decide and advise the company, business or individual within 30 days.

  • set out the decision and indicate if you are dissatisfied with Finstro’s response, you can refer the complaint to the Office of Australian Information Commissioner www.oaic.gov.au


Your privacy on the Internet

Our Websites

We take care to ensure that the personal information you give us on our websites and mobile applications are protected, with electronic security systems in place, including the use of firewalls and data encryption. Depending on the Finstro organisation with which you deal, user identifiers, passwords or other access codes may also be used to control access to your personal information. Please refer to the website and mobile applications of those Finstro organisations with which you transact electronically for more information on our website specific privacy and security procedures.


Links to Other Sites

You may be able to access external websites by clicking on links we have provided. Those other websites are not subject to our privacy standards, policies and procedures. You will need to contact or review those websites directly to ascertain their privacy standards, policies and procedures.


Using Government Identifiers

Although in certain circumstances we are required to collect government identifiers such as your Passport Number, Medicare number or drivers licence details, we do not use or disclose this information other than when required or authorised by law, or unless you have voluntarily consented to disclose this information to any third party.


Your sensitive information

Without your consent, we will not collect information about you that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional or trade association, membership of a trade union, details of health, disability, sexual orientation, or criminal record.

This is subject to some exceptions including when:

  • the collection is required by law

  • has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to Finstro’s functions or activities has been, is being, or maybe engaged in the information is necessary for the establishment, exercise or defence of a legal claim.


Un-submitted on-line applications

If you start but do not submit an on-line application, Finstro may contact you using any of the contact details you supply, to offer help completing it. If you do not submit the on-line application, the information in it will be kept by Finstro for a period of time before being destroyed.


Complaints

If you are not satisfied with how we have dealt with your personal information, or you have a complaint about our compliance with the Privacy Act and the Credit Reporting Code, you may contact our complaints officer on the details noted below.

We will acknowledge your complaint wihtin seven days and aim to resolve the complaint as quickly as possible. We will provide you with a decision on your complaint within 30 days.

If you are not satisfied with the response of our complaints officer, you may make a complaint to the AFCA scheme, which can be contacted by phone on 1800 931 678, by email at info @afca.org.au, or in writing to GPO Box 3, Melbourne VIC 3001, or the Privacy Commissioner which can be contacted at either www.oaic.gov.au or by phone on 1300 363 992.


Contacting Us

At Finstro we care about your privacy and your trust is important to us.

Should you have any queries or concerns about your privacy, please provide full details the nature of your concerns by contacting the Finstro Privacy Officer, care of any of the following details:

Phone: 1800 693 467

Email: privacy@finstro.com

Post: Privacy Officer, PO Box H173, Australia Square Sydney 1215