Privacy Policy

Current as at 20 June 2022

Zip Co Limited ACN 139 546 428 (“we/us/our”) is committed to protecting the privacy of our customers’ personal and credit information. This policy sets out the ways in which we collect, hold, use and disclose personal information (including credit-related information). This policy applies to Zip Co Limited and our subsidiary companies (including ZipMoney Payments Pty Ltd which operates the Zip Pay and Zip Money products). We may vary this policy from time to time.

We are committed to abiding by the Privacy Act 1988 (Cth), the Australian Privacy Principles, the Privacy (Credit Reporting) Code 2014, and any other relevant law.

What is personal information?

When we refer to “personal information”, we mean information from which your identity is reasonably apparent. This information may include information or an opinion about you. The personal information we hold about you may also include credit-related information.

“Credit-related information” means:

  • “Credit information”, which is information which includes your identity; the type, terms and maximum amount of credit provided to you, including when that credit was provided and when it was repaid; repayment history information, default information (including overdue payments); payment information; new arrangement information; details of any serious credit infringements; court proceedings information; personal insolvency information and publicly available information; and
  • “Credit eligibility information”, which is credit reporting information supplied to us by a credit reporting body, and any information that we derive from it, such as an internal credit score or rating or our assessment of your credit worthiness.

We use your credit-related information to assess your eligibility to be provided with finance. Usually credit-related information is exchanged between credit providers and credit reporting bodies.

How do we collect personal information?

We only collect information that is relevant to our business relationship with you.

Where reasonable and practical, we will collect your personal information directly from you. We may collect information about you that is publicly available, for example from public registers or social media, or made available by third parties. We may also collect your personal information from credit reporting bodies, mortgage and finance brokers, employers and other people such as accountants and lawyers.

If we collect personal information from someone else, we will take reasonable steps to ensure that you:

  • have been informed that we have collected that information;
  • understand the purposes for which we have collected that information;
  • and are aware how we might use that information or disclose it to other people.

Your communications with us, including your telephone calls to us may be monitored or recorded for internal training purposes.

What personal information do we collect?

The personal information we collect about you may include:

  • name and contact details;
  • personal details (which might include date of birth and drivers licence details);
  • bank account details;
  • financial information, including details in relation to your income and expenditure);
  • employment details (for example, current and previous employment details and proof of earnings);
  • social media information;
  • non-public, personal information you knowingly choose to disclose, which is collected on an individual basis via internet, fax, phone or email. This may include health information or other sensitive information if you choose to disclose it to us (such as telling us about a medical condition you are experiencing when you make a hardship request); and
  • other information we require to provide our products and services.

When you use our website or mobile applications, we may collect information about your location or activity, including IP address, telephone number and whether you have accessed third party sites, the date and time of visits, the pages that are viewed, information about the device used and other user location information. We collect some of this information using cookies (see ‘Our use of cookies’ below).

Why do we collect personal information and how do we use it?

We collect personal information for the purposes of:

  • providing financial products and services to you;
  • managing our business relationship with you;
  • direct marketing;
  • researching and planning for improvement of our products and services; and
  • complying with our legal and regulatory responsibilities.

If we require personal information about you for a specific purpose that is not obvious, we will let you know that purpose at the time the information is collected. Sensitive information will be used and disclosed only for the purpose for which it was provided (or a directly related secondary purpose), unless you agree otherwise or an exemption in the Privacy Act applies. If you make a hardship request on the basis of a medical condition you are experiencing, we may collect some health information about you as a result.

When might we disclose personal information?

We may disclose your personal information to achieve the same purpose for which it was collected.

Apart from the purposes above we do not give your information to any other person or company outside our subsidiary companies.

We might also disclose personal information about you:

  • within our corporate group and subsidiary companies;
  • on a confidential basis to our agents, contractors and external service providers;
  • to other organisations that are involved in managing or administering your finance, such as third party suppliers, lenders, mortgage insurers, trade insurers and credit reporting bodies;
  • to entities that assist us to provide our products to you, including card issuers or digital wallet providers;
  • if we are otherwise permitted or required to do so by law, such as under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth), government and law enforcement agencies or regulators;
  • to anybody who represents you, such as finance brokers, lawyers, mortgage brokers, guardians, persons holding power of attorney and accountants;
  • to investors, agents or advisers, trustees, rating agencies, or any entity that has an interest in your finance or our business;
  • to entities to whom we outsource some of our functions or that provide information and infrastructure systems to us;
  • to associated business and other organisations (unless you tell us not to) and their agents for the purpose of marketing their products and services to you;
  • to any organisation providing verification of your identity, including
  • online verification of identity; or
  • in other circumstances where you have first consented to the disclosure.

