Skip to content
Login

Privacy Policy and Credit Reporting Policy

In this Privacy Policy, ‘us’, ‘we’ or ‘our’ means Brighte Capital Pty Limited (ABN 74 609 165 906) and Brighte Energy Pty Ltd (ACN 646 449 247). We are committed to respecting your privacy. This Privacy Policy sets out how we collect, use, store and disclose your personal information (including for consumer or commercial credit). We are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (‘Privacy Act’).

By providing personal information to us, you consent to our collection, use, storage, and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between you and us. We may change our Privacy Policy and we will publish these changes on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

Personal information includes information or an opinion about an individual that could reasonably identify that individual. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit card information.

We may collect, use, disclose, hold, or manage personal information or do any things set out in this Privacy Policy on our own behalf or as an agent of a third-party entity (which is where we are acting on behalf of that third party entity, whether disclosed or not). The information given in this document is given by both us and, where we act as an agent, the relevant third-party entity (whether disclosed or not). The identity of the third-party entity is available on request.

What personal information do we collect?

We may collect the following types of personal information:

  • name;
  • mailing or street address;
  • email address;
  • telephone number and other contact details;
  • age or date of birth;
  • credit card information;
  • identification information, such as your driver’s licence or passport number;
  • if you access any software or websites we make available to you, details about your use of such platforms, which may include username and password details, your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, your search queries or browsing behaviour (including through the use of cookies, tracking pixels, and other analytics tools), internet protocol (IP) address and standard web log information;
  • details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries. We may also record and monitor phone calls between you and Brighte;
  • any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
  • information you provide to us when you participate in any interactive features, including through customer surveys, feedback forms, contests, promotions, activities or events;
  • current and historical energy usage, load and consumption data, meter type and model and other statistics on your use of energy products and associated metering software, including products and software which are financed by us, where we have obtained your consent;
  • your preferences in receiving marketing from us and our third parties and your communication preferences;
  • where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience, or whether you hold required authorisations or licences (if applicable); or
  • any other personal information that may be required to facilitate your dealings with us.

Sensitive information

Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.

We may collect sensitive information from you where it is reasonably required for our business functions or activities. We will only collect sensitive information with your consent. The types of sensitive information we may collect include:

  • information about your race or ethnicity;
  • information about your political opinions, religious beliefs or affiliations;
  • health information, including your medical condition (for example, where you make a hardship request and disclose information relating to your health as part of making that hardship request);
  • criminal history (including where you apply for a role with us);
  • biometric data such as images, photographs or videos; and
  • other sensitive information as may be required for specific purposes with your consent.

For unsolicited sensitive information which we receive, we will destroy or delete the sensitive information if it is reasonable for us to do so. If we are unable to destroy or delete this sensitive information, we will retain the sensitive information in accordance with this Privacy Policy.

How do we collect personal information?

We may collect personal information either directly from you, or from third parties. We may collect this information when you:

  • register on our website or app;
  • communicate with us through correspondence, phone calls, chats, email, or when you share information with us from other applications, services or websites; or
  • interact with our websites, services, content and advertising.
Personal information provided by third parties

Where we receive information about you from third parties: There may be occasions when information is collected from third parties, such as a partner or spouse who contacts us on your behalf, from our accredited vendors, from our contractors who supply services to us, through our business partners, from credit reporting bodies or from a publicly maintained record. If we receive personal information about you from a third party, we will protect it as set out in this Privacy and Credit Information Policy.

Where you provide us with information about third parties: If you provide personal information to us about someone else, you represent and warrant that you have such person’s consent to provide the personal information to us and are entitled to disclose that information to us and grant us the ability to handle that information in accordance with this Privacy Policy. You should take reasonable steps to ensure the individual concerned is aware of this Privacy Policy and consents to us dealing with their personal information in accordance with this Privacy Policy.

Information from credit checks: We also collect information obtained as a result of credit checks that you authorise us to carry out, as detailed further in our Credit Reporting Policy.

Your choice: If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy and Credit Information Policy. You do not have to (and may choose not to) provide personal information to us, however if you do not provide personal information requested by us, we may not be able to provide you with our services.

Why do we collect and how do we use your personal information?

