Current as at 7 April 2021
Zip Co Limited ACN 139 546 428 (“we/us/our”) is committed to protecting the privacy of our customers’ personal and credit information. This policy sets out the ways in which we collect, hold, use and disclose personal information (including credit-related information). This policy applies to Zip Co Limited and our subsidiary companies (including ZipMoney Payments Pty Ltd which operates the Zip Pay and Zip Money products). We may vary this policy from time to time.
We are committed to abiding by the Privacy Act 1988 (Cth), the Australian Privacy Principles, the Privacy (Credit Reporting) Code 2014, and any other relevant law.
What is personal information?
When we refer to “personal information”, we mean information from which your identity is reasonably apparent. This information may include information or an opinion about you. The personal information we hold about you may also include credit-related information.
“Credit-related information” means:
“Credit information”, which is information which includes your identity; the type, terms and maximum amount of credit provided to you, including when that credit was provided and when it was repaid; repayment history information, default information (including overdue payments); payment information; new arrangement information; details of any serious credit infringements; court proceedings information; personal insolvency information and publicly available information; and
“Credit eligibility information”, which is credit reporting information supplied to us by a credit reporting body, and any information that we derive from it.
We use your credit-related information to assess your eligibility to be provided with finance. Usually credit-related information is exchanged between credit providers and credit reporting bodies.
How do we collect personal information?
We only collect information that is relevant to our business relationship with you. This information is received directly from you or from other sources who you have approved giving us information.
If we collect personal information from someone else, we will take reasonable steps to ensure that you:
have been informed that we have collected that information;
understand the purposes for which we have collected that information;
and are aware how we might use that information or disclose it to other people.
Your telephone calls to us may be monitored or recorded for internal training purposes.
What personal information do we collect?
The personal information we collect about you may include:
name and contact details;
personal details (which might include date of birth and drivers licence details);
bank account details;
financial information, including details in relation to your income and expenditure);
employment details (for example, current and previous employment details and proof of earnings);
social media information; and
other information we require to provide our products and services.
Why do we collect personal information and how do we use it?
We collect personal information for the purposes of:
providing financial products and services to you;
managing our business relationship with you;
researching and planning for improvement of our products and services; and
complying with our legal and regulatory responsibilities.
If we require personal information about you for a specific purpose that is not obvious, we will let you know that purpose at the time the information is collected.
How do we collect your personal information?
Where reasonable and practical, we will collect your personal information directly from you. We may collect information about you that is publicly available, for example from public registers or social media, or made available by third parties. We may also collect your personal information from credit reporting bodies, mortgage and finance brokers, employers and other people such as accountants and lawyers.
When might we disclose personal information?
We may disclose your personal information to achieve the same purpose for which it was collected.
Apart from the purposes above we do not give your information to any other person or company outside our subsidiary companies.
We might also disclose personal information about you:
within our corporate group and subsidiary companies;
on a confidential basis to our agents, contractors and external service providers;
to other organisations that are involved in managing or administering your finance, such as third party suppliers, lenders, mortgage insurers, trade insurers and credit reporting bodies;
to entities that assist us to provide our products to you, including card issuers or digital wallet providers;
if we are otherwise permitted or required to do so by law, such as under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth), government and law enforcement agencies or regulators;
to anybody who represents you, such as finance brokers, lawyers, mortgage brokers, guardians, persons holding power of attorney and accountants;
to investors, agents or advisers, trustees, rating agencies, or any entity that has an interest in your finance or our business;
to entities to whom we outsource some of our functions or that provide information and infrastructure systems to us;
to associated business and other organisations (unless you tell us not to) and their agents for the purpose of marketing their products and services to you;
to any organisation providing verification of your identity, including online verification of identity; or
in other circumstances where you have first consented to the disclosure.
The document details you provided as evidence of your identity will be checked with the relevant government agency via the Document Verification Service. You can find more information about the Document Verification Service at www.dvs.gov.au. If you do not provide your drivers licence or passport number or your document is not verified by the Document Verification Service, we may not be satisfied as to your identity and you may not be able to open an account with us online.
We exchange credit-related information for the purposes of assessing your application for finance and managing that finance. If you propose to be a guarantor, one of our checks may involve obtaining a credit report about you.
This credit-related information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store the credit-related information we hold about you. The cloud storage and the IT servers may be located outside Australia.
When we obtain credit eligibility information about you from a credit reporting body, we may also seek publicly available information and information about any serious credit infringement that you may have committed.
We may disclose your credit-related information to overseas entities that provide support functions to us. You may obtain more information about these entities by contacting us. Where we do this, we make sure appropriate data handling and security arrangements are in place.
The law requires us to advise you of ‘notifiable matters’ in relation to how we may use your credit-related information. You may request to have these notifiable matters (and this policy) provided to you in an alternative form.
We exchange your credit-related information with credit reporting bodies. We use the credit-related information that we exchange with the credit reporting body to confirm your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor, and manage your finance.
The information we can exchange includes your identification details, what type of loans you have, how much you have borrowed, whether or not you have met your loan payment obligations, and if you have committed a serious credit infringement (such as fraud).
If you fail to meet your payment obligations in relation to any finance that we have provided or arranged, or you have committed a serious credit infringement, then we may disclose this information to a credit reporting body.
You have the right to request access to the credit-related information that we hold about you and make a request for us to correct that credit-related information if needed. See ‘Access to and correction of your personal information’ below.