The document details you provided as evidence of your identity will be checked with the relevant government agency via the Document Verification Service. You can find more information about the Document Verification Service at www.dvs.gov.au. If you do not provide your drivers licence or passport number or your document is not verified by the Document Verification Service, we may not be satisfied as to your identity and you may not be able to open an account with us online.

Overseas Disclosure

We may be required to send your information overseas in order to provide you with our products and services, or comply with our legal and regulatory obligations.

Your personal and credit-related information is stored in secure data centres located in Australia. Your information may also be disclosed to:

  • Zip Group companies located in New Zealand, the United Kingdom, the United States and the other countries that the Zip Group operates in, as set out on our website or as notified to you; and
  • Third party service providers (including cloud service providers) located in Canada, India, Ireland, Latvia, The Netherlands, New Zealand, The Philippines, Portugal, Thailand, Turkey, the United Kingdom, the United States or as notified to you from time to time.

Zip will only transfer and store information in countries where there are reciprocal privacy and data security laws, or the information is handled in accordance with this policy.

This Policy is also our credit reporting policy for the purpose of section 21B of the Privacy Act.

We exchange credit-related information for the purposes of assessing your application for finance and managing that finance. If you propose to be a guarantor, one of our checks may involve obtaining a credit report about you.

This credit-related information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store the credit-related information we hold about you. The cloud storage and the IT servers may be located outside Australia, including in the countries specified above under the heading 'Overseas Disclosures'.

When we obtain credit eligibility information about you from a credit reporting body, we may also seek publicly available information and information about any serious credit infringement that you may have committed.

We may disclose your credit-related information to overseas entities (including in the countries specified above under the heading 'Overseas Disclosures') that provide support functions to us. You may obtain more information about these entities by contacting us. Where we do this, we make sure appropriate data handling and security arrangements are in place.

Notifiable matters

The law requires us to advise you of ‘notifiable matters’ in relation to how we may use your credit-related information. You may request to have these notifiable matters (and this policy) provided to you in an alternative form.

We exchange your credit-related information with credit reporting bodies. We use the credit-related information that we exchange with the credit reporting body to confirm your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor, and manage your finance. We may exchange your personal and credit-related information with the following credit reporting bodies (and to any other credit reporting bodies where permitted by law):

  • Equifax Australia Information Services & Solutions Pty Ltd
  • Illion Australia Pty Ltd.

Contact information for these credit reporting bodies is set out below.

The information we can exchange includes your identification details, what type of loans you have, how much you have borrowed, whether or not you have met your loan payment obligations, and if you have committed a serious credit infringement (such as fraud).

If you fail to meet your payment obligations in relation to any finance that we have provided or arranged, or you have committed a serious credit infringement, then we may disclose this information to a credit reporting body.

You have the right to request access to the credit-related information that we hold about you and make a request for us to correct that credit-related information if needed. See ‘Access to and correction of your personal information’ below.

Sometimes your credit information will be used by credit reporting bodies for the purposes of ‘pre-screening’ credit offers on the request of other credit providers. You can contact the credit reporting body at any time to request that your credit information is not used in this way.

You may contact the credit reporting body to advise them that you believe that you may have been a victim of fraud. The credit reporting body must not use or disclose that credit information for a period of 21 days after the credit reporting body receives your notification. You can contact any of the following credit reporting bodies for more information:

Website traffic information

Because of the way web communication standards work, when you arrive at or leave our websites, we automatically receive the web address of the site that you came from or are going to. We also collect information on the pages of our website you visit while you are on our websites, the type of browser you use, and the times you access our websites. We use this information to try to understand our customers’ preferences better and to manage the load on our servers, so as to improve our service and your experience with us.

Our use of cookies

We use cookies, pixels, pixel tags, tracking links and other third party- technologies (known collectively as “cookies”) to collect information about your use of our website and customise your experience of our services. Cookies are small files of data that reside on your computer and allow us to recognise you as a ZIP customer (or a visitor of our website) and keep track of your visits and activity on our website to provide several features, such as;

  • Remember your customised settings, such as your location, shopping cart contents and your sign-in details;
  • Customise landing page experiences based on your account activity;
  • Analyse traffic on our website;
  • Track your behaviour when using our website and services to deliver content and advertising which is relevant to your interests;
  • Track the success of promotional material and advertising campaigns;
  • Show you interest-based and customised advertising;
  • Promote trust and safety;
  • Prevent fraudulent conduct;
  • Enhance the security of our website and service.

We share cookie information with third-party partners with whom we have a relationship with regarding whether a user identified by the merchant is already registered with us.

