Privacy Policy - OpenAgent

Welcome to Doorsteps!

We take your privacy seriously, and that’s why we want you to know exactly how your information will be shared amongst our different businesses and when we need to share it with a third party.

Introduction

OpenAgent Pty Ltd ABN 93 161 595 679 (OpenAgent) respects all customers, third parties, suppliers and visitors (you, your) privacy and is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles and the Privacy (Credit Reporting) Code 2014 (Credit Reporting Code).

OpenAgent is part of the Doorsteps Group, which includes OA Real Estate Pty Ltd ABN 41 164 368 843 (OA Real Estate), Doorsteps Finance Pty Ltd ABN 27 648 541 879 (Doorsteps Finance) and Doorsteps Solutions Pty Ltd ABN 60 654 334 246 Australian Credit Licence Number 537369 (Doorsteps Solutions). OA Real Estate, Doorsteps Finance and Doorsteps Solutions are our wholly owned subsidiaries. This Privacy Policy governs the collection, use and disclosure of your personal information to OpenAgent and its related body corporates (collectively referred to as “Doorsteps”, “us”, “we” and “our”).

This Privacy Policy (Privacy Policy) applies to all personal information collected by Doorsteps, or submitted to us, whether offline or online, including information collected in connection with the use of our products and services, as well as information submitted by you through our website, platforms and any mobile sites (Websites), or through our official social media pages that we control (our Social Media Pages) as well as through HTML-formatted email messages that we send to you (collectively, the “Sites”).

This Privacy Policy describes how we deal with information we collect and demonstrates our commitment to the protection of your privacy. By registering to use our platform or applying for a product or any other service we provide, visiting the Sites and otherwise providing personal information to us, you are accepting and consenting to the practices described in this Privacy Policy. If you do not agree with any of the terms of this Privacy Policy, please do not use the Sites or submit any personal information to us.

What is Personal Information?

The Privacy Act defines personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not (personal information). The personal information we hold about you may include credit-related information.

Credit-related information

Credit-related information includes both:

Credit information which is personal information that may have a bearing on credit that has been provided to you or that you have applied for, including credit for personal, investment or business purposes. It includes your identity, repayment history, the type and amount of credit provided to you, default and payment information, personal insolvency, court proceedings and any other publicly available information that relates to your credit worthiness.
Credit eligibility information which is information related primarily to your credit-related dealings with other credit providers and comprises of "credit reporting information" disclosed by a credit reporting body to us, and information we derive from that information.

We use your credit-related information to assess your eligibility to be provided with any credit. Credit-related information is typically exchanged between credit and finance providers and credit reporting bodies. We strongly recommend you read the ‘Notifiable Matters’ section of this privacy policy before providing us with credit-related information.

Notifiable Matters

Where you have made an application for consumer credit, we are required under the Credit Reporting Code to ensure that you are aware of certain matters, such as how we exchange your credit-related information with credit reporting bodies.

Please see ‘Types of Personal Information” below for the types of personal and credit-related information we may collect, hold and use.

We will exchange this information with a credit reporting body to confirm your identity, assess your credit worthiness, assess and manage your application for products and services. Details of these matters can be viewed on our Websites and are also set out in the ‘privacy consent and electronic authorisation’ we will ask you to agree to at the time you apply for consumer credit. You may request to have these notifiable matters (and this privacy policy) provided to you in an alternative form, such as a hard copy.

If you apply for a credit product, we will also use and collect your credit-related information for the purpose of assessing your application for credit, and to manage the credit product. Doorsteps will also share your personal and credit-related information with credit reporting bodies. We will also collect your credit-related information from credit reporting bodies.

Credit reporting bodies may include your personal information and credit-related information in reports that they provide to other credit providers to assist us and other providers in assessing your credit worthiness.
Information accessible to us includes your repayment history information and financial hardship information.If you fail to meet your payment obligations in relation to consumer credit, or enter a financial hardship arrangement in relation to credit to which the National Consumer Credit Protection Act 2009 (Cth) applies, we are also required to disclose this to credit reporting bodies.
If you commit a serious credit infringement, such as obtaining credit by fraud, we may also disclose this to a credit reporting body.
We may also use your credit-related information to assist you during hardship, as well as to assess whether to grant or securitise your loans. Credit-related information will also be used to assess the risk of providing you with a product or service. To facilitate these uses, we may share your credit-related information with third parties including funders, credit providers and insurers, to assist them with administration of those arrangements.
“Credit pre-screening” may occur unless you otherwise request credit reporting bodies not to to. This is where credit reporting bodies provide a service to credit providers like Doorsteps Solutions who wish to send direct marketing material about credit services to individuals, where you are pre-screened or direct marketing purposes.
You can request the credit reporting body not to use or disclose credit reporting information about you if you reasonably believe that you have been, or are likely to be, a victim of fraud.

