Privacy Policy

Current as 24 April 2024

Overview

Zip Co Limited is committed to protecting your privacy. We recognise the importance of safeguarding your personal information. This policy sets out the ways in which we collect, use, hold and disclose your personal information. It also explains how we manage your credit-related information where we act as a credit provider.

This policy applies to Zip Co Limited (ACN 139 546 428) and our subsidiary companies including ZipMoney Payments Pty Ltd (ACN 164 440 993), Zip Business Australia Pty Ltd (ACN 602 957 237) and all related companies located in Australia (collectively “Zip, we, us, our”).

If you are located outside of Australia and utilise our products and services in another country, you can view that region’s policy on our website at www.zip.co by selecting your country.

We are committed to complying with the:

Privacy Act 1988 (Cth) (“Privacy Act”);
Australian Privacy Principles ("APPs"); and
Privacy (Credit Reporting) Code 2014 ("Credit Reporting Code"), where applicable.

This Privacy Policy should be read carefully and in conjunction with any other privacy notice or collection statement we provide to you when Zip collects your personal information or credit-related information.

If you do not provide us with your personal information or credit-related information, we may be unable to offer you our products and services.

Your personal information

What is personal information?

When we refer to personal information, we mean information where your identity is reasonably apparent. This information may include information, or an opinion about you. The personal information we hold about you may also include credit-related information if you have applied for a credit product.

In this policy, "credit-related information" means:

credit information – this is personal information about your credit and credit history, such as your repayment history, the number of credit products you have applied for, or the accounts you hold; and
credit eligibility information – this includes information held by credit reporting bodies, which provide us information about your credit history and eligibility for credit as part of your application process. Credit eligibility information also includes information that we derive from information provided to us by credit reporting bodies.

We use your credit-related information to assess your eligibility to be provided with finance. Credit-related information is exchanged between credit providers (Zip) and credit reporting bodies listed below.

What information do we collect?

We collect personal information about you in three ways:

(i) when you provide it to us directly;

(ii) when we gather personal information while you are using our Services, including through cookies and similar technologies (see 4. How We Use Cookies and Similar Technologies below); and

(iii) when we collect personal information from other third party sources, including publicly available registers and social media.

We may collect the following types of personal information from you or third parties:

Personal details

Name, address, phone number, date of birth, email address, marital status and number of dependents.

Credit-related information

Credit-related information means:

credit information - information that includes your identity, the number of accounts you hold (credit cards, mortgages, loans), how many times and the type of credit you have applied for and with which providers, your repayment history and credit defaults; and
credit eligibility information - credit reporting information supplied to Zip by credit reporting bodies (such as your credit report, risk rating or credit scores), and any information that Zip derives from that information such as an internal credit score or our assessment of your credit worthiness. The provision of credit information provided by credit reporting bodies can occur at the application stage or throughout the time you hold a Zip product.

Identity documents

This includes your:

Tax File Number and country of tax residency;
Australian passport, driver licence, or Proof of Age card (in order to verify your identity or as required or authorised by law); and
Citizenship, Birth Death and Marriage Certificate (in order to verify your identity or change of name).

Financial Information

This may include:

your income, expenditure, assets, financial liabilities;
your bank account information and transaction history;
your employment details such as current and previous employment details and proof of earnings; and
your bank and credit card statements from your credit providers.

How do we use your personal information?

We use your personal information and sensitive information, in a number ways to offer our products and services. These purposes include:

assessing your eligibility for our products and services;
providing financial products and services to you;
assisting you with your application;
reviewing your hardship application;
managing our business relationship with you;
marketing products and services to you;
providing you with offers and promotions from us or our partners;
researching and planning for improvements to our products and services;
gaining insights into your interests and preferences so we can enhance the delivery of our services to you;
preventing and managing fraud, and minimising security risks in connection with your account; and
complying with our legal and regulatory obligations.

Sensitive information will be used and disclosed for the purposes for which it was collected and with your consent. There may be situations where your sensitive information is used or disclosed under an exemption in the Privacy Act.