We also allow approved third-party partners including Branch, Facebook, Google, LinkedIn to set cookies or other third-party technologies to collect data when you utilise Zip’s services. These third parties may use the data collected from these cookies or other third-party technologies (along with other information they may hold about you, including information from cookies on other webpages) to show you interest-based advertisement on sites across the internet, deliver you with personalised content, measure the effectiveness of their advertising, or perform services on behalf of Zip. Third parties may store and distribute data obtained from cookies or other third-party technology in data centres and systems around the world including outside of your country of residence. You may encounter cookies from other businesses when using our services on websites we do not control. For example, if you view a web page related by someone else or use an application developed by another business, there may be a cookie placed by that web page or application.

You are free to opt-out of receiving cookies and interest based-ads from us and third parties if your browser or browser add-on permits. To locate instructions to opt-out of cookies specific to your browser, select the “help menu” on your browser. You can access information about opting out from receiving targeted advertisements by visiting; the NAI website opt-out page here: https://www.networkadvertising.org/choices/, the DAA opt-out page here: https://www.aboutads.info/, and/or the EDAA opt-out page here: https://www.youronlinechoices.eu/. Opting out of cookies may interfere with your use of our website and ZIP services. If you opt-out of cookies you may encounter interference with your use of our website and services.

Storing and retaining personal information

We store personal information in electronic or hardcopy form (or both) and use industry standard levels of security to prevent unauthorised access to that information.

Personal information is only accessible to our staff or to authorised service providers with incidental access to supply their services to us.

We do not retain any of your information longer than is required for the business relationship with you or for legal purposes. When we are informed, we will keep the personal information we hold accurate, complete and up to date.

Sensitive information

We will only collect sensitive information about you with your consent. Sensitive information is personal information that includes information relating to your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record, or health.

Anonymity

Where it is lawful and practicable, we endeavour to de-identify the personal information we collect about you.

Direct Marketing

We may use your personal information from time to time to inform you about our current and future products and services, including contacting you by phone, email, SMS or post. You can request that you do not receive direct marketing communications by contacting us by phone on (02) 8294 2345 or by email at [email protected] or by simply clicking “unsubscribe” or “STOP” to any emails or SMS offers or electronic marketing you may receive. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.

It is important to us that the personal information (including credit-related information) we hold about you is accurate and up-to-date. During the course of our relationship with you, we may ask you to inform us if any of your information has changed.

If you wish to make any changes to your information, you may contact us. We will generally rely on you to ensure the information we hold about you is accurate or complete.

Access to and correction of your personal information and credit-related information

You may access and update any personal information (including credit-related information) you think we may hold about you at any time by contacting us at the address below.

If you wish to access the information we hold about you, we may charge a small fee to cover our costs of supplying that information. We will inform you of this cost at the time you make a request.

If you believe any information held by us is inaccurate or out-of-date, you may update that personal information.

Depending on the type of request that you make, we may respond to your request immediately. Otherwise, we usually respond to you within seven days of receiving your request. We may need to contact other entities (such as other credit providers or credit reporting bodies) to properly investigate your request.

If you are requesting us to correct your personal or credit-related information, where reasonable, and after our investigation, we will provide you with details about whether we have corrected that information within 30 days.

There may be situations where we are not required to provide you with access to your personal or credit-related information, for example, if the information relates to existing or anticipated legal proceedings, if your request is vexatious, or if the information is commercially sensitive.

If we deny you access to the personal or credit-related information we hold about you, or refuse to correct your personal or credit-related information, we will provide you with an explanation why.

Queries and complaints

If you have any query or complaint about the way we collect, use, hold or disclose personal information or credit-related information, please contact us. We will use our best efforts to respond to your query or request as quickly as possible.

If we are a member of an external dispute resolution scheme, you may instead lodge a complaint relating to the handling of your credit-related information with that organisation.

For more information about our complaints handling process, please see our disputes and complaints policy at https://zip.co/au/page/disputes-and-complaints.

If you are not satisfied with our response to your complaint, you can also refer your complaint to the OAIC. For the avoidance of doubt, this policy does not apply to our employee records.

If you would like more information about this policy or the information we hold, please contact:

The Privacy Officer Zip Co Limited Level 14, 10 Spring Street, Sydney NSW 2000

Email: [email protected] Phone: (02) 8294 2345)

This policy can be downloaded free of charge from zip.co/privacy

If you require more information about privacy laws generally, please contact:

The Privacy Commissioner: Office of the Australian Information Commissioner GPO Box 5218, Sydney NSW 2001 Phone: 1300 363 992 Website: www.oaic.gov.au

Changes to our Privacy Policy

We are constantly reviewing all of our policies and attempt to keep up-to-date with market expectations.

As a consequence, we may change this policy from time to time or as the need arises. We will post any changes to this policy on our website.

You may request this policy in an alternative form by phoning us on (02) 8294 2345 or by writing to us at [email protected].