Privacy & Credit Reporting Policy

ABOUT THIS POLICY
WeMoney Pty Ltd ACN 633 007 860 (WeMoney or we or us) respects your privacy and want you to understand how we collect, hold, use, and share your personal information.
The Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles, Privacy Regulation 2013 (Regulations) and registered privacy codes govern the way in which we must manage your personal information (Privacy Laws). 
This Privacy Policy (Privacy Policy) covers our data collection practices and describes your rights to access, correct, or restrict our use of your personal information as defined in the Privacy Act (Data).
This Privacy Policy applies when you visit or use our website, mobile applications, APIs or when we are providing relevant services to you via the WeMoney application including any personalised offers suggested to you (the Services). The WeMoney application services is a smart money management service that connects all of your financial accounts in one place, tracks your overall financial health including providing users (you and your) with details about your credit score as well as information and tools using your financial data to compare for you a range of products, credit providers and services and make your aware of options available to you for your consideration. We may also tell you about products or promotions from our connected network of product providers. You can read our Credit Guide here (http://wemoney.com.au/credit-guide).
We are committed to safeguarding the privacy of our website visitors and service users.

By using our Services, you agree to the terms of this Privacy Policy. You shouldn’t use our Services if you don’t agree with this Privacy Policy or any other agreement that governs your use of the Services. 

PRIVACY

Collection of Personal Information
The Privacy Act defines personal information as any information or opinion about an individual that can be identified from that information. 
As part of providing any of our Services we may collect, hold, process and share your personal information which can include: 
Identification Information - This includes your name, address, contact details, and date of birth, your identity documents needed to identify you in order to provide the Services to you and protect you against fraud and unlawful activity.
Financial information - This includes your occupation and financial information that may include your personal finances, bank account, credit card details, transaction information, financial solvency and other financial related information in order for us to provide the Services to you and to give you access to the products and services provided by our platform partners.
Credit-related information - Where you have consented to us being your access seeker, we will collect your credit-related information about you, such as your credit score, credit capacity, repayment history information, credit history, consumer credit liability information and other information that appears on your credit file.
Sensitive Information - We will not collect and use any of your sensitive personal information unless it is necessary for us to provide our Services to you and with your prior consent or where a permitted general situation exists. Sensitive personal information includes information relating to your health, sexual orientation, biometric data, criminal history, racial or ethnic origin as well as membership of any trade or professional associations.

How we collect personal information

We collect your personal and credit information several ways, such as:Directly From you
Most information will be collected from you personally, this can be taken by us:
If you call or email us.When we provide our Services to you.When we manage our customer relationships and service provider relationships.If you provide us with feedback or make a complaint. If we provide you with our Services.If you apply for an account with us. When CCTV footage is recorded at our offices or premises. Your information that is in the public domain.If you subscribe to our newsletters and marketing lists.Other information that may be collected include details provided on a resume sent to us relating to an employment opportunity.

Credit-Related Personal Information

We may obtain your credit-related personal information:
when making an application or negotiating with a credit provider on your behalf.From a Credit Reporting Body (“CRB”) when we have obtained your credit report with your consent.  

Electronically

We collect your personal and credit-related personal information via our electronic records created when you use our website, tablet or mobile applications. For example, information about your location or activity including the date of and time of visits, which pages are viewed, how you as the user navigate through the website and interact with the webpages (including fields completed in form and applications), IP address, telephone number, information about the device used to visit our website and whether you've accessed third party sites. Information from other platforms
We may also collect information about you that is available from a social media or other platform providers where you use your social media account to register for WeMoney (for example, if you register for WeMoney via your Facebook account) or if your social media account is linked to the email address you use to access our Services.

Third-party services providers 
We may also receive your personal information from third parties that we deal with on your behalf and from our service providers. We may also receive your personal information from another party by any other means. If we do, we will apply the Privacy Laws in deciding whether it is lawful to keep the information received. Employment
In addition, if you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history, and relevant records checks) from any recruitment consultant, your previous employers, and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract.

