Privacy Policy

Purpose of the policy

This is the privacy policy of Oricom International Pty Ltd ABN 46 086 116 369, Oricom Holdings Pty Ltd ABN 30 158 094 976 and our related entities.

The purpose of this policy is to clearly express an up to date policy about our company’s management of personal information.

This policy is intended to enhance the transparency of our company’s operations, notify you of your rights and our obligations and provide information regarding:

1. the kinds of personal information which we will collect and hold;
2. how we will collect, hold, use and disclose personal information;
3. the purpose for which we collect, hold, use and disclose personal information;
4. how you may access personal information that is held by us and seek correction of such information;
5. how you may complain about a breach of the Australian Privacy Principles (APP) or registered APP code (if any) that binds us and how we will deal with such complaint;
6. whether we are likely to disclose personal information to overseas recipients;
7. if we are likely to disclose personal information to overseas recipients, the countries in which such recipients are likely to be located and if practical specify the countries in the policy.

This Privacy Policy sets out how we comply with its obligations under the Privacy Act 1988 (as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012) (the Act).

Acknowledgement

We acknowledge that we must take reasonable steps when handling personal information. Whilst we cannot warrant that this policy will be followed in every instance we will endeavour to follow this policy on each occasion.

Our company has taken reasonable steps to endeavour to comply with the APPs and the Act, some examples are noted below.

1. Implementation of privacy policy.

2. Staff training and education (including a handbook for our staff).

3. Use of checklists to ensure that all APPs are complied with.

4. Clear and transparent procedures regarding handling of complaints and disclosure of information.

Our policy is available on our website however should you require a hardcopy please contact us and we will provide you with a copy.

The kinds of personal information which we will collect and hold

Collection

It is our usual practice to collect personal information directly from the subject individual or their authorised representative(s).

Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether or not recorded in a material form, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Some examples of some personal information we might collect are:

1. name;

2. address;

3. contact details such as phone number, email address; and

4. date of birth.

Identification

You may choose to interact with us using a pseudonym and/or not identify yourself.

In circumstances where we are required to do so, or are authorised by law, a court or tribunal to ask for your identification, we will request your personal information.

Further it is likely that it will be impractical for us to interact with you without some form of identification, and therefore we will request identification details from you at the beginning of each transaction.

For example we will not be able to open a commercial credit trading account or process a commercial credit application for you without obtaining identification details.

How we will collect and hold your personal information

We only collect and hold personal information by lawful and fair means.

In some circumstances, we may collect and hold personal information that has been collected from a third party or publicly available source. This will likely occur in instances where:

1. you have consented for this collection (which would usually be via our privacy statement and/or credit application form); or

2. you would reasonably expect us to collect your personal information in this way and it is necessary for us to collect this information for a specific purpose (such as investigation of a complaint).

We will take steps to hold personal information in a manner which is secure and protected from

unauthorised access.

Your information may be held in either a physical form or in electronic form on our IT system.

We will take steps to protect the information against the modification, disclosure or misuse by including such things as physical restrictions, password protection for accessing electronic IT systems.

We will also endeavour to ensure that our service providers have protection for electronic IT systems and other necessary restrictions.

We will endeavour to ensure our staff are trained with respect to the security of the personal information we hold and we will restrict any access where necessary.

We will endeavour to destroy and de-identify the personal information once it is no longer required.

In the event we hold personal information that is unsolicited and we were not permitted to collect it, the personal information will be destroyed as soon as practicable.

If we collect personal information about you from someone else, we will advise you as soon as practicable that this information has been collected and the circumstances which surround the collection.

The purpose for which we collect and hold personal information

We will endeavour to only collect and hold personal information which is relevant to the operation of our company.

Our purpose for collecting or holding personal information about you is so that it may be used directly for our functions or activities.

We may use your personal information for the functions or activities of our company to:

1. assess credit applications;

2. review existing credit terms;

3. assess credit worthiness;

4. collect overdue payments;

5. assess credit guarantees (current and prospective);

6. internal management purposes;

7. marketing;

8. sales;

9. business development purposes and direct marketing.

10. customer service and support

We may also collect personal information (including sensitive information) for both the primary purposes specified herein and purposes other than the primary purposes, including the purpose of direct marketing.

We may also collect personal information from other credit providers, Credit Reporting Body (CRB) and any other third parties for the purposes of our functions and activities including, but not limited to, credit, sales, marketing, customer service and support, and administration.

