Personal information includes information or an opinion about an individual that could reasonably identify that individual. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit card information.
What personal information do we collect?
We may collect the following types of personal information:
- mailing or street address;
- email address;
- telephone number and other contact details;
- age or date of birth;
- credit card information;
- identification information, such as your driver’s licence or passport number;
- your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
- details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries. We may also record and monitor phone calls between you and Brighte;
- any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
- information you provide to us through customer surveys;
- current and historical energy usage, load and consumption data, meter type and model and other statistics on your use of energy products and associated metering software, including products and software which are financed by us, where we have obtained your consent; or
- any other personal information that may be required to facilitate your dealings with us.
We may collect sensitive information from you where it is reasonably required for our business functions or activities. We will only collect sensitive information with your consent. For example, we may collect sensitive information when you make a hardship request and disclose information relating to your health as part of making that hardship request. Sensitive information is personal information that includes:
- information about your race or ethnicity;
- information about your political opinions, religious beliefs or affiliations;
- health information, including your medical condition;
- criminal history; and
- biometric data such as images, photographs or videos.
How do we collect personal information?
We may collect personal information either directly from you, or from third parties. We may collect this information when you:
- register on our website or app;
- communicate with us through correspondence, phone calls, chats, email, or when you share information with us from other applications, services or websites; or
- interact with our websites, services, content and advertising.
Personal information provided by third parties
There may be occasions when information is collected from third parties, such as a partner or spouse who contacts us on your behalf, from our accredited vendors, from our contractors who supply services to us, through our business partners, from credit reporting bodies or from a publicly maintained record.
We also collect information obtained as a result of credit checks that you authorise us to carry out, as detailed further in our Credit Reporting Policy.
You may choose not to provide personal information to us, however if you do not provide personal information requested by us, we may not be able to provide you with our services.
How do we use your personal information?
We use your personal information for the purpose for which it has been provided, for reasonably related secondary purposes, any other purpose you have consented to and any other purpose permitted under the Privacy Act. This may include using your personal information for the following purposes:
- to enable you to access and use our financial products and services and related products and services;
- to improve our products and develop new products;
- to determine your eligibility for other products and services provided by us, based on your usage of existing products and services;
- for identity verification purposes, which may involve the use of third-party systems, and matching information with official record holders;
- to operate, protect, improve and optimise our website, app, business and our users’ experience and our products and services, such as to perform analytics, conduct research and for advertising and marketing;
- to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
- to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
- to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
- for quality assurance and internal training purposes; and
- to comply with our legal obligations, resolve any disputes that we may have with you, and enforce our agreements with third parties.
How long do we store your information for?
Generally, we are required to retain your information for a period of up to 7 years to comply with our legal obligations.
Your personal information may be kept after your account with us is closed in order to carry out certain activities, such as:
- collecting outstanding balances owed;
- conducting investigations or resolving complaints;
- account maintenance;
- preventing or detecting fraud or unauthorised activity;
- complying with our legal obligations; or
- where otherwise permitted by law.
Do we use your personal information for direct marketing?
We and/or our carefully selected business partners may send you direct marketing about financial products and services, in accordance with the Spam Act 2003 (Cth) and the Privacy Act. This may take the form of emails, SMS, mail, telephone or other forms of communication. By providing us with your personal information, you consent to us and our business partners using your information to contact you from time to time for this purpose. You may opt-out of receiving direct marketing from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g., an unsubscribe link).
To whom do we disclose your personal information?
- our employees and related bodies corporate (meaning an affiliated or connected company);
- your agents who act on your behalf;
- referrers and other intermediaries;
- credit and debt agencies;
- third parties for securitisation purposes;
- third party organisations that carry out functions on our behalf;
- third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
- professional advisers, dealers and agents;
- payment systems operators (e.g. merchants receiving card payments);
- our existing or potential agents, business partners or partners;
- our sponsors or promoters of any competition that we conduct via our services;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.
By providing us with your personal information, you consent to us disclosing your information to such entities without obtaining your consent on each occasion.
Disclosure of personal information outside Australia
We may disclose personal information outside of Australia to credit check companies and cloud service providers located in the US, UK, Philippines, Singapore, Spain, Costa Rica, Finland, Mongolia, Israel, Bulgaria, Canada, India, Japan, Mexico and New Zealand.
