We are AAA Financial Corporation Pty Ltd ( “the Originator”, “AAA”, “we”, “our”, “us”).
Please read the following information carefully. If you have any questions about your personal data please contact us by emailing email@example.com or by writing to Data Protection Officer, AAA Financial Corporation, GPO Box 2629, Brisbane QLD 4001, Australia.
We are committed to protecting and respecting your privacy, being completely open and transparent in the way we collect or obtain your personal data and how we treat that information. For the purposes of Regulation (EU) 2016/679 (General Data Protection Regulation), we are a data controller in respect of the information that we collect or obtain about you. This is because we determine why and how your personal data is processed. Personal data includes information relating to natural persons who:
The personal data we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering, and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found in this privacy notice.
Special Category Personal Data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs; trade-union membership; genetic data, biometric data processed solely to identify a human being; health-related data; data concerning a person’s sex life or sexual orientation. We generally do not collect Special Category Personal Data and we further restrict collection of such data unless it is necessary for us to provide our Services to you and where we have either obtained your express consent or a permitted general situation exists. For example, we may collect health information about you to assess certain claims, including hardship, or we may collect voice and video call information to verify your identity or authorise transactions.
Credit Information is information which we use to assess your eligibility to be provided with credit and may include any credit that you have outstanding, your repayment history and any defaults. Usually, credit information is exchanged between credit providers and credit references agencies. We may use credit eligibility information being credit reporting information supplied to us by a credit reference agency, and any information that we derive from it to make decisions regarding your eligibility for credit.
We do not collect your personal data on our website.
You can withhold your personal data when speaking with us if you are making a general enquiry. However, if you wish for us to provide you with our Services, we will need to identify you.
Most information will be collected from you personally, this can be taken by us:
We may obtain your credit related personal data:
The main reason we collect your personal information and credit-related personal information is to assess your application, to provide you with the product or service that you have requested (including where applicable, third-party products and services), to assess any future applications for products or services you may make to us or our Affiliates, or to help us run our business.
If you are a guarantor we collect your personal information and credit-related personal information to assess whether to accept you as a guarantor for credit applied for, or provided to, the borrower. Collection of some of this information is required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. If the borrowing entity provides incomplete or incorrect information we may be unable to provide them with the product or service they are applying for.
We may need to collect personal information and credit-related personal information about a third party from you as part of this application. If we do this, you agree you will advise that person that we have collected their information.
We may also use your personal data to tell you about our Services we think may interest you or for a purpose related to the primary purpose of collection or where you would reasonably expect that we would use the information in such a way, subject to legal restrictions on using your personal data for marketing purposes.
We may also de-identify your personal data which we have collected for the purposes described in this privacy notice. If we are dealing with a request you have made in order to exercise your legal and regulatory rights (including those referred to in the ‘Your rights under applicable data protection legislation’) below, this will be done in compliance with applicable data protection legislation.
Any consent that you give can be withdrawn by emailing firstname.lastname@example.org. Withdrawing your consent does not affect the lawfulness of any processing which occurred prior to the withdrawal of consent. If you withdraw your consent, we will stop processing your personal data.
We may disclose your personal data:
Prior to disclosing any of your personal data to another person or organisation, we will take all reasonable steps to satisfy ourselves that:
Circumstances may arise where, whether for strategic or other business reasons, we decide to sell, buy, merge or otherwise reorganise our business in some countries. Such a transaction may involve the disclosure of personal data to prospective or actual purchasers or receiving it from sellers. It is AAA’s practice to seek appropriate protection for information, including personal data, in these types of transactions.
Prior to disclosing your personal data to an overseas recipient, unless a permitted general situation applies, we will take all reasonable steps to ensure that:
Acceptance of any of our Services via an application in writing, orally or electronic means, will be deemed as giving consent to the disclosures detailed herein.
Currently we are handling, storing, and processing your data in the following locations Australia, Malaysia, Singapore, Hong Kong, China and USA through the use of our cloud storage, technological products and services via other service providers.
The locations where we handle, store and process your data may change as our business needs changes and we appoint other service providers from time to time. Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
We may use your personal data for direct marketing. This means we may send information to you that relates to promotions.
You have the right to object to our processing of your personal data for direct marketing purposes. If you make such an objection, we will cease to process your personal data for this purpose.
If you do not wish to receive marketing information, you may at any time decline to receive such information by contacting us using the contact information set-out in the ‘Introduction’ section of this privacy notice. If the direct marketing is by email, you may also use the unsubscribe function.
We will not sell your personal data to other companies or organisations.
AAA do not use automated decision making (i.e., processing that is carried out without human intervention).
