An Overview

OpenAgent Pty Ltd (OpenAgent, our, us, we) understands that when you use our website, products or services, you are trusting us to handle your data respectfully and in compliance with the Privacy Act 1988 (Cth) (Privacy Act).  In order for you to make an informed decision about providing us with your personal information, you need access to relevant information. 

We are subject to the Privacy Act, including the Australian Privacy Principles (APPs). The APPs set out the manner in which we may collect, store, use and disclose personal information and how a person, such as yourself, can access and/or correct records containing their personal information.

This policy sets out how we collect, use, disclose and manage personal information in connection with any use of our products and services, including your use of our website (hereafter referred to together as the "services").  Any reference to “website” includes any websites operated by or on behalf of OpenAgent, including any microsites and mobile websites.  In using our website or any of the services, you agree to your personal information being handled as set out in this privacy policy. This extends to our creation and use of de-identified data.

This policy also includes notifiable matters in relation to credit information. Our handling of credit information is regulated by the Privacy Act and the Privacy (Credit Reporting) Code (CR Code).  You should carefully read this policy to understand how we will manage your credit information.

Finally, our website uses cookies to enhance your experience and to help us with the delivery of the services. If you continue without changing your browser settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time. More information about our use of cookies is provided below.

If you have any questions, we encourage you to contact us. We’re here to help.  

Changes to this privacy policy

We may update this privacy policy from time to time.  As a result, we encourage you to review our policy periodically for change. Updates are usually clarifications based on feedback from our customers, product and service developments, developments in industry practice or market expectations. 

Any material revisions of this policy that would result in a material detriment to you will be notified to you by a posting on the website, via e-mail or any other means available to us.

Please note that your continued use of the services, requesting our assistance or the provision of further personal information to us (directly or via an authorised person) after this privacy policy has been revised, constitutes your acceptance of the updated privacy policy. 

Types of personal information

Personal information is information about an identified individual, or an individual who is reasonably identifiable. This information does not need to be true or recorded in a material form in order to be defined as personal information.

Whether information is personal information is determined by giving due consideration to whether it is information about an identified individual or about an individual who is reasonably identifiable.  For example, sometimes you might provide us with information that has no connection to you as an individual or will not reveal or convey anything about you. This type of information is not personal information. 

Depending on which services you use, the types of information we collect and hold about you may include:

Basic Information Your name and date of birth is used to identify you. We use this information to identify you, as well as to protect against fraud and unlawful activity.
Contact Information This includes your email and telephone number. We use this information to contact you. This is also used to liaise with you, and to protect against fraud and unlawful activity.
Property information This is information relevant to your property interests, including your property address or properties you have shown an interest in. It is primarily used for us to provide and personalise the services, but may also be used to identify you or to create relevant content, advertising and marketing.
Credit Information This is information relevant to the credit that has been provided to you or that you have applied for. This includes information on:
  • credit for personal, domestic or household purposes and credit in connection with a business. 
  • information about you as a guarantor of a loan
  • information as an insured party under a credit related insurance policy. Information that identifies you, borrowed amounts, repayment and default information. 

It also includes credit eligibility information, which is credit reporting information produced by and supplied to us by credit reporting bodies (CRBs), and any information that we derive from it. 
Financial Information We require this information only in connection with credit-related decisions. e.g.  credit reports from CRBs, bank account information, information about your income and expenses, assets and liabilities, credit and loan repayment history, past and present credit types, employment information, the details of court proceedings, insolvency and if applicable, default information. 
Sensitive Information We will not collect, use or disclose sensitive information unless we have your express consent.
Sensitive information is information about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health information.
If we receive unsolicited personal information (including sensitive information), we will determine the appropriateness of collecting such information. If it is appropriate, we will handle the information as outlined in this policy. If it is not appropriate, and the information is not contained in a Commonwealth record, we will destroy or de-identify it as soon as practicable, but only if it is lawful and reasonable to do so.
Government Identifiers For example, document numbers on passports, driver licences, and Medicare cards. We will collect, use and disclose this when verifying your identity.
General information We will also collect general information that is not personal to you. This type of information generally relates to your behaviour on the site. 
It includes things like (but not limited to):
  • the type of browser you are using;
  • your operating system (e.g. Windows, Mac);
  • the date and time of your visit to our website;
  • the pages accessed and your top-level domain name (e.g. .com, .gov, .au); and
  •  how you came to our website.

