Privacy and Credit
Reporting Statement

This Privacy and Credit Reporting Statement outlines how Moravia Capital Pty Ltd (ABN: 20 662 169 655) and its related companies (“we/us/our/the Group“) collect, disclose, use, store or otherwise handle personal and credit information.

It is important to us that we manage your personal and credit information securely and consistently with relevant legislation, including the Privacy Act 1988 (Cth), the Australian Privacy Principles (“APP”) (together “Privacy Laws”) and the Credit Reporting Code 2014 Version 2 (“CR Code”).

This Privacy and Credit Reporting Statement explains:

• The kinds of personal and credit information we collect;
• The purposes for which we collect this information;
• How we manage the personal and credit information that we collect about you;
• How you can seek access to and correct that information; and
• if necessary, how you can make a complaint relating to our handling of that information.

This Privacy and Credit Reporting Statement does not limit our rights and obligations under Privacy Laws.

This Privacy and Credit Reporting Statement is not limited to current customers or guarantors of customers (where applicable) – it relates to all individuals who deal with us, whether in relation to the provision of credit or otherwise. By using our services or otherwise dealing with us, you are deemed to agree to our Privacy and Credit Reporting Statement.

Please always check the privacy policy page on our website regularly at the following link for amendments and updates to our Privacy and Credit Reporting Statement: www.choicecosmetics.com.au.

This Privacy and Credit Reporting Statement does not cover information that you submit on other websites, even if we communicate with you on those sites. For example, if contact us via Instagram, Facebook, Pinterest, Twitter, or YouTube, that information is governed by the privacy policies on those websites and is not governed by this Privacy and Credit Reporting Statement.

Personal information is any information or opinion about you that is capable, or reasonably capable, of identifying you, whether the information or opinion is true or not and is recorded in material form or not. personal information includes sensitive information.

Sensitive information includes such things as your racial or ethnic origin, political opinions or membership of political associations, religious or philosophical beliefs, membership of a professional or trade association or trade union, sexual orientation or criminal record, that is also personal information. your health, genetic and biometric information and biometric templates are also sensitive information.

We only collect sensitive information about you if we obtain prior consent to the collection of the information or if the collection is required or authorised by law.

Credit Information is information that has a bearing on credit that has been provided to you or that you applied for. This includes credit for personal, domestic or household purposes and credit in connection with a business. It can also cover information about you as a guarantor of a loan or as an insured party under a credit related insurance policy.

If you apply for credit or give a guarantee, we may collect information about your financial position for the purpose of assessing an application for credit and to assist in the ongoing management of the credit product or guarantee.

We collect information about you and your interactions with us, for example, when you request or use our products or services, make a card payment or transfer money, phone us or visit any of our websites. When you use our website, we may collect information about your location or activity including your IP address, telephone number and whether you’ve accessed third-party sites. Some of this website information we collect using cookies.

This may include information collected directly from you and information that you authorise us to collect from third parties.

It is not mandatory for you to provide us with the personal and credit information that we request – however if you do not do so it may affect the products and services that we can provide to you.

We will collect certain personal and credit information about you depending on the circumstances in which the product or service is being provided.

This information can include:

• Key personal and identification information such as your name, residential and business addresses, telephone numbers, email and other electronic addresses;
• Financial and related information, such as your occupation, accounts, bank account information (from prior to the loan being granted and ongoing for the term of the loan), assets, expenses, income, revenue, dependents, and regarding your employment, financial and business dealings and other relevant events;
• Your transaction history (with us and our associates or relevant third parties). This information includes products or services you may have used with us in the past, your payment history, and the capacity in which you have dealt or deal with us;
• And other relevant information – depending on the circumstances this may also include your gender, marital status and health and medical information, membership of professional bodies, tax file number information and other government identifiers (e.g. if relevant for insurance purposes or to identifying you); and
• credit application information – information in relation to a credit application, including the type and amount credit you have applied for;
• default information – a record of your consumer credit payments being overdue;
• serious credit infringement – a record of when a lender reasonably believes that there has been a fraud relating to your consumer credit or that you have avoided paying your consumer credit payments and the credit provider can’t find you;
• personal insolvency information – a record relating to your bankruptcy or your entry into a debt agreement or personal insolvency agreement;
• court proceedings information – an Australian court judgment relating to your credit;
• publicly available information – a record relating to your activities in Australia and your credit worthiness;
• consumer credit liability information – certain details relating to your consumer credit, such as the name of the credit provider, the type of consumer credit, the day on which the consumer credit was entered into and terminated, the maximum amount of credit available and certain repayment terms and conditions;
• repayment history information – a record of whether or not you’ve made your consumer credit payments and when they were paid;
• payment information – if a lender gave a credit reporting body default information about you and the overdue amount is paid, a statement that the payment has been made;
• new arrangement information – if a lender gave a credit reporting body default information about you and your consumer credit contract is varied or replaced, a statement about this; and
• other information we think is necessary.

