Current as 30 October 2023
Zip Co Limited is committed to protecting your privacy. We recognise the importance of safeguarding your personal information. This policy sets out the ways in which we collect, use, hold and disclose your personal information. It also explains how we manage your credit-related information where we act as a credit provider.
This policy applies to Zip Co Limited (ACN 139 546 428) and our subsidiary companies including ZipMoney Payments Pty Ltd (ACN 164 440 993), Zip Business Australia Pty Ltd (ACN 602 957 237) and all related companies located in Australia (collectively “Zip, we, us, our”).
If you are located outside of Australia and utilise our products and services in another country, you can view that region’s policy on our website at www.zip.co by selecting your country.
We are committed to complying with the:
- Privacy Act 1988 (Cth) (“Privacy Act”);
- Australian Privacy Principles ("APPs"); and
- Privacy (Credit Reporting) Code 2014 ("Credit Reporting Code"), where applicable.
If you do not provide us with your personal information or credit-related information, we may be unable to offer you our products and services.
Your personal information
What is personal information?
When we refer to personal information, we mean information where your identity is reasonably apparent. This information may include information, or an opinion about you. The personal information we hold about you may also include credit-related information if you have applied for a credit product.
What is credit related information?
In this policy, "credit-related information" means:
- credit information – this is personal information about your credit and credit history, such as your repayment history, the number of credit products you have applied for, or the accounts you hold; and
- credit eligibility information – this includes information held by credit reporting bodies, which provide us information about your credit history and eligibility for credit as part of your application process. Credit eligibility information also includes information that we derive from information provided to us by credit reporting bodies.
We use your credit-related information to assess your eligibility to be provided with finance. Credit-related information is exchanged between credit providers (Zip) and credit reporting bodies listed below.
What information do we collect?
We collect personal information about you in three ways:
(i) when you provide it to us directly;
(iii) when we collect personal information from other third party sources, including publicly available registers and social media.
We may collect the following types of personal information from you or third parties:
Name, address, phone number, date of birth, email address, marital status and number of dependents.
Credit-related information means:
- credit information - information that includes your identity, the number of accounts you hold (credit cards, mortgages, loans), how many times and the type of credit you have applied for and with which providers, your repayment history and credit defaults; and
- credit eligibility information - credit reporting information supplied to Zip by credit reporting bodies (such as your credit report, risk rating or credit scores), and any information that Zip derives from that information such as an internal credit score or our assessment of your credit worthiness. The provision of credit information provided by credit reporting bodies can occur at the application stage or throughout the time you hold a Zip product.
This includes your:
- Tax File Number and country of tax residency;
- Australian passport, driver licence, or Proof of Age card (in order to verify your identity or as required or authorised by law); and
- Citizenship, Birth Death and Marriage Certificate (in order to verify your identity or change of name).
This may include:
- your income, expenditure, assets, financial liabilities;
- your bank account information and transaction history;
- your employment details such as current and previous employment details and proof of earnings; and
- your bank and credit card statements from your credit providers.
When your business becomes a merchant of Zip, or applies for credit, we will collect information about your company and its business dealings, as well as some personal information about individuals within your business. This may include:
- personal information relating to directors and beneficial owners;
- company information such as ABN or ACN details;
- company records and financial information such as tax returns or PAYG statements; and
- details of your company’s employees, contractors or suppliers.
Technical and Digital Information
We collect this information from you when you use our website or mobile applications. This includes information such as:
- your location information or activity;
- your IP address;
- your telephone number when you call our Customer Experience team;
- details of any third party sites you visit, including the date and time of visits;
- device information about the mobile phone or tablet used to access our services;
- social media profile and other websites you visit (Facebook, Instagram, TikTok or other social media sites); and
- information collected from Cookies (see ‘Cookies’ below).
Your telephone calls to us may be monitored or recorded for internal training purposes.
We may collect sensitive information from you where it is reasonably necessary for our business functions or activities (including for the purposes of enhancing the security on your account or on the Zip App / Website), with your consent, or if we are required or authorised to by Law. For example, we may collect this information when you make a hardship request and disclose information relating to your health as part of making that hardship request. Sensitive information is personal information that includes:
- information about your race or ethnicity;
- information about your political opinions, religious or philosophical beliefs or affiliations;
- health or genetic information, including your medical condition;
- sexual orientation or practices;
- criminal history;
- biometric data such as images, photographs or videos; and
- behavioural biometric details about how you use our website and the Zip App (including how you swipe, type and press).