Personal information: We use your personal information for the purpose for which it has been provided, for reasonably related secondary purposes, any other purpose you have consented to and any other purpose permitted under the Privacy Act. This may include using your personal information for the following purposes:

  • to enable you to access and use our financial products and services and related products and services;
  • to improve our products and develop new products;
  • to determine your eligibility for other products and services provided by us, based on your usage of existing products and services;
  • for identity verification purposes, which may involve the use of third-party systems, and matching information with official record holders;
  • to operate, protect, improve and optimise our website, app, business and our users’ experience and our products and services, such as to perform analytics, conduct research and for advertising and marketing;
  • to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
  • to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
  • to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
  • for quality assurance and internal training purposes;
  • to operate, protect, improve and optimise our website, app, business and our users’ experience and our products and services (including by using automated tools and AI-enabled services to help us perform analytics, conduct research, review and analyse customer feedback and complaints, and support quality assurance) and
  • to comply with our legal obligations, resolve any disputes that we may have with you, and enforce our agreements with third parties.

Sensitive information: We only collect, hold, use and disclose sensitive information for the following purposes:

  • any purposes you consent to;
  • the primary purpose for which it is collected;
  • secondary purposes that are directly related to the primary purpose for which it was collected, including disclosure to the below listed third parties as reasonably necessary to work with you as a customer or supplier of our business;
  • to contact emergency services, or to speak with your family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or another person and it is impracticable for us to obtain your consent; and
  • if otherwise required or authorised by law.

How long do we store your information for?

Generally, we are required to retain your information for a period of up to 7 years to comply with our legal obligations.

Your personal information may be kept after your account with us is closed in order to carry out certain activities, such as:

  • collecting outstanding balances owed;
  • conducting investigations or resolving complaints;
  • account maintenance;
  • preventing or detecting fraud or unauthorised activity;
  • complying with our legal obligations; or
  • where otherwise permitted by law.

Do we use your personal information for direct marketing?

We and/or our carefully selected business partners may send you direct marketing about financial products and services, in accordance with the Spam Act 2003 (Cth) and the Privacy Act. This may take the form of emails, SMS, mail, telephone or other forms of communication.

By providing us with your personal information, you consent to us and our business partners using your information to contact you from time to time for this purpose.

Restrictions apply under the Privacy Act in relation to the circumstances and purposes for which credit eligibility information may be used for direct marketing and we comply with these restrictions.

You may object to processing for direct marketing/unsubscribe from our email database or opt-out of receiving direct marketing or other communications from us by contacting us using the details set out below or by using the opt-out facilities provided in the communication (e.g., an unsubscribe link).

To whom do we disclose your personal information?

Personal information: We may disclose personal information for the purposes described in this Privacy Policy to:

  • our employees and related bodies corporate (meaning an affiliated or connected company);
  • your agents who act on your behalf;
  • referrers and other intermediaries;
  • credit and debt agencies;
  • third parties for securitisation purposes;
  • third party organisations that carry out functions on our behalf;
  • third party suppliers and service providers (including providers of cloud, analytics and AI-enabled tools used to support the operation of our websites and/or our business, and in connection with providing our products and services to you) under contracts that include adequate privacy, security and confidentiality controls;
  • professional advisers, dealers and agents;
  • payment systems operators (e.g. merchants receiving card payments);
  • our existing or potential agents, business partners or partners;
  • our sponsors or promoters of any competition that we conduct via our services;
  • anyone to whom our assets or businesses (or any part of them) are transferred;
  • specific third parties authorised by you to receive information held by us; and/or
  • other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

By providing us with your personal information, you consent to us disclosing your information to such entities without obtaining your consent on each occasion.

Sensitive information: We will only disclose sensitive information with your consent or where permitted by law. This means that we may disclose sensitive information to:

  • our employees, contractors and/or related entities;
  • IT service providers, data storage, web-hosting and server providers;
  • professional advisors;
  • if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal information may be disclosed to our advisers and any prospective purchaser's advisers and may be among the assets transferred;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
  • third parties to collect and process data, such as analytics providers and cookies; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

Disclosure of personal information outside Australia

We may disclose personal information outside of Australia to credit check companies and cloud service providers (including providers of cloud-based analytics and AI-enabled services) located in the US, UK, Philippines, Singapore, Spain, Costa Rica, Finland, Mongolia, Israel, Bulgaria, Canada, India, Japan, Mexico and New Zealand.

