Last updated: 17th November 2023
Who are we?
‘We’, ‘us’ and ‘our’ refer to Yellow Brick Road Finance Pty Limited (ACN 128 708 109, Australian Credit Licence 393195), Resi Mortgage Corporation Pty Limited (ACN 092 564 415, Australian Credit Licence 390669), YBR Administration Services Pty Ltd (ACN 612 545 356) and our related corporate entities, authorised representatives and credit representatives.
Our commitment to protect your privacy
We understand how important it is to protect your personal information. This document sets out our privacy policy commitment in respect of personal information we hold about you and what we do with that information.
We recognise that any personal information we collect about you will only be used for the purposes we have collected it, or as allowed under the relevant law. It is important to us that you are confident that any personal information we hold about you will be treated in a way which ensures protection of your personal information.
Our commitment in respect of personal information is to abide by the Australian Privacy Principles for the protection of personal information, as set out in the Privacy Act 1988 and any other relevant law.
Personal information
When we refer to personal information we mean information from which your identity is reasonably apparent. This information may include information or an opinion about you. The personal information we hold about you may also include credit information.
This privacy policy relates to an application (‘the application’) you make to a mortgage manager for a loan (‘your loan’) or in which you offered to guarantee the applicant’s loan obligations or your loan or a guarantee of the loan. It includes consents from you to disclose certain information to other organisations described below. Your loan may be consumer credit or commercial credit.
The kinds of personal information we may collect about you include your name, date of birth, address, account details, occupation, and any other information we may need to identify you.
Credit information or Credit eligibility information is information which is used to assess your eligibility to be provided with finance and may include any finance that you may have outstanding, your repayment history in respect of those loans, and any defaults. Usually, credit information is exchanged between credit and finance providers and credit reporting bodies.
Registration information is the information you provide in the course of registering for or acquiring a service, for example, to create an account, become a subscriber or enter a competition. Registration information may include name, email address, address details, gender and date of birth. It includes additional information which you provide in the course of that relationship.
If you are applying for finance we may also collect the ages and number of your dependents and cohabitants, the length of time at your current address, your employment details and proof of earnings and expenses.
Why we collect your personal information
We collect personal information to provide you with the services that you have requested, manage our relationship with you, for the purposes of assessing your application for finance and managing of that finance. We may also collect your personal information for the purposes of direct marketing and managing our relationship with you. From time to time we may offer you other products and services.
To enable us to maintain a successful business relationship with you, we may disclose your personal information to other organisations that provide products or services used or marketed by us. We may also disclose your personal information to any other organisation that may have or is considering having an interest in your finance, or in our business.
How do we collect your personal information?
Where reasonable and practical we will collect your personal information directly from you. We may also collect your personal information from credit and authorised representatives of our licence(s) and other people such as accountants and lawyers. Information will also be collected from the application and from the records we maintain about the products or services you receive from us. Sometimes a Lenders Mortgage Insurance (‘LMI’) (‘Insurer’) may also collect further personal information about you during the course of the LMI cover provided to the lender for your loan. The terms of this notice and the LMI insurer’s Privacy Policy will apply to the collection, use and disclosure of that information.
How information is collected from other sources
Sometimes we will collect information about you from other sources as the Privacy Act 1988 permits. We will do this only if it’s reasonably necessary to do so, for example, where:
- we obtain information (including commercial credit information concerning your credit worthiness or history, consumer information and collection of overdue payments information) from a credit reporting body for any purpose described below;
- we obtain information about your loan or a guarantee of the loan from another organisation described above;
- we can’t get hold of you and we rely on publicly available information to update your contact details;
- we check property, you offer as security, through public registers or our service providers; or
- we exchange information with your legal or financial advisers or other representatives.
When the law authorises or requires collection of information
There are laws that affect organisations that may require us to collect personal information about you. For example, we may require information about you to verify your identity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/ CTF Act).
How your information may be used
We may use information about you for purposes including:
- giving you information about loan products or related services;
- considering whether you are eligible for a loan or any related service you requested;
- processing the application and providing you with a loan or related service;
- administering your loan or any related service, for example, to answer requests or deal with complaints;
- confirming your identity;
- telling you about other products or services it or its related companies make available and that may be of interest to you, unless you tell us not to;
- allowing it to run its business efficiently and to perform administrative and operational tasks;
- preventing or investigating any fraud or crime or any suspected fraud or crime;
- as required by law, regulation or codes binding it; and
- any purpose to which you have consented.
You can let us know at any time if you no longer wish to receive direct marketing offers from us. We will process your request as soon as practicable.
We may also use credit information about you to:
- enable an insurer to assess the risk of providing insurance to the lender or to address the lender’s arrangements with the insurer;
- assess whether to accept a guarantor or the risk of a guarantor being unable to meet their obligations;
- consider hardship requests; and
- assess whether to securitise loans and to arrange securitising loans the lender makes.