Exemptions
The Privacy Act contains certain exemptions in relation to certain acts undertaken in relation to employee records and related bodies corporate. Where appropriate, we may make use of relevant exemptions in the Privacy Act. Any information we receive that we are not lawfully required to hold will be deleted or destroyed.

Consent
Acceptance of any of our Services via an application in writing, orally or electronic means will be deemed as giving consent to the disclosures detailed herein.

How we hold personal information
We will keep your personal information securely and much of the information we hold about you will be stored electronically in cloud-based, or other types of networked or electronic storage centres that comply with Australian Privacy Laws whether the data is kept within Australia or overseas. Some information that we hold about you may be stored in physical form. The security of your personal information is important to us.
We will take appropriate technical and organisational precautions to secure your personal information and to prevent the loss, misuse, unauthorized access, disclosure or alteration of your personal information.
Much of the information we hold about you will be stored electronically. We store some of your information in secure data centres that are located in Australia. We also store information in data centres of our contracted service providers (including cloud storage providers), and some of these data centres may be located outside of Australia. 
We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold both in Australia and overseas. For example: 
access to our information systems is controlled through identity and access management controls; employees and our contracted service providers are bound by internal information security policies and are required to keep the information secure; all employees are required to complete training about privacy and information security; and we regularly monitor and review our security measures and compliance with internal policies and industry best practices.You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet and you do so at your own risk. Also, our website may have links to external websites, and we take no responsibility for the privacy practices or the content of those other sites.
U
se and disclosure of Information

We will use or disclose personal information held about you as permitted by law and for the business purposes for which it is collected (e.g. provision of our Services, including administration of our Services, notifications about changes to our Services, record-keeping purposes, technical maintenance, obtaining or maintaining insurance coverage, managing risks or obtaining professional advice) - that is, to carry on our business activities and provide our Services to you. We may use your personal information to comply with legislative or regulatory requirements in any jurisdiction, for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure, to prevent fraud, crime or other activity that may cause harm in relation to our Services and help us run our business and maintain integrity. We may also use your personal information to tell you about our Services we think may interest you or for a purpose related to the primary purpose of collection or where you would reasonably expect that we would use the information in such a way, subject to legal restrictions on using your personal information for marketing purposes. 

Our Services to you 

Collecting your personal information will assist us in providing our Services to you and this includes but is not limited to:  
processing applications for the provision of our Services, providing you with credit assistance or facilitating any credit to you;
managing our Services to you which also includes;
managing our customer relationships, processing payment receipts, and invoices;
assessing and monitoring your creditworthiness;
establishing your identity to ensure that we are dealing with you;
responding to enquiries relating to your application, accounts and other Services provided to you;
detecting and preventing fraud and other risks to you and other individuals;
understanding your needs, developing and offering our Services to you as well as researching and developing new services;
payment system operators (e.g., merchants receiving card payments);our product suppliers, sponsors, or promoters of any competition that we conduct via our services;
our existing or potential agents or business partners;
providing you with direct marketing relating to products that you may be interested in;
ensuring workplace health and safety of our employees;
dealing with any complaints made by you;
specific third parties authorised by you to receive information held by us, including credit reporting bodies;
complying with our legal and regulatory compliance requirements;
or enforcing our rights, making legal enquiries, or taking legal action.

Disclosing your personal information to others 

We may disclose your personal information to any member of WeMoney Group of companies (this means our subsidiaries, our ultimate holding company and all of its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases allowed under the Privacy Laws and as set out in this Privacy Policy.
We may disclose your personal information to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may disclose your personal information to our suppliers or subcontractors insofar as reasonably necessary to provide the relevant Services to you or providers for the operation of our websites, data analytics and/or our business.
In addition to the specific disclosures of personal information set out in this section 8, we may disclose your personal information where such disclosure is necessary for compliance with a legal or regulatory obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. 
We may also disclose your personal information when you have obtained your consent. 
We may disclose your information to product providers (such as retailers and banks) in connection with a request by you for one of their products (for example, when you apply for a loan or when you agree to receive direct marketing from us or our product providers).

Third Party Websites

Our website and the WeMoney app may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites. Do we transfer your

information overseas?