We also collect your IP address (which is not sensitive information) when we collect behavioural biometric information.
From time to time we may collect other information about you, or your business to provide you with our products and services.
How do we use your personal information?
We use your personal information and sensitive information, in a number ways to offer our products and services. These purposes include:
- assessing your eligibility for our products and services;
- providing financial products and services to you;
- assisting you with your application;
- reviewing your hardship application;
- managing our business relationship with you
- marketing products and services to you;
- providing you with offers and promotions from us or our partners;
- researching and planning for improvements to our products and services;
- gaining insights into your interests and preferences so we can enhance the delivery of our services to you;
- preventing and managing fraud, and minimising security risks in connection with your account; and
- complying with our legal and regulatory obligations.
Sensitive information will be used and disclosed for the purposes for which it was collected and with your consent. There may be situations where your sensitive information is used or disclosed under an exemption in the Privacy Act.
Who do we share your personal information with?
Zip shares your personal information for the same purposes we collect it for. We might also disclose personal information about you:
- within our corporate group and subsidiary companies;
- on a confidential basis to our agents, contractors and external service providers;
- to other organisations that are involved in managing or administering your finance, such as third party suppliers, lenders, trade insurers and credit reporting bodies;
- to entities that assist us to provide our products to you, including card issuers, digital wallet providers or banking institutions;
- if permitted or required to do so by law, such as the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth), government and law enforcement agencies or regulators;
- to persons who represents you, such as finance brokers, lawyers, mortgage brokers, guardians, persons holding power of attorney, authorised representatives and accountants;
- to investors, agents or advisers, trustees, rating agencies, or any entity that has an interest in your finance or our business;
- to entities we outsource some of our functions, or provide information and infrastructure systems to us;
- to associated business and other organisations, including social media platforms, (unless you tell us not to) and their agents for the purpose of marketing their and / or our products and services to you;
- to any organisation providing identity verification services or which provides fraud detection services to us; and
- in other circumstances where you have first consented to the disclosure.
Identity verification and fraud
Zip is required by law to confirm your identity in order to provide you with certain products and services. This involves sending your personal information, including your identity documents and biometric data to third parties.
The identity document details you provide during an application process as evidence of your identity will be checked with the relevant government agency via the Document Verification Service. You can find more information about the Document Verification Service at www.dvs.gov.au.
If you do not provide your drivers' licence or passport number, or your document is not verified by the Document Verification Service, we may be unable to identify you and your account may not be approved or unlocked.
When you use the Zip app or website, behavioural biometric data is used to help protect against fraud and minimise security risks in connection with your Zip account.
Sending information overseas
We may send your information overseas in order to provide you with our products and services or to comply with our legal and regulatory obligations.
Your personal information and credit-related information is stored in secure data centres located in Australia. Your personal information and credit-related information may also be disclosed to:
- Zip Group companies located in New Zealand, the United States and the other countries that the Zip Group operates in, as set out on www.zip.co, or notified to you; and
- Third party service providers (including cloud service providers) located in Canada, Germany, India, Ireland, Latvia, The Netherlands, New Zealand, The Philippines, Portugal, Thailand, Turkey, the United Kingdom, the United States or as notified to you from time to time.
Zip will only transfer and store information in countries where there are reciprocal or substantially similar privacy and data security laws, or where Zip has taken reasonable steps to ensure that the information is handled in accordance with this policy and the APPs.
Where you have consented, we will use your personal information from time to time to contact to you (including via SMS, email or notifications and messages in the Zip App) to inform you about our current and future products and services. We may also disclose your personal information to third parties, including social media platforms, for those third parties to display targeted advertisements about our products and services to you. You can request not to receive direct marketing communications, and also opt out of targeted advertising by us (or on our behalf), in a number of ways, including (where applicable) by:
- updating your preferences in the Notifications settings within the Zip App;
- clicking “unsubscribe” or “STOP” to any SMS offers or electronic marketing you receive;
- contacting us by phone on (02) 8294 2345; or
- emailing firstname.lastname@example.org
You will not be charged for updating your preferences and we will take all reasonable steps to action your request within five (5) business days.