The purpose for which use and disclosure personal information

We will endeavour to only use and disclose personal information for the primary purposes noted above in relation to the functions or activities of our company.

In addition we may also use and disclose personal information (including sensitive information) for both the primary purposes specified herein and purposes other than the primary purposes, including the purpose of direct marketing.

Unless one or more of the below scenarios has occurred, we will take necessary steps to prevent personal information from being given to government agencies or other organisations.

1. You have provided your consent.

2. You would reasonably expect that your information would be so disclosed.

3. We have informed you that that your personal information will be provided to a third party.

4. We are required by law to provide your personal information to a government agency or other organisation.

5. The disclosure of the information will prevent a serious threat to somebody’s life or health.

6. The disclosure of the information reasonably necessary for the enforcement of criminal law.

Further we will endeavour to only disclose personal information for the purpose in which it was collected, unless disclosure is reasonably necessary to:

1. assist in locating a missing person;

2. lessen or prevent a serious threat to life, health or safety;

3. take appropriate action with suspected unlawful activity or serious misconduct;

4. facilitate or assist with diplomatic or consular functions or activities;

5. assist certain defence force activities outside Australia;

6. establish or exercise a defined legal or equitable claim; or

7. facilitate or assist confidential alternative dispute resolution activities.

We will take steps not to disclose personal information for direct marketing purposes unless consent has been provided.

In any event you will be provided with an opt out option with respect to direct marketing should you wish to be excluded from direct marketing.

We will record this information on our opt out register.

We will endeavour not to use or disclose a government related identifier unless:

1. the use or disclosure of the identifier is reasonably necessary for us to verify your identity for the purposes of our activities or functions; or

2. the use or disclosure of the identifier is reasonably necessary for us to fulfil our obligations to an agency or a State or Territory authority; or

3. the use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order; or

4. a permitted general situation (as that term is defined in the Act) exists in relation to the use or disclosure of the identifier; or

5. we reasonably believe that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

Disclosure to CRB’s (Credit Reporting Body)

We may disclose personal information to a CRB in accordance with the permitted disclosures as defined under the Act.

We may disclose your Credit Information to the following CRB’s listed below.

Veda Advantage

Level 15, 100 Arthur Street

NORTH SYDNEY NSW 2060

Tel: 1300 921 621

NCI

Level 2, 165 Grenfell St

ADELAIDE SA 5000

Tel: 1800 882 820

Dun & Bradstreet

Level 2,

143 Coronation Drive

MILTON QLD 4064

Tel: 07 3360 0600

Creditor Watch

Level 13, 109 Pitt Street

SYDNEY NSW 2000

Tel: 1300 501 312

Experian

Level 6, 549 St Kilda Road

MELBOURNE VIC 3004

Tel: 03 9699 0100

A copy of the credit reporting policy for the CRB’s listed above will be available on their website or will be provided in hard copy upon request.

How you may access your personal information

You are entitled to access your personal information held in our possession.

We will endeavour to respond to your request for personal information within a reasonable time period or as soon as practicable in a manner as requested by you. We will normally respond within 30 days.

You can make a request for access by sending a letter addressed to our Privacy Officer, details specified below.

The Privacy Officer

Oricom International Pty Ltd

Locked Bag 658

SOUTH WINDSOR NSW 2756

Phone: 1300 889 785

Fax: 02 4574 8898

With any request that is made we will need to authenticate your identity to ensure the correct person is requesting the information.

We will not charge you for making the request, however if reasonable we may charge you with the costs associated with your request.

You will only be granted access to your personal information where we are permitted or required by law to grant access. We are unable to provide you with access that is unlawful.

Further we are not required to and will not, give access to personal information to the extent that:

1. we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or

2. giving access would have an unreasonable impact on the privacy of other individuals; or

3. the request for access is frivolous or vexatious; or

4. the information relates to existing or anticipated legal proceedings and the information would not be accessible in normal discovery procedures; or

5. giving access would reveal the intentions of us in relation to negotiations and this disclosure would prejudice those negotiations; or

6. denying access is required or authorised by or under an Australian law or a court/tribunal order; or

7. we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, or may be engaged in;

8. giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or

9. giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

10. giving access would reveal evaluative information generated within us in connection with a commercially sensitive decision-making process.