We may disclose your personal information to overseas recipients in order to provide our services and for administrative, data storage, product analysis or improvement purposes or other business management purposes. The countries to which this information may be disclosed include the United States of America, Canada, United Kingdom and countries within the European Union, Japan, Singapore and New Zealand. The locations where we handle, store and process your data may change as our business needs change and we appoint other service providers from time to time.
Prior to disclosing your personal information to an overseas recipient, unless a permitted general situation applies, we will take all reasonable steps to ensure that:
the overseas recipient does not breach the Privacy Laws; or the overseas recipient is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way the Privacy Laws; or you have consented to us making the disclosure. 

Direct Marketing

We may use your personal information for direct marketing. This means we may send information to you that relates to promotions from WeMoney or one of its preferred suppliers. We may offer you products and services by various means, including by mail, telephone, email, SMS or other electronic means, such as through social media or targeted advertising. 
You have the right to object to our processing of your personal information for direct marketing purposes. If you make such an objection, we will cease to process your personal information for this purpose. 
If you do not wish your personal information to be used or disclosed for the promotional purposes described above, please contact us via the WeMoney application, our website to express your wish to opt out or click the “opt out” at the bottom of any electronic communication from us.  
We will not sell your personal information to other companies or organisations.

Wish to stay anonymous? 

You can withhold your personal information when speaking with us if you are making a general enquiry.  However, if you wish for us to provide you with our Services, we will need to identify you.

Retaining and deleting personal information

We will retain your personal information for as long as legally required and when we no longer are legally required or have a legitimate purpose to retain it, we will either delete, destroy, desensitize or anonymize it.
We may retain your personal information where such retention is necessary for compliance with a legal or regulatory obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We may also de-identify your personal information which we have collected for the purposes described in this Privacy Policy. As a result, this Privacy Policy and Privacy Laws will generally not apply to our use of de-identified information. However, we will continue to safeguard this de-identified information.

Your Privacy Law Rights

In this section 14, we have summarised the rights that you have under the Privacy Laws. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
The summary of your principal rights under Privacy Laws are:
to request, at any time, for us to inform you of the personal information we hold about you;the right to access your personal information and we will respond to you within 30 days of making a request;the right to rectification of your personal information;the right to erasure (where we have no legitimate right or business requirements to retain your personal information);the right to restrict or object to processing (where we have no legitimate right or business requirements to process your personal information);the right to complain to a supervisory authority; andthe right to withdraw your consent (where we have no legitimate right or business requirements to retain or process your personal information).We may refuse to give you access to personal information we hold about you if we reasonably believe that giving access would pose a serious threat to the life, health or safety of an individual, or to the public health or safety, where giving access would be unlawful, where giving access would have an unreasonable impact on the privacy of other individuals, if there are legal proceedings, or if we consider the request to be frivolous or vexatious.If we refuse to give you access to or to correct your personal information, we will give you a notice explaining our reasons except where it would be unreasonable to do so. 

WeMoney Services account deletion

Your WeMoney account and all associated data can be deleted in two ways:
use the 'delete account' button in the 'my details' section, accessible from the settings screen of the WeMoney application; orrequest account deletion by emailing hello@wemoney.com.au from the email account with which your account is registered (for social sign in, the email account of your Google or Facebook account).

About cookies & pop-up

We may use cookies on our website. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from the cookies.We may also use a pop-up notice which only stores your session information, device details and geo-location. The purpose of the pop-up is for users that choose to subscribe, there will be a content drip workflow that periodically provides the user with articles and information related to our services. The article/information page links will appear in the user’s browser while they are browsing at other sites. 

CREDIT REPORTING 


Use of information by CRBs

Credit Reporting Bodies (CRB) are authorised by law to handle your credit-related information. If you apply for credit, we may disclose your personal information to, or collect personal credit-related information from a CRB. CRBs may include credit-related information provided by the WeMoney Group in reports provided to other credit providers to assist such other credit providers to assess the individual’s creditworthiness.  As permitted by law, we may collect, hold, use or disclose credit-related information held about you for the purposes of: assessing and forming decisions as to whether to provide you with credit assistance, credit contracts or to accept an individual as a guarantor;participating in the exchange of credit-related information with other credit providers including obtaining from and providing information to CRBs and other credit providers and/or trade suppliers as permitted by Part IIIA of the Privacy Act and the Credit Reporting Code;to provide you with our Services;to deal with complaints and meet legal and regulatory requirements; andto assist other credit providers to do the same. 