Over the course of our relationship with you, we may collect and hold additional pieces of personal and credit information about you, including transactional information, account or policy information, complaint or enquiries about our product or service.

We are required by law to identify you if you are opening a new account or adding a new signatory to an existing account. The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (“Anti-Money Laundering Laws”) require us to sight and record details of certain documents (i.e. photographic and non-photographic documents) in order to meet the standards set under those laws.

You may interact with us anonymously or by using a pseudonym if the interaction is general in nature. However, if the interaction is specific to an account or relates to your Personal Information, we need to identify you before we can engage in further discussions and correspondence.

In most cases, before or at the time of collecting your personal and credit information, we obtain your consent for the purposes for which we intend to use and disclose your Personal Information.

If you don’t give us consent, we may not be able to provide you with the products or services you want. This is because we are required to collect this personal and credit information to provide you with the products or services.

Having provided consent, you are able to withdraw it at any time. To withdraw consent, please contact us. Please note that withdrawing your consent may lead to us no longer being able to provide you with the product or service you enjoy given that, as mentioned above, it is impracticable for us to treat some customers differently.

We collect most personal and credit information about you directly from you whether in person, over the phone or electronically via email. For example:

• when you apply for, register your interest in or enquire about a product or service;
• when you provide us with feedback or make a complaint;
• when you visit our website;
• when you talk to us or do business with us; and

when you provide documentation t us for the purposes of providing you with our services

We collect information about you from others such as service providers, agents, or employers. For example, if you apply for credit, we may need to obtain a credit report from a credit reporting body. We may collect information about you that is publicly available, for example, from public registers or social media, or made available by third parties. We may also seek credit information about you from:

• your representatives (including your legal adviser, mortgage broker, financial adviser, executor, administrator, guardian or trustee);

• other organisations, who jointly with us, provide products or services to you; and
• commercial information service providers, such as companies that provide fraud prevention reports.

We may collect information from you electronically through internet browsing on our websites.

Each time you visit our websites, we may collect information about you which may include personal information (which is de- identified) and may include the following:

• the date and time of visits;
• the pages viewed and your browsing behaviour;
• how you navigate through the site and interact with pages (including fields completed in forms and applications completed);
• general location information;
• information about the device used to visit our website (including your tablet or mobile device) such as device IDs; and
• IP addresses.

We collect information using cookies when you use our website. Cookies are small pieces of information stored on your hard drive or in memory. One of the reasons for using cookies is to offer you increased security. They can also record information about your visit to our websites, allowing us to remember you the next time you visit and provide a more meaningful experience.

We may also collect information from third party websites, applications or platforms containing our interactive content or that interface with our own website such as Google Analytics.

We may collect personal information about you from social media platforms if you publicly comment. We NEVER ask you to supply personal information publicly over any social media platforms that we use. we may, invite you to send your details to us via private messaging, for example, to answer a question about your account. you may also be invited to share your personal information through secure channels to participate in other activities, such as online competitions.

The Privacy Laws protect your sensitive information, such as health information that’s collected on hardship applications. If we need to obtain this type of information, we will ask for your consent, except where otherwise permitted by law.