This information helps us trouble-shoot problems, analyse our operations, and help us to improve resources and improve the services. We may also use it for statistical purposes.  You can contact us at any time to ask what types of other general information we have collected and how we’re using it.
We will only use this type of information to attempt to identify you in the unlikely event of an investigation by a law enforcement agency or other government agency.
Billing information This is only relevant to you if you are required to make payment for select services. For example, if you are a real estate agent, we may bill you from time to time in connection with our agent referral services. 
Employment Record and Tax File Information This is only relevant to you if you apply to either work with us or in connection with a credit product.

The type of personal information that we may collect and the purpose of our use, collection and disclosure will depend on the nature of your relationship with us. Further information is set out below under ‘How we use your information’.

Do I need to provide OpenAgent with my information?

You are not obligated to provide us with your information. You can use a pseudonym or not identify yourself where it is lawful and practicable to do so. However, our ability to provide a personalised and relevant service to you, as well as to determine eligibility is dependent on the accuracy of information given to us.  We may be limited in our ability to assist you (but we'll still try!). 

There are many aspects of our website that can be viewed without providing personal information. However, to receive the benefit of our products and services, you are required to submit personally identifiable information. This may include - but is not limited to - your name, email, phone, address.  

You may also need to provide us with personal information to log into an account. In limited circumstances, we may request information to confirm your identity and property ownership, or to determine your eligibility  for a particular product or service. 

If we have received personal information that is immaterial to the provision of the services, we will either delete or destroy it as soon as practicable (but only if it is lawful and reasonable to do so), or ensure that the information is de-identified. In certain circumstances we may be required or permitted by law, court or tribunal order to collect certain personal information about you.

By providing us with personal information, you represent to us that this is your own information or information which you have been authorised to provide.  Where you provide us with your personal information but wish to limit the use and disclosure of the personal information, you should expressly state those limitations to us in writing.

If you are providing us with personal information on behalf of someone else, you represent to us that you have been authorised to provide that information by that person. We will need to confirm that person’s consent to this privacy policy prior to providing some of our services.  You must not provide us with the personal information about another person unless you have first obtained that person’s prior consent to do so and you have told them their personal information will be handled in accordance with this privacy policy (including where they can find it). 

If you are a real estate agent or agency providing us with personal information as it relates to your customers, you must only provide such information in compliance with the Privacy Act. You must not provide us with personal information without the consent of the individual it relates to. 

How we collect personal information

We collect information from you whenever you interact with us or our website. This includes when you visit our website, register to use the services, request further information about us, communicate with us (including by phone or email), and interact with our third parties. This information may be collected automatically sometimes. For example, through tracking technologies (including cookies).  

More specifically, we collect information from:

You For example, when you provide information by phone, in webforms, application forms or other agreements, including in relation to webform submissions, applying for employment opportunities, online competitions or promotions.
Your authorised representatives For example, your legal adviser, mortgage broker, financial adviser, executor, administrator, guardian, trustee, or attorney. This is only permitted where you have authorised the disclosure and it is unreasonable or impractical for us to also collect that information directly from someone else.
Third parties For example, our commercial partners such as real estate agents, credit providers, service and survey providers or marketing providers.  These parties will only share your personal information with us where you have given consent or the proper disclosure requirements have been satisfied.
Our related body corporates For example, our subsidiaries propper Pty Ltd and Doorsteps Finance Pty Ltd may share your information with us from time to time. 
Credit Reporting Bodies For example, we receive credit reports from credit reporting bodies.
Payment providers  If you enter into a contract for our services where a fee is payable, we will need to collect and use your payment information, including your credit/debit card details in order to process payment. This type of personal information is usually processed and provided to us by and in accordance with the relevant payment provider’s terms.
Digital tracking tools For example,  Google Analytics and Google Signals. 
Social media This is information provided to us when you access our services through a social network platform such as Facebook.
Publicly available sources This is information about you which is publicly available. For example, information which is available on public registers.

