Privacy consent and policy, clearly laid out.

Who we are

Balmoral Commercial Finance is a trading name of Balmoral Finance & Advisory Pty Ltd. Balmoral Finance & Advisory Pty Ltd ABN 37 696 844 612. In this Privacy Consent and Privacy Policy, "we", "us" and "our" means Balmoral Finance & Advisory Pty Ltd, our related bodies corporate, authorised representatives, contractors, service providers and permitted third parties engaged to help us provide our services.

We provide commercial finance brokerage, credit assistance, lender matching, loan application support, application management and related services.

Who this policy applies to

This policy applies to any individual whose personal information we collect or handle in connection with our business and services.

• Applicants and prospective applicants
• Borrowers, guarantors and directors
• Sole traders, business owners and trustees
• Clients and prospective clients
• Referrers, introducers and advisers
• Website users and people who contact us by phone, email, SMS, portal, social media or other digital channels

It also applies where you provide us with information about another person in connection with an enquiry, application or transaction.

Our commitment to privacy

We respect your privacy and are committed to handling personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles and applicable privacy, credit reporting and electronic communications laws.

We collect, use, hold and disclose personal information only where it is reasonably necessary for our business activities, to provide our services, comply with legal and regulatory obligations, verify identity, prevent fraud, assess applications and support finance transactions.

We take reasonable steps to protect the information we hold from misuse, interference, loss, unauthorised access, modification and disclosure.

If you do not provide requested information, we may not be able to provide our services, assess an application, submit a proposal to a lender, verify your identity or otherwise assist you effectively.

Personal information

The personal information we collect may include:

• Full name, date of birth, residential and postal address
• Email address, mobile number and telephone numbers
• Occupation, employment details and citizenship or residency status
• Relationship status and dependant details where relevant to an application
• Details about directors, shareholders, trustees, beneficiaries, guarantors and authorised representatives
• Any other personal information provided in connection with an enquiry, application or transaction

Credit-related information

Where relevant to the services we provide, we may collect credit-related information including:

• Current and previous loans, leases, credit facilities and guarantees
• Repayment history information and applications made for credit
• Defaults, arrears, overdue amounts, insolvency events, court judgments or bankruptcy
• Credit scores, credit reports and other information obtained from credit reporting bodies
• Information about suitability, eligibility or creditworthiness

Identity verification information

To verify identity and comply with legal and regulatory obligations, we may collect:

• Driver licence, passport and other government-issued identification details
• Medicare or other identification document details where permitted by law
• Company, trust, director and shareholder identification records
• Signatures, electronic signatures and identity verification records
• Biometric or electronic verification data used by approved identity verification providers
• Information required for AML/CTF, fraud prevention, sanctions screening and know-your-customer checks

Financial, business and transaction information

We may collect financial and business information about you, your business and related entities, including:

• Income, assets, liabilities and expenses
• Bank account details and transaction information
• BAS, tax returns, financial statements, management accounts and cash flow information
• Business structure details, ABN, ACN, trust details and ownership information
• Existing facilities, securities and guarantees
• Property, vehicle, plant, equipment or other asset details relevant to a finance application
• Information supplied by your accountant, broker, lawyer, referrer, employer or other representative

Website, device and communications information

When you use our website, forms, portal or digital tools, we may collect technical, usage and communications information including:

• IP address, browser type and version, device type, operating system and identifiers
• Pages viewed, links clicked, time spent on pages and referring website or source
• Approximate location data, cookies, pixels, tags and similar technologies
• Application progress, saved form data, portal activity and interactions with emails, SMS or advertisements
• Emails, SMS, letters, phone calls, voicemail messages, video meetings, website chat, portal messages and support requests
• Notes made by our staff, brokers, credit representatives or service providers, and records of instructions, consents, preferences and complaints

Where permitted by law, we may monitor and record communications for training, quality assurance, verification, compliance, dispute resolution, fraud prevention and record-keeping purposes.

Information about other people

If you provide us with personal information about another person, such as a co-applicant, guarantor, director, trustee, beneficiary, employee or adviser, you must have authority to do so and must make that person aware that their information may be handled in accordance with this policy.

