Privacy Policy and Consent Information

This is the Privacy Policy and Consent Information (Privacy Policy) for Xinja Bank Limited ABN 99 618 937 054 Australian Financial Services Licence (AFSL) and Australian Credit Licence number 501764 (Xinja) and its associated companies. In this Privacy Policy, the words “we” or “us” refer to Xinja and any of our associates.    

This Privacy Policy sets out how we collect, use, and disclose your ‘personal information’. Under the law, ‘personal information’ has a broad definition; however, it really means ‘information that is not generally available and from which you can be identified’.  In Australia, ‘personal information’ includes ‘credit information’.   

This Privacy Policy will be reviewed and updated from time to time.  Any ‘personal information’ we hold about you will be governed by our most current version of the Privacy Policy. You should check our website regularly and review this Privacy Policy for any changes. 

This Privacy Policy was last updated on 27 November 2020. You can also view and download as a PDF here.   

What this Privacy Policy covers: 
  1. Your consent
  2. What regulations protect your ‘personal information’?
  3. What kinds of ‘personal information’ do we collect about you?
  4. Why do we collect your ‘personal information’?
  5. Who can give us ‘personal information’ about you?
  6. How do we collect your ‘personal information’?
  7. How do we use your ‘personal information’?
  8. To whom can we disclose your ‘personal information’?
  9. Will we send your ‘personal information’ offshore?
  10. What special rules apply if you give us ‘credit information’ in Australia? (Notifiable Matters)
  11. Will we use your ‘personal information’ to send you information about our products and services’? (Direct Marketing)
  12. How can you access and correct the ‘personal information’ that we hold about you?
  13. For how long will we hold your ‘personal information’?
  14. Is the ‘personal information’ that we hold about you secure?
  15. What happens if you click on a link to a third party’s website that is contained on our App or website?
  16. Can you get a copy of this Privacy Policy in a different format?
  17. How can you contact us?
1. Your consent 

If you use our Xinja mobile app (App), access our website or apply for one of our products or services, you agree to be bound by this Privacy Policy and agree that we can collect, disclose and use your ‘personal information’ as set out in this document. 

By applying for one of our products or services, you consent that: 

  • Xinja may use your ‘personal information’ to provide you with our products and services.  
  • We may also use your ‘personal information’ to tell you about other products and services that we offer.  You can ask us not to send you direct marketing material and you can ask us to tell you what ‘personal information’ we hold about you. See Section 11 for more information. 
  • Xinja may use your ‘personal information’ (including ‘sensitive information’ such as biometric information) to verify your identity in accordance with our obligations under the Anti-Money Laundering / Counter-Terrorism Financing Act (AML/CTF Act). 

This includes, but is not limited to, disclosing ‘personal information’ to a credit reporting body to confirm that the ‘personal information’ that you have provided to us matches the information held by the credit reporting body. 

  • If we are unable to verify your identity using information held by a credit reporting body we will send you a notice advising you of this fact and will give you the opportunity to contact the credit reporting body to update the information they hold about you. We may verify your identity using an alternative method acceptable to us;  
  • In addition, Xinja may also use your ‘sensitive information’ (such as biometric information) to assist us with meeting our obligations under the AML/CTF Act as well as undertaking our fraud prevention procedures; 
  • Xinja may: 
  • use consumer credit information or commercial credit information about you to assess your suitability for a Xinja loan; 
  • obtain and use a credit report about you from a credit-reporting agency to collect overdue payments from you;  
  • provide information about you to a credit reporting body, as required by law, or to any organisation that we use to provide credit to you;  

For more information on the use of credit information, please see Section 10 of this Policy; 

  • Xinja will send you notices by digital means and will not send ‘hard copy’ statements or other notices to you except where we are: 
  • required to do so by law; or  
  • unable to send the statement or notice to you electronically for any reason. 

If you do not provide us with this consent, or do not provide us with your ‘personal information’, Xinja may be unable to provide with our products and/or services. 

2. What regulations protect your ‘personal information’? 

When you give us your ‘personal information’, your ‘personal information’ is protected under the Australian Privacy Act (including the Australian Privacy Principles (APPs)) and any applicable APP Code.   