We use the following credit reporting bodies:

Illion - www.illion.com.au

Please see their privacy policies and contact details available on their website.

Collection of Personal Information

We primarily collect personal information from you for the purposes of dealing with you and in assisting us to arrange for the products and services you request to be provided to you. We may also collect your personal information for the purposes of direct marketing and managing our relationship with you. This may also entail collecting credit-related information where you decide to apply for credit through Doorsteps.

Most of the time, we will collect your personal information directly from you. From time to time, we may also collect information about you from other people and organisations. This includes through credit representatives and financial advisers, when engaging directly with you, from our website as well as from competitions and promotions to which you choose to respond.

We collect personal information;

when you enquire about, apply for, or use our products or services. This includes OpenAgent’s vendor research services or services provided by a Doorsteps entity.
when you contact us to make an enquiry or give us feedback;
when you visit our Sites, register with or use our digital services;
when you participate in other activities we offer, such as competitions or surveys;
when you engage with us or do business with us, by phone or email;
from digital tracking tools such as Google Analytics and Google Signals, and sometimes automatically through tracking technologies (including cookies);
via payment providers. For example, if you enter into a contract for our services where a fee is payable, we will need to collect and use your payment information, including your credit/debit card details in order to process payment. This type of personal information is usually processed and provided to us by and in accordance with the relevant payment provider’s terms; or
from other sources, such as public databases, acquired contact lists, real estate agents, professional and other credit bodies if you apply for credit (for example under reciprocal arrangements), your employer, regulators and government and statutory bodies.

Types of Personal Information

The types of personal information we collect and hold may include:

Identification Information	For example, your name, property address, telephone numbers and email address, your personal details, such as date of birth, your employment information, Australian Government related identifiers and identity documents, residential status etc.
Financial Information	Information about your financial position, including your income, expenses, savings and assets and any (other) credit arrangements, your reasons and objectives for applying for a product or service and where required other details such as the ages and number of your dependants, the length of time you have lived at your current address, information relevant to your property interests, including properties you have shown an interest in and other information we consider relevant to assessment of your application for credit or any other service we provide.
Credit-related information	Details of credit applied for and details of the type and amount of credit granted, the fact that credit provided to you has been repaid, whether or not you have made payments on time, default information, being payments overdue and for which collection action has started, information about your credit worthiness, details of any new arrangements made with you, including hardship applications.
Details of any defaults or serious credit infringements	Court proceedings and person insolvency information, and if in you have committed a serious credit infringement.
Public information	Public record information such as court judgments, directorship and business proprietorship details, bankruptcy, debt agreement and personal insolvency.

We also hold all records of your communications and other interactions with us. This may include monitoring and recording our calls with you but we will let you know if we are doing this.

If you would like to understand what information in particular we hold on you, please contact us on privacy@doorsteps.com.au.

The provision of your personal information is voluntary. However, if you cannot, or will not, provide us with the personal or credit-related information we reasonably require, we may not be able to verify your identify, assess your application for a product or service, manage our relationship with you, contact you or otherwise interact with you, perform our statutory functions, or provide you with some or all of our products and other services.

