Welcome to Doorsteps!
We take your privacy seriously, and that’s why we want you to know exactly how your information will be shared amongst our different businesses and when we need to share it with a third party.
OpenAgent Pty Ltd ABN 93 161 595 679 (OpenAgent) respects all customers, third parties, suppliers and visitors (you, your) privacy and is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles and the Privacy (Credit Reporting) Code 2014 (Credit Reporting Code).
What is Personal Information?
The Privacy Act defines personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not (personal information). The personal information we hold about you may include credit-related information.
Credit-related information includes both:
- Credit information which is personal information that may have a bearing on credit that has been provided to you or that you have applied for, including credit for personal, investment or business purposes. It includes your identity, repayment history, the type and amount of credit provided to you, default and payment information, personal insolvency, court proceedings and any other publicly available information that relates to your credit worthiness.
- Credit eligibility information which is information related primarily to your credit-related dealings with other credit providers and comprises of "credit reporting information" disclosed by a credit reporting body to us, and information we derive from that information.
Where you have made an application for consumer credit, we are required under the Credit Reporting Code to ensure that you are aware of certain matters, such as how we exchange your credit-related information with credit reporting bodies.
Please see ‘Types of Personal Information” below for the types of personal and credit-related information we may collect, hold and use.
If you apply for a credit product, we will also use and collect your credit-related information for the purpose of assessing your application for credit, and to manage the credit product. Doorsteps will also share your personal and credit-related information with credit reporting bodies. We will also collect your credit-related information from credit reporting bodies.
- Credit reporting bodies may include your personal information and credit-related information in reports that they provide to other credit providers to assist us and other providers in assessing your credit worthiness.
- Information accessible to us includes your repayment history information and financial hardship information.If you fail to meet your payment obligations in relation to consumer credit, or enter a financial hardship arrangement in relation to credit to which the National Consumer Credit Protection Act 2009 (Cth) applies, we are also required to disclose this to credit reporting bodies.
- If you commit a serious credit infringement, such as obtaining credit by fraud, we may also disclose this to a credit reporting body.
- We may also use your credit-related information to assist you during hardship, as well as to assess whether to grant or securitise your loans. Credit-related information will also be used to assess the risk of providing you with a product or service. To facilitate these uses, we may share your credit-related information with third parties including funders, credit providers and insurers, to assist them with administration of those arrangements.
- “Credit pre-screening” may occur unless you otherwise request credit reporting bodies not to to. This is where credit reporting bodies provide a service to credit providers like Doorsteps Solutions who wish to send direct marketing material about credit services to individuals, where you are pre-screened or direct marketing purposes.
- You can request the credit reporting body not to use or disclose credit reporting information about you if you reasonably believe that you have been, or are likely to be, a victim of fraud.
We use the following credit reporting bodies:
- Illion - www.illion.com.au
Please see their privacy policies and contact details available on their website.
Collection of Personal Information
We primarily collect personal information from you for the purposes of dealing with you and in assisting us to arrange for the products and services you request to be provided to you. We may also collect your personal information for the purposes of direct marketing and managing our relationship with you. This may also entail collecting credit-related information where you decide to apply for credit through Doorsteps.
Most of the time, we will collect your personal information directly from you. From time to time, we may also collect information about you from other people and organisations. This includes through credit representatives and financial advisers, when engaging directly with you, from our website as well as from competitions and promotions to which you choose to respond.
We collect personal information;
- when you enquire about, apply for, or use our products or services. This includes OpenAgent’s vendor research services or services provided by a Doorsteps entity.
- when you contact us to make an enquiry or give us feedback;
- when you visit our Sites, register with or use our digital services;
- when you participate in other activities we offer, such as competitions or surveys;
- when you engage with us or do business with us, by phone or email;
- from digital tracking tools such as Google Analytics and Google Signals, and sometimes automatically through tracking technologies (including cookies);
- via payment providers. For example, if you enter into a contract for our services where a fee is payable, we will need to collect and use your payment information, including your credit/debit card details in order to process payment. This type of personal information is usually processed and provided to us by and in accordance with the relevant payment provider’s terms; or
- from other sources, such as public databases, acquired contact lists, real estate agents, professional and other credit bodies if you apply for credit (for example under reciprocal arrangements), your employer, regulators and government and statutory bodies.
Types of Personal Information
The types of personal information we collect and hold may include:
We also hold all records of your communications and other interactions with us. This may include monitoring and recording our calls with you but we will let you know if we are doing this.
If you would like to understand what information in particular we hold on you, please contact us on email@example.com.
The provision of your personal information is voluntary. However, if you cannot, or will not, provide us with the personal or credit-related information we reasonably require, we may not be able to verify your identify, assess your application for a product or service, manage our relationship with you, contact you or otherwise interact with you, perform our statutory functions, or provide you with some or all of our products and other services.
How We Use Your Personal Information
We use your personal information to assist us as follows:
We may share your information with third parties for the reasons mentioned above (see “How We Use Your Personal Information”), or where the law otherwise allows or requires us to. The types of third parties are listed below (under “Disclosing Personal Information”).
Disclosing Personal Information
We will disclose your personal information to those third parties only where such disclosure is for the purposes required. We will disclose your personal information when we are required by law to do so. Your personal information may also be disclosed to some of our service providers who are located overseas, including but not limited to the USA, Indonesia and the Philippines. These service providers help us deliver or support the provision of our products and services to you. In carrying out tasks on our behalf, service providers may have access to credit-related information. If we share information overseas, we make sure there are appropriate privacy, data handling and security arrangements in place to protect your information. We may use cloud storage to store your personal information that we hold. You can contact us for further information on the disclosure of your personal information at any time.