Zip shares your personal information for the same purposes we collect it for. We might also disclose personal information about you:

within our corporate group and subsidiary companies;
on a confidential basis to our agents, contractors and external service providers;
to other organisations that are involved in managing or administering your finance, such as third party suppliers, lenders, trade insurers and credit reporting bodies;
to entities that assist us to provide our products to you, including card issuers, digital wallet providers or banking institutions;
if permitted or required to do so by law, such as the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth), government and law enforcement agencies or regulators;
to persons who represents you, such as finance brokers, lawyers, mortgage brokers, guardians, persons holding power of attorney, authorised representatives and accountants;
to investors, agents or advisers, trustees, rating agencies, or any entity that has an interest in your finance or our business;
to entities we outsource some of our functions, or provide information and infrastructure systems to us;
to associated business and other organisations, including social media platforms, (unless you tell us not to) and their agents for the purpose of marketing their and / or our products and services to you;
to any organisation providing identity verification services or which provides fraud detection services to us; and
in other circumstances where you have first consented to the disclosure.

Identity verification and fraud

Zip is required by law to confirm your identity in order to provide you with certain products and services. This involves sending your personal information, including your identity documents and biometric data to third parties.

The identity document details you provide during an application process as evidence of your identity will be checked with the relevant government agency via the Document Verification Service. You can find more information about the Document Verification Service at www.dvs.gov.au.

If you do not provide your drivers' licence or passport number, or your document is not verified by the Document Verification Service, we may be unable to identify you and your account may not be approved or unlocked.

When you use the Zip app or website, behavioural biometric, technical and digital data is used to help protect against fraud and minimise security risks in connection with your Zip account.

Sending information overseas

We may send your information overseas in order to provide you with our products and services or to comply with our legal and regulatory obligations.

Your personal information and credit-related information is stored in secure data centres located in Australia. Your personal information and credit-related information may also be disclosed to:

Zip Group companies located in New Zealand, the United States and the other countries that the Zip Group operates in, as set out on www.zip.co, or notified to you; and
Third party service providers (including cloud service providers) located in Canada, Germany, India, Ireland, Latvia, The Netherlands, New Zealand, The Philippines, Portugal, Thailand, Turkey, the United Kingdom, the United States or as notified to you from time to time.

Zip will only transfer and store information in countries where there are reciprocal or substantially similar privacy and data security laws, or where Zip has taken reasonable steps to ensure that the information is handled in accordance with this policy and the APPs.

Direct Marketing

Where you have consented, we will use your personal information from time to time to contact to you (including via SMS, email or notifications and messages in the Zip App) to inform you about our current and future products and services. We may also disclose your personal information to third parties, including social media platforms, for those third parties to display targeted advertisements about our products and services to you. You can request not to receive direct marketing communications, and also opt out of targeted advertising by us (or on our behalf), in a number of ways, including (where applicable) by:

updating your preferences in the Notifications settings within the Zip App;
clicking “unsubscribe” or “STOP” to any SMS offers or electronic marketing you receive;
contacting us by phone on (02) 8294 2345; or
emailing hello@care.zip.co

You will not be charged for updating your preferences and we will take all reasonable steps to action your request within five (5) business days.

If you opt-out from marketing communications, we will still communicate with you for our ordinary business operations, such as transactional or account keeping purposes. For example, we may contact you in relation to:

changes to our terms and conditions;
your applications with us;
confirmation of transactions and payments;
any order disputes or returns;
any outstanding payments or arrears you owe;
a complaint you have made;
where you have contacted us; or
other circumstances, where authorised or required by law to contact you.

Cookies

We use cookies, pixels, pixel tags, tracking links and other third party-technologies (known collectively as “cookies”) to collect information about your use of our website and customise your experience of our services. Cookies allow us to recognise you as a Zip customer (or a visitor of our website) and keep track of your visits and activity on our website. This enables us to:

remember your customised settings, such as your location, shopping cart contents and your sign-in details;
customise landing page experiences based on your account activity;
analyse traffic on our website;
track your behaviour when using our website and services so that we or our partners (including social media platforms) can deliver content and advertising which is relevant to your interests;
track the success of promotional material and advertising campaigns;
show you interest-based and customised advertising;
promote trust and safety;
prevent fraudulent conduct; and
enhance the security of our website and service.

We share cookie information with third-party partners with whom we have a relationship with regarding whether a user identified by the merchant is already registered with us.