If you provide any personal information to us about another person, you confirm that you have the authority of that person to share their information with us and to permit us to hold, use and disclose their information in accordance with this Privacy and Credit Reporting Statement. You must inform them of their rights to access and request correction of their information set out below.

If we receive personal information that is not solicited by us, we only retain it, if we determine that it is reasonably necessary for one or more of our functions or activities and that you have consented to the information being collected or given the absence of your consent that it was impracticable or unreasonable for us to obtain it under the circumstances.

If these conditions are not met, we destroy or de-identify the information.

If such unsolicited information is sensitive information, we obtain your consent to retain it regardless of what the circumstances are.

In many circumstances, we will collect the personal and credit information primarily from you (or from someone who is representing or assisting you). However, there are certain instances in which we will collect information about you from third parties where it is unreasonable or impracticable to collect it directly from you. For example, even where your application is for credit, we may collect information about you from a business which provides information about commercial creditworthiness for the purpose of assessing your application.

The credit information that we hold about you may be used by us in accordance with the Privacy Laws and the CR Code.

We use your personal and credit information to:

• Establish your identity and assess applications for products and services, including credit;
• Price and design of our products and services;
• Administer our products and services and generally carry out our business functions and activities;
• Assess your suitability as a guarantor where you have offered to guarantee credit that we have offered to provide to your related company or entity;
• Collect payments that are owed to use in respect of any credit that we have previously provided to you (or to your related company or other entity);
• Manage our relationship with you, including fulfilling our obligations and exercising our rights under any agreement with you;
• Conduct and improve our businesses and improve our customers’ experience;
• Disclose to any of our related companies that are also considering whether to provide credit to you (or to your related company or other entity);
• Disclose to a third party that you or we ask to act as a guarantor of any credit provided to you;
• Manage our risks and help identify and investigate illegal activity, such as fraud;
• Contact you, for example if we suspect fraud on your account or need to tell you something important;
• Disclose to the credit reporting body that we deal with. Credit reporting bodies collect different types of credit information about individuals and use that information to provide a credit-related service to their customers (including to us);
• Comply with our legal obligations and assist government and law enforcement agencies or regulators;
• Respond to consultation requests from credit reporting bodies or another credit provider about an access or correction request that you have made to those entities;
• Where you complain to the Office of the Australian Information Commissioner (“OAIC”) or the Australian Financial Complaints Authority (“AFCA”) about our treatment of your Credit information, to respond to that complaint and to seek legal or other professional advice in relation to your complaint;
• Disclose to other third parties that provide services to us (or to you on your behalf). These might include debt collectors, credit management agencies and other third parties that process applications for credit made to us;
• Disclose to other credit providers which provide, or are considering providing, credit to you (or to your related company or other entity);
• Use and disclose credit information to assess and respond to any access or correction requests that you make to us; and/or
• Identify and tell you about products or services offered by us, any of our Group members or any third parties that we think may be of interest to you (refer to section 3.1 below).

We may also collect, use and exchange your information in other ways where you have authorised us to do so or where permitted by law.

We may use your information for direct marketing, including by email or other electronic means. If you no longer want to receive direct marketing, you can tell us by using any of the methods set out in section 10.

Improvements in technology enable organisations to collect and use information to get a more integrated view of customers and provide better products and services. We may combine our customer information with information available from a wide variety of external sources (for example census or Bureau of Statistics data). We are able to analyse the data in order to gain useful insights which can be used for any of the purposes mentioned earlier in this Privacy and Credit Reporting Statement. In addition, Group members may provide data insights or related reports to others, for example, to help them understand their customers better. These insights and reports are based on aggregated information and do not contain any information that identifies you.

We exchange your information with other members of the Group, so that the Group may adopt an integrated approach to its customers. Group members may use this information for any of the purposes mentioned in this section.

We may exchange your information with third parties where this is permitted or required by law, or for any of the purposes mentioned in section 3.