When you provide your personal information to us, you consent to the disclosure of your information outside of Australia and we will take reasonable steps to ensure that overseas recipients handle that personal information in compliance with Australian privacy law. We take the responsibility of due diligence seriously when it comes to third parties with whom we share your information.
Using our website and cookies
We may collect personal information about you when you use and access our website.
While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
We may hold your personal information in either electronic or hard copy form and your personal information may be stored by our third- party service providers. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. We do this by using a number of physical, administrative, personnel and technical measures to protect your personal information. The measures we use to protect your personal information include:
- using appropriate information technology and processes;
- restricting access to your personal information to our employees and third party service providers who need your personal information to do what we have engaged them to do;
- protecting paper documents from unauthorised access or use through security systems we deploy over our physical premises;
- using computer and network security systems with appropriate firewalls, encryption
- technology and passwords for the protection of electronic files;
- securely destroying or “de-identifying” personal information if we no longer require it; and
- keeping some information for certain prescribed periods only for the purpose of complying with our legal obligations.
However, despite these precautions, it’s important to note that we cannot always guarantee the security of your personal information. Security breaches or unforeseen events may still pose risks to data integrity.
Accessing or correcting your personal information
You can access the personal information we hold about you by contacting us using the information below. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected. We will generally rely on you to inform us if the information we hold about you is inaccurate or incomplete.
Making a complaint
If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
The Privacy Officer
Phone: 1300 274 448
Mail: Level 15, 1 Margaret St, Sydney NSW 2000
If you require further information about Privacy laws generally, please contact:
The Privacy Commissioner
Office of the Federal Privacy Commissioner
Mail: GPO Box 5218, Sydney NSW 1042
Phone: 1300 363 992
Fax: (02) 9284 9666
See the separate Brighte Statement of Notifiable Matters
Credit Reporting Policy
This Credit Reporting Policy (and the Brighte Statement of Notifiable Matters) applies to Brighte Capital Pty Limited (ABN 74 609 165 906) (referred to in this policy as ‘Brighte’, ‘us’ ‘we’ or ‘our’).
At Brighte, we take our obligations to protect personal information about individuals, including credit information and credit eligibility information, seriously. We are bound by Part IIIA of the Privacy Act 1988 (Cth) (‘Privacy Act’) and the Privacy (Credit Reporting) Code 2014 (Cth) (‘CR Code’), which govern credit reporting in Australia.
About this Credit Reporting Policy
The purpose of this Credit Reporting Policy is to tell you how we manage:
- Credit information – this information relates primarily to your credit-related dealings with us, and we can disclose this information to credit reporting bodies. We describe the credit information we collect further below;
- Credit eligibility information – this information relates primarily to your credit-related dealings with other credit providers. Credit eligibility information comprises ‘credit reporting information’ provided by credit reporting bodies; and credit worthiness information that we derive using “credit information”.
The Privacy Act contains a variety of detailed definitions describing these types of information. We have only included some general explanations above. If you would like to refer to the full provisions in the Privacy Act or the CR Code they are available on the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.
This Policy explains:
- the kinds of credit information and credit eligibility information that we collect and hold;
- how we collect and hold credit information and credit eligibility information;
- the purposes for which we collect, hold, use and disclose credit information and credit eligibility information;
- how you may request access to your credit information and credit eligibility information held by us or request correction of that information;
- how to make a complaint if you consider that we have not complied with the Privacy Act or with the CR Code, and how we will deal with such complaints; and
- the circumstances in which we may disclose credit information and credit eligibility information to overseas recipients and the countries where such recipients may be located.
This Policy applies to any individual for whom we hold credit information or credit eligibility information no matter how they interact with us (e.g., on-line, in person or over the phone). The latest version of this Policy will be published on our website.
1. What kinds of credit information do we collect and hold?
When you apply for credit with us, throughout our relationship, and for as long as we are required under the law, we may collect and hold your credit information. Examples of credit information include:
- Identification information, such as your name, address, date of birth or employer.
- Consumer credit liability information. This is information about consumer credit accounts you hold, or have held, with us, such as the type of account, the date the account was opened and closed, the maximum amount of credit approved for that account and the specific terms and conditions relating to the repayment of credit under that account.