If you choose not to provide certain personal information, we may not be able to provide you with the services at the service levels expected of us. From time to time, you may provide personal information about other individuals to us. 

We don't collect information for the sake of it. All the information we gather has a specific purpose. Those purposes are identified below under "How we use your information”. 

We believe in transparency so if you want further information on when we have collected your personal information and for what purpose, please don't hesitate to contact us. 

 Notifiable matters

At any time, you can request to have this policy or any notifiable matter provided to you in an alternative form, such as a hard copy.  

Under the Privacy Act and the Privacy (Credit Reporting) Code (CR Code), credit reporting bodies (CRBs) are allowed to handle credit information. We will collect and disclose your credit information with CRBs when you apply for any kind of credit or offer to act as guarantor. The information collected and disclosed includes your identification details, what type of loans you have, how much you have borrowed, whether or not you have met your loan payment obligations and if you have committed a serious credit infringement (such as fraud).

For example, if you make an application to receive credit services, we may disclose information to, or collect information about you from, a CRB to confirm your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor, and manage your finance/home loan. In doing so, we may obtain a credit report or provide other credit providers with credit-related information to assist the assessment of your credit worthiness.  CRBs may also provide your personal information to credit providers to assist those providers in assessing your credit worthiness (including in loan applications).   

If you don’t meet your payment obligations or commit a serious credit infringement, we may disclose this information to a CRB. An example of a serious credit infringement would be a failure to repay overdue debts and relocating without providing the relevant credit provider with the new or forwarding address. 

The CRB we will deal with is Equifax Australia. If we need to verify your identity and obtain a credit report in connection with some of our services, we will do so through them. For contact details and information on how that Equifax manages credit related personal information, please see below:

CRB Website Phone Privacy Policy
Equifax Australia 13 83 32

In addition, your credit-related information may be used by CRBs in order to preliminary screen the relevant credit offer(s) for the benefit of other credit providers i.e. direct marketing. You can contact the CRB at any time on the details listed above to request that your credit-related information not be used in this way by contacting them on the details above. You can also ask a CRB not to use or disclose your personal information for a period if you believe on reasonable grounds that you have been or are likely to be a victim of fraud. 

You have the right to request access to the credit information that we hold about you and make a request for us to correct that information, where appropriate. If we refuse your request to access or correct your credit information, we will also provide you with information on how you can complain about the refusal. If you are concerned about how your credit information is being handled or if you have a complaint about a breach by us of the credit reporting provisions of the Privacy Act or the CR Code, please contact us. More information on how to make complaints can be found at the end of this policy.

How we use your information

The main ways we use your personal information and, in some circumstances de-identified data, are set out as follows:

Provide and personalise the Service
  • to contact you;
  • to verify your identity;
  • to check your eligibility for the services
  • to assist you in gaining approval for, or provision of, a product or service. This includes gaining an understanding of your property interests and credit or financial needs.
  • to establish, administer and manage your account and/or profile, including verifications of profiles, monitoring and reporting as required under our terms or under any applicable laws;
  • to facilitate communications between you and us or selected business and commercial partners that you have requested contact with, including (without limitation) credit providers or their intermediaries;
Improve and develop the services
  • to understand, diagnose, troubleshoot, and fix issues with the services;
  • to evaluate and develop new content, features, technologies, and improvements to the services, including the development, administration and enhancement of algorithms, functionality and performance;
Creation of Content, Advertising and Marketing
  • to generate and provide stories, commentary, profiles and descriptions (including without limitation, the sharing of feedback or reviews, photos or other personal information) accessible through the services, associated websites and/or social media channels;
  • to create, host, publish, post, share, store or upload photos illustrations, text, video, still images, audio, interactive virtual tours and other material;
  • to generate and report aggregate statistics to advertisers and our service providers and third-parties; to create or distribute advertising and marketing material that is relevant to you, including material relevant to or on behalf of selected business and commercial partners;
  • to initiate and develop new business opportunities for us and/or selected business and commercial partners;
  • to nurture and verify your data profile by combining your personal information with information we have collected from other sources in order to generate and report analytics, insights and research (including without limitation, your propensity to buy or sell property) for us, and and for our selected business and commercial partners;
Business Operations
  • for quality assurance and training purposes;
  • to conduct business planning, reporting, and forecasting;
  • to administer and manage delivery of products and services, including matters relating to making payments;
  • to communicate with you in relation to the services, which includes notifying you of changes, surveys, and information about security updates;
Billing and accounts management
  • to process any payments and for invoicing generally; and
  • for disclosure to debt collection agencies to recover any amounts you owe to us.
Legal Obligations and Compliance
  • to satisfy legal obligations which may arise from agreements or contracts entered into, including (without limitation) the sharing of your personal data and credit contracts;
  •  to conduct appropriate checks for credit-worthiness and for fraud;
  • to complete and provide internal and external reports and manage reporting and compliance related matters; 
  • to comply with law enforcement requests including (without limitation), taking appropriate action with respect to reports of intellectual property infringement and inappropriate content;
  • to manage our risks, including by identifying and/or investigating illegal activity or unlicensed activity;
  • in the establishment, exercise or defence of legal claims, whether administrative, an in-court proceeding or in out-of-court procedure; and
  • any other uses identified at the time of collecting your personal information.