Information collected directly from you

We generally collect information directly from you where it is reasonable and practicable to do so. We may collect information when you:

• Contact us by phone, email, SMS, website enquiry, chat, social media or in person
• Complete an application form, fact find, proposal request or other document
• Upload documents through our website, portal or other digital systems
• Provide information during meetings, calls or correspondence with us
• Sign disclosures, authorities, consents or other transaction documents
• Request information about our services, products or lending options
• Participate in promotions, surveys, campaigns or events run by us

Information collected from third parties

Where permitted by law and reasonably necessary for our business or the services we provide, we may also collect information about you from third parties including:

• Lenders, lessors, funders and credit providers
• Credit reporting bodies, aggregators, introducers and referrers
• Accountants, lawyers, conveyancers, financial advisers and other professional advisers
• Employers, landlords, trade referees and business associates
• Guarantors, co-applicants, directors, trustees and authorised representatives
• Valuers, insurers, verification providers, fraud prevention agencies and public registers
• Identity verification, AML/CTF, sanctions screening and compliance providers
• Related entities, contractors, technology providers and administrative service providers

We may collect this information to verify details you have given us, assess suitability and risk, process an application, manage a transaction, recover debts, investigate suspected fraud, comply with legal obligations or otherwise provide our services.

Website forms, cookies and analytics

When you use our website, forms, portals, ads, emails or other digital systems, we may collect information automatically or through the technology we use, such as:

• Webchat interactions and application forms
• Cookies and similar tracking technologies
• Analytics tools, advertising pixels and tags
• CRM systems and marketing automation tools
• Website hosting, security and performance monitoring tools
• Portal login, form save and session tracking tools

This information helps us operate and secure our systems, understand user behaviour, improve content and performance, follow up incomplete enquiries or applications, personalise communications where permitted and detect suspicious activity, misuse or fraud. Optional website analytics and advertising pixels are activated only after consent where that consent is required, while essential website, form and security functions continue to operate if optional tracking is declined.

Unsolicited information and consequences of not providing information

If we receive unsolicited information, we will determine whether it is reasonably necessary for our functions or activities. If it is not reasonably necessary, we will, where lawful and practicable, destroy or de-identify it.

You are not required to provide all information we request. However, if you do not provide information we reasonably require, we may be unable to respond properly to your enquiry, verify your identity, assess your eligibility, prepare or submit an application, obtain lender interest or finance offers, manage a transaction or comply with our legal and regulatory obligations.

Core purposes

We collect, hold, use and disclose information so we can respond to enquiries, provide commercial finance brokerage and credit assistance services, understand your finance requirements, identify lender and product options, prepare and submit applications, verify identity and authority, manage accounts and settlements, handle variations or complaints, prevent fraud and comply with legal and regulatory obligations.

We may also use information to operate, maintain, test, analyse and improve our business, systems, website, customer experience, product offerings, service delivery, internal reporting, risk management and staff training. Where appropriate, we may use de-identified or aggregated information for analytics, research and business improvement.

Direct marketing and other permitted purposes

Where permitted by law, we may use information to tell you about products, services, offers, updates, events or opportunities that may be relevant to you, including by email, SMS, phone, online advertising or other lawful channels.

We may also collect, hold, use and disclose your information for any other purpose permitted or required by law, or for any purpose to which you have otherwise consented.

Parties we may disclose to

We may disclose your information where reasonably necessary to provide our services, submit or manage an application, administer commissions or fees, confirm referral arrangements, verify information, protect against fraud or comply with legal obligations.