If we refuse access to the information, written notice will be provided to you setting out:

1. the reasons for the refusal (except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so); and

2. the mechanisms available to complain about the refusal; and

3. any other matter prescribed by the regulations.

Correction

Should we hold personal information and it is inaccurate, out of date, incomplete, irrelevant or misleading, or incorrect you have the right to make us aware of this fact and request that it be corrected.

If you would like to make a request to correct your information please contact our Privacy Officer on the details above.

In assessing your request we need to be satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading. We will then take all reasonable steps to ensure that it is accurate, up to date, complete and not misleading.

It is our normal policy to resolve any correction requests within 30 days. If we require further time we will notify you in writing and seek your consent.

Should we refuse to correct your personal information written notice will be provided to you setting out:

1. the reasons for the refusal (except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so); and

2. the mechanisms available to complain about the refusal; and

3. any other matter prescribed by the regulations.

We will endeavour to notify any relevant third parties of the correct personal information where necessary and required.

Complaints

In the event that you wish to make a complaint about a failure of us to comply with our obligations in relation to the Act or the APP’s please raise this with our Privacy Officer on the contact details above.

We will provide you with a receipt of acknowledgment as soon as practicable.

We will then endeavour to respond to your complaint and attempt to resolve the issues within 30 days.

In dealing with your complaint we may need to consult another credit provider or third party.

If we fail to deal with your complaint in a manner that you feel is appropriate you may choose to report your complaint to an external dispute resolution scheme (EDR Scheme).

We note that we are currently not a member of any EDR Scheme and we are exempt from any requirement to be a member of any EDR Scheme until March 2015.

If you are not satisfied with the process of making a complaint to our Privacy Officer you may make a complaint to the Information Commissioner. Details of which are below.

Office of the Australian Information Commissioner

GPO Box 5218 Sydney NSW 2001

Email: enquiries@oaic.gov.au

Telephone: 1300 363 992

Facsimile: 02 9284 9666

The Information Commissioner can decline to investigate a complaint on a number of grounds including:

1. where the complaint wasn’t made at first to us;

2. if the Information Commissioner considers the complaint has already been dealt with by a recognised EDR scheme; or

3. if the complaint would be more effectively or appropriately dealt with by a recognised EDR scheme of which we are a member.

Disclosure to overseas recipients

We may choose to, if permitted by law, share and/or disclose your personal information with recipients outside of Australia.

We are required to notify you with a list of any countries which personal information may be transmitted to, or disclosed where it is practical for us to do so.

At this point in time, we do not share and/or disclose any personal information to overseas recipients.

If you have any queries regarding our credit reporting policy or wish to find out more regarding any of privacy policies, please contact our Privacy Officer on the details list above.

CREDIT REPORTING AND CREDIT RELATED PERSONAL INFORMATION POLICY

Purpose

This is the credit reporting and credit related personal information policy of Oricom International Pty Ltd ABN 46 086 116 369, Oricom Holdings Pty Ltd ABN 30 158 094 976 and our related entities.

The purpose of this policy is to be a clearly expressed and up to date policy about the management of credit related personal information (which means credit information, credit reporting information, credit eligibility information and/or regulated information) (Credit Information) including the collection, holding, use and disclosure of such information.

This policy is intended to enhance the transparency of our company’s operations, notify you of your rights and our obligations and provide information regarding:

1. the kinds of Credit Information which we will collect and hold;

2. how we will collect, hold, use and disclose Credit Information;

3. the purposes for which we collect, hold, use and disclose Credit Information;

4. how an individual may access Credit Information about the individual that is held by us and seek correction of such information;

5. how an individual may complain about a breach of the Credit Reporting Privacy Code (CRC) and how we intend to deal with any such a complaint;

6. whether we are likely to disclose Credit Information to an overseas recipient; and

7. if we are likely to disclose Credit Information to overseas recipients, the countries in which such recipients are likely to be located (if it is practical to do so).

Acknowledgment

We acknowledge that we must take reasonable steps when handling Credit Information.

Whilst we cannot warrant that this policy will be followed in every instance, we will endeavour to follow this policy on each occasion. Our company has educated and trained our employees with the compliance requirements and have appropriate procedures in place to manage Credit Information.

This policy sets out how we comply with our obligations under the Privacy Act 1988 (as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012) (the Act) and the CRC.

The kind of Credit Information we will collect and hold

We collect and hold the following types of Credit Information.