3. What kinds of ‘personal information’ do we collect about you?

In this document, if we use the words ‘personal information’, we mean ‘personal information’ (including ‘credit information’ and ‘sensitive information’ under Australian law.    

The kinds of ‘personal information’ that we collect may include your name, date of birth, address, telephone number, email address, driver’s licence number, marital status, number and age of your dependents and employment history.  In addition, if you apply for credit, we may collect ‘credit information’ including information about your income, assets, liabilities and repayment history information. 

We may also collect ‘sensitive information’ about you including biometric information.  Biometric information includes any features of your: 

  • face 
  • fingerprints 
  • iris 
  • palm 
  • signature 
  • voice 

The exact biometric information that we collect may vary from time to time; however, generally the biometric information that we will ask you for is a picture or video of your face.  We may use this information to assist us with meeting our obligations under the AML/CTF Act as well as undertaking our fraud prevention procedures. 

Generally, we do not collect other ‘sensitive information’ about you. However, if you make an application for a loan to be varied on the grounds of hardship, we may collect health information about you. 

We apply a high level of security to all ‘personal information’ that we hold about you; however, we apply an even higher level of privacy protection to any ‘sensitive information’ that you provide to us.  We will only collect ‘sensitive information’ about you with your consent. 

4. Why do we collect your ‘personal information’? 

We collect ‘personal information’ about you so that we can provide you with our products and services.  This includes:  

  • providing you with access to our App and website; 
  • answering your questions;  
  • identifying you in accordance with requirements under the AML/CTF Act;  
  • undertaking our fraud prevention procedures; 
  • dealing with any complaints or concerns you may have; and 
  • providing you with our products and services.  

We also collect your ‘personal information’ so that we can contact you and provide you with information about products and services that may be of interest to you.

5. Who can give us ‘personal information’ about you?

Where reasonable and practical, we will only collect your ‘personal information’ directly from you. However, we may also collect information about you from third parties, such as a partner or spouse who contacts us on your behalf, from our contractors who supply services to us, from advisers such as accountants or lawyers or from other organisations authorised by you.   

We may also collect ‘credit information’ about you from credit-reporting bodies when authorised by you to do so. 

If you provide ‘personal information’ to us about someone else, you must ensure that you are entitled to disclose that information to us, that the other person has consented to you providing us with the information, and that we can collect, use and disclose that information as set out in this document without having to take any further steps required under law (such as obtaining consent directly from that person).  This means that if you provide us with ‘personal information about someone else’, you must make sure that the individual concerned understands the matters set out in this Privacy Policy and has provided their consent to be bound by this document. 

6. How do we collect your ‘personal information’?

We collect your ‘personal information’ in many ways.  These can include when you: 

  • contact us by telephone, email or via our App or via our website; 
  • create or update a user profile that includes ‘personal information’ such as your name and contact details;  
  • apply for one of our products or services; or 
  • apply for employment with us.   

When you access our App or our website, we may collect ‘personal information’ about you using ‘cookies’.  ‘Cookies’ are files that are implanted in your hard drive or device to collect, store and receive identifiers and information about your usage of our App and website as well as information about where you are located at the time you access our App or website (using GPS, Bluetooth, or WiFi signals, depending on the permissions that you have granted). By using ‘cookies’ we are able to enhance and personalise our App and website to better suit your needs.  

7. How do we use your ‘personal information’? 

We will only use your ‘personal information’ for the purpose for which it has been provided, for reasonably related secondary purposes, any other purpose you have consented to and any other purpose permitted under the Privacy Act. 

We will only use your ‘sensitive information’ for the purpose for which it was originally collected (or for use directly related to that original purpose). 

In addition to the reasons why we collect your ‘personal information’, highlighted in Section 4 of this Privacy Policy, the ways that we use your ‘personal information’ may include: 

  • to improve and personalise our App or website for you; 
  • to develop new features, products and services; 
  • to notify you about new features and products;  
  • to provide you with information about our products and services;  
  • to assess your application for credit or your application to guarantee credit we provide to someone else; 
  • to conduct research for our own internal purposes; 
  • to assess, process and manage your application for employment; and 
  • to handle any complaints that you may have.   