• Lenders, lessors, funders, mortgage managers, line providers and other credit providers
• Aggregators, introducers, referrers and referral partners
• Credit reporting bodies
• Insurers, valuers, quantity surveyors, identity verification providers and AML/CTF or sanctions screening providers
• Lawyers, barristers, accountants, auditors, tax advisers, consultants, settlement agents and conveyancers
• CRM, database, cloud storage, hosting, software, document management, e-signature, communications, IT support, cybersecurity, backup, analytics, workflow, payment, marketing, mailing, printing and fulfilment providers
• Regulators, government bodies, courts, tribunals, law enforcement bodies, statutory authorities and external dispute resolution schemes
• Prospective purchasers, investors or counterparties involved in an actual or proposed merger, acquisition, restructure, financing or due diligence process
• Related entities, contractors, authorised representatives, employees and agents
• Any person acting on your behalf or with your authority, including guarantors, co-applicants, directors, trustees or authorised representatives

Disclosure minimisation

Where practical, we will only disclose the information reasonably necessary for the relevant purpose. If you apply for finance or ask us to assist with a transaction, you acknowledge that disclosure of your information to multiple parties may be necessary to assess options, obtain lender interest, verify details and progress the matter efficiently.

Whether we disclose overseas

We may disclose, store, process or make personal information accessible outside Australia where reasonably necessary for our business operations, the services we provide, the systems we use, or where permitted or required by law.

This may occur where we use overseas staff, contractors, related entities, cloud platforms, software providers, data hosting providers, customer support tools, identity verification services, document processing providers, communication tools or other service providers.

Countries or regions likely involved

Where applicable, overseas recipients are likely to be located in or operate from jurisdictions including:

• Singapore
• India
• The Philippines
• Indonesia
• The United Kingdom
• The United States
• Other countries in which our cloud, software, communications, verification, analytics, support or technology providers operate or store data

How we protect information

Where we disclose personal information to an overseas recipient, we will take reasonable steps in the circumstances to ensure the recipient does not breach the Australian Privacy Principles in relation to that information, unless an exception applies under law.

• Conducting due diligence on the overseas recipient
• Using contractual privacy, confidentiality and data security obligations
• Restricting access on a need-to-know basis
• Requiring service providers to implement appropriate technical and organisational security measures
• Using secure systems, access controls, encryption, monitoring and authentication measures where appropriate
• Requiring information to be handled only for authorised purposes
• Reviewing provider compliance, privacy practices and security controls from time to time

By dealing with us, submitting an enquiry, using our systems or providing your information in connection with our services, you acknowledge that your personal information may be disclosed, stored, processed or accessed outside Australia in accordance with this policy.

When credit checks may be undertaken

Where permitted by law and reasonably necessary to provide our services, we and/or the lenders, lessors, funders or other credit providers we deal with may obtain and exchange credit information about you for purposes including:

• Assessing an application for consumer or commercial credit
• Assessing whether you meet lender eligibility and credit criteria
• Assessing your suitability as a borrower, co-borrower, guarantor or security provider
• Verifying identity and matching personal details with information held by a credit reporting body
• Reviewing your creditworthiness, repayment history and overall risk profile
• Managing, varying, reviewing or enforcing an existing credit facility
• Collecting overdue payments or dealing with defaults
• Assisting with fraud prevention, suspicious activity reviews and compliance processes

Credit reporting bodies and uses

The credit reporting bodies we and/or the credit providers we deal with may use include Equifax, Illion and Experian. We may update the credit reporting bodies we use from time to time.

Credit information may be collected, held, used and disclosed to assess applications, assess creditworthiness, verify application details, assist with guarantor or co-applicant assessments, manage and administer credit arrangements, collect overdue amounts, comply with legal and regulatory obligations and support lender decision-making.

Your rights regarding credit information

You have rights in relation to your credit information, including the right to:

• Request access to credit information we hold about you
• Request correction of credit information that is inaccurate, out of date, incomplete, irrelevant or misleading
• Make a complaint if you believe your credit information has been handled improperly
• Ask a credit reporting body not to use your credit reporting information for pre-screening of direct marketing by a credit provider
• Request a temporary ban with a credit reporting body if you reasonably believe you are or are likely to be a victim of fraud

Further information about credit reporting, repayment history information, defaults, access, correction and complaints is available from the OAIC and from the relevant credit reporting bodies.

How we use information for marketing

We may use your personal information to send you information about our products, services, finance solutions, lender options, offers, updates, events, tools, insights and other opportunities that we think may be relevant to you or your business.