- A note that we have made an information request about you with a credit reporting body. An information request is when we ask a credit reporting body to provide us with credit reporting information about you.
- The type of credit and the amount of credit sought in an application for credit made by you in connection with which we made an information request.
- Default information about you. This is information about a payment owed by you as a borrower or guarantor in connection with consumer credit that remains overdue for more than 60 days and which we can disclose to a credit reporting body if certain requirements under the Privacy Act are met.
- Payment information about you. Payment information is a statement that an overdue payment in relation to which default information was provided to a credit reporting body has been paid.
- Court proceedings information about you. This is information about a judgment of an Australian court that is made against you that relates to credit that was provided to, or applied for, by you.
- Personal insolvency information about you. This is information recorded in the National Personal Insolvency Index and relating to your bankruptcy, a debt agreement proposal given by you, a debt agreement made by you, a personal insolvency agreement executed by you, a direction given, or an order made, under the Bankruptcy Act that relates to your property or an authority signed under the Bankruptcy Act that relates to your property.
- Publicly available information about you:
- that relates to your activities in Australia or the external territories and your credit worthiness; and
- that is not court proceedings information about you or information about you that is entered or recorded in the National Personal Insolvency Index.
- An opinion we have on reasonable grounds that you have committed a serious credit infringement in relation to consumer credit that was provided to you. A serious credit infringement includes, in summary:
- that you were fraudulently obtaining (or attempting to obtain) consumer credit; or
- that you are fraudulently evading (or attempting to evade) your consumer credit obligations; or
- that you are no longer intending to comply with your consumer credit obligations as we have not been able to contact you for 6 months in accordance with the Privacy Act.
2. How do we collect credit information?
We collect credit information in a variety of ways, such as obtaining the relevant information directly from you or by persons acting on your behalf (including on application forms or other forms or in our ongoing dealings with you in connection with credit). Some credit information will also be derived by us from your transactions in connection with credit, such as when you make payments to us.
3. Exchanges of information about you with credit reporting bodies
We may obtain credit reporting information about you from credit reporting bodies. Credit reporting information includes:
- credit information of the kinds listed under ‘What kinds of credit information do we collect and hold?’ but relating primarily to your dealings with other credit providers (such as about credit applications you have made or credit that you hold with other credit providers). This information will typically have been provided by other credit providers or other third parties; and
- credit worthiness information about you that credit reporting bodies derive from the information above, such as credit scores, risk ratings and other evaluations about you.
We may also disclose your credit information relating to your dealings with us to credit reporting bodies. Those credit reporting bodies may include that information in reports that they provide to other credit providers to assist them to assess your credit worthiness.
For example, we will provide information that identifies you and about your application for credit when obtaining credit reporting information for the purposes of assessing that application. Further, if you fail to meet your payment obligations in relation to consumer credit, or commit a serious credit infringement, we may be entitled to disclose this to a credit reporting body.
Credit reporting bodies are required to have a policy which explains how they will manage your credit-related personal information. If you would like to read the policy please visit their website, or you can contact them directly for further information.
You have the right to request these credit reporting bodies to exclude your credit reporting information from any permissible direct marketing activities Brighte may request them to perform.
You also have the right to request credit reporting bodies not to use or disclose your credit reporting information if you believe that you have been, or are likely to be, the victim of fraud (for example, you suspect someone is using your identity details to apply for credit). You must contact the credit reporting bodies directly should this be the case.
4. What kinds of credit worthiness information do we derive from credit reporting information?
We utilise credit reporting information obtained from credit reporting bodies to derive other information that assists us in assessing your credit worthiness, for example, credit risk ratings and credit scores.
5. How do we hold and protect credit information and credit eligibility information?
We understand the importance of protecting the personal information, including credit information and credit eligibility information, we hold. We take reasonable steps to ensure that this information is free from misuse, interference, loss, unauthorised access or modification. Examples of these steps include:
- securing information both in physical and electronic form;
- having internal procedures and measures limiting access to personal information only to those that need access for their legitimate activities; and
- protecting our systems by appropriate technology solutions.