When do we disclose your personal information

In order to deliver the products or services you require, we may disclose your personal information to organisations outside of OpenAgent, including our related bodies corporate. Your personal information and de-identified data may be disclosed to any other business or organisation in order to facilitate the purpose for which the information was collected. Specific examples of who we might disclose information to include:

  • our related bodies corporate and our professional advisers;
  • anybody who has been validly authorised to represent you;
  • your employer, referees or identity verification services;
  • guarantors in connection with credit services;
  • credit reporting bodies;
  • fraud bureaus or other organisations to identify, investigate or prevent fraud or other misconduct;
  • credit providers, including Australian Banks, non-bank lenders and providers of credit, financial or insurance services;
  • selected business and commercial partners, including real estate agents who work with us to provide the services, or any entity that has an interest in our business;
  • mortgage brokers or providers of investment, financial or credit services
  • government and regulatory authorities and other organisations under which we are governed (such as ASIC and AUSTRAC) and other bodies as required or authorised by law (such as the ATO and in accordance with the Anti-Money or Laundering and Courter Terrorism Financing Act 2006 (Cth));
  • any regulator (such as ASIC) industry body, tribunal, court or otherwise in connection with any complaint, dispute or litigation regarding Doorsteps Mover. This includes the Australian Financial Complaints Authority ;
  • social media companies, including Facebook;
  • if you conduct any transaction that requires a payment by you (or us), some of your details may be provided to a third-party payment processor to allow the transaction to be completed;
  • Insurance providers, including lenders mortgage providers for the purpose of risk assessment and administering any claims; 
  • a service provider to allow data analytics to be performed, including Google Analytics;  and
  • organisations involved in our funding of loans and business activities (e.g. investors
  • and their advisers)
  • anyone else, subject to you having provided us with consent or where we are otherwise permitted to disclose the information under applicable law.

Remember, if you do provide us with your personal information and you wish to limit the use and disclosure of personal information, you should expressly state those limitations to us in writing.

OpenAgent takes reasonable steps to ensure that we have your consent to those disclosures, or have notified you of the disclosure before it takes place. Disclosure of your personal information will only occur when it is necessary to deliver the product, service or analysis or purpose relevant to the disclosure. Any organisations who have received your personal information will be subject to equivalent privacy obligations at law or by contract, in relation to the protection of your personal information. 

We may also share with or permit the use of de-identified data or content by others, including selected business and commercial partners, for the purposes of posting or contributing material about real estate properties, as well as performing data analytics which serve a commercial purpose. This extends to research for and execution of marketing initiatives around product offerings. If you do not wish for this to occur, you must state those limitations to us in writing via the following methods: 

By Post: PO Box 419, Alexandria NSW 1435
By Email:

From time to time, parties may reside outside Australia. For example, we may use teams or service providers who reside in the European Union, Indonesia, United States, New Zealand and the Philippines to assist us in providing our services to you. Our outsourcing contracts will include an obligation for compliance with Australian privacy law and this privacy policy. 