An LMI insurer may use information about you:
- to decide whether to insure a lender under an LMI policy;
- to assess the risk of you or a guarantor defaulting on your obligations to a lender;
- to administer and vary the insurance cover including for securitisation and hardship applications;
- to verify information that the LMI insurer collects about you;
- to deal with claims and recovery of proceeds including, among other things, to enforce a loan or a guarantee in place of a lender if the LMI insurer pays out an insurance claim on your loan or the loan you guarantee;
- to conduct risk assessment and management involving credit scoring, portfolio analysis, reporting and fraud prevention;
- to comply with legislative and regulatory requirements including requirements under the Privacy Act 1988 and Insurance Contracts Act 1984 as amended from time to time;
- for a mortgage insurance purpose relating to you; and
- for any other purpose under the insurance policy the LMI insurer issues to the lender relating to your loan.
The title insurer or its related entities may use information about you:
- to assess the risk of providing title insurance to the lender;
- for the subsequent administration or variation of the title insurance policy;
- for risk assessment, reporting, fraud prevention, enforcement and claim recovery activities;
- to discharge your existing mortgage over the security property and register your new mortgage over the security property where a refinance is taking place;
- to deal with claims and to enforce a loan or a guarantee in place of a lender if the title insurer pays out an insurance claim on your loan or the loan you guarantee;
- for a title insurance purpose relating to you;
- to comply with legislative and regulatory requirements; and
- for any other purpose under the contract between a lender and the title insurer.
Do we disclose your personal information?
We may disclose your personal information:
- to prospective funders/ lenders or other intermediaries in relation to your finance requirements;
- to the mortgage manager (‘mortgage manager’), which is listed within the Schedule of Related Parties;
- to the loan servicer (‘loan servicer’), that considers the application or administers your loan for the lender and listed within the Schedule of Related Parties;
- to the LMI insurer (‘Insurers’) that considers a lender’s request for LMI cover relating to the application or that gives LMI cover to the lender for your loan, and listed within the Schedule of Related Parties;
- to the title insurer (‘Insurers’), that considers a lender’s request for title insurance cover relating to the application or that gives title insurance cover to the lender for your loan, and its related entity as listed within the Schedule of Related Parties;
- to other related and unrelated organisations that are involved in managing or administering your finance such as third party suppliers, printing and postal services, call centers;
- to associated businesses that may want to market products to you;
to companies that provide information and infrastructure systems to us; - to anybody who represents you, such as finance brokers, financial planners, lawyers and accountants;
- to anyone, where you have provided us with consent;
- where we are required to do so by law, such as under the AML/ CTF Act;
- to investors, agents or advisers, or any entity that has an interest in our business;
- credit reporting bodies;
- organisations that are involved in debt collecting or in purchasing debts;
- organisations, like fraud reporting agencies, that may identify, investigate and/or prevent fraud, suspected fraud, crimes, suspected crimes, or other serious misconduct;
- organisations involved in surveying or registering a security property or which otherwise have an interest in a security property;
- government or regulatory bodies as required or authorised by law. In some instances, these bodies may share the information with relevant foreign authorities;
- rating agencies to the extent necessary to allow the rating agency to rate particular investments;
- organisations involved in securitising your loan, including re-insurers and underwriters, loan servicers, trust managers, trustees and security trustees;
- guarantors and prospective guarantors of your loan;
the borrowers or the prospective borrowers of the loan you guarantee; - payment system operators to allow us to investigate or correct payments on your loan;
- to your employer, referees or identity verification services; and/ or
- to provide you with targeted advertising based on your online activities.
Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that:
1. the person or organisation has a commitment to protecting your personal information at least equal to our commitment, or
2. you have consented to us in making the disclosure.
We may use cloud storage to store the personal information we hold about you. We may store information about you in other types of networked or electronic storage. The cloud storage and the IT servers may be located outside Australia.
We may disclose information about you to overseas entities including related entities and service providers located in the Asia-Pacific, European Union, India or the United States of America (‘USA’).
QBE may disclose information about you to related companies situated in the Philippines. Genworth may disclose information about you to related companies situated in the USA, Canada or the United Kingdom. The title insurer or its related entities may disclose information about you to related companies situated in the USA, Malaysia or India.
Overseas organisations may be required to disclose information shared with them under a foreign law. In those instances, the organisation, described above, that disclosed the information to the overseas organisation will not be responsible for that disclosure.
We will only share any credit information about you with a credit reporting body if that body has a business operation in Australia and are unlikely to share credit eligibility information with organisations that do not have business operations in Australia. You may obtain more information about these entities by contacting us.
Direct marketing
From time to time we may use your personal information to provide you with current information about finance, offers you may find of interest, changes to our organisation, or new products or services being offered by us or any company with whom we are associated.