Sometimes your credit information will be used by credit reporting bodies for the purposes of ‘pre-screening’ credit offers on the request of other credit providers. You can contact the credit reporting body at any time to request that your credit information is not used in this way.
You may contact the credit reporting body to advise them that you believe that you may have been a victim of fraud. The credit reporting body must not use or disclose that credit information for a period of 21 days after the credit reporting body receives your notification. You can contact any of the following credit reporting bodies for more information:
Website traffic information
Because of the way web communication standards work, when you arrive at or leave our websites, we automatically receive the web address of the site that you came from or are going to. We also collect information on the pages of our website you visit while you are on our websites, the type of browser you use, and the times you access our websites. We use this information to try to understand our customers’ preferences better and to manage the load on our servers, so as to improve our service and your experience with us.
Remember your customised settings, such as your location, shopping cart contents and your sign-in details;
Customise landing page experiences based on your account activity;
Analyse traffic on our website;
Track your behaviour when using our website and services to deliver content and advertising which is relevant to your interests;
Track the success of promotional material and advertising campaigns;
Show you interest-based and customised advertising;
Promote trust and safety;
Prevent fraudulent conduct;
Enhance the security of our website and service.
We share cookie information with third-party partners with whom we have a relationship with regarding whether a user identified by the merchant is already registered with us.
We also allow approved third-party partners including Branch, Facebook, Google, LinkedIn to set cookies or other third-party technologies to collect data when you utilise Zip’s services. These third parties may use the data collected from these cookies or other third-party technologies (along with other information they may hold about you, including information from cookies on other webpages) to show you interest-based advertisement on sites across the internet, deliver you with personalised content, measure the effectiveness of their advertising, or perform services on behalf of Zip. Third parties may store and distribute data obtained from cookies or other third-party technology in data centres and systems around the world including outside of your country of residence. You may encounter cookies from other businesses when using our services on websites we do not control. For example, if you view a web page related by someone else or use an application developed by another business, there may be a cookie placed by that web page or application.
You are free to opt-out of receiving cookies and interest based-ads from us and third parties if your browser or browser add-on permits. To locate instructions to opt-out of cookies specific to your browser, select the “help menu” on your browser. You can access information about opting out from receiving targeted advertisements by visiting; the NAI website opt-out page here: http://www.networkadvertising.org/choices/, the DAA opt-out page here: http://www.aboutads.info/, and/or the EDAA opt-out page here: http://www.youronlinechoices.eu/. Opting out of cookies may interfere with your use of our website and ZIP services. If you opt-out of cookies you may encounter interference with your use of our website and services.
Storing and retaining personal information
We store personal information in electronic or hardcopy form (or both) and use industry standard levels of security to prevent unauthorised access to that information.
Personal information is only accessible to our staff or to authorised service providers with incidental access to supply their services to us.
We do not retain any of your information longer than is required for the business relationship with you or for legal purposes. When we are informed, we will keep the personal information we hold accurate, complete and up to date.
We will only collect sensitive information about you with your consent. Sensitive information is personal information that includes information relating to your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record, or health.
Where it is lawful and practicable, we endeavour to de-identify the personal information we collect about you.
We may use your personal information from time to time to inform you about our current and future products and services, including contacting you by phone, email, SMS or post. You can request that you do not receive direct marketing communications by contacting us by phone on (02) 8294 2345 or by email at [email protected] or by simply clicking “unsubscribe” or “STOP” to any emails or SMS offers or electronic marketing you may receive. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.
Updating your personal information
It is important to us that the personal information we hold about you is accurate and up-to-date. During the course of our relationship with you, we may ask you to inform us if any of your personal information has changed.
If you wish to make any changes to your personal information, you may contact us. We will generally rely on you to ensure the information we hold about you is accurate or complete.
Access to and correction of your personal information
You may access and update any personal information you think we may hold about you at any time by contacting us at the address below.
If you wish to access the personal information we hold about you, we may charge a small fee to cover our costs of supplying that information. We will inform you of this cost at the time you make a request.
If you believe any personal information held by us is inaccurate or out-of-date, you may update that personal information.
Depending on the type of request that you make, we may respond to your request immediately. Otherwise, we usually respond to you within seven days of receiving your request. We may need to contact other entities (such as other credit providers or credit reporting bodies) to properly investigate your request.
If you are requesting us to correct your personal or credit-related information, where reasonable, and after our investigation, we will provide you with details about whether we have corrected that information within 30 days.
There may be situations where we are not required to provide you with access to your personal or credit-related information, for example, if the information relates to existing or anticipated legal proceedings, if your request is vexatious, or if the information is commercially sensitive.
If we deny you access to the personal or credit-related information we hold about you, or refuse to correct your personal or credit-related information, we will provide you with an explanation why.
Queries and complaints
If you have any query or complaint about the way we collect, use, hold or disclose personal information, please contact us. We will use our best efforts to respond to your query or request as quickly as possible.
For the avoidance of doubt, this policy does not apply to our employee records.
If you would like more information about this policy or the information we hold, please contact:
The Privacy Officer
Zip Co Limited
Level 14, 10 Spring Street, Sydney NSW 2000
This policy can be downloaded free of charge from zip.co/privacy
If you require more information about privacy laws generally, please contact:
The Privacy Commissioner:
We are constantly reviewing all of our policies and attempt to keep up-to-date with market expectations.
As a consequence, we may change this policy from time to time or as the need arises. We will post any changes to this policy on our website.