We also allow approved third-party partners (including Branch, Facebook, Google and LinkedIn) to set cookies or other third-party technologies to collect data when you utilise Zip’s services. These third parties may use the data collected from these cookies or other third-party technologies (along with other information they may hold about you, including information from cookies on other webpages) to show you interest-based advertisement on sites across the internet, deliver you with personalised content, measure the effectiveness of their advertising, or perform services on behalf of Zip. Third parties may store and distribute data obtained from cookies or other third-party technology in data centres and systems around the world including outside of your country of residence. You may encounter cookies from other businesses when using our services on websites we do not control. For example, if you view a web page related by someone else or use an application developed by another business, there may be a cookie placed by that web page or application.

You are free to opt-out of receiving cookies and interest based-ads from us and third parties. To locate instructions to opt-out of cookies specific to your browser, select the “help menu” on your browser. You can access information about opting out from receiving targeted advertisements by visiting; the NAI website opt-out page here: optout.networkadvertising.org/, the DAA opt-out page here: www.aboutads.info/, and/or the EDAA opt-out page here: www.youronlinechoices.eu/. Opting out of cookies may interfere with your use of our website and our services.

Credit Reporting Policy

Please refer to our Privacy Electronic Authorisation notice for further information on our credit reporting practices.

This policy is also our Credit Reporting Policy, which applies to the credit-related information we collect from you or from credit reporting bodies in accordance with the Privacy Act and the Credit Reporting Code.

We exchange credit-related information for the purposes of assessing your application for finance and managing that finance. If you propose to be a guarantor of credit to be provided by us, one of our checks may involve obtaining a credit report about you in order to assess your suitability as a guarantor.

This credit-related information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store any credit-related information we hold about you. The cloud storage and the IT servers may be located outside Australia, (including in the countries specified under “Sending information overseas”).

When we obtain credit eligibility information about you from a credit reporting body, we may also seek publicly available information, as well as any serious credit infringements you may have committed.

We may disclose your credit-related information to overseas entities (including in the countries specified above under "Sending information overseas") that provide support functions to us. Where we do this, we make sure appropriate data handling and security arrangements are in place.

We exchange your credit-related information with credit reporting bodies. The credit reporting bodies to which Zip is likely to disclose your credit-related information to, and their websites are:

Equifax Australia Information Services & Solutions Pty Ltd - www.equifax.com.au
Illion Australia Pty Ltd - www.illion.com.au
Creditorwatch Pty Ltd - www.creditorwatch.com.au

For up-to-date contact details for these credit reporting bodies, or to obtain a copy of their privacy policies and credit reporting policies, please visit the website of the credit reporting body listed above.

We use the credit-related information that we exchange with the credit reporting body to confirm your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor, and manage your finance.

The information we exchange with credit reporting bodies includes your identification details, what type of loans or credit you have obtained or applied for, how much you have borrowed, whether or not you have met your loan or credit payment obligations, and if you have committed a serious credit infringement (such as fraud). Credit reporting bodies may include the information we provide to them in credit reports or other information they provide to credit providers (including Zip) in order to help these credit providers assess your creditworthiness.

If you fail to meet your payment obligations in relation to any finance that we have provided or arranged, or you have committed a serious credit infringement, then we may disclose this information to a credit reporting body.

You have the right to request access to the credit-related information that we hold about you and make a request for us to correct that credit-related information if needed. See "How can I access or correct my personal information" below.

Sometimes your credit-related information will be used by credit reporting bodies for the purposes of ‘pre-screening’ credit offers on the request of other credit providers. You can contact the credit reporting body at any time to request that your credit-related information is not used in this way.

You may contact a credit reporting body to advise them that you believe that you may have been a victim of fraud. The credit reporting body must not use or disclose that credit-related information for a period of 21 days after the credit reporting body receives your notification. You can contact any of the credit reporting bodies we have listed above for more information:

Equifax Australia Information Services & Solutions Pty Ltd - www.equifax.com.au t: 13 83 32
Illion Australia Pty Ltd - www.illion.com.au t: 13 23 33 or +61 3 9828 3200
Creditorwatch Pty Ltd - https://creditorwatch.com.au/ t: 1300 501 312

How do we keep your information secure?