Opting out of Marketing
From time to time, we may also use your personal information to tell you about products and services we think may be of interest and value to you. This may include new or current information about products and services, loans, special offers, changes to Doorsteps or any business with which we are associated. We do not sell your personal information for direct marketing.
We will contact you via various means, including but not limited to, email, text or push notification and depending on your account or operating system settings. You have the right to opt out of receiving direct marketing at any time. If at any time you wish to stop receiving direct marketing messages from us you can let us know by contacting us. In your request, please indicate that you wish to stop receiving marketing communications from us.
Correcting Your Information
Individuals may request access to their personal and credit-related information unless we are permitted by law to withhold that information. Individuals may also request the correction of any personal information which is inaccurate by contacting our Privacy Officer at firstname.lastname@example.org. To the extent permitted by law, there are some exceptions where this access may be denied. If we deny you access to the personal or credit-related information we hold about you, or if we refuse to correct your personal or credit-related information, an explanation will be provided to you. To request access and seek the correction of personal information held by us, please email, call or write to us. We will endeavour to respond to any access or correction request within 7 working days of receipt.
If you would like any further information about our handling of personal information, or to make a complaint about our handling of your personal information, or you believe there has been a breach by us of the Privacy Act or the credit reporting provisions of the Credit Reporting Code, please lodge a complaint addressed to our Privacy Officer at email@example.com. Once we receive your complaint, we will respond to you within 7 working days. We will provide you with a decision on your complaint within 30 days.
If you are unsatisfied with the outcome of your complaint, you may wish to take your complaint to the Australian Financial Complaints Authority, which can be contacted by phone on 1800 931 678, by email at firstname.lastname@example.org, or in writing to GPO Box 3, Melbourne VIC 3001. Please email email@example.com if you need to obtain our AFCA membership details or if you need further assistance in this regard.
You can also contact the Office of the Australian Information Commissioner (OAIC). The OIAC can be contacted by phone: 1300 363 992. Website: www.oaic.gov.au
Notifiable Data Breach Scheme
The Notifiable Data Breaches (NDB) scheme applies to eligible data breaches that occur on or after 22 February 2018. It mandates a reporting and notification process for Doorsteps. The OAIC administers the NDB scheme.
If there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that Doorsteps holds;
- this is likely to result in serious harm to one or more individuals; and
- we have not been able to prevent the likely risk or serious harm with remedial action,
then we are required to notify the OAIC about the incident.
The NDB scheme ensures that as an organisation, we are accountable for your privacy protection. The notification process is important for building a relationship of trust and transparency. In addition, by keeping you notified, you’re better able to take steps to mitigate harm, such as changing passwords or being alert to phishing emails or scams. In the interim, Doorsteps would also be taking steps to remediate the breach and will keep you advised on our progress, including the security measures being undertaken.
Please contact us on the details provided if you have any questions about this.
By Post: PO Box 419, Alexandria NSW 1435
By Email: firstname.lastname@example.org
Doorsteps uses Google Analytics and Google Signals.
We also use Google Signals. This allows us to assign and track the customer journey of an individual website visitor to different end devices. For example, we can see when a user clicks on an Doorsteps advertisement on one device and then registers for our services on another device. However, we can only see this if the user has logged in to a Google service when visiting a website and has activated the option “personalised advertising” in their Google account settings at the same time. If you do not want “Google Signals” to be used, you can disable the “Ads Personalisation” option in your Google Account preferences. No personal data or user profiles are accessible to us; this means you remain anonymous to us.
For example, we will use and share historical and current de-identified user and transactional data to develop marketing initiatives and product offerings. Those understandings, whether developed internally or in connection with an external partner may also be provided to our selected business and commercial partners from time to time. If you have any concerns or questions about our approach to, or use of, de-identified data, please let us know.
How We Store Personal Information
Doorsteps takes all reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification or exposure. We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold about you.
We may use cloud storage to store your personal information, as well as store personal information in both electronic and paper form. We also require all Doorsteps staff to maintain the confidentiality of customer information. Access to personal information is restricted to employees with roles and responsibilities which require access to the information. If we no longer need to hold your personal information, it is securely destroyed or de-identified.
This refers to the use and disclosure of government related identifiers. For example, your tax file number and country of tax residency, medicare card, Australian passport, driver licence or pension card details , citizenship and birth certificate, death and marriage certificates etc.
We do not adopt a government related identifier of an individual as our own identifier unless required or authorised to do so by or under an Australian law, regulation or court/tribunal order. Before using or disclosing a government related identifier of an individual, we ensure that such use or disclosure is:
- reasonably necessary for us to verify your identity for the purposes of the our activities or functions;
- reasonably necessary for us to fulfil its obligations to a government agency or a State or Territory authority;
- required or authorised by or under an Australian law, regulation or a court/tribunal order;
- within a permitted general situation (other than the situations referred to in Items 3, 4 or 5 of the table in subsection 16A(1)) of the Privacy Act exists in relation to the use or disclosure of the identifier; or
- reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Third Party Links
From time to time, you may send an application to us via an online form. We may use that information to correspond with you directly and to determine the suitability of any products and services. If you start but do not submit an online application, we may contact you using any of the contact details you have supplied to offer help completing it.
We may in some cases use automated decision-making. We will only do so if it is authorised by law, if you have provided an explicit consent, or if it is necessary for the performance of a contract. For example, we may use an automated credit approval process. You may request that we use a manual decision-making process instead. You can also express an opinion on or contest any decision which was based solely on automated processing or profiling. If we are using automated decision-making, we will let you know about the logic used, our legal basis, and the significance and envisaged consequences.