Disclosure to Equifax Australia

From time to time, we may also disclose information to Equifax Australia. If you are applying for a Doorsteps Solutions product, we will disclose your personal information to Equifax Australia in order to verify your identity and to obtain a credit report. We may also disclose information relevant to assessing your credit worthiness. Following the data matching exercises and analysis, we will receive information from Equifax Australia that includes or confirms personal information about you and other individuals.  If we cannot verify your identity using information held by Equifax Australia, we will contact you directly and provide instructions to contact the relevant CRB to update your information. Alternative means of verifying your identity can be made available on request.

Disclosure to our related body corporates

Doorsteps Solutions Pty Ltd provides loan services. On their behalf, we may perform tasks reasonably necessary in processing an application for credit or in managing credit provided by them. This privacy policy applies to our performance of those activities.

Doorsteps Finance Pty Ltd provides mortgage broking services and propperr Pty Ltd specialises in property management. OpenAgent does not act on behalf of either entity, but we may refer you to them, subject to your consent. 

Direct marketing

From time to time we may use the personal information we collect from you to identify products and services that we believe may be of interest to you. We may then contact you to let you know about these products and services and how they may benefit you. These products and services may be offered by us or a third party.  For example, you may receive direct marketing from real estate agents, business partners, subsidiaries and affiliates that might better serve your objectives, financial situation or real estate needs.  You can ask us not to do this at any time, and we will always give you a choice to opt out of receiving such information in future.

In some cases, we will use or disclose your personal information to such persons or entities for the purpose of participation or eligibility in competitions or promotions and other opportunities in which you may be interested. This includes ‘cross-selling’,  where we suggest a related or complementary product or service to you, and provide a referral or submission of personal information to a third party, subject to your interest and consent.

Direct marketing from us generally takes the form of an electronic marketing email. Electronic marketing occurs where we use your personal information to send you marketing information by email, SMS, MMS or other electronic means. From time to time, we may also  contact you by phone or direct mail for direct marketing.  We may do so with your express or implied consent. 

You may give us your express consent by, for example, ticking a box on an electronic or submitting a form where we seek your permission to send you electronic or other marketing information. Consent may also be implied from our existing business relationship or where you have a reasonable expectation of receiving an electronic marketing communication. We do not sell or allow your personal information to be used by third-parties for their own marketing purposes, unless you ask us to do this or give us your consent to do so.

Every marketing email sent or made by us will include a means by which you can unsubscribe (or opt out) of receiving further marketing information. Additionally, you may instruct us at any time to remove any previous consent you provided to receive communications from us. General requests should be directed to us via the channels provided below:

By Post: PO Box 419, Alexandria NSW 1435
By Email:


We will collect information using cookies when you use our website, including any mobile or tablet applications. These cookies will tell us about your visit to our website and help us to remember you, allowing us to create a customised experience for your next visit.  For example, marketing cookies help us to determine which of the services may be of interest and value to you and then tell you about them. We also use cookies for other purposes. For example, to better understand behaviours and habits, as well as diagnosing problems and making improvements to our products and services. We may also use cookie information to display targeted advertisements or content on our network and on this website and also on third party networks and websites, including Google and Facebook. 

OpenAgent uses Google Analytics and Google Signals.

Google Analytics uses cookies to analyse your use of our website. The information generated by the cookie is usually sent to and stored overseas by Google. The types of information generated by the cookie include your location, search history and data from sites that partner with Google. We use the information provided through Google Analytics to understand and evaluate your use of our website, compile reports about activity and provide other services relevant to optimising your use of the website.

We also use Google Signals. This allows us to assign and track the customer journey of an individual website visitor to different end devices. For example, we can see when a user clicks on an OpenAgent ad on one device and then registers for our services on another device. However, we can only see this if the user has logged in to a Google service when visiting a website and has activated the option “personalised advertising” in their Google account settings at the same time. If you do not want “Google Signals” to be used, you can disable the “Ads Personalisation” option in your Google Account preferences. No personal data or user profiles are accessible to us; this means you remain anonymous to us.

For more information, please see Google’s Privacy Policy which is available here.

De-identified Data

From time to time, we may collect, use and disclose de-identified data. De-identified data is data which has had all personally identifiable information removed or anonymised.  This means that you can no longer be identified, nor can any other individual in that data-set. When we no longer need your personal information for any of the purposes set out in this Privacy Policy, or as otherwise required by law, we will take reasonable steps to destroy it or to de-identify it.  We will use de-identified data for research and commercial purposes, such as creating reports and insights. 