Zip uses a range of security measures to ensure your personal information is protected from unauthorised access. We utilise industry standard levels of security to prevent loss or misuse of your information. Personal information is only accessible to relevant Zip personnel, or to authorised service providers and vendors who support or supply their services to us. Zip personnel are regularly trained on how to keep your information safe and secure.

Zip use relevant industry standards as guidance, including ISO 27001, SOC2, NIST CSF and NIST SP-800 series documents.

Where it is lawful and practicable, we will deidentify the personal information we hold on you.

How long do we keep your information for?

Zip is generally required to retain your information for a period of up to seven (7) years to comply with our legal obligations.

Your personal information may be kept after your account is closed in order to carry out certain activities, such as:

collecting outstanding balances owed;
to conduct investigations or resolve disputes;
account maintenance or troubleshooting;
preventing or detecting fraud or unauthorised activity; or
where otherwise permitted by law.

Zip seeks to ensure your personal information and credit-related information is up to date. It is important to us that any personal information or credit-related information we hold on you is accurate and up-to-date.

We may also contact you and ask if your personal information or credit-related information has changed. If you wish to make any changes to your personal information or credit-related information that we hold, you can contact us directly at hello@care.zip.co, or use the Zip App to update your personal details. We will generally rely on you to update your information so it is accurate and complete.

You can request access or correction to your personal information or credit-related information at any time by contacting Zip’s Privacy Officer using the details below. The time we take to respond to your request will depend on the type of access or correction request you make. We usually reply within thirty (30) days of receiving your request. We will notify you if it takes longer and we will seek your written consent to an extension if we are required by law to do so.

We may contact you via phone to confirm your identity and the reason for the request before releasing or correcting any personal information or credit-related information about you. This is to protect your identity and ensure Zip does not disclose any personal information or credit-related information to persons who do not have the right to access or correct that information.

There may be times where we charge a small fee to cover our costs of providing you with access to, or supplying, your information. We will inform you of this cost at the time you make a request.

We will not charge you a fee for requesting that your personal information or credit-related information be corrected.

Zip may not always be required to provide access to, or correct, your personal information or credit-related information due to certain exceptions in the Privacy Act. This includes where:

it is unlawful to give access;
giving access would pose a serious threat to any person’s life, health or safety, or to public health or safety;
the information relates to existing or anticipated court or legal proceedings;
giving access would have an unreasonable impact on other people’s privacy;
giving access would reveal evaluative information in connection with a commercially sensitive decision-making process by Zip; or
your request is vexatious.

We will write to you and explain why we cannot provide access or correct your information. In some cases where we refuse to correct your information, you can ask us to include a statement attached to your personal information that says you believe it is inaccurate, incomplete, misleading or out of date.

Where can I get help?

If you have a query or complaint about the way we handled your personal information or credit-related information, please let us know and how we can help fix it. For more information about how we will respond to and handle your complaint, please see our disputes and complaints policy at https://zip.co/au/page/disputes-and-complaints.

You can contact our Privacy Officer at:

Mail: The Privacy Officer Level 7 180 George Street Sydney, NSW 2000

Phone: (02) 8294 2345

Email: privacy@zip.co

Zip is committed to resolving your query as soon as possible and will acknowledge your complaint within seven (7) days of receipt. We will investigate and provide a response on how we have resolved your complaint within thirty (30) days. If our investigation takes longer, we will notify you and provide you with a reason for the delay.

If you remain dissatisfied with the outcome and would like an independent review of the complaint and the respond you can refer your complaint to the Australian Financial Complaints Authority (AFCA):

Mail: GPR Box 3, Melbourne, VIC, 3001

Phone: 1800 931 678

Website: www.afca.org.au

Email: info@afca.org.au

If you are still not happy with the resolution we have provided and your complaint is about your privacy, personal or credit-related information, you can contact the Office of the Australian Information Commissioner (OAIC):

Mail: The Privacy Commissioner, Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001

Phone: 1300 363 992

Website: www.oaic.gov.au

Changes to this Policy

From time to time, we may make changes to this policy on how we handle your personal information and/or credit-related information. Any updates to this Policy will be available on our website - zip.co/au/page/privacy.

Changes to this Policy will take effect from the date it is posted. We will also notify you directly of significant amendments to this Policy, via email or other means.

If you would like to request a physical copy of this Policy, you can contact us in writing at privacy@zip.co or by phone (02) 8294 2345.