Third parties include:

• Your co-applicant(s) (if any);
• Group members;
• Entities that provide services to us such as, identity verification, mailing houses or call centre operators;
• Service providers, for example law firms, market research/data providers, and loyalty program redemption partners;
• Service providers to whom we outsource certain functions, for example, direct marketing, statement production, debt recovery and information technology support;
• Brokers, agents and advisers and persons acting on your behalf, for example guardians or persons holding power of attorney;
• References that you provide to us, for example landlord details or trade references;
• The supplier of any goods or services financed with credit we provide;
• Guarantors or any person providing security for any service;
• Persons involved in arrangements that provide funding to us, including persons who may acquire rights to our assets (for example loans), investors, advisers, trustees and rating agencies;
• Claims-related providers, such as assessors and investigators, who help us with claims;
• Other financial institutions such as banks, superannuation funds, stockbrokers, custodians, fund managers, portfolio service providers and credit providers;
• Credit representatives who sell products and services on our behalf;
• Payment systems operators (for example, merchants receiving credit card payments);
• Auditors, insurers and re-insurers;
• Employers or former employers;
• Government and law enforcement agencies or regulators;
• Credit reporting bodies – credit reporting bodies may collect the information we provide to them (including default information) and use it to provide their credit reporting services (see section 5 below);
• Entities established to help identify illegal activities and prevent fraud;
• Overseas entities that provide products and services to us; and
• And any other parties that you authorise or that we are required or permitted by law to share information with.

We may also disclose your credit information to others where:

• we are required to disclose information by law e.g. under court orders or statutory notices pursuant to taxation or social security laws or under laws relating to sanctions, anti-money laundering or counter-terrorism financing;
• you may have expressly consented to the disclosure or your consent may be reasonably inferred from the circumstances; or
• we are otherwise permitted to disclose the information under applicable privacy laws.

Where required by law, we make a written note (which may be kept in electronic form) of any use or disclosure that we make relating to your Credit Information.

We may send your information overseas, including to overseas Group members and to service providers. Where we do this, we take reasonable steps to ensure that appropriate data handling and security arrangements are in place.

We may utilise overseas service providers for some of our activities. These service providers may be located in:

• Japan; and
• United States of America

We may also send information overseas to complete a particular transaction or where this is required by laws and regulations of Australia or New Zealand (as applicable) or another country.

We only disclose your credit information when permitted to do so by the Privacy Laws and after we ensure that:

• the overseas recipient does not breach the Australian Privacy Principles; or
• you will be able to take action to enforce the protection of a law or binding scheme that has the effect of protecting the information in a way that is at least substantially similar to the way in which the Australian Privacy Principles protect the information; or
• you have consented to the disclosure after we expressly informed you that there is no guarantee that the overseas recipient will not breach the Australian Privacy Principles; or
• the disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order.

We may store your credit information in cloud-based software or other types of networked or electronic systems. As electronic or networked systems can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your personal information may be held. If your personal information is stored in this way, disclosures may occur in countries other than those listed.

Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we are not responsible for that disclosure.

When you apply to us for credit or propose to be a guarantor, we need to know if you’re able to meet repayments under your agreement with us. We also want to avoid giving you further credit if this would put you in financial difficulty. One of our checks involves obtaining a credit report about you.

A credit report contains information about your credit history that helps credit providers assess your credit applications, verify your identity and manage accounts you hold with them. Credit reporting bodies collect and exchange this information with credit providers like us and other service providers such as phone companies.
The Privacy Laws and CR Code limit the information that credit providers can disclose about you to credit reporting bodies, as well as the ways in which credit providers can use credit reports.

We may disclose information about you to, or collect information about you from a credit reporting body if you are applying for credit or you have obtained credit from us or if you guarantee or are considering guaranteeing the obligations of another person to us or you are a director of a company that is loan applicant or borrower or guarantor.

The Privacy Laws and the CR Code limit the information we can give to credit reporting bodies and that the credit reporting body can give to us.

The information we can disclose to credit reporting bodies includes:

• your identification details;
• the type of loans you have;
• how much you’ve borrowed;
• whether or not you’ve met your loan repayment obligations; and
• if you have committed a serious credit infringement (such as fraud).