1. Current and prior names and addresses, age and occupation, (including employer details).

2. Driver’s licence number.

3. Details regarding applications for commercial credit including the type and amount of credit requested and the fact that we have assessed an application.

4. Details regarding the provision of credit, the amount and whether any other credit was previously provided.

5. The date that any agreement in relation to credit ceased or was terminated and the surrounding circumstances.

6. Repayment history.

7. Details regarding payment owed to us or any other credit provider, in connection with credit provided to you or in relation to which you are a guarantor, overdue for more than 60 days.

8. Whether in our opinion, or another credit provider’s opinion, you have committed a serious credit infringement.

9. Whether you have entered into arrangements with us or other creditors in connection with the credit provided to you.

10. Court proceedings information, personal insolvency information and credit related publically available information.

11. Any information regarding your credit worthiness.

12. Any administrative information about credit accounts of yourself and your related bodies corporate.

How we will collect, use and disclose your Credit Information

Our usual practice will be to collect Credit Information from you (or your authorised representative) directly and with your written consent.

In some circumstances, we may collect Credit Information from a third party. This may include the collection of Credit Information from a Credit Reporting Body (CRB).

As indicated above, we will endeavour to obtain your written consent regarding the collection and further disclosure of Credit Information from and to a CRB.

It may be necessary for us to collect your Credit Information for a specific purpose such as an investigation of a complaint.

We may be required to in some circumstances, if you fail to meet payment obligations or commit serious credit infringement to disclose your Credit Information to a CRB.

We will attempt to use the Credit Information we collect and hold for the primary purpose(s) in respect of which it is collected.

How we will hold the Credit Information we collect, use and disclose

We will hold the Credit Information in a manner which is secure and protected from unauthorised access.

Your information may be held in either a physical form or in electronic form on our IT system.

We take steps to protect the information against the modification, disclosure or misuse by including such things as password protection for accessing electronic IT systems and physical restrictions.

We will also take steps to ensure our service providers have protection for electronic IT systems and other necessary restrictions.

We will endeavour to ensure that our relevant staff are trained with respect the security of the Credit

Information we hold and we will restrict any access where necessary.

Once information is no longer required, we will take all reasonable steps to either destroy and de-identify the Credit Information in a secure manner and where possible destroy and delete records.

In the event we hold Credit Information that is unsolicited and we were not permitted to collect it, the

Credit Information will be destroyed as soon as practicable.

The purpose for which we collect, hold, use and disclose your Credit Information

We may collect, hold, use and disclose your Credit Information as reasonably necessary so that it may be used directly for the functions or activities of our company and as permitted by law.

We may use your Credit Information for the functions or activities of our company to:

1. consider whether to provide you or a related entity with credit, or accept you as a guarantor;

2. consider your credit worthiness when making decisions with respect to your application;

3. provide information to CRB’s and participate with other the credit reporting system recognised by the CRC;

4. take debt recovery action and enforcement where necessary to recovery amounts against guarantors or where infringements have occurred; and/or

5. consider and address any complaints and comply with our statutory requirements.

Disclosure to CRB’s (Credit Reporting Body)

As indicated above, we may disclose Credit Information to a CRB in accordance with the permitted disclosures as defined under the Act, including instances where you fail to meet your payment requirements and you commit a serious credit infringement.

We may disclose your Credit Information to the following CRB’s listed below.

Veda Advantage

Level 15, 100 Arthur Street

NORTH SYDNEY NSW 2060

Tel: 1300 921 621

NCI

Level 2, 165 Grenfell St

ADELAIDE SA 5000

Tel: 1800 882 820

Dun & Bradstreet

Level 2,

143 Coronation Drive

MILTON QLD 4064

Tel: 07 3360 0600

Creditor Watch

Level 13, 109 Pitt Street

SYDNEY NSW 2000

Tel: 1300 501 312

Experian

Level 6, 549 St Kilda Road

MELBOURNE VIC 3004

Tel: 03 9699 0100

A copy of the credit reporting policy for the CRB’s listed above will be available on their website or will be provided in hard copy upon request.

A CRB may use your Credit Information to assist with our marketing by “pre-screening” for direct marketing.

In accordance with recent changes within the Act we are unable to use your Credit Information for direct marketing, however a CRB may be able to “pre-screen” you and provide you with an opportunity to opt out of direct marketing.

You can tell the CRB that you do not want your Credit Information used for this purpose.