When you provide your personal information to us, you consent to the disclosure of your information outside of Australia and we will take reasonable steps to ensure that overseas recipients handle that personal information in compliance with Australian privacy law. We take the responsibility of due diligence seriously when it comes to third parties with whom we share your information.

Using our website and cookies

We may collect personal information about you when you use and access our website.

While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

We may also use ‘cookies’, ‘tracking pixels’ or other similar tracking technologies on our website and in our emails that help us track your website usage and remember your preferences from time to time.

Cookies are small text files that are placed in your computer's browser to store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. Tracking pixels are tiny, invisible images (typically the size of one pixel) embedded in web pages or emails.

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it may be considered personal information under the Privacy Act.

Cookies and tracking pixels, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie or collected by tracking pixels. Unlike cookies, tracking pixels do not store any information on your device, but instead send information to our servers when the pixel is loaded.

You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.

You can block tracking pixels by using ad-blocking or privacy-focused browser extensions. Some email providers allow you to block images by default, which can prevent tracking pixels in emails from loading.

However, if you use your browser settings to block all cookies (including essential cookies) and tracking pixels you may not be able to access all or parts of our website and you may not receive personalised content.

We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

Use of Artificial Intelligence (AI)

Overview: We may use artificial intelligence and machine learning technologies, including automated tools and AI-enabled services provided by third parties (AI Technologies) in our business operations and the provision of our services. We will only use AI Technologies when legally permitted and necessary for our business operations.

How we use AI Technologies: We may use AI Technologies for the following purposes:

  • to operate, protect, improve and optimise our website, app, business and our users' experience;
  • to conduct analysis and processing;
  • to perform analytics and conduct research;
  • to review and analyse customer feedback and complaints;
  • to generate and modify content and coding;
  • to automate certain processes and communications, such as routine tasks;
  • to personalise your experience with our services;
  • for quality assurance purposes; and
  • to assist with customer support and queries.

How we handle personal information in AI Technologies: We treat any personal information entered into AI tools (and any output generated or inferred by AI Technologies that identifies a person) as personal information and handle it in accordance with this Privacy and Credit Information Policy and the Australian Privacy Principles (regardless of whether AI Technologies are used in processing). We acknowledge that real-world workflows (such as free-text complaints, call notes, customer emails and transcripts) may unintentionally contain personal information.When using AI Technologies with your personal information, we:

  • minimise the personal information we input into AI tools and use de-identification where feasible;
  • restrict access to authorised personnel only;
  • inform you when AI Technologies are being used to make decisions that may significantly affect you;
  • maintain human oversight and review of significant AI-generated decisions and do not rely solely on automated tools to make decisions that produce legal or similarly significant effects without human review;
  • implement processes to verify the accuracy of AI-generated outputs; and
  • train our staff to understand the limitations of AI systems and verify outputs before they are relied upon.

Security, use of third-party services and training AI: We implement appropriate technical and organisational measures to ensure that our use of AI Technologies maintains the security and integrity of your personal information, including regular testing and monitoring of AI outputs for accuracy and reliability. We regularly assess and document the risks associated with our use of AI Technologies in processing personal information and implement appropriate mitigation measures, including ongoing monitoring and regular reviews of their performance and impact.

Where we use service providers who provide AI Technologies to us, we take reasonable steps to ensure that such service providers handle your personal information according to privacy law, including by having contracts in place requiring the service provider to protect personal information and use it only for supporting our operations. Where AI tool providers are located overseas, your personal information may be processed outside Australia in accordance with the overseas disclosure provisions set out in this Privacy and Credit Information Policy.

We will not input your personal information into any platform provided by an AI Technology service provider which then trains its model based on that information.

Security

We may hold your personal information in either electronic or hard copy form and your personal information may be stored by our third- party service providers. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. We do this by using a number of physical, administrative, personnel and technical measures to protect your personal information. The measures we use to protect your personal information include:

  • using appropriate information technology and processes;
  • restricting access to your personal information to our employees and third party service providers who need your personal information to do what we have engaged them to do;
  • protecting paper documents from unauthorised access or use through security systems we deploy over our physical premises;
  • using computer and network security systems with appropriate firewalls, encryption
  • technology and passwords for the protection of electronic files;
  • securely destroying or “de-identifying” personal information if we no longer require it; and
  • keeping some information for certain prescribed periods only for the purpose of complying with our legal obligations.