• Email
• SMS
• Telephone
• Online advertising
• Social media audiences
• Retargeting and similar digital marketing tools
• Other electronic or traditional communication channels permitted by law

We may use cookies, pixels, tags and similar technologies to measure campaign performance, understand engagement and deliver more relevant advertising or follow-up communications. Optional website analytics and advertising pixels are enabled only after consent where that consent is required by law. We will not use sensitive information for direct marketing without consent where consent is required by law.

How to opt out

You can opt out of direct marketing communications from us at any time by:

• Clicking the unsubscribe link in an email
• Replying STOP to an SMS where that option is available
• Asking us during a phone call not to contact you for marketing
• Contacting us directly using the details in this policy
• Adjusting cookie or advertising preferences where those settings are available

Opting out of marketing does not stop us from contacting you about service-related matters such as applications, transactions, compliance, identity verification, settlements, complaints, security alerts or other important operational communications.

How information is stored

We may store personal information in physical and electronic form, including paper files, emails, databases, CRM systems, document management platforms, cloud storage systems, communications platforms, finance processing systems, backups and other business records.

Information may be held on systems operated by us or by third-party service providers engaged to support our business. Depending on the systems used, information may be stored in Australia or in other jurisdictions in accordance with the overseas disclosure section of this policy.

Security safeguards

We take reasonable steps to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification and disclosure. Depending on the circumstances, these steps may include:

• Restricting access on a need-to-know basis
• User authentication, password controls and multi-factor authentication where appropriate
• Role-based permissions and internal access controls
• Encryption, secure transmission methods and system monitoring where appropriate
• Secure document handling and storage procedures
• Cybersecurity controls, backups, logging and incident response processes
• Staff training, confidentiality obligations and privacy-aware handling procedures
• Due diligence and contractual controls for relevant service providers
• Physical security measures for offices, devices and paper records

Retention and disposal

We retain personal information only for as long as reasonably necessary for the purposes for which it was collected, or for related purposes for which it may lawfully be used or disclosed, unless a longer retention period is required or authorised by law, regulation, a court or tribunal order, or legitimate business and compliance needs.

• Finance applications and transaction records
• Identity verification and AML/CTF compliance
• Dispute resolution, complaints and legal proceedings
• Taxation, audit and record-keeping requirements
• Fraud prevention, risk management and enforcement of rights
• Business administration and supervision obligations

When we no longer need personal information for a permitted purpose, and we are not otherwise required or authorised to retain it, we will take reasonable steps to destroy the information or ensure that it is de-identified. No method of internet transmission or electronic storage is completely secure, so we cannot guarantee absolute security.

How to request access

You may request access to the personal information we hold about you by contacting us using the details set out in this policy. Where reasonable, we may ask you to make your request in writing so we can verify your identity, understand the scope of your request and respond accurately and securely.

• Providing copies of documents or records
• Giving you electronic access
• Providing a summary of the requested information
• Allowing you to inspect records where appropriate

How to request correction

If you believe that personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you may request that we correct it by contacting us using the details in this policy.

If we have disclosed the information to another organisation and you ask us to notify them of the correction, we will take reasonable steps to do so where required or appropriate.

Timeframes, limits and verification

We will respond to requests for access or correction within a reasonable period. For credit-related correction requests, the applicable framework generally requires a decision within 30 days. For credit reporting complaints, the complaint must generally be acknowledged within 7 days and a decision made within 30 days unless an extension is agreed.

• We may refuse access where giving access would be unlawful, unreasonably affect the privacy of another person, prejudice legal proceedings or enforcement-related activities, reveal commercially sensitive assessment processes or create a serious threat to life, health or safety.
• Before actioning an access or correction request, we may require you to verify your identity, confirm your authority to act, specify the relevant records or period and provide supporting documentation where appropriate.

How to complain to us

If you believe we have handled your personal information or credit-related information improperly, you may make a complaint to us. To help us investigate and respond efficiently, please provide:

• Your name and contact details
• Enough information to identify the matter you are complaining about
• Copies of any relevant documents or correspondence
• Details of the outcome you are seeking

Our complaint handling process

We will acknowledge your complaint within a reasonable time and aim to investigate and respond as promptly as possible. Our complaint handling process may include:

• Confirming receipt of your complaint
• Verifying your identity and authority where necessary
• Reviewing relevant records, communications and systems
• Requesting further information if needed
• Considering whether a correction, explanation, remedial action or other response is appropriate
• Providing you with our decision and reasons where appropriate

External complaint bodies

If you are not satisfied with our response, or you believe we have not resolved your complaint adequately, you may be able to escalate your complaint to the Office of the Australian Information Commissioner or, where applicable, the Australian Financial Complaints Authority.