How We Use Your Personal Information

We use your personal information to assist us as follows:

Delivery of our products and services	to verify your identity. to provide and personalise our services, including checking your eligibility for our products and services. to contact you, and manage our relationship with you including through communications between us and you about our products and services. This includes establishing, administering and managing your account and/or profile, as well as notifying you of changes, surveys and security update information. to assess, process your applications, and provide you with our products and services. to provide referrals and to facilitate communications between you and selected business and commercial partners that you have requested contact with, including (without limitation) real estate agents, credit providers or their intermediaries. to improve our service to you and your experience with us. to let you know about other products and services that may be of interest to you. to administer and manage delivery of products and services, including matters relating to making and managing payments and transactions, fees, charges and interest due on or in connection to our products and services (including collection and recovery of money owed to us).
Improving the products and services	to deliver our products and services. to respond to complaints and to resolve them. to understand, diagnose, troubleshoot, and fix issues with our services. for monitoring and supervision, quality assurance and training purposes. monitoring, moderating and improving our Sites; to evaluate and develop new content, features, technologies, and improvements to the services, including the development, administration and enhancement of algorithms, functionality and performance.
Marketing	for promotional and marketing purposes, including communicating information about our products and services. to generate and provide stories, commentary, profiles and descriptions (including without limitation, the sharing of feedback or reviews, photos or other personal information) accessible through the services, associated Sites and/or Social Media Pages. to create, host, publish, post, share, store or upload photos illustrations, text, video, still images, audio, interactive virtual tours and other material. to remarket using cookies to serve advertisements based on prior visits to our Site. to create or distribute advertising and marketing material that is relevant to you, including material relevant to or on behalf of selected business and commercial partners.
Analytics	to nurture and verify your data profile by combining your personal information with information we have collected from other sources in order to generate and report analytics, insights and research for us, and and for our selected business and commercial partners. to initiate and develop new business opportunities for us and/or selected business and commercial partners. to generate and report aggregate statistics to advertisers and our service providers and third-parties. de-identification to provide insights and analytics services to other organisations, including sharing de-identified information with other organisations.
Other	for internal and external reports for the management of reporting and compliance related matters, including: our financial position, including forecasting; business capability and planning; testing systems and processes; communications management; risk management corporate governance; and audits. to provide information to third parties as authorised or required by law or a court or tribunal. to credit and fraud reporting agencies, debt collection agencies, and organisations involved in our normal business practices. any other uses identified at the time of collecting your personal information.

We may share your information with third parties for the reasons mentioned above (see “How We Use Your Personal Information”), or where the law otherwise allows or requires us to. The types of third parties are listed below (under “Disclosing Personal Information”).

Disclosing Personal Information

Third Party	Description
Doorsteps	OpenAgent may share your information between members of Doorsteps. This includes OA Real Estate Pty Ltd ACN 164 368 843, Doorsteps Finance Pty Ltd ACN 648 541 879, and Doorsteps Solutions Pty Ltd ABN 60 654 334 246 Australian Credit Licence Number 537369. Each entity may use your information as outlined under “How We Use Your Personal Information”.
Authorised Third Parties	We may share information with third parties where you have authorised us to do so or where we are legally required. They include: real estate agents and agencies; third parties that you have authorised to act for you (such as accountants, financial counsellors, legal representatives, agents, mortgage brokers, financial advisors, or a person with Power of Attorney); legal guardians or family members you have authorised to act for you; and guarantors and other security providers.
Commercial and strategic partners	We may share your information with Doorsteps’ service partners, external service providers and other organisations that facilitate the supply of products and services. These include: organisations that we partner with to supply or deliver products and services; third party advertisers e.g. Google Analytics, Google Adwords & Facebook; administrative service providers; investors and funders of Doorsteps; auditors and insurers; processing, payment clearing, credit reference, debt collecting or other service providers necessary to the operation of our business; fraud and misconduct investigators or service providers; and external service providers that we engage to do some of our work for us including marketing or advisory service providers, debt recovery agencies, legal service providers and information technology and cloud service providers, (without limitation).
Verification Services	We will disclose information to third party service providers or organisations that can verify information that you have supplied when applying for a product or service, or making a claim, including (but not limited to): your employer, to verify your employment status; identity verification service providers; aggregator lender panel through which Doorsteps credit representatives submit loan applications (for example, Australian Finance Group Ltd); other banks and financial institutions that you may have products and services with; commercially available third party databases; and credit reporting bodies and credit providers.
Referrals	We may share information with third parties where you have authorised us to do so. We will seek express consent before sharing of information takes place.
Financial services organisations	We will collect and share your information with credit providers (including banks), third party payment providers, superannuation funds and financial services providers as required for the delivery of services, for example to process transactions, make payments and provide refunds.
Government and law enforcement agencies	Where we are authorised to do so by law, we will disclose your information to government and law enforcement agencies or regulators in order to comply with our legislative or regulatory obligations in any of the jurisdictions where we operate.