For example, we will use and share historical and current de-identified user and transactional data to develop marketing initiatives and product offerings. Those understandings, whether developed internally or in connection with an external partner may also be provided to our selected business and commercial partners from time to time.  If you have any concerns or questions about our approach to, or use of, de-identified data, please let us know. 

Government Identifiers

We do not adopt a government related identifier of an individual as our own identifier unless required or authorised to do so by or under an Australian law, regulation or court/tribunal order. Before using or disclosing a government related identifier of an individual, we ensure that such use or disclosure is:

  • reasonably necessary for us to verify your identity for the purposes of the our activities or functions; 
  • reasonably necessary for us to fulfil its obligations to a government agency or a State or Territory authority; 
  • required or authorised by or under an Australian law, regulation or a court/tribunal order; 
  • within a permitted general situation (other than the situations referred to in Items 3, 4 or 5 of the table in subsection 16A(1)) of the Privacy Act exists in relation to the use or disclosure of the identifier; or
  • reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

Online Applications

From time to time, you may send an application to us via an online form. We may use that information to correspond with you directly and to determine the suitability of any products and services.  If you start but do not submit an online application, we may contact you using any of the contact details you have supplied to offer help completing it.

Our reliance on accurate, complete and up to date information

We take all reasonable precautions to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date. However, our ability to do so is influenced by the information you or others have provided to us. In accepting and consenting to this privacy policy, you accept that if you knowingly provide information that is not true, correct or complete, it may affect our ability to provide products and services, including your ability to secure finance and/or affect your credit rating and/or may result in action against you. You acknowledge that if you do not provide us with this consent or give us accurate information, your application cannot proceed.

Accessing Your Personal Information

To access the personal information we hold about you, please contact us. From time to time, we may need to consult with other entities before proceeding with your request. As such, we will respond to your request within 30 days, unless otherwise notified to you. We will give access in the manner you have requested  and at no-cost, if it is reasonable to do so. If any fees do apply, we will notify you in writing and shall await your payment before proceeding.

We may deny you access to your personal information in certain circumstances, for example, if required or authorised by or under an Australian law or a court/tribunal order, or it would be likely to prejudice enforcement related activities by an enforcement body. If we do not give you access, we will provide you with the reasons for the refusal (except where it would be unreasonable to do so) and information on how you can complain about the refusal, in writing.

By Post: PO Box 419, Alexandria NSW 1435
By Email:

Updating Your Personal Information

To update your personal information, please contact us on the details provided as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete or up-to-date and we will update your records accordingly.

If appropriate, we will correct the personal information at the time of the request. In some circumstances, we will need to conduct an investigation, after which we will notify you of the decision to update or change your personal information within 30 days of the initial request. This timeframe is a result of the need to consult with other entities from time to time as part of our investigation. If we refuse to correct personal information, we will provide you with our reasons for not correcting the information. If we refuse your request to correct your personal information, at your request, we will include a note to your personal information which states you disagree with its accuracy or completeness.

Automated Decision-Making

We may in some cases use automated decision-making. We will only do so if it is authorised by law, if you have provided an explicit consent, or if it is necessary for the performance of a contract. For example, we may use an automated credit approval process. You may request that we use a manual decision-making process instead. You can also express an opinion on or contest any decision which was based solely on automated processing or profiling. If we are using automated decision-making, we will let you know about the logic used,  our legal basis, and the significance and envisaged consequences.

Storage and Security 

We will store your personal information for as long as needed to provide you with the services and to operate our business. We store this information for at least seven years, and in different ways, including in paper and electronic form. At any time, you can request to access your personal information held on our website (subject to service outages) to keep it updated.  We will also delete specific personal information upon request, unless deleting that information prevents us from carrying out necessary business functions, such as billing, meeting our obligations at law and conducting required audits. If we are unable to delete your data, subject to satisfying our obligations at law, we will transform it so that it can no longer be used to identify you.