• OAIC enquiries: 1300 363 992 or oaicintake@oaic.gov.au
• AFCA assistance: 1800 931 678 or info@afca.org.au

We do not charge a fee for receiving or handling a privacy complaint.

When you may deal with us anonymously

Where lawful and practicable, you may choose not to identify yourself or to use a pseudonym when dealing with us in relation to a particular matter. This may include:

• Making a general enquiry about our services
• Asking for general information from our website or by phone
• Making an initial enquiry that does not require us to verify your identity
• Requesting publicly available information or general assistance that can reasonably be provided without identifying you

When this is not practicable or lawful

In many cases, it will not be practicable or lawful for us to deal with you anonymously or by pseudonym. This is likely to be the case where we need to:

• Verify your identity
• Assess eligibility, suitability, serviceability or creditworthiness
• Collect or review application documents
• Submit or manage a finance application
• Communicate with lenders, lessors, aggregators, valuers, insurers or other transaction parties
• Comply with legal, regulatory, AML/CTF, fraud prevention, sanctions or record-keeping obligations
• Respond to an access, correction or complaint request that requires us to identify you
• Protect against fraud, unauthorised conduct or misuse of our systems

Because we provide brokerage and credit assistance services, anonymous or pseudonymous dealings may be possible for limited general enquiries, but they will usually not be available once you ask us to provide personalised assistance, assess your circumstances or progress an application.

TFNs and similar identifiers

Where permitted or required by law, we may collect government-related identifiers and related records such as:

• Tax file numbers
• Driver licence numbers
• Passport numbers
• Medicare numbers
• Visa or immigration-related identifiers
• Company or business registry identifiers
• Other government-issued reference numbers or identifiers relevant to identity verification, compliance or a finance transaction

How they are handled

We will only collect, use or disclose government-related identifiers where this is permitted, required or authorised by law, or otherwise allowed under an applicable exception.

• Verifying your identity
• Complying with AML/CTF, fraud prevention, sanctions or other legal obligations
• Confirming information with a lender, lessor, credit provider or verification service
• Administering a finance application or transaction
• Meeting taxation, reporting, court, regulatory or other lawful requirements

We do not adopt a government-related identifier as our own identifier of you unless permitted by law. Where we hold government-related identifiers, we take reasonable steps to protect them, limit access, collect only the minimum reasonably necessary and not retain them longer than required or permitted.

Policy updates

We may update this Privacy Policy from time to time to reflect changes in our business, services, systems, legal or regulatory obligations, privacy practices, technology providers or the way we handle personal information.

When we make changes to this policy, we will publish the updated version on our website and update the effective date shown in the policy.

• Email
• SMS
• Portal notification
• Website notice
• Other communications we ordinarily use to contact you

The most current version of this policy, as published on our website from time to time, will apply to our handling of personal information unless otherwise required by law.

Privacy contact

If you have questions, requests or complaints about this Privacy Policy, our privacy practices, or the way we handle your personal information or credit-related information, please contact our Privacy Officer using the details below.

• Balmoral Finance & Advisory Pty Ltd
• Balmoral Commercial Finance is a trading name of Balmoral Finance & Advisory Pty Ltd.
• Phone: (02) 4407 4926
• Address: Sydney, NSW, Australia

What you can contact us about

You may use the contact details above to:

• Request access to personal information we hold about you
• Request correction of personal information or credit-related information
• Make a privacy or credit-related complaint
• Ask questions about this policy or our privacy practices
• Notify us that you wish to opt out of direct marketing communications

We aim to respond to privacy enquiries, access requests, correction requests and complaints within a reasonable time. Where specific legal timeframes apply, we will seek to comply with those requirements.