We also ask the credit reporting body to provide us with an overall assessment score of your creditworthiness. Some of that information may reflect adversely on your creditworthiness, e.g. if you fail to make payments or if you commit a serious credit infringement (like obtaining credit by fraud). That sort of information may affect your ability to get credit from other lenders.

The Privacy Laws and the CR Code also limit what we can do with the information we obtain from a credit reporting body. Generally, it can only be used in relation to the consumer credit products you hold through us.

The credit reporting bodies we deal with are:

• Equifax – equifax.com.au

For contact details and information on how credit reporting bodies manage credit information, please see the privacy policies available at the links above.

You can also ask a credit reporting body not to use or disclose your personal information for a period if you believe on reasonable grounds that you have been or are likely to be a victim of fraud.

We do not share any of your credit information with a credit reporting body, unless it has a business operation in Australia. We do not share credit eligibility information (that is, credit information we obtain about you from a credit reporting body or that we derive from that information) with organisations unless they have business operations in Australia.

The credit reporting bodies we use will hold your personal information on their terms and treat your information in accordance with their own privacy policies.

We use information from credit reporting bodies to confirm your identity, assess applications for credit, manage our relationship with you and collect overdue payments. We also use this information as part of arriving at our own internal assessment of your creditworthiness.

We store credit-related information with your other information. You can access credit-related information we hold about you, request us to correct the information and make a complaint to us about your credit-related information. See sections 8 and 9.

Credit providers may ask credit-reporting bodies to use their credit-related information to pre-screen you for direct marketing. You can ask a credit reporting body not to do this. Also, if you’ve been, or have reason to believe that you’re likely to become, a victim of fraud (including identity fraud), you can ask the credit reporting body not to use or disclose the credit-related information it holds about you.

We store your hard-copy or electronic records on our premises and systems or offsite using trusted third parties. We use reasonable endeavours to keep your personal information secure, however, this security cannot be guaranteed.

Our security safeguards include:

We train and remind our staff of their obligations with regard to your information.

When we send information overseas or use third parties that handle or store data, we take reasonable steps to ensure that appropriate data handling and security arrangements are in place.

When you transact with us on the internet via our website we encrypt data sent from your computer to our systems. We have firewalls, intrusion detection systems and virus scanning tools to help to protect against unauthorised persons and viruses accessing our systems. When we send your electronic data outside the Group we use dedicated secure networks or encryption. We limit access by requiring use of passwords and/or smartcards.

We have protection in our buildings against unauthorised access such as alarms, cameras and guards (as required).

We keep information only for as long as required (for example, to meet legal requirements or our internal needs).

You can ask for access to your basic information (for example what transactions you’ve made) by going online or calling us.

You have the right to ask for a copy of any credit report we have obtained about you from a credit reporting body. However, as we may not have retained a copy after we have used it in accordance with the Privacy Laws, the best means of obtaining an up-to-date copy is to get in touch with the credit reporting body directly.

You have a right to have any inaccuracies corrected or, if there is any dispute as to accuracy, to have a note added to your credit reporting body file explaining your position.

If we decline your credit application wholly or partly because of adverse information on your credit report, the Privacy Laws requires us to tell you of that fact and how you can go about getting a copy of your credit report.

There is no fee for making the initial request. However, in some cases, where permitted by law, there may be an access charge to cover the time we spend locating, compiling and explaining the information you ask for. If there is an access charge, we’ll give you an estimate up front and confirm that you’d like us to proceed. Generally, the access charge is based on an hourly rate plus any photocopying costs or other out-of-pocket expenses. You’ll need to make the payment before we start, unless you’ve authorised us to debit your account.

We try to make your information available within 30 days of your request and we will respond to your request within 20 days. Before we give you the information, we’ll need to confirm your identity.

In certain circumstances we’re allowed to deny your request, or limit the access we provide. For example, we might not provide you access to commercially sensitive information. Whatever the outcome, we’ll write to you explaining our decision.

It’s important that we have your correct details, such as your current address and telephone number. You can check or update your information by going online, emailing or phoning us.

You can ask us to correct any inaccurate information we hold or have provided to others (including credit-related information) by contacting us. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests.

