The types of personal information we collect and hold
The types of personal information we may collect and hold includes (but is not limited to) personal information about:
- clients, business associates and potential clients and their employees;
- suppliers and their employees; and
- prospective employees and contractors.
Personal information that we collect and may hold include:
- your name, address, contact telephone number and other contact details such as your email address;
- payment information (such as credit card or bank details);
- other personal information required to provide our services in specific cases, for example, certain information to complete police checks and property transactions, if relevant; and
- details of your use of our products or services.
You are not obliged to provide personal information to CreditorWatch. However in many cases, if you do not provide your personal information to us, we may not be able to supply the relevant product or service that you have requested from us.
If it is necessary to provide specific services to you, we may collect sensitive information about you. Under the Privacy Act, “sensitive information” includes but is not limited to information or an opinion about an individual’s racial or ethnic origin, religious belief, or criminal record and also includes health information about an individual. However, we will only collect sensitive information from you if you agree to provide it to us, you authorise us to obtain it from a third party or where the collection of the information is required or authorised by or under an Australian law or a Court/Tribunal order or otherwise where the collection is not prohibited under the Privacy Act. We will only use sensitive information in accordance with the Privacy Act and for the purpose for which it is provided.
How personal information is collected and held by us
We collect personal information in the following ways:
- when you fill in and return to us a signed client form;
- when you submit personal information through our website (such as when you send us a message or fill out a form);
- in person, for example, when you engage with our HelpDesk;
- when you connect to a third party or connect to our services via a third party, for example, an integration partner, a module or third party software or services; and
- in the course of providing services to you.
We may also collect information about you from third party suppliers and government database services.
We store personal information in computer storage facilities and paper-based files. We take steps to protect your personal information against loss, unauthorised access, use modification or disclosure. Some examples of the steps we take to protect your personal information include:
- ensuring there are suitable password protection measures and access privileges in place to monitor and control access to our IT systems;
- imposing restrictions on physical access to paper files;
- requiring any third parties engaged by CreditorWatch to provide appropriate assurances to handle your personal information in a manner consistent with the Privacy Act; and
- taking reasonable steps to destroy or de-identify personal information after we no longer need it for our business or to comply with the law.
Collection of personal information through website activity
Information that may identify you as a user may be gathered during your access with our website.
Our website includes pages that use ‘cookies’. A cookie is a unique identification number that allows the server to identify and interact more effectively with your computer. The cookie assists us in identifying what our users find interesting on our website.
A cookie will be allocated each time you use our website. The cookie does not identify you as an individual in our data collection process, however, it does identify your Internet Service Provider.
Adoption, use and disclosure of government related identifiers
CreditorWatch, or its related body corporates in the ATI Group, may collect some personal information that is a government related identifier.
Personal information from identity documents may be provided to the document issuer or official record holder via third party systems for the purpose of confirming your identity, for example, the Australian Government’s Document Verification Service (DVS). Where CreditorWatch does collect government related identifiers, they are maintained on a separate database for audit and compliance purposes.
CreditorWatch may use or disclose a government related identifier where:
- it is reasonably necessary for CreditorWatch to verify the identity of the individual for the purposes of our business activities or functions; or
- as required or authorised by law or in accordance with the order of a Court or Tribunal, or where it is otherwise permitted to do so under the Privacy Act.
The purposes for which we collect, use and disclose personal information
We collect, hold, use and disclose personal information for a variety of business purposes including:
- to provide the products or services you have requested from us;
- to process payments;
- to improve our business, products and services;
- to promote our business to you;
- to market other CreditorWatch services or products to you;
- to handle and respond to your enquiries, complaints or concerns;
- analysing, aggregating and anonymising such information for the purposes of generating industry benchmarks, enriching CreditorWatch’s bureau data, generating credit scores or similar reports for distribution to and consumption by users of CreditorWatch’s website or customers who receive services from CreditorWatch.
We also collect, hold, use and disclose your personal information to:
- notify you about the details of new services and products offered by us;
- notify you of the details of meetings, events and seminars that may be of interest to CreditorWatch customers and clients;
- send you our newsletters and other marketing publications;
- administer our databases for client service, marketing and financial accounting purposes; and
- to comply with our legal requirements regarding the collection and retention of information concerning the products and services that we provide.
If you do not wish to disclose your personal information for the purpose of direct marketing or you would like to opt-out of receiving direct marketing communications, you can do so by contacting the CreditorWatch Privacy Officer using the contact details set out below, or by following the instructions to unsubscribe which are contained in a communication that you receive from us.
Who do we disclose personal information to?