In order to provide efficient tools to our network of mortgage brokers we offer online calculator tools which assist with automated decision making on maximum borrowing capacities and serviceability indexing, however in all circumstances human intervention and decisioning has final word on credit outcomes.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or to employ you, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. The information we hold about you could make it easier or harder for you to get credit in the future. To find out more about the fraud prevention agencies we use and how they manage your information, please visit cifas.org.uk/fpn If you have any questions about this, please contact us.
Credit Reference Agencies (CRA) are authorised by law to handle your credit related information. If you apply for credit, we may disclose your personal data to, or collect personal credit related information from a CRA and other credit lending entities. CRAs may include credit related information provided by us in reports provided to other credit providers to assist such other credit providers to assess the individual’s credit worthiness. As permitted by law, we may collect, hold, use or disclose credit related information held about you for the purposes of:
When we obtain credit information from a CRA about you, we may also seek publicly available information and information about any serious credit infringement that you may have committed. When Credit reference agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRA’s will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRA to break that link.
In assessing your credit application and providing the Services to you, we may exchange your personal data, as well as your consumer and commercial credit information with the following entities, including but not limited:
Our Credit Reporting Policy contains information about:
In this Notice, the “Lender” means each and every one of the following organisations (whether acting individually or together):
|Lender (and their associated entities)
|ColCap Financial UK Limited
|Molo Tech Ltd
In this Notice, the " Credit Reporting Body” means each and every one of the following organisations (whether acting individually or together):
|Credit Reporting Body
|AAA Financial Corporation Pty Ltd
|83 065 481 505
By signing this application you agree that we can do all of the following:
It is important to us that the personal data we hold about you is accurate and up to date. During the course of our relationship with you, we may ask you to inform us if any of your personal data has changed.
If you wish to make any changes to your personal data, you may contact us. We will generally rely on you to ensure the information we hold about you is accurate or complete.
Your personal data is protected under data protection law and you have a number of rights (explained below) which you can seek to exercise. Please contact us using the contact information set-out in the ‘Introduction’ section of this privacy notice if you wish to do so, or if you have any queries in relation to your rights.
In this section we have summarised the rights that you have under applicable data protection laws. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
The summary of your principal rights under applicable data protection laws are:
We may refuse to give you access to personal data we hold about you if we reasonably believe that giving access would pose a serious threat to the life, health or safety of an individual, or to the public health or safety, where giving access would be unlawful, where giving access would have an unreasonable impact on the privacy of other individuals, if there are legal proceedings, or if we consider the request to be frivolous or vexatious.
We are committed to protecting the privacy needs of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. We only collect information relating to children under the age of 18 as it pertains to their legal guardians financial obligations. We do not directly collect information from children under the age of 18. We do not offer or target our services to individuals or their entities/companies under the age of 21.
We are committed to protecting the information you provide us. To prevent unauthorised access or disclosure, to maintain data accuracy, and to ensure the appropriate use of the information, we have in place appropriate technological and operational procedures to safeguard the information we collect.
We will take reasonable steps to protect your personal data by storing it in a secure environment. We may store your personal data in paper and electronic form. We will also take reasonable steps to protect any personal data from misuse, loss and unauthorised access, modification or disclosure.
If we are no longer required or wish to keep your personal data for the purpose it was collected, we will securely destroy it or remove all identity features from the information unless we are legally required to keep it for a period of 6 years after an account is closed.
Subject to applicable laws, we will monitor and record calls, emails, text messages, social media messages and other communications. We will do this for the purposes of complying with applicable laws and regulations and our own internal policies and procedures, to prevent or detect crime, to protect the security of our communications systems and procedures and for quality control and staff training purposes.
We only keep your personal data for as long as it is necessary to fulfil the purposes for which it is processed (as described above). In accordance with our retention policy, we will retain your personal data for a minimum of six years from the end of our business relationship with you. Our business relationship will be deemed to be at an end on the date upon which your account is closed (which will either be when all outstanding sums under the agreement have been repaid or when we stop pursuing arrears on the account) or when your application has been declined. Please note that if your personal data is shared with third parties (as detailed above) they may have different retention policies. Fraud prevention agencies can hold your personal data for different periods of time; if you are considered to pose a fraud or money laundering risk, note that your data can be held by them for up to six years.
If you have any concerns regarding our use of your information, please notify our as soon as possible using the contact information set-out in the ‘Introduction’ section of this privacy notice.
We may update this GDPR statement from time to time by publishing a new version on our website. You should check www.aaafin.co.uk/gdpr.html occasionally to ensure you are happy with any changes to this privacy notice and keep a copy for your records.