If you opt-out from marketing communications, we will still communicate with you for our ordinary business operations, such as transactional or account keeping purposes. For example, we may contact you in relation to:
- changes to our terms and conditions;
- your applications with us;
- confirmation of transactions and payments;
- any order disputes or returns;
- any outstanding payments or arrears you owe;
- a complaint you have made;
- where you have contacted us; or
- other circumstances, where authorised or required by law to contact you.
remember your customised settings, such as your location, shopping cart contents and your sign-in details; - customise landing page experiences based on your account activity; - analyse traffic on our website; - track your behaviour when using our website and services so that we or our partners (including social media platforms) can deliver content and advertising which is relevant to your interests; - track the success of promotional material and advertising campaigns; - show you interest-based and customised advertising; - promote trust and safety; - prevent fraudulent conduct; and - enhance the security of our website and service.
We share cookie information with third-party partners with whom we have a relationship with regarding whether a user identified by the merchant is already registered with us.
We also allow approved third-party partners (including Branch, Facebook, Google and LinkedIn) to set cookies or other third-party technologies to collect data when you utilise Zip’s services. These third parties may use the data collected from these cookies or other third-party technologies (along with other information they may hold about you, including information from cookies on other webpages) to show you interest-based advertisement on sites across the internet, deliver you with personalised content, measure the effectiveness of their advertising, or perform services on behalf of Zip. Third parties may store and distribute data obtained from cookies or other third-party technology in data centres and systems around the world including outside of your country of residence. You may encounter cookies from other businesses when using our services on websites we do not control. For example, if you view a web page related by someone else or use an application developed by another business, there may be a cookie placed by that web page or application.
You are free to opt-out of receiving cookies and interest based-ads from us and third parties. To locate instructions to opt-out of cookies specific to your browser, select the “help menu” on your browser. You can access information about opting out from receiving targeted advertisements by visiting; the NAI website opt-out page here optout.networkadvertising.org/, the DAA opt-out page here: www.aboutads.info/, and/or the EDAA opt-out page here: www.youronlinechoices.eu/. Opting out of cookies may interfere with your use of our website and our services.
Credit Reporting Policy
Please refer to our Privacy Electronic Authorisation notice for further information on our credit reporting practices.
This policy is also our Credit Reporting Policy, which applies to the credit-related information we collect from you or from credit reporting bodies in accordance with the Privacy Act and the Credit Reporting Code.
We exchange credit-related information for the purposes of assessing your application for finance and managing that finance. If you propose to be a guarantor of credit to be provided by us, one of our checks may involve obtaining a credit report about you in order to assess your suitability as a guarantor.
This credit-related information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store any credit-related information we hold about you. The cloud storage and the IT servers may be located outside Australia, (including in the countries specified under “Sending information overseas”).
When we obtain credit eligibility information about you from a credit reporting body, we may also seek publicly available information, as well as any serious credit infringements you may have committed.
We may disclose your credit-related information to overseas entities (including in the countries specified above under "Sending information overseas") that provide support functions to us. Where we do this, we make sure appropriate data handling and security arrangements are in place.
We exchange your credit-related information with credit reporting bodies. The credit reporting bodies to which Zip is likely to disclose your credit-related information to, and their websites are:
- Equifax Australia Information Services & Solutions Pty Ltd - www.equifax.com.au
- Illion Australia Pty Ltd - www.illion.com.au
- Creditorwatch Pty Ltd - www.creditorwatch.com.au
For up-to-date contact details for these credit reporting bodies, or to obtain a copy of their privacy policies and credit reporting policies, please visit the website of the credit reporting body listed above.
We use the credit-related information that we exchange with the credit reporting body to confirm your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor, and manage your finance.
The information we exchange with credit reporting bodies includes your identification details, what type of loans or credit you have obtained or applied for, how much you have borrowed, whether or not you have met your loan or credit payment obligations, and if you have committed a serious credit infringement (such as fraud). Credit reporting bodies may include the information we provide to them in credit reports or other information they provide to credit providers (including Zip) in order to help these credit providers assess your creditworthiness.
If you fail to meet your payment obligations in relation to any finance that we have provided or arranged, or you have committed a serious credit infringement, then we may disclose this information to a credit reporting body.
You have the right to request access to the credit-related information that we hold about you and make a request for us to correct that credit-related information if needed. See "How can I access or correct my personal information" below.
Sometimes your credit-related information will be used by credit reporting bodies for the purposes of ‘pre-screening’ credit offers on the request of other credit providers. You can contact the credit reporting body at any time to request that your credit-related information is not used in this way.