We may also aggregate the ‘personal information’ that we collect for reporting and statistical purposes and to help us improve our App or website. If we disclose any aggregated information to a third party, the information will be de-identified and will not contain any personally identifiable information. 

You agree that we may use your ‘personal information’ for any of these purposes.  

8. To whom can we disclose your ‘personal information’? 

We may disclose your ‘personal information’ to:  

  • other members of the Xinja group of companies; 
  • participants in the payments system and other financial institutions for the purpose of resolving disputes, errors or other matters arising out of your use of our products and services; 
  • organisations that provide products or services used or marketed by us, including, other credit providers, funders, lenders, valuers, trustee companies, financial institutions and securitisers, mortgage insurers, title insurers, surveyors, credit reporting agencies, rating agencies and debt collectors; 
  • your employer/s or referees, your guarantors, your professional advisors and your bank; 
  • companies and contractors who we retain to provide services for us, such as IT contractors, ‘software as a service providers’ (such as email engines and contract management service providers), data aggregation and data analytics platform providers, providers of personal identity verification and fraud prevention services, call centres, stationery printing houses, mail houses, storage facilities, lawyers, accountants and auditors; 
  • organisations considering acquiring an interest in your loan or our business and assets generally; and 
  • other individuals or companies authorised by you. 

You consent to us disclosing your information to such entities (and allowing such entities to use your ‘personal information’ to provide their services) without obtaining your consent on a case by case basis. 

Sometimes we are required or authorised by law to disclose your ‘personal information’. For example, we may disclose your ‘personal information’ to a Court, Tribunal, external dispute resolution scheme approved by ASIC or law enforcement agency in response to a request or subpoena or to the Australian Taxation Office.  

9. Will we send your ‘personal information’ offshore?

We use several outsourced service providers in order to bring you the latest technology solutions to enhance your ease of doing business with us.   

Some of the third-party suppliers we use are located in countries outside of Australia, including countries locate in North America, South America, Europe and Australasia.  These third-party suppliers include:  

  • marketing vendors;  
  • customer service platforms. 

Some of the services provided by our third-party suppliers may also be located in the cloud.   

We only use highly reputable third-party suppliers, and we take all reasonable steps to ensure that our suppliers abide by the high standards that protect ‘personal information’ disclosed to us in Australia.  Our contracts with these third parties generally include an obligation for them to comply with Australian privacy law and with this Privacy Policy and generally, we will maintain control of any data that is released to these third-party service providers.  This means that even though we may send your ‘personal information’ to a third-party provider, that provider cannot use your ‘personal information’ for their own purposes.    

However, not all countries have the same high standards for the protection of your ‘personal information’ as Australia, and we cannot guarantee that our offshore service providers will handle your ‘personal information’ in accordance with the privacy laws set out in Australia.  

By using our App or website or by asking us to provide you with one of our products or services, you specifically consent to us sending your data out of Australia to countries located in the Americas, Australasia or Europe and to the cloud, which may mean that: 

  • the overseas recipient may not be subject to any privacy obligations or to any principles similar to the APPs; 
  • the individual may not be able to seek redress in the overseas jurisdiction; and 
  • the overseas recipient is subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority 
10. What special rules apply if you give us ‘credit information’ in Australia? (Notifiable Matters) 

If you apply for a loan with us, we may provide your ‘credit information’ to a credit reporting body.  The credit reporting body may provide the information that we report about you to other credit providers to assist them to assess your credit worthiness.  We may also obtain information that other credit providers have provided to a credit reporting body to use in our assessments of your credit worthiness. 

If you fail to meet your payment obligations in relation to any loan that we have provided to you, or any loan that we have arranged for you, or if you commit a serious credit infringement, we may report this to a credit reporting body   

The information that we provide to a credit reporting body may sometimes be used for ‘pre-screening’ of direct marketing offers to be made by another credit provider.  You may contact the credit reporting body to request that your ‘credit information’ is not used in this way.   

If you think that you have been a victim of fraud or think that the ‘credit information’ a credit reporting body holds about you is incorrect, you may also contact the credit reporting body to ask them not to use or disclose your ‘credit information’.  The credit reporting body must not use or disclose your ‘credit information’ for a period of 21 days after receiving your notice.  For further information about credit reporting bodies, visit: 

You can also contact us to access the ‘credit information’ that we hold about you and correct that information if you think that it is incorrect.  See Section 17 of this Privacy Policy for more information about this. 