6. For what purposes do we collect, hold, use and disclose credit information and credit eligibility information?
Brighte collects, holds, uses and discloses credit information and credit eligibility information, as well as information derived from credit information and credit eligibility information, about you for purposes reasonably necessary for our business activities and consistently with the requirements in the Privacy Act as permitted by law. These purposes include:
- to assess applications for credit (including assessing any proposed guarantors);
- for the ongoing servicing and administration of our accounts and products;
- to assist with the management, including recovery, of outstanding debts;
- to assist you if we consider that you may be at risk of default;
- internal management purposes;
- for data analysis;
- to participate in the credit reporting system and provide information to credit reporting bodies as permitted by the Privacy Act;
- to undertake securitisation activities and debt assignments;
- to deal with complaints and legal proceedings;
- to meet our legal and regulatory requirements (such as reporting matters to regulators or enforcement bodies when authorised or required by law); and
- to assist other credit providers with such purposes in circumstances permitted by the Privacy Act (such as disclosing information to another credit provider with your consent or where you have committed a serious credit infringement).
Restrictions apply under the Privacy Act in relation to the circumstances and purposes for which such information may be used or disclosed and we comply with these restrictions. For example, credit eligibility information may not be disclosed to some types of overseas entities and restrictions apply on the use of credit eligibility information for direct marketing.
7. Will we be disclosing your credit information or credit eligibility information to overseas organisations?
As is the case throughout the Australian financial services industry (and other major industries), technology allows for services to be provided by different service providers including some that are located overseas.
We utilise overseas service providers for some of our activities and to do so we may need to disclose credit information or credit eligibility information to those service providers. We may also disclose such information to other overseas recipients for the purposes listed above when permitted to do so by the Privacy Act.
Whilst it is not practicable to list every country in which such recipients are likely to be located, it is likely that the countries to which your credit information or credit eligibility information may be disclosed include India, Spain, Costa Rica, Finland, Mongolia, Israel, Bulgaria, Canada, Japan, Mexico, New Zealand, Philippines, Singapore, United Kingdom, and the United States of America.
8. How can you access credit eligibility information we hold about you?
You may access the credit eligibility information which we hold about you by contacting us on the relevant contact number provided at the end of this Policy. We will need to verify your identity before giving you access. We will usually provide the information requested within 30 days of receiving your request. If there is a reason we are unable to agree to a request for access to your credit eligibility information we will advise you of this in writing. There is no charge to make a request for access but we may apply an administration fee for providing access in accordance with your request.
9. How can you seek correction of the credit information or credit eligibility information about you which we hold?
We aim to hold accurate and up-to-date credit information and credit eligibility information about you at all times. If you consider that any such information we hold about you is incorrect in any way, you may seek the correction of that information. To seek such a correction please call the relevant contact number provided at the end of this Policy to discuss your query. In certain situations, we may not agree to a request to correct information we hold about you. If this occurs, we will advise you of this and our reason for not agreeing to the correction request in writing.
10. How can you make a complaint about our compliance with our credit reporting obligations and how will we deal with such a complaint?
If you believe that we have failed to comply with the credit reporting requirements in Part IIIA of the Privacy Act or the CR Code, please contact us and we will then follow our standard Internal Dispute Resolution process. The ‘Contact Us’ section of our website contains details of the ways you can contact us. If the complaint remains unresolved you may refer the matter to our recognised External Dispute Resolution scheme. Brighte is a member of the Australian Financial Complaints Authority (AFCA). AFCA independently and impartially resolves disputes between consumers and participating members on matters including privacy. The contact details for AFCA are:
Australian Financial Complaints Authority
Phone: 1800 931 678
Fax: (03) 9613 6399
Alternatively, the matter may be referred to the Office of the Australian Information Commissioner (the ‘OAIC’). The contact details for the OAIC are:
The Office of the Australian Information Commissioner
GPO Box 2999
Canberra ACT 2601
Phone: 1300 363 992
Fax: 02 9284 9666
11. Brighte Contact details
The Privacy Officer
Brighte Capital Pty Limited
Phone: 1300 274 448
Mail: Level 15, 1 Margaret St, Sydney NSW 2000
This Credit Reporting Policy was last updated on October 2023 and is subject to change.