If you do not wish to receive marketing information, you may at any time decline to receive such information by telephoning us on 1800 927 927 or by writing to us at [email protected] . If the direct marketing is by email you may also use the unsubscribe function. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.
Updating your personal information
It is important to us that the personal information we hold about you is accurate and up to date. During the course of our relationship with you we may ask you to inform us if any of your personal information has changed.
If you wish to make any changes to your personal information, you may contact us. We will generally rely on you to ensure the information we hold about you is accurate or complete.
Access and correction to your personal information
We will provide you with access to the personal information we hold about you. You may request access to any of the personal information we hold about you at any time. We may charge a fee for our costs of retrieving and supplying the information to you.
Depending on the type of request that you make we may respond to your request immediately, otherwise we usually respond to you within seven days of receiving your request. We may need to contact other entities to properly investigate your request.
There may be situations where we are not required to provide you with access to your personal information, for example, if the information relates to existing or anticipated legal proceedings, or if your request is vexatious.
An explanation will be provided to you if we deny you access to the personal information we hold about you.
If any of the personal information we hold about you is incorrect, inaccurate or out of date you may request that we correct the information. If appropriate we will correct the personal information at the time of the request otherwise, we will provide an initial response to you within seven days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal information within 30 days. We may need to consult with other entities as part of our investigation. If we refuse to correct personal information we will provide you with our reasons for not correcting the information.
Using government identifiers
If we collect government identifiers, such as your tax file number, we do not use or disclose this information other than required by law. We will never use a government identifier in order to identify you.
Business without identifying you
In most circumstances it will be necessary for us to identify you in order to successfully do business with you, however, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without having to provide us with personal information, for example, if you make general inquiries about interest rates or current promotional offers.
If you don’t provide your information to us, it may not be possible:
- to provide you with the product or service you want. For example, if information is not disclosed to an insurer, it may not be able to process a lender’s request for insurance. In that case, the lender may not be able to assess this application;
- to manage or administer the loan the lender makes to you;
- verify your identity or protect against fraud; or
- to let you know about other products or services that might be suitable for your financial needs.
Sensitive information
We will only collect sensitive information about you with your consent. Sensitive information is personal information that includes information relating to your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record, or health.
How safe and secure is your personal information that we hold?
We will take reasonable steps to protect your personal information by storing it in a secure environment. We may store your personal information in paper and electronic form. We will also take reasonable steps to protect any personal information from misuse, loss and unauthorised access, modification or disclosure.
Using online services
When you access and interact with our services, we may collect certain information about those visits. For example, in order to permit your connection to our services, our servers receive and record information about your computer, device, and browser, including potentially your IP address, browser type, and other software or hardware information.
If you access our services from a mobile or other device, we may collect a unique device identifier assigned to that device, geolocation data, or other transactional information from that device.
Cookies and other tracking technologies (such as browser cookies and local storage) are comprised of small bits of data or code that often include a de-identified or anonymous unique identifier. Websites, apps and other services send this data to your browser when you first request a web page and then store the data on your computer so that such websites, apps and other services can access information when you make subsequent requests for pages from that service. These technologies may also be used to collect and store information such as pages you have visited, content you have viewed, search queries you have run and advertisements you have viewed in relation to your usage of our services and other websites you have visited.
Third parties that support our services such as allowing you to share content may also use these technologies to collect similar information. We do not control these third-party technologies and their use is governed by the privacy policies of those third parties.
Most browsers are initially set to accept cookies, but you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether.
For more information, consult the “Settings” or “Help” section of your browser. Please note that by blocking any or all cookies you may not have access to certain features or content available on certain sites.
Information disclosure for merger or sale of assets
If we sell all or part of our business or makes a sale or transfer of our assets or are otherwise involved in a merger or transfer of all or a material part of our business, we may transfer or disclose your information to the party(ies)involved in the transaction as part of that transaction and as part of any due diligence processes which take place in contemplation of a potential transaction.
Complaints
If you are dissatisfied with how we have dealt with your personal information, or you have a complaint about our compliance with the Privacy Act 1988, you may contact our Complaints Manager on [email protected]
We will acknowledge your complaint within one business day. We will provide you with a decision on your complaint within 30 calendar days.
If you are dissatisfied with the response of our Complaints Manager you may make a complaint to the Privacy Commissioner who can be contacted via the Office of the Australian Information Commissioner website (www.oaic.gov.au) or on 1300 363 992.
Further information
You may request further information about the way we manage your personal information by contacting us.
Change in our privacy policy
We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. Technology is constantly changing, as is the law and market place practices. As a consequence we may change this privacy policy from time to time or as the need arises.
You may request this privacy policy in an alternative form. This Privacy Policy came into existence on 1st February 2023.