We will disclose your personal information to those third parties only where such disclosure is for the purposes required. We will disclose your personal information when we are required by law to do so. Your personal information may also be disclosed to some of our service providers who are located overseas, including but not limited to the USA, Indonesia and the Philippines. These service providers help us deliver or support the provision of our products and services to you. In carrying out tasks on our behalf, service providers may have access to credit-related information. If we share information overseas, we make sure there are appropriate privacy, data handling and security arrangements in place to protect your information. We may use cloud storage to store your personal information that we hold. You can contact us for further information on the disclosure of your personal information at any time.

Opting out of Marketing

From time to time, we may also use your personal information to tell you about products and services we think may be of interest and value to you. This may include new or current information about products and services, loans, special offers, changes to Doorsteps or any business with which we are associated. We do not sell your personal information for direct marketing.

We will contact you via various means, including but not limited to, email, text or push notification and depending on your account or operating system settings. You have the right to opt out of receiving direct marketing at any time. If at any time you wish to stop receiving direct marketing messages from us you can let us know by contacting us. In your request, please indicate that you wish to stop receiving marketing communications from us.

Correcting Your Information

Individuals may request access to their personal and credit-related information unless we are permitted by law to withhold that information. Individuals may also request the correction of any personal information which is inaccurate by contacting our Privacy Officer at privacy@doorsteps.com.au. To the extent permitted by law, there are some exceptions where this access may be denied. If we deny you access to the personal or credit-related information we hold about you, or if we refuse to correct your personal or credit-related information, an explanation will be provided to you. To request access and seek the correction of personal information held by us, please email, call or write to us. We will endeavour to respond to any access or correction request within 7 working days of receipt.

Privacy Complaints

If you would like any further information about our handling of personal information, or to make a complaint about our handling of your personal information, or you believe there has been a breach by us of the Privacy Act or the credit reporting provisions of the Credit Reporting Code, please lodge a complaint addressed to our Privacy Officer at pprivacy@doorsteps.com.au. Once we receive your complaint, we will respond to you within 7 working days. We will provide you with a decision on your complaint within 30 days.

If you are unsatisfied with the outcome of your complaint, you may wish to take your complaint to the Australian Financial Complaints Authority, which can be contacted by phone on 1800 931 678, by email at info@afca.org.au, or in writing to GPO Box 3, Melbourne VIC 3001. Please email privacy@doorsteps.com.au if you need to obtain our AFCA membership details or if you need further assistance in this regard.

You can also contact the Office of the Australian Information Commissioner (OAIC). The OIAC can be contacted by phone: 1300 363 992. Website: www.oaic.gov.au

Notifiable Data Breach Scheme

The Notifiable Data Breaches (NDB) scheme applies to eligible data breaches that occur on or after 22 February 2018. It mandates a reporting and notification process for Doorsteps. The OAIC administers the NDB scheme.

If there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that Doorsteps holds;

this is likely to result in serious harm to one or more individuals; and
we have not been able to prevent the likely risk or serious harm with remedial action,

then we are required to notify the OAIC about the incident.

The NDB scheme ensures that as an organisation, we are accountable for your privacy protection. The notification process is important for building a relationship of trust and transparency. In addition, by keeping you notified, you’re better able to take steps to mitigate harm, such as changing passwords or being alert to phishing emails or scams. In the interim, Doorsteps would also be taking steps to remediate the breach and will keep you advised on our progress, including the security measures being undertaken.

Please contact us on the details provided if you have any questions about this.

By Post: PO Box 419, Alexandria NSW 1435

By Email: privacy@doorsteps.com.au

Cookies

We will collect information using cookies when you use our Sites, including any mobile or tablet applications. These cookies will tell us about your visit to our Sites and help us to remember you, allowing us to create a customised experience for your next visit. For example, marketing cookies help us to determine which of the services may be of interest and value to you and then tell you about them. We also use cookies for other purposes. For example, to better understand behaviours and habits, as well as diagnosing problems and making improvements to our products and services. We may also use cookie information to display targeted advertisements or content on our network and on our Sites and also on third party networks and websites, including Google and Facebook.