WeMoney’s chosen CRBs

WeMoney shares credit-related information with the following CRBs:
Experian Australia Pty Ltd (Experian)
W: https://www.experian.com.au/
T: 1300 783 684
E: creditreport@au.experian.com
(Experian)

Equifax Australia Information Services and Solutions Pty Limited
W: https://www.equifax.com.au/contact
T: 13 83 32
(Equifax)

You are able to obtain a copy of their credit reporting policies from their websites.
We may change our chosen CRB in the future. If we do, we will let you know of that change by posting an announcement on our website.

Your rights in relation to CRBs

You may be asked to participate in a “pre-screening”. This is where your credit-related information is provided to a CRB to use, to provide marketing relating to your credit-related circumstances. You have the right to contact the CRB and ask that you be excluded from this process.
If you have been or have a reasonable belief that you are likely to be a victim of fraud, you can contact the CRB and request for a “ban-period”. The CRB will not be permitted to use your personal or credit related information during this time.

NOTIFIABLE DATA BREACHES

From February 2018, the Privacy Act includes a new Notifiable Data Breaches scheme (NDB) which requires us to notify you and the Office of the Australian Information Commissioner (OAIC) of certain data breaches and recommend steps you can take to limit the impacts of a breach (for example, a password change). The NDB scheme requires us to notify about a data breach that is likely to result in serious harm to affected individuals. There are exceptions where notification is not required. For example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals. If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as possible and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy. If you believe that any personal information, we hold about you has been impacted by a data breach, you can contact us using the contact details below.COMPLAINTS HANDLING

Contact us

You may exercise any of your rights in relation to your personal information by contacting us. If you have a question or complaint about how your personal information is being handled by WeMoney, our affiliates or contracted service providers, please contact us at: Attention:  Privacy Officer
E-mail:     hello@wemoney.com.au
Phone:     1300 809 330
Post:     Level 2 / 23 Foster Street                              
Surry Hills NSW 2010 Australia 

We will try to have your complaint resolved within 5 business days, but it may take longer depending on the complaint. If this is the case, we will aim to resolve your complaint within 30 days. All complaints will be handled in accordance with our Internal Dispute Resolution Policy. 

The Office of the Australian Information Commissioner

Under the Privacy Laws you may also complain to the Office of the Australian Information Commissioner (OAIC) about the way we handle your personal information. Please note the OAIC requires that any complaint be first made to the respondent organisation. The law also allows 30 days for the respondent organisation to deal with the complaint before a person may make a complaint to the OAIC.The Commissioner can be contacted at:Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au

The Australian Financial Complaints Authority
The Australian Financial Complaints Authority (AFCA) may also consider privacy complaints relating to credit reporting matters. If you wish to lodge a complaint with AFCA you may do so by contacting them.AFCA can be contacted at:
Australian Financial Complaints Authority
GPO Box 3
Melbourne VIC 3001. 
Phone: 1800 931 678
Email: info@afca.org.au
Website: www.afca.org.au 

Amendments
We reserve the right to change this Privacy Policy, at any time and when we do, we will post the current version on our website. Please check our website for the current version of this Privacy Policy.

The revised Privacy Policy shall apply from the date of publication of the revised Privacy Policy on our WeMoney website, and you hereby waive any right you may otherwise have to be notified of, or to consent to, revisions of the Privacy Policy.

Any subsequent access to, or use by you, of the WeMoney website or any of our services will constitute acceptance of any varied or modified Privacy Policy.

We will not file a copy of the Privacy Policy specifically in relation to each user or customer and, if we update the Privacy Policy, the version to which you originally agreed will no longer be available on our WeMoney website. We recommend that you consider saving a copy of the Privacy Policy for future reference.

This Privacy Policy is Version 3.0 dated 28 September 2021.