If your request relates to credit-related information provided by others, we may need to consult with credit reporting bodies or other credit providers. We’ll try to correct information within 30 days. If we can’t complete the request within 30 days, we’ll let you know the reason for the delay within 20 days and try to agree a timeframe with you to extend the period.

If we’re able to correct your information, we’ll inform you when the process is complete.

We do not charge a fee for requesting a correction of credit information.

If we refuse your request to correct your credit information, you also have the right to request that a statement be associated with your credit information noting that you disagree with its accuracy.

If we disagree with you that information should be corrected, we’ll let you know in writing our reasons. You can ask us to include a statement with the relevant information, indicating your view that the information is inaccurate, misleading, incomplete, irrelevant or out-of-date. We will take reasonable steps to comply with such a request.

If you were introduced or applied to us through a broker or other agent, we will provide them with information about each application you make with us and each loan which we provide to you. Your account will be linked to that broker and we will continue to provide them your information for each application you make with us whether that application is made through that broker or direct with us. If you do not wish us to provide your information to your broker or other agent, you must advise us by contacting privacy@choicecosmetics.com.au (as applicable) or telling your allocated Success Manager.

The Privacy Laws include a new Notifiable Data Breaches (“NDB”) scheme which requires us to notify you and the OAIC of certain data breaches that is likely to result in serious harm to affected individuals and provide recommendations of steps you can take to limit the impacts of the breach.

If we believe there has been a data breach that impacts your Personal Information and creates a likely risk of serious harm, we notify you and the OAIC as soon as practicable and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.

If you believe that any Personal Information we hold about you has been impacted by a data breach, you can contact us using the contact details set out as per clause 10 below.

If you have a concern about your privacy (including credit-related matters), you have a right to make a complaint and we’ll do everything we can to put matters right.

To lodge a complaint, please get in touch with us using your point of contact or one of the customer service teams set out in section 10. We’ll review your situation and try to resolve it straight away. If you’ve raised the matter through your point of contact or through our customer service teams and it hasn’t been resolved to your satisfaction, please contact our Complaints Officer using the details in section 10.

To assist us in helping you, we ask you to follow a simple three-step process:

• gather all supporting documents relating to the complaint;
• contact us and we will review your situation and if possible, resolve your complaint immediately; and
• if the matter is not resolved to your satisfaction, please contact our Complaints Officer/Compliance Officer using the details in section 10.

We rectify any breaches if the complaint is justified and will take necessary steps to resolve the issue.

In certain situations, to deal with a complaint it may be necessary to consult with third parties. However, please note any disclosure of personal and/or credit information to third parties will be provided with your authority and consent.

After a complaint has been received, we send you a written notice of acknowledgement setting out the process. The complaint will be investigated, and the decision will be sent to you within thirty (30) days unless you have agreed to a longer time. If a complaint cannot be resolved within the agreed time frame or a decision could not be made within thirty (30) days of receipt, a notification will be sent out to you setting out the reasons and specifying a new date when you can expect a decision or resolution.

AFCA is an external dispute resolution scheme in which we are a member. AFCA can consider certain privacy complaints relating to either the provision of credit or credit reporting information in general. You can lodge your complaint with:

Australian Financial Complaints Authority

Address: PO Box 3 Melbourne VIC 3001

Phone: 1800 931 678 (free call)

Email: info@afca.org.au

Website: www.afca.org.au

If you’re not satisfied with our handling of your matter, you can refer your complaint to the OAIC by calling them at 1300 363 992, online at www.oaic.gov.au or writing to the Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001.

For privacy related queries, access or correction requests, or complaints, or to request a printed version of this Privacy Statement, please contact us:

Email: privacy@choicecosmetics.com.au
Phone: 1300 026 627

Our customer service representatives are available Monday to Friday.

You can call us using the number above or email us.

We may change this Privacy Statement at any time by changing or removing existing terms or adding new ones. Changes may take the form of a completely new Privacy Statement. We will tell you about any changes by posting an updated Privacy Statement on our website. Any change we make applies from the date we post it on the website. By continuing to use our services you will be deemed to agree to our updated Privacy Statement.