We have a variety of appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. It includes physical and electronic measures. Although we aim to create a safe, secure environment, we cannot guarantee that unauthorised parties will not gain access but will notify you regarding eligible data breaches if they are likely to or do impact you.

Third-Party Links & Websites

Our website may contain links to the websites of other entities. If you click on such links, you will be transferred to the website of these entities. Those third parties may collect information about you (including, without limitation, cookie and web beacon information, information about your preferences or other information you have provided about yourself), and we may also collect or have access to that information as part of our arrangements with those third parties. We have no control over, and are not responsible for, the privacy practices of these entities. 

You should read the privacy policy of those entities to find out how they handle your personal information when you visit their websites. We are also not responsible for the way these entities collect, use, disclose or handle personal information you provide to them through our website. 

From time to time, we may also advertise on third-party websites. In connection with this, our advertising service provider may use cookies and, in some cases, web beacons, to collect information such as the server your computer is logged onto, your browser type, the date and time of your visit, as well as information relevant to the performance of their marketing efforts. Other information that may be collected is how you utilise our website and the manner as well as content relevant to your engagement with our products and services.

Notifiable Data Breach Scheme

The Notifiable Data Breaches (NDB) scheme applies to eligible data breaches that occur on or after 22 February 2018. It mandates a reporting and notification process for OpenAgent. The Office of the Australian Information Commissioner (OAIC) administers the NDB Scheme.


1. there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that OpenAgent holds;
2. this is likely to result in serious harm to one or more individuals; and
3. we have not been able to prevent the likely risk or serious harm with remedial action,
- then we are required to notify the OAIC about the incident.
The NDB scheme ensures that as an organisation, we are accountable for your privacy protection. The notification process is important for building a relationship of trust and transparency. In addition, by keeping you notified, you’re better able to take steps to mitigate harm, such as changing passwords or being alert to phishing emails or scams. In the interim, OpenAgent would also be taking steps to remediate the breach and will keep you advised on our progress, including the security measures being undertaken.  

Please contact us on the details provided if you have any questions about this. 

By Post: PO Box 419, Alexandria NSW 1435
By Email:

General Data Protection Regulation - Data Subject Rights

Our collection, use, disclosure and processing of your personal information will also be regulated by the GDPR if we offer our services to you while you are in the EU, or if we monitor your behaviour while you are located or residing in the EU (Data Subject).

The GDPR provides Data Subjects with certain rights to

  • information about the processing of your personal data;
  • obtain access to the personal data held about you. Note: if there is a legal or practical reason that prevents us from providing you with access to your personal information, which is relevant to you, we will discuss the reason why we are unable to provide you access to your personal information.
  • ask for incorrect, inaccurate or incomplete personal data to be corrected;
  • request that personal data be erased when it’s no longer needed or if processing it is unlawful;
  • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
  • request the restriction of the processing of your personal data in specific cases;
  • receive your personal data in a machine-readable format and send it to another controller (e.g. data portability)
  • request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. 
  • express your point of view and to contest the decision of automated decisions.

These rights apply across the EU, regardless of where the data is processed and where we are established. These rights also apply when you buy goods and services from non-EU companies operating in the EU.

If you need further information on these rights, please contact us on the details provided. 

If you are a Data Subject and would like to exercise your rights, you can contact us on the details set out in this policy. We will respond to your requests without undue delay and at the latest within one (1) month. If we are unable to meet this timeframe, we will provide you in writing the reasons why. In order to exercise these rights, you may be asked to provide information to confirm your identity.

If you are a Data Subject, we are allowed to use your personal information in the following circumstances:

1. to fulfil a contract we have with you (which includes acting on instructions you give us before entering into a contract)
2. to comply with a European Union Member State law;
3. when you provide your consent; and/or
4. when it is in our legitimate interest (please see “How We Use Your Information” for more details). For example, when processing your personal information is necessary and we cannot achieve the same outcome in another way and we have undertaken a balancing exercise and our interests are not outweighed by your interests, rights and freedoms. 

If we intend to use your personal information for any other purpose, prior to doing so, we will provide you with information on the new purpose and update this policy. If you do not allow us to collect all of the relevant personal information which we consider necessary to fulfil a contract with you, to comply with law or on the basis of a legitimate interest - then, we may not be able to deliver all of our products or services to you.