The ATI Group and Related Companies
The ATI Group includes our parent company Australian Technology Innovators Pty Ltd, LEAP Legal Software Pty Ltd, InfoTrack Group Pty Ltd and their subsidiaries, CNCNA Pty Ltd (trading as eCompanies), InfoTrack Limited (NZ), InfoTrack Group Limited (UK) and its subsidiaries, and LotSearch Pty Ltd. Different companies within the ATI Group provide different services.
The ATI Group may share information with our integration partners to ensure the smooth running of the services which we, and they, provide. These partners include Sympli Pty Ltd, Practice Evolve Group Pty Ltd and its subsidiaries, Legal Software Developments Pty Ltd and its subsidiaries, and other partners as mentioned on our website and updated from time to time. At times, we may need to provide personal information to them to help them run their businesses or for reporting purposes. We may also share your personal information within the wider Australian Technology Innovators Pty Ltd group companies (ATI Group) and with our service providers for the purposes outlined above.
Third Party Service Providers
We may disclose your personal information to third party service providers who assist us in providing the services you request, including integration partners, third party providers of modules, software and other integration services, public authorities and providers of information services.
We may also disclose your personal information to third parties who work with us in our business to promote, market or improve the services that we provide, including:
- providers of customer relations management database services and marketing database services;
- marketing consultants, promotion companies and website hosts; and
- consultants and professional advisers.
We may also combine your personal information with information available from other sources, including the entities mentioned above, to help us provide better services to you.
Where we do share information with third parties, we require that there are contracts in place that only allow use and disclosure of personal information to provide the service and that protect your personal information in accordance with the Privacy Act. Otherwise, we will disclose personal information to others if you’ve given us permission, or if the disclosure relates to the main purpose for which we collected the information and you would reasonably expect us to do so.
Disclosure of consumer credit information
As a credit reporting agency, we may share your credit information in accordance with industry consumer credit reporting standards including:
- Part IIIA of the Privacy Act 1988;
- the Privacy (Credit Reporting) Code 2014, and;
- Privacy Regulation 2013.
These standards ensure that your personal information in relation to your consumer credit is managed regarding:
- the types of personal information that credit providers can disclose to a credit reporting body (CRB), for the purpose of that information being included in an individual’s credit report;
- what entities can handle that information, and;
- the purposes for which that information may be handled.
Disclosure of personal information to overseas recipients
We do not presently disclose personal information to any organisations located overseas; however, we do disclose information in Australia, for the purposes described above, to some multinational organisations that are located both in Australia and overseas, including the United Kingdom, the United States and New Zealand.
European Union – General Data Protection Regulation (GDPR)
If you are a resident of the European Union for the purposes of the GDPR, then in addition to what is set out above, the following applies to you.
In providing services to you, CreditorWatch may make use of a number of automated processes using your Personal Information and your activity on our site as tracked by us, in order to provide more tailored and relevant services to you.
In addition to your rights set out above, you may update or rectify any of your Personal Information that we hold about you, in the manner described in the “How you can access your personal information” paragraph above.
How we handle requests to access your personal information
You have a right to request access to your personal information which we hold about you and to request its correction. You can make such a request by contacting the CreditorWatch Privacy Officer using the contact details set out in this policy.
We will respond to any such request for access as soon as reasonably practicable. Where access is to be given, we will provide you with a copy or details of your personal information in the manner requested by you where it is reasonable and practicable to do so.
We will not charge you a fee for making a request to access your personal information. However, we may charge you a reasonable fee for giving you access to your personal information.
In some cases, we may refuse to give you access to the information you have requested or only give you access to certain information. If we do this, we will provide you with a written statement setting out our reasons for refusal, except where it would be unreasonable to do so.
How we handle requests to correct your personal information
We will take such steps (if any) as are reasonable in the circumstances to make sure that the personal information we collect, use or disclose is accurate, complete, up to date and relevant.
If you believe the personal information we hold about you is inaccurate, irrelevant, out of date or incomplete, you can ask us to update or correct it. To do so, please contact us using the contact details listed below.
If we refuse your request to correct your personal information, we will let you know why. You also have the right to request that a statement be associated with your personal information that says you believe it is inaccurate, incomplete, irrelevant, misleading or out of date.
How to contact us or make a complaint
CreditorWatch Privacy Officer
GPO Box 4029 Sydney NSW 2001
1800 738 524
We will acknowledge and investigate any complaint about the way we manage personal information as soon as practicable. We will take reasonable steps to remedy any failure to comply with our privacy obligations. If you are unhappy with our handling of the complaint, you may contact the Australian Information Commissioner.
Last update: April 2022