OpenAgent Pty Ltd (OpenAgent, our, us, we) understands that when you use our website, products or services, you are trusting us to handle your data respectfully and in compliance with the Privacy Act 1988 (Cth) (Privacy Act). In order for you to make an informed decision about providing us with your personal information, you need access to relevant information.
We are subject to the Privacy Act, including the Australian Privacy Principles (APPs). The APPs set out the manner in which we may collect, store, use and disclose personal information and how a person, such as yourself, can access and/or correct records containing their personal information.
This policy also includes notifiable matters in relation to credit information. Our handling of credit information is regulated by the Privacy Act and the Privacy (Credit Reporting) Code (CR Code). You should carefully read this policy to understand how we will manage your credit information.
If you have any questions, we encourage you to contact us. We’re here to help.
Any material revisions of this policy that would result in a material detriment to you will be notified to you by a posting on the website, via e-mail or any other means available to us.
Types of personal information
Personal information is information about an identified individual, or an individual who is reasonably identifiable. This information does not need to be true or recorded in a material form in order to be defined as personal information.
Whether information is personal information is determined by giving due consideration to whether it is information about an identified individual or about an individual who is reasonably identifiable. For example, sometimes you might provide us with information that has no connection to you as an individual or will not reveal or convey anything about you. This type of information is not personal information.
Depending on which services you use, the types of information we collect and hold about you may include:
The type of personal information that we may collect and the purpose of our use, collection and disclosure will depend on the nature of your relationship with us. Further information is set out below under ‘How we use your information’.
Do I need to provide OpenAgent with my information?
You are not obligated to provide us with your information. You can use a pseudonym or not identify yourself where it is lawful and practicable to do so. However, our ability to provide a personalised and relevant service to you, as well as to determine eligibility is dependent on the accuracy of information given to us. We may be limited in our ability to assist you (but we'll still try!).
There are many aspects of our website that can be viewed without providing personal information. However, to receive the benefit of our products and services, you are required to submit personally identifiable information. This may include - but is not limited to - your name, email, phone, address.
You may also need to provide us with personal information to log into an account. In limited circumstances, we may request information to confirm your identity and property ownership, or to determine your eligibility for a particular product or service.
If we have received personal information that is immaterial to the provision of the services, we will either delete or destroy it as soon as practicable (but only if it is lawful and reasonable to do so), or ensure that the information is de-identified. In certain circumstances we may be required or permitted by law, court or tribunal order to collect certain personal information about you.
By providing us with personal information, you represent to us that this is your own information or information which you have been authorised to provide. Where you provide us with your personal information but wish to limit the use and disclosure of the personal information, you should expressly state those limitations to us in writing.
If you are a real estate agent or agency providing us with personal information as it relates to your customers, you must only provide such information in compliance with the Privacy Act. You must not provide us with personal information without the consent of the individual it relates to.
How we collect personal information
We collect information from you whenever you interact with us or our website. This includes when you visit our website, register to use the services, request further information about us, communicate with us (including by phone or email), and interact with our third parties. This information may be collected automatically sometimes. For example, through tracking technologies (including cookies).
More specifically, we collect information from:
If you choose not to provide certain personal information, we may not be able to provide you with the services at the service levels expected of us. From time to time, you may provide personal information about other individuals to us.
We don't collect information for the sake of it. All the information we gather has a specific purpose. Those purposes are identified below under "How we use your information”.
We believe in transparency so if you want further information on when we have collected your personal information and for what purpose, please don't hesitate to contact us.
At any time, you can request to have this policy or any notifiable matter provided to you in an alternative form, such as a hard copy.
Under the Privacy Act and the Privacy (Credit Reporting) Code (CR Code), credit reporting bodies (CRBs) are allowed to handle credit information. We will collect and disclose your credit information with CRBs when you apply for any kind of credit or offer to act as guarantor. The information collected and disclosed includes your identification details, what type of loans you have, how much you have borrowed, whether or not you have met your loan payment obligations and if you have committed a serious credit infringement (such as fraud).
For example, if you make an application to receive credit services, we may disclose information to, or collect information about you from, a CRB to confirm your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor, and manage your finance/home loan. In doing so, we may obtain a credit report or provide other credit providers with credit-related information to assist the assessment of your credit worthiness. CRBs may also provide your personal information to credit providers to assist those providers in assessing your credit worthiness (including in loan applications).