Electronic Communications

By providing your email address to us, you consent to receiving notices and other documents from us by email to that registered email address. By giving this consent you also confirm that:

1. We may no longer send you paper copies of notices and other documents. You represent to us that you have the materials and facilities to print and save any notice or other documents sent to you by email’;
2. You are responsible for checking your email address’ inbox;
3. An email sent by us will be deemed to have been received once it enters your computer system; 
4. If you wish to withdraw your consent, you must notify us in writing.

Upon registration, you will also be subscribed to receive marketing communications from us via email. Such communications may include updates, opportunities, promotions, and reminders. They may also include marketing information about us and/or our selected business and commercial partners, including without limitation OpenAgent.  If you wish to unsubscribe from our marketing communications, you may do so by sending an email to or via the unsubscribe link provided.


Complaints and further enquiries

How you may lodge a complaint

You can lodge complaints or make further enquiries by contacting our Complaints Officer, by:

  • submitting a Complaints Form;
  • phoning 13 24 34
  • emailing
  • writing to us at PO Box 419, Alexandria NSW 1435

We encourage you to speak to us about your complaint directly. Please provide as much information as possible, with any supporting documentation if relevant. This will help us to resolve your complaint as quickly as possible.

You may also lodge a complaint by speaking to any representative of our business who will refer you to the Complaints Officer.

You should explain the details of your complaint as clearly as you can.  You may do this verbally or in writing.

In order to assist complainants who might need additional assistance to lodge a complaint, we:

(a) offer multiple methods for lodging complaints, including phone, email, or online;
(b) do not require complaints to be in writing;
(c) ensure that information provided to the public about our IDR process, including this policy, is available in a range of languages and formats (including large print and audiotape). If you require this information to be provided in a different language or format, please contact us;
(d) provide training to all staff (not just complaints management staff) to enable staff to be able to identify, support and assist complainants who need additional assistance, including cross-cultural training; and
(e) allow representatives to lodge complaints on behalf of complainants, including financial counsellors, legal representatives, family members and friends.

Dealing with complaints

Our process for dealing with complaints is as follows:

1. Acknowledgement:  We will acknowledge receipt of your complaint promptly – that is, within one business day of receiving it, or as soon as practicable.
2. Assessment and investigation:  We will review your complaint carefully and promptly, taking such steps and reviewing such documents as reasonably necessary. 
3. IDR response:  We will provide an ‘IDR response’, which is a written communication that sets out the final outcome of your complaint through our IDR process and your right to take your complaint to AFCA if you are not satisfied with the IDR response.  If we reject or partially reject your complaint, we will clearly set out the reasons for our decision.

Response timeframes

Generally, we will provide an IDR response to you no later than 30 calendar days after receiving the complaint. However, for some specific types of credit-related complaints, the following response timeframes apply:

Credit-related complaints involving default notices:  No later than 21 calendar days after receiving the complaint;
Credit-related complaints involving hardship notices or requests to postpone enforcement proceedings: No later than 21 calendar days after receiving the complaint.  Exceptions apply if we do not have sufficient information to make a decision, or if we reach an agreement with you.

We do not need to provide an IDR response to you if we close your complaint by the end of the fifth business day after receipt because we have  resolved the complaint to your satisfaction or given you an explanation and/or apology we can take no further action to reasonably address your complaint.

However, we must provide a written IDR response for complaints closed by the end of the fifth business day after receipt if the complainant requests a written response or the complaint is about hardship.



If you are unsatisfied with our response in relation to credit reports, you may complain to our external dispute resolution scheme, the Australian Financial Complaints Authority (AFCA). AFCA provides fair and independent financial services complaint resolution that is free to consumers. Our Membership Number is 86215.

Australian Financial Complaints Authority

Address:  Australian Financial Complaints Authority, GPO Box 3, Melbourne VIC 3001
Phone: 1800 931 678


Office of the Australian Information Commissioner

If you are unsatisfied with our response to your complaint, you may complain to the Office of the Australian Information Commissioner (OAIC). Before you may make a complaint to the OAIC, the OAIC requires any complaint must first be made to us, and allows 30 days for us to deal with your complaint.

Address:  Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001
Phone: 1300 363 992