However, despite these precautions, it’s important to note that we cannot always guarantee the security of your personal information. Security breaches or unforeseen events may still pose risks to data integrity.

Links

Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage you to read them before using those websites.

Accessing or correcting your personal information

You can access the personal information we hold about you by contacting us using the information below. An administrative fee may be payable for the provision of such information. We will usually provide the information requested within 30 days of receiving your request. Please note, in some situations, we may be legally permitted to withhold access to your personal information. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusaltell you why. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access. We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us and we will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. We will generally rely on you to inform us if the information we hold about you is inaccurate or incomplete.

Making a complaint

If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

Amendments

We may, at any time and at our discretion, vary this Privacy and Credit Information Policy by publishing the amended Privacy and Credit Information Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy and Credit Information Policy.

Contact Us

For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

The Privacy Officer
Phone: 1300 274 448
Email: privacy@brighte.com.au
Mail: Level 15, 1 Margaret St, Sydney NSW 2000

If you require further information about Privacy laws generally, please contact:

The Privacy Commissioner
Office of the Federal Privacy Commissioner
Mail: GPO Box 5218, Sydney NSW 1042
Phone: 1300 363 992
Fax: (02) 9284 9666
Internet: www.oaic.gov.au

This Privacy Policy was last updated on February 2026 and is subject to change.

See the separate Brighte Statement of Notifiable Matters

Credit Reporting Policy

This Credit Reporting Policy (and the Brighte Statement of Notifiable Matters) applies to Brighte Capital Pty Limited (ABN 74 609 165 906) (referred to in this policy as ‘Brighte’, ‘us’ ‘we’ or ‘our’).

At Brighte, we take our obligations to protect personal information about individuals, including credit information and credit eligibility information, seriously. We are bound by Part IIIA of the Privacy Act 1988 (Cth) (‘Privacy Act’) and the Privacy (Credit Reporting) Code 2014 (Cth) (‘CR Code’), which govern credit reporting in Australia.

About this Credit Reporting Policy

The purpose of this Credit Reporting Policy is to tell you how we manage:

  • Credit information – this information relates primarily to your credit-related dealings with us, and we can disclose this information to credit reporting bodies. We describe the credit information we collect further below;
  • Credit eligibility information – this information relates primarily to your credit-related dealings with other credit providers. Credit eligibility information comprises ‘credit reporting information’ provided by credit reporting bodies; and credit worthiness information that we derive using “credit information”, including a credit assessment score.

The Privacy Act contains a variety of detailed definitions describing these types of information. We have only included some general explanations above. If you would like to refer to the full provisions in the Privacy Act or the CR Code they are available on the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.

This Policy explains:

  • the kinds of credit information and credit eligibility information that we collect and hold;
  • how we collect and hold credit information and credit eligibility information;
  • the purposes for which we collect, hold, use and disclose credit information and credit eligibility information;
  • how you may request access to your credit information and credit eligibility information held by us or request correction of that information;
  • how to make a complaint if you consider that we have not complied with the Privacy Act or with the CR Code, and how we will deal with such complaints; and
  • the circumstances in which we may disclose credit information and credit eligibility information to overseas recipients and the countries where such recipients may be located.

This Policy applies to any individual for whom we hold credit information or credit eligibility information no matter how they interact with us (e.g., on-line, in person or over the phone). The latest version of this Policy will be published on our website.

1. What kinds of credit information do we collect and hold?

When you apply for credit with us, throughout our relationship, and for as long as we are required under the law, we may collect and hold your credit information. Examples of credit information include:

  • Identification information, such as your name, address, date of birth or employer.
  • Consumer credit liability information. This is information about consumer credit accounts you hold, or have held, with us, such as the type of account, the date the account was opened and closed, the maximum amount of credit approved for that account and the specific terms and conditions relating to the repayment of credit under that account.
  • A note that we have made an information request about you with a credit reporting body. An information request is when we ask a credit reporting body to provide us with credit reporting information about you.
  • The type of credit and the amount of credit sought in an application for credit made by you in connection with which we made an information request.
  • Default information about you. This is information about a payment owed by you as a borrower or guarantor in connection with consumer credit that remains overdue for more than 60 days and which we can disclose to a credit reporting body if certain requirements under the Privacy Act are met.
  • Payment information about you. Payment information is a statement that an overdue payment in relation to which default information was provided to a credit reporting body has been paid.
  • Court proceedings information about you. This is information about a judgment of an Australian court that is made against you that relates to credit that was provided to, or applied for, by you.
  • Personal insolvency information about you. This is information recorded in the National Personal Insolvency Index and relating to your bankruptcy, a debt agreement proposal given by you, a debt agreement made by you, a personal insolvency agreement executed by you, a direction given, or an order made, under the Bankruptcy Act that relates to your property or an authority signed under the Bankruptcy Act that relates to your property.
  • Publicly available information about you:
    • that relates to your activities in Australia or the external territories and your credit worthiness; and
    • that is not court proceedings information about you or information about you that is entered or recorded in the National Personal Insolvency Index.
  • An opinion we have on reasonable grounds that you have committed a serious credit infringement in relation to consumer credit that was provided to you. A serious credit infringement includes, in summary:
    • that you were fraudulently obtaining (or attempting to obtain) consumer credit; or
    • that you are fraudulently evading (or attempting to evade) your consumer credit obligations; or
    • that you are no longer intending to comply with your consumer credit obligations as we have not been able to contact you for 6 months in accordance with the Privacy Act.

2. How do we collect credit information?

We collect credit information in a variety of ways, such as obtaining the relevant information directly from you or by persons acting on your behalf (including on application forms or other forms or in our ongoing dealings with you in connection with credit). Some credit information will also be derived by us from your transactions in connection with credit, such as when you make payments to us.

3. Exchanges of information about you with credit reporting bodies

We may obtain credit reporting information about you from credit reporting bodies. Credit reporting information includes:

  • credit information of the kinds listed under ‘What kinds of credit information do we collect and hold?’ but relating primarily to your dealings with other credit providers (such as about credit applications you have made or credit that you hold with other credit providers). This information will typically have been provided by other credit providers or other third parties; and
  • credit worthiness information about you that credit reporting bodies derive from the information above, such as credit scores, risk ratings and other evaluations about you.

We may also disclose your credit information relating to your dealings with us to credit reporting bodies. Those credit reporting bodies may include that information in reports that they provide to other credit providers to assist them to assess your credit worthiness.

For example, we will provide information that identifies you and about your application for credit when obtaining credit reporting information for the purposes of assessing that application. Further, if you fail to meet your payment obligations in relation to consumer credit, or commit a serious credit infringement, we may be entitled to disclose this to a credit reporting body.

Brighte may disclose your credit information to one or more credit reporting bodies which are Equifax (www.equifax.com.au), Illion (www.illion.com.au) and Experian Australia (www.experian.com.au). The Privacy Policy of each of these credit reporting bodies explains how it will manage your personal information. These policies can be found on their websites.

Credit reporting bodies are required to have a policy which explains how they will manage your credit-related personal information. If you would like to read the policy please visit their website, or you can contact them directly for further information.

You have the right to request these credit reporting bodies to exclude your credit reporting information from any permissible direct marketing activities Brighte may request them to perform.

You also have the right to request credit reporting bodies not to use or disclose your credit reporting information if you believe that you have been, or are likely to be, the victim of fraud (for example, you suspect someone is using your identity details to apply for credit). You must contact the credit reporting bodies directly should this be the case.

4. What kinds of credit worthiness information do we derive from credit reporting information?

We utilise credit reporting information obtained from credit reporting bodies to derive other information that assists us in assessing your credit worthiness, for example, credit risk ratings and credit scores.

5. How do we hold and protect credit information and credit eligibility information?

We understand the importance of protecting the personal information, including credit information and credit eligibility information, we hold. We take reasonable steps to ensure that this information is free from misuse, interference, loss, unauthorised access or modification. Examples of these steps include:

  • securing information both in physical and electronic form;
  • having internal procedures and measures limiting access to personal information only to those that need access for their legitimate activities; and
  • protecting our systems by appropriate technology solutions.