You may contact a credit reporting body to advise them that you believe that you may have been a victim of fraud. The credit reporting body must not use or disclose that credit-related information for a period of 21 days after the credit reporting body receives your notification. You can contact any of the credit reporting bodies we have listed above for more information:
How do we keep your information secure?
Zip uses a range of security measures to ensure your personal information is protected from unauthorised access. We utilise industry standard levels of security to prevent loss or misuse of your information. Personal information is only accessible to relevant Zip personnel, or to authorised service providers and vendors who support or supply their services to us. Zip personnel are regularly trained on how to keep your information safe and secure.
Zip use relevant industry standards as guidance, including ISO 27001, SOC2, NIST CSF and NIST SP-800 series documents.
Where it is lawful and practicable, we will deidentify the personal information we hold on you.
How long do we keep your information for?
Zip is generally required to retain your information for a period of up to seven (7) years to comply with our legal obligations.
Your personal information may be kept after your account is closed in order to carry out certain activities, such as:
- collecting outstanding balances owed;
- to conduct investigations or resolve disputes;
- account maintenance or troubleshooting;
- preventing or detecting fraud or unauthorised activity; or
- where otherwise permitted by law.
How can I access or correct my personal information or credit-related information?
Zip seeks to ensure your personal information and credit-related information is up to date. It is important to us that any personal information or credit-related information we hold on you is accurate and up-to-date.
We may also contact you and ask if your personal information or credit-related information has changed. If you wish to make any changes to your personal information or credit-related information that we hold, you can contact us directly at email@example.com, or use the Zip App to update your personal details. We will generally rely on you to update your information so it is accurate and complete.
You can request access or correction to your personal information or credit-related information at any time by contacting Zip’s Privacy Officer using the details below. The time we take to respond to your request will depend on the type of access or correction request you make. We usually reply within thirty (30) days of receiving your request. We will notify you if it takes longer and we will seek your written consent to an extension if we are required by law to do so.
We may contact you via phone to confirm your identity and the reason for the request before releasing or correcting any personal information or credit-related information about you. This is to protect your identity and ensure Zip does not disclose any personal information or credit-related information to persons who do not have the right to access or correct that information.
There may be times where we charge a small fee to cover our costs of providing you with access to, or supplying, your information. We will inform you of this cost at the time you make a request.
We will not charge you a fee for requesting that your personal information or credit-related information be corrected.
Zip may not always be required to provide access to, or correct, your personal information or credit-related information due to certain exceptions in the Privacy Act. This includes where:
- it is unlawful to give access;
- giving access would pose a serious threat to any person’s life, health or safety, or to public health or safety;
- the information relates to existing or anticipated court or legal proceedings;
- giving access would have an unreasonable impact on other people’s privacy;
- giving access would reveal evaluative information in connection with a commercially sensitive decision-making process by Zip; or
- your request is vexatious.
We will write to you and explain why we cannot provide access or correct your information. In some cases where we refuse to correct your information, you can ask us to include a statement attached to your personal information that says you believe it is inaccurate, incomplete, misleading or out of date.
Where can I get help?
If you have a query or complaint about the way we handled your personal information or credit-related information, please let us know and how we can help fix it. For more information about how we will respond to and handle your complaint, please see our disputes and complaints policy at zip.co/au/page/disputes-and-complaints.
You can contact our Privacy Officer at:
Mail: The Privacy Officer Level 7 180 George Street Sydney, NSW 2000
Phone: (02) 8294 2345
Zip is committed to resolving your query as soon as possible and will acknowledge your complaint within seven (7) days of receipt. We will investigate and provide a response on how we have resolved your complaint within thirty (30) days. If our investigation takes longer, we will notify you and provide you with a reason for the delay.
If you remain dissatisfied with the outcome and would like an independent review of the complaint and the respond you can refer your complaint to the Australian Financial Complaints Authority (AFCA):
Mail: GPR Box 3, Melbourne, VIC, 3001
Phone: 1800 931 678
If you are still not happy with the resolution we have provided and your complaint is about your privacy, personal or credit-related information, you can contact the Office of the Australian Information Commissioner (OAIC):
Mail: The Privacy Commissioner, Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001
Phone: 1300 363 992
Changes to this Policy
From time to time, we may make changes to this policy on how we handle your personal information and/or credit-related information. Any updates to this Policy will be available on our website - zip.co/au/page/privacy.
Changes to this Policy will take effect from the date it is posted. We will also notify you directly of significant amendments to this Policy, via email or other means.