11. Will we use your ‘personal information’ to send you information about our products and services’? (Direct Marketing) 

We may use your ‘personal information’ to send you information about our products, services and special offers, new products or services we are introducing or about changes to our organisation.  By providing us with your ’personal information’, you consent to us using your ‘personal information’ to contact you on an ongoing basis for this purpose, including by SMS, social media, email, telephone or mail.  

If you do not want us to send you marketing information, you can contact us on the details in Section 17 of the Privacy Policy to ‘opt out’ of receiving this type of information.  There is no charge if you elect to ‘opt out’ of receiving these types of updates and we will take all reasonable steps to ensure that you stop receiving them as soon as possible

12. How can you access and correct the ‘personal information’ that we hold about you?

We want to ensure that your ‘personal information’ is always accurate, complete, and up to date. Please help us to do this by contacting us on the details in Section 17 of this Privacy Policy if any of the personal details you have given us have changed or if you believe that the ‘personal information’ that we hold about you is inaccurate.  

You can ask us to provide you with access to the ‘personal information’ that we hold about you at any time. We will get back to you as soon as possible; however, for your protection, we will need to verify your identity before we give you access to your ‘personal information’.   

There are situations where we cannot give you to access to your ‘personal information’ or may refuse to correct your ‘personal information’.  For example, in some situations it may be unlawful for us to do so.   We will advise you of any such situations and reasons for refusal if they arise (unless it is not permitted by law).  

13. For how long will we hold your ‘personal information’?

We will only keep ‘personal information’ that we hold about you while we need it or while we are required by law to keep it.  Once we no longer need your ‘personal information’, we will take all reasonable steps to destroy it or to de-identify it.    

At any time, we hold your ‘personal information’, we will only use and disclose as set out in this Privacy Policy.  

14. Is the ‘personal information’ that we hold about you secure?

While we hold ‘personal information’ about you, we will take all reasonable precautions to protect it from misuse, interference, loss, unauthorised access, modification, or disclosure. 

However, although we endeavour to provide a secure online environment, there are inherent risks associated with the transmission of information via the internet and no data transmission over the internet can be guaranteed to be completely secure.  We therefore cannot guarantee the security of any ‘personal information’ that you provide to us over the internet and you do so at your own risk. 

We encourage you to help us to keep your ‘personal information’ secure by selecting a secure password and maintaining the confidentiality of that password for the purposes of logging into the App.  It is your responsibility to maintain confidentiality of your password and we will not be liable for any damage, loss or expense suffered because you have disclosed it or made it available to someone else.   

15. What happens if you click on a link to a third party’s website that is contained on our App or website?

Our App and website may contain links to third party websites and social media features that are hosted by a third party. A link to another website does not mean that we sponsor, endorse, or approve the information found on that website.  We are not responsible for the privacy policies or practices of third-party websites or social media features and your use of those websites and features are governed by the privacy policies and practices of the hosting entities. 

16. Can you get a copy of this Privacy Policy in a different format? 

If you would prefer to receive a copy of this Privacy Policy (including Section 10 about ‘Notifiable Matters’) in a different form (for example in hard copy or via email) please contact us on the details in Section 17 of this Privacy Policy.  We will be pleased to comply with your request.

17. How can you contact us?

If you have any questions or complaints about this Policy or our treatment of your ‘personal information’, or if you would like to access or correct your ‘personal information’, please contact us on: 

Email: [email protected] 

Telephone: 1800 946 527 or +61 2 8598 8525 if calling from overseas. 

We will try to provide an initial response to your query or complaint within 48 hours; and resolve your query or complaint within 10 business days.  If you are still not satisfied, you can contact the Australian Privacy Commissioner (see https://www.oaic.gov.au/about-us/contact-us or call 1300 363 992).  

View & download as a PDF here

[gravityform id="5" title="false" description="true" ajax="true"]
[gravityform id="7" title="false" description="true" ajax="true"]
[gravityform id="8" title="false" description="true" ajax="true"]