You are entitled to also place a 21 day ban on the sharing of you Credit Information, if you believe you have become a victim of credit fraud.

Disclosure of your Credit Information to other recipients

We may choose to, if permitted by law, share and/or disclose your credit information with third parties including:

1. other credit providers;

2. our related companies;

3. debt collection organisations;

4. guarantors or security providers in relation to the credit we provide you;

5. debt assignment organisations; and

6. credit insurers.

In some instances we will require your written consent prior to making such disclosures. We typically obtain this consent in terms of our credit application or via our privacy statement.

How can you access your Credit Information

You are entitled to access your Credit Information held in our possession.

We will endeavour to respond to your request for Credit Information within a reasonable time period and as soon as practicable in a manner as requested by you. We will normally respond within 30 days.

You can make a request for access by sending a letter and addressed to our Privacy Officer, details specified below.

The Privacy Officer

Oricom International Pty Ltd

Locked Bag 658

SOUTH WINDSOR NSW 2756

Phone: 1300 889 785

Fax: 02 4574 8898

With any request that is made we will need to authenticate your identity to ensure the correct person is requesting the information.

You will only be granted access to your Credit Information where we are permitted or required by law. We are unable to provide you with access that is unlawful.

We will not charge you for making an access request, however if reasonable we may charge you with the costs associated with your access request.

In the event your access request is refused we will provide you with written notice regarding the refusal and reasons for our decision.

Correction

Should we hold Credit Information that is incorrect, you have the right to make us aware of this fact and request that the incorrect information be corrected.

If you would like to make a request to correct your information please contact our Privacy Officer on the details provided above.

In assessing your request we will need to be satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading. We will then take all reasonable steps necessary to ensure that it is accurate, up to date, complete, relevant and not misleading.

It is our normal request to try and resolve any correction requests within 30 days. If we are to require further time we will notify you in writing and seek your consent.

If it is the case we do not agree to correct your Credit Information as per your request we will notify you in writing and provide you with our written reasons for the refusal.

Record keeping

We will endeavour to keep a record of where all Credit Information is used or disclosed.

The types of matters recorded by us include the following.

1. Where Credit Information is destroyed to meet obligations and compliance requirements in accordance with the CRC and the Act.

2. Where we have received Credit Information from another credit provider:

(a) the date in which it was disclosed;

(b) a brief description of the information disclosed; and

(c) to whom the disclosure was made.

3. Records of any consent provided by an individual for purposes of disclosure.

4. Records of any correspondence and actions taken in relation to notifications or corrections, complaints, pre-screening, monitoring and auditing.

We will maintain our records for a minimum period of 5 years.

Complaints

In the event that you wish to make a complaint about a failure of us to comply with our obligations in relation to the CR Code or the Act please raise this with our Privacy Officer on the contact details above.

We will provide you with a receipt of acknowledgment as soon as practicable.

We will then endeavour to respond to your complaint and attempt to resolve the issues within 30 days, unless otherwise specified.

In dealing with your complaint we may need to consult a CRB, or another credit provider, or a third party.

If we fail to deal with your complaint in a manner that you feel is appropriate you may choose to report your complaint to an external dispute resolution scheme (EDR Scheme).

We note that we are currently not a member of any EDR Scheme and we are exempt from having to be a member of any EDR Scheme until March 2015.

If you are not satisfied with the process of making a complaint to our Privacy Officer you may make a complaint to the Information Commissioner. Details of which are below.

Office of the Australian Information Commissioner

GPO Box 5218 Sydney NSW 2001

Email: enquiries@oaic.gov.au

Telephone: 1300 363 992

Facsimile: 02 9284 9666

The Information Commissioner can decline to investigate a complaint on a number of grounds including:

1. where the complaint wasn’t made at first to us;

2. if the Information Commissioner considers the complaint has already been dealt with by a recognised EDR scheme; or

3. if the complaint would be more effectively or appropriately dealt with by a recognised EDR scheme of which we are a member.

Disclosure to overseas recipients

We may choose to, if permitted by law, share and/or disclose your Credit Information with recipients outside of Australia.

We are required to notify you with a list of any countries which Credit Information may be transmitted to, or disclosed where it is practical for us to do so.

At this point in time, we do not share and/or disclose any Credit Information to overseas recipients.

If you have any queries regarding our credit reporting policy or wish to find out more regarding any of our privacy policies, please contact our Privacy Officer on the details listed above.