6. For what purposes do we collect, hold, use and disclose credit information and credit eligibility information?

Brighte collects, holds, uses and discloses credit information and credit eligibility information, as well as information derived from credit information and credit eligibility information, about you for purposes reasonably necessary for our business activities and consistently with the requirements in the Privacy Act as permitted by law. These purposes include:

  • to assess applications for credit (including assessing any proposed guarantors);
  • for the ongoing servicing and administration of our accounts and products;
  • to assist with the management, including recovery, of outstanding debts;
  • to assist you if we consider that you may be at risk of default;
  • internal management purposes;
  • for data analysis;
  • to participate in the credit reporting system and provide information to credit reporting bodies as permitted by the Privacy Act;
  • to undertake securitisation activities and debt assignments;
  • to deal with complaints and legal proceedings;
  • to meet our legal and regulatory requirements (such as reporting matters to regulators or enforcement bodies when authorised or required by law); and
  • to assist other credit providers with such purposes in circumstances permitted by the Privacy Act (such as disclosing information to another credit provider with your consent or where you have committed a serious credit infringement).

Restrictions apply under the Privacy Act in relation to the circumstances and purposes for which such information may be used or disclosed and we comply with these restrictions. For example, credit eligibility information may not be disclosed to some types of overseas entities and restrictions apply on the use of credit eligibility information for direct marketing.

7. Will we be disclosing your credit information or credit eligibility information to overseas organisations?

As is the case throughout the Australian financial services industry (and other major industries), technology allows for services to be provided by different service providers including some that are located overseas.

We utilise overseas service providers for some of our activities and to do so we may need to disclose credit information or credit eligibility information to those service providers. We may also disclose such information to other overseas recipients for the purposes listed above when permitted to do so by the Privacy Act.

Whilst it is not practicable to list every country in which such recipients are likely to be located, it is likely that the countries to which your credit information or credit eligibility information may be disclosed include India, Spain, Costa Rica, Finland, Mongolia, Israel, Bulgaria, Canada, Japan, Mexico, New Zealand, Philippines, Singapore, United Kingdom, and the United States of America.

8. How can you access credit eligibility information we hold about you?

You may access the credit eligibility information which we hold about you by contacting us on the relevant contact number provided at the end of this Policy. We will need to verify your identity before giving you access. We will usually provide the information requested within 30 days of receiving your request. If there is a reason we are unable to agree to a request for access to your credit eligibility information we will advise you of this in writing. There is no charge to make a request for access but we may apply an administration fee for providing access in accordance with your request.

9. How can you seek correction of the credit information or credit eligibility information about you which we hold?

We aim to hold accurate and up-to-date credit information and credit eligibility information about you at all times. If you consider that any such information we hold about you is incorrect in any way, you may seek the correction of that information. To seek such a correction please call the relevant contact number provided at the end of this Policy to discuss your query. In certain situations, we may not agree to a request to correct information we hold about you. If this occurs, we will advise you of this and our reason for not agreeing to the correction request in writing.

10. How can you make a complaint about our compliance with our credit reporting obligations and how will we deal with such a complaint?

If you believe that we have failed to comply with the credit reporting requirements in Part IIIA of the Privacy Act or the CR Code, please contact us and we will then follow our standard Internal Dispute Resolution process. The ‘Contact Us’ section of our website contains details of the ways you can contact us. If the complaint remains unresolved you may refer the matter to our recognised External Dispute Resolution scheme. Brighte is a member of the Australian Financial Complaints Authority (AFCA). AFCA independently and impartially resolves disputes between consumers and participating members on matters including privacy. The contact details for AFCA are:

Australian Financial Complaints Authority
Phone: 1800 931 678
Fax: (03) 9613 6399
Website: https://www.afca.org.au/

Alternatively, the matter may be referred to the Office of the Australian Information Commissioner (the ‘OAIC’). The contact details for the OAIC are:

The Office of the Australian Information Commissioner
GPO Box 2999
Canberra ACT 2601
Australia
Phone: 1300 363 992
Fax: 02 9284 9666
Website: www.oaic.gov.au

11. Brighte Contact details

The Privacy Officer
Brighte Capital Pty Limited
Phone: 1300 274 448
Email: privacy@brighte.com.au
Mail: Level 15, 1 Margaret St, Sydney NSW 2000

This Credit Reporting Policy was last updated on February 2026 and is subject to change.