Doorsteps uses Google Analytics and Google Signals.

Google Analytics uses cookies to analyse your use of our Sites. The information generated by the cookie is usually sent to and stored overseas by Google. The types of information generated by the cookie include your location, search history and data from sites that partner with Google. We use the information provided through Google Analytics to understand and evaluate your use of our website, compile reports about activity and provide other services relevant to optimising your use of the Sites.

We also use Google Signals. This allows us to assign and track the customer journey of an individual website visitor to different end devices. For example, we can see when a user clicks on an Doorsteps advertisement on one device and then registers for our services on another device. However, we can only see this if the user has logged in to a Google service when visiting a website and has activated the option “personalised advertising” in their Google account settings at the same time. If you do not want “Google Signals” to be used, you can disable the “Ads Personalisation” option in your Google Account preferences. No personal data or user profiles are accessible to us; this means you remain anonymous to us.

For more information, please see Google’s Privacy Policy which is available here.

De-identified Data

From time to time, we may collect, use and disclose de-identified data. De-identified data is data which has had all personally identifiable information removed or anonymised. This means that you can no longer be identified, nor can any other individual in that data-set. When we no longer need your personal information for any of the purposes set out in this Privacy Policy, or as otherwise required by law, we will take reasonable steps to destroy it or to de-identify it. We will use de-identified data for research and commercial purposes, such as creating reports and insights.

For example, we will use and share historical and current de-identified user and transactional data to develop marketing initiatives and product offerings. Those understandings, whether developed internally or in connection with an external partner may also be provided to our selected business and commercial partners from time to time. If you have any concerns or questions about our approach to, or use of, de-identified data, please let us know.

How We Store Personal Information

Doorsteps takes all reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification or exposure. We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold about you.

We may use cloud storage to store your personal information, as well as store personal information in both electronic and paper form. We also require all Doorsteps staff to maintain the confidentiality of customer information. Access to personal information is restricted to employees with roles and responsibilities which require access to the information. If we no longer need to hold your personal information, it is securely destroyed or de-identified.

Government Identifiers

This refers to the use and disclosure of government related identifiers. For example, your tax file number and country of tax residency, medicare card, Australian passport, driver licence or pension card details , citizenship and birth certificate, death and marriage certificates etc.

We do not adopt a government related identifier of an individual as our own identifier unless required or authorised to do so by or under an Australian law, regulation or court/tribunal order. Before using or disclosing a government related identifier of an individual, we ensure that such use or disclosure is:

reasonably necessary for us to verify your identity for the purposes of the our activities or functions;
reasonably necessary for us to fulfil its obligations to a government agency or a State or Territory authority;
required or authorised by or under an Australian law, regulation or a court/tribunal order;
within a permitted general situation (other than the situations referred to in Items 3, 4 or 5 of the table in subsection 16A(1)) of the Privacy Act exists in relation to the use or disclosure of the identifier; or
reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

Third Party Links

Our Sites may also contain hyperlinks to websites operated by third parties. We are not responsible for the content of such websites, or the manner in which those websites handle any personal information you provide. In these cases, your personal information may be collected by that third party and not by us and will be subject to that third party's privacy policy, rather than this Privacy Policy. We have no control over, and are not responsible for, that third party's use or disclosure of your personal information.

Online Applications

From time to time, you may send an application to us via an online form. We may use that information to correspond with you directly and to determine the suitability of any products and services. If you start but do not submit an online application, we may contact you using any of the contact details you have supplied to offer help completing it.

Automated Decision-Making

We may in some cases use automated decision-making. We will only do so if it is authorised by law, if you have provided an explicit consent, or if it is necessary for the performance of a contract. For example, we may use an automated credit approval process. You may request that we use a manual decision-making process instead. You can also express an opinion on or contest any decision which was based solely on automated processing or profiling. If we are using automated decision-making, we will let you know about the logic used, our legal basis, and the significance and envisaged consequences.

Variations to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time by publishing an updated version of this Privacy Policy on our Sites and taking any further action as required by law, after which, your continued use of the Sites or your provision of any further personal information will indicate your acknowledgement to the modified terms of this Privacy Policy. This Privacy Policy was last updated on 5 September 2023.