If you don’t meet your payment obligations or commit a serious credit infringement, we may disclose this information to a CRB. An example of a serious credit infringement would be a failure to repay overdue debts and relocating without providing the relevant credit provider with the new or forwarding address.
The CRB we will deal with is Equifax Australia. If we need to verify your identity and obtain a credit report in connection with some of our services, we will do so through them. For contact details and information on how that Equifax manages credit related personal information, please see below:
In addition, your credit-related information may be used by CRBs in order to preliminary screen the relevant credit offer(s) for the benefit of other credit providers i.e. direct marketing. You can contact the CRB at any time on the details listed above to request that your credit-related information not be used in this way by contacting them on the details above. You can also ask a CRB not to use or disclose your personal information for a period if you believe on reasonable grounds that you have been or are likely to be a victim of fraud.
You have the right to request access to the credit information that we hold about you and make a request for us to correct that information, where appropriate. If we refuse your request to access or correct your credit information, we will also provide you with information on how you can complain about the refusal. If you are concerned about how your credit information is being handled or if you have a complaint about a breach by us of the credit reporting provisions of the Privacy Act or the CR Code, please contact us. More information on how to make complaints can be found at the end of this policy.
How we use your information
The main ways we use your personal information and, in some circumstances de-identified data, are set out as follows:
When do we disclose your personal information
In order to deliver the products or services you require, we may disclose your personal information to organisations outside of OpenAgent, including our related bodies corporate. Your personal information and de-identified data may be disclosed to any other business or organisation in order to facilitate the purpose for which the information was collected. Specific examples of who we might disclose information to include:
Remember, if you do provide us with your personal information and you wish to limit the use and disclosure of personal information, you should expressly state those limitations to us in writing.
OpenAgent takes reasonable steps to ensure that we have your consent to those disclosures, or have notified you of the disclosure before it takes place. Disclosure of your personal information will only occur when it is necessary to deliver the product, service or analysis or purpose relevant to the disclosure. Any organisations who have received your personal information will be subject to equivalent privacy obligations at law or by contract, in relation to the protection of your personal information.
We may also share with or permit the use of de-identified data or content by others, including selected business and commercial partners, for the purposes of posting or contributing material about real estate properties, as well as performing data analytics which serve a commercial purpose. This extends to research for and execution of marketing initiatives around product offerings. If you do not wish for this to occur, you must state those limitations to us in writing via the following methods:
Disclosure to Equifax Australia
From time to time, we may also disclose information to Equifax Australia. If you are applying for a Doorsteps Credit product, we will disclose your personal information to Equifax Australia in order to verify your identity and to obtain a credit report. We may also disclose information relevant to assessing your credit worthiness. Following the data matching exercises and analysis, we will receive information from Equifax Australia that includes or confirms personal information about you and other individuals. If we cannot verify your identity using information held by Equifax Australia, we will contact you directly and provide instructions to contact the relevant CRB to update your information. Alternative means of verifying your identity can be made available on request.
Disclosure to our related body corporates
Doorsteps Finance Pty Ltd provides mortgage broking services and propperr Pty Ltd specialises in property management. OpenAgent does not act on behalf of either entity, but we may refer you to them, subject to your consent.
From time to time we may use the personal information we collect from you to identify products and services that we believe may be of interest to you. We may then contact you to let you know about these products and services and how they may benefit you. These products and services may be offered by us or a third party. For example, you may receive direct marketing from real estate agents, business partners, subsidiaries and affiliates that might better serve your objectives, financial situation or real estate needs. You can ask us not to do this at any time, and we will always give you a choice to opt out of receiving such information in future.
In some cases, we will use or disclose your personal information to such persons or entities for the purpose of participation or eligibility in competitions or promotions and other opportunities in which you may be interested. This includes ‘cross-selling’, where we suggest a related or complementary product or service to you, and provide a referral or submission of personal information to a third party, subject to your interest and consent.
Direct marketing from us generally takes the form of an electronic marketing email. Electronic marketing occurs where we use your personal information to send you marketing information by email, SMS, MMS or other electronic means. From time to time, we may also contact you by phone or direct mail for direct marketing. We may do so with your express or implied consent.
You may give us your express consent by, for example, ticking a box on an electronic or submitting a form where we seek your permission to send you electronic or other marketing information. Consent may also be implied from our existing business relationship or where you have a reasonable expectation of receiving an electronic marketing communication. We do not sell or allow your personal information to be used by third-parties for their own marketing purposes, unless you ask us to do this or give us your consent to do so.
Every marketing email sent or made by us will include a means by which you can unsubscribe (or opt out) of receiving further marketing information. Additionally, you may instruct us at any time to remove any previous consent you provided to receive communications from us. General requests should be directed to us via the channels provided below:
OpenAgent uses Google Analytics and Google Signals.
We also use Google Signals. This allows us to assign and track the customer journey of an individual website visitor to different end devices. For example, we can see when a user clicks on an OpenAgent ad on one device and then registers for our services on another device. However, we can only see this if the user has logged in to a Google service when visiting a website and has activated the option “personalised advertising” in their Google account settings at the same time. If you do not want “Google Signals” to be used, you can disable the “Ads Personalisation” option in your Google Account preferences. No personal data or user profiles are accessible to us; this means you remain anonymous to us.
For example, we will use and share historical and current de-identified user and transactional data to develop marketing initiatives and product offerings. Those understandings, whether developed internally or in connection with an external partner may also be provided to our selected business and commercial partners from time to time. If you have any concerns or questions about our approach to, or use of, de-identified data, please let us know.
We do not adopt a government related identifier of an individual as our own identifier unless required or authorised to do so by or under an Australian law, regulation or court/tribunal order. Before using or disclosing a government related identifier of an individual, we ensure that such use or disclosure is:
- reasonably necessary for us to verify your identity for the purposes of the our activities or functions;
- reasonably necessary for us to fulfil its obligations to a government agency or a State or Territory authority;
- required or authorised by or under an Australian law, regulation or a court/tribunal order;
- within a permitted general situation (other than the situations referred to in Items 3, 4 or 5 of the table in subsection 16A(1)) of the Privacy Act exists in relation to the use or disclosure of the identifier; or
- reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
From time to time, you may send an application to us via an online form. We may use that information to correspond with you directly and to determine the suitability of any products and services. If you start but do not submit an online application, we may contact you using any of the contact details you have supplied to offer help completing it.
Our reliance on accurate, complete and up to date information
Accessing Your Personal Information
To access the personal information we hold about you, please contact us. From time to time, we may need to consult with other entities before proceeding with your request. As such, we will respond to your request within 30 days, unless otherwise notified to you. We will give access in the manner you have requested and at no-cost, if it is reasonable to do so. If any fees do apply, we will notify you in writing and shall await your payment before proceeding.
We may deny you access to your personal information in certain circumstances, for example, if required or authorised by or under an Australian law or a court/tribunal order, or it would be likely to prejudice enforcement related activities by an enforcement body. If we do not give you access, we will provide you with the reasons for the refusal (except where it would be unreasonable to do so) and information on how you can complain about the refusal, in writing.
Updating Your Personal Information
To update your personal information, please contact us on the details provided as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete or up-to-date and we will update your records accordingly.
If appropriate, we will correct the personal information at the time of the request. In some circumstances, we will need to conduct an investigation, after which we will notify you of the decision to update or change your personal information within 30 days of the initial request. This timeframe is a result of the need to consult with other entities from time to time as part of our investigation. If we refuse to correct personal information, we will provide you with our reasons for not correcting the information. If we refuse your request to correct your personal information, at your request, we will include a note to your personal information which states you disagree with its accuracy or completeness.
We may in some cases use automated decision-making. We will only do so if it is authorised by law, if you have provided an explicit consent, or if it is necessary for the performance of a contract. For example, we may use an automated credit approval process. You may request that we use a manual decision-making process instead. You can also express an opinion on or contest any decision which was based solely on automated processing or profiling. If we are using automated decision-making, we will let you know about the logic used, our legal basis, and the significance and envisaged consequences.
Storage and Security
We will store your personal information for as long as needed to provide you with the services and to operate our business. We store this information for at least seven years, and in different ways, including in paper and electronic form. At any time, you can request to access your personal information held on our website (subject to service outages) to keep it updated. We will also delete specific personal information upon request, unless deleting that information prevents us from carrying out necessary business functions, such as billing, meeting our obligations at law and conducting required audits. If we are unable to delete your data, subject to satisfying our obligations at law, we will transform it so that it can no longer be used to identify you.
We have a variety of appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. It includes physical and electronic measures. Although we aim to create a safe, secure environment, we cannot guarantee that unauthorised parties will not gain access but will notify you regarding eligible data breaches if they are likely to or do impact you.
Third-Party Links & Websites
Our website may contain links to the websites of other entities. If you click on such links, you will be transferred to the website of these entities. Those third parties may collect information about you (including, without limitation, cookie and web beacon information, information about your preferences or other information you have provided about yourself), and we may also collect or have access to that information as part of our arrangements with those third parties. We have no control over, and are not responsible for, the privacy practices of these entities.
Notifiable Data Breach Scheme
The Notifiable Data Breaches (NDB) scheme applies to eligible data breaches that occur on or after 22 February 2018. It mandates a reporting and notification process for OpenAgent. The Office of the Australian Information Commissioner (OAIC) administers the NDB Scheme.
Please contact us on the details provided if you have any questions about this.
General Data Protection Regulation - Data Subject Rights
Our collection, use, disclosure and processing of your personal information will also be regulated by the GDPR if we offer our services to you while you are in the EU, or if we monitor your behaviour while you are located or residing in the EU (Data Subject).
The GDPR provides Data Subjects with certain rights to
These rights apply across the EU, regardless of where the data is processed and where we are established. These rights also apply when you buy goods and services from non-EU companies operating in the EU.
If you need further information on these rights, please contact us on the details provided.
If you are a Data Subject and would like to exercise your rights, you can contact us on the details set out in this policy. We will respond to your requests without undue delay and at the latest within one (1) month. If we are unable to meet this timeframe, we will provide you in writing the reasons why. In order to exercise these rights, you may be asked to provide information to confirm your identity.
If you are a Data Subject, we are allowed to use your personal information in the following circumstances:
If we intend to use your personal information for any other purpose, prior to doing so, we will provide you with information on the new purpose and update this policy. If you do not allow us to collect all of the relevant personal information which we consider necessary to fulfil a contract with you, to comply with law or on the basis of a legitimate interest - then, we may not be able to deliver all of our products or services to you.
By providing your email address to us, you consent to receiving notices and other documents from us by email to that registered email address. By giving this consent you also confirm that:
Upon registration, you will also be subscribed to receive marketing communications from us via email. Such communications may include updates, opportunities, promotions, and reminders. They may also include marketing information about us and/or our selected business and commercial partners, including without limitation OpenAgent. If you wish to unsubscribe from our marketing communications, you may do so by sending an email to firstname.lastname@example.org or via the unsubscribe link provided.
Complaints and further enquiries
How you may lodge a complaint
You can lodge complaints or make further enquiries by contacting our Complaints Officer, by:
- submitting a Complaints Form;
- phoning 13 24 34
- emailing email@example.com
- writing to us at PO Box 419, Alexandria NSW 1435
We encourage you to speak to us about your complaint directly. Please provide as much information as possible, with any supporting documentation if relevant. This will help us to resolve your complaint as quickly as possible.
You may also lodge a complaint by speaking to any representative of our business who will refer you to the Complaints Officer.
You should explain the details of your complaint as clearly as you can. You may do this verbally or in writing.
In order to assist complainants who might need additional assistance to lodge a complaint, we:
Dealing with complaints
Our process for dealing with complaints is as follows:
Generally, we will provide an IDR response to you no later than 30 calendar days after receiving the complaint. However, for some specific types of credit-related complaints, the following response timeframes apply:
We do not need to provide an IDR response to you if we close your complaint by the end of the fifth business day after receipt because we have resolved the complaint to your satisfaction or given you an explanation and/or apology we can take no further action to reasonably address your complaint.
However, we must provide a written IDR response for complaints closed by the end of the fifth business day after receipt if the complainant requests a written response or the complaint is about hardship.
If you are unsatisfied with our response in relation to credit reports, you may complain to our external dispute resolution scheme, the Australian Financial Complaints Authority (AFCA). AFCA provides fair and independent financial services complaint resolution that is free to consumers. Our Membership Number is 86215.
Australian Financial Complaints Authority
Office of the Australian Information Commissioner
If you are unsatisfied with our response to your complaint, you may complain to the Office of the Australian Information Commissioner (OAIC). Before you may make a complaint to the OAIC, the OAIC requires any complaint must first be made to us, and allows